diff options
| -rw-r--r-- | cmd/podman/create.go | 29 | ||||
| -rw-r--r-- | cmd/podman/pod_create.go | 18 | ||||
| -rw-r--r-- | docs/podman-create.1.md | 2 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 2 | ||||
| -rw-r--r-- | libpod/util.go | 15 | ||||
| -rw-r--r-- | vendor.conf | 2 | ||||
| -rw-r--r-- | vendor/github.com/containers/storage/drivers/overlay/overlay.go | 10 |
7 files changed, 42 insertions, 36 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 248ff1b7d..9f6825c95 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -95,15 +95,6 @@ func createInit(c *cli.Context) error { return err } - if c.String("cidfile") != "" { - if _, err := os.Stat(c.String("cidfile")); err == nil { - return errors.Errorf("container id file exists. ensure another container is not using it or delete %s", c.String("cidfile")) - } - if err := libpod.WriteFile("", c.String("cidfile")); err != nil { - return errors.Wrapf(err, "unable to write cidfile %s", c.String("cidfile")) - } - } - if len(c.Args()) < 1 { return errors.Errorf("image name or ID is required") } @@ -119,6 +110,20 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container rootfs = c.Args()[0] } + var err error + var cidFile *os.File + if c.IsSet("cidfile") && os.Geteuid() == 0 { + cidFile, err = libpod.OpenExclusiveFile(c.String("cidfile")) + if err != nil && os.IsExist(err) { + return nil, nil, errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", c.String("cidfile")) + } + if err != nil { + return nil, nil, errors.Errorf("error opening cidfile %s", c.String("cidfile")) + } + defer cidFile.Close() + defer cidFile.Sync() + } + imageName := "" var data *inspect.ImageData = nil @@ -171,12 +176,14 @@ func createContainer(c *cli.Context, runtime *libpod.Runtime) (*libpod.Container return nil, nil, err } - if c.String("cidfile") != "" { - err := libpod.WriteFile(ctr.ID(), c.String("cidfile")) + if cidFile != nil { + _, err = cidFile.WriteString(ctr.ID()) if err != nil { logrus.Error(err) } + } + logrus.Debugf("New container created %q", ctr.ID()) return ctr, createConfig, nil } diff --git a/cmd/podman/pod_create.go b/cmd/podman/pod_create.go index c3a45a093..63fa6b294 100644 --- a/cmd/podman/pod_create.go +++ b/cmd/podman/pod_create.go @@ -90,13 +90,17 @@ func podCreateCmd(c *cli.Context) error { } defer runtime.Shutdown(false) - if c.IsSet("pod-id-file") { - if _, err = os.Stat(c.String("pod-id-file")); err == nil { - return errors.Errorf("pod id file exists. ensure another pod is not using it or delete %s", c.String("pod-id-file")) + var podIdFile *os.File + if c.IsSet("pod-id-file") && os.Geteuid() == 0 { + podIdFile, err = libpod.OpenExclusiveFile(c.String("pod-id-file")) + if err != nil && os.IsExist(err) { + return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", c.String("pod-id-file")) } - if err = libpod.WriteFile("", c.String("pod-id-file")); err != nil { - return errors.Wrapf(err, "unable to write pod id file %s", c.String("pod-id-file")) + if err != nil { + return errors.Errorf("error opening pod-id-file %s", c.String("pod-id-file")) } + defer podIdFile.Close() + defer podIdFile.Sync() } if !c.BoolT("infra") && c.IsSet("share") && c.String("share") != "none" && c.String("share") != "" { return errors.Errorf("You cannot share kernel namespaces on the pod level without an infra container") @@ -137,8 +141,8 @@ func podCreateCmd(c *cli.Context) error { return err } - if c.IsSet("pod-id-file") { - err = libpod.WriteFile(pod.ID(), c.String("pod-id-file")) + if podIdFile != nil { + _, err = podIdFile.WriteString(pod.ID()) if err != nil { logrus.Error(err) } diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 509d8820f..5a4d7fb5a 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -178,7 +178,7 @@ Override the key sequence for detaching a container. Format is a single characte **--device**=[] -Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm) **--device-read-bps**=[] diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index c303492e7..b708e3407 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -182,7 +182,7 @@ Override the key sequence for detaching a container. Format is a single characte **--device**=[] -Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm) **--device-read-bps**=[] diff --git a/libpod/util.go b/libpod/util.go index 3b51e4fcc..7007b29cd 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -24,22 +24,15 @@ const ( DefaultTransport = "docker://" ) -// WriteFile writes a provided string to a provided path -func WriteFile(content string, path string) error { +// OpenExclusiveFile opens a file for writing and ensure it doesn't already exist +func OpenExclusiveFile(path string) (*os.File, error) { baseDir := filepath.Dir(path) if baseDir != "" { if _, err := os.Stat(baseDir); err != nil { - return err + return nil, err } } - f, err := os.Create(path) - if err != nil { - return err - } - defer f.Close() - f.WriteString(content) - f.Sync() - return nil + return os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666) } // FuncTimer helps measure the execution time of a function diff --git a/vendor.conf b/vendor.conf index 8004f9056..dfcdbbe80 100644 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 github.com/containers/image bd10b1b53b2976f215b3f2f848fb8e7cad779aeb -github.com/containers/storage 24f0de45708bc6e4c8062828cd03812aaebc30db https://github.com/rhatdan/storage +github.com/containers/storage bd5818eda84012cf1db4dafbddd4b7509bb77142 github.com/containers/psgo 5dde6da0bc8831b35243a847625bcf18183bd1ee github.com/coreos/go-systemd v14 github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index 66ccc6a63..2e0498f51 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -138,10 +138,12 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap } // check if they are running over btrfs, aufs, zfs, overlay, or ecryptfs - switch fsMagic { - case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs: - logrus.Errorf("'overlay' is not supported over %s", backingFs) - return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s", backingFs) + if opts.mountProgram == "" { + switch fsMagic { + case graphdriver.FsMagicAufs, graphdriver.FsMagicZfs, graphdriver.FsMagicOverlay, graphdriver.FsMagicEcryptfs: + logrus.Errorf("'overlay' is not supported over %s", backingFs) + return nil, errors.Wrapf(graphdriver.ErrIncompatibleFS, "'overlay' is not supported over %s", backingFs) + } } rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) |