diff options
| -rw-r--r-- | .cirrus.yml | 34 | ||||
| -rw-r--r-- | changelog.txt | 41 | ||||
| -rw-r--r-- | cmd/podman/build.go | 1 | ||||
| -rw-r--r-- | cmd/podman/cliconfig/config.go | 1 | ||||
| -rw-r--r-- | cmd/podman/logs.go | 3 | ||||
| -rwxr-xr-x | contrib/cirrus/integration_test.sh | 12 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 3 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 14 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 71 | ||||
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 2 | ||||
| -rwxr-xr-x | hack/get_ci_vm.sh | 4 | ||||
| -rw-r--r-- | libpod/container.log.go | 2 | ||||
| -rw-r--r-- | libpod/container_api.go | 5 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 5 | ||||
| -rw-r--r-- | libpod/logs/log.go | 15 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 25 | ||||
| -rw-r--r-- | libpod/pod.go | 1 | ||||
| -rw-r--r-- | libpod/pod_api.go | 12 | ||||
| -rw-r--r-- | pkg/bindings/containers/containers.go | 2 | ||||
| -rw-r--r-- | pkg/bindings/test/common_test.go | 4 | ||||
| -rw-r--r-- | pkg/bindings/test/containers_test.go | 4 | ||||
| -rw-r--r-- | pkg/bindings/test/pods_test.go | 61 | ||||
| -rw-r--r-- | test/e2e/exec_test.go | 24 | ||||
| -rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
26 files changed, 274 insertions, 78 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 371f902c2..2106ac96d 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -30,7 +30,7 @@ env: #### #### Cache-image names to test with (double-quotes around names are critical) ### - _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448" + _BUILT_IMAGE_SUFFIX: "libpod-5940307564953600" FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}" @@ -48,8 +48,9 @@ env: #### Default to NOT operating in any special-case testing mode #### SPECIALMODE: "none" # don't do anything special - TEST_REMOTE_CLIENT: false # don't test remote client by default - ADD_SECOND_PARTITION: false # will certainly fail inside containers + TEST_REMOTE_CLIENT: 'false' # don't test remote client by default + ADD_SECOND_PARTITION: 'false' # will certainly fail inside containers + MOD_LIBPOD_CONF: 'true' # Update libpod.conf runtime if required by OS environment #### #### Credentials and other secret-sauces, decrypted at runtime when authorized. @@ -253,6 +254,9 @@ build_each_commit_task: cpu: 8 memory: "8Gb" + env: + MOD_LIBPOD_CONF: 'false' + timeout_in: 30m setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' @@ -282,6 +286,9 @@ build_without_cgo_task: cpu: 8 memory: "8Gb" + env: + MOD_LIBPOD_CONF: 'false' + timeout_in: 30m setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' @@ -381,10 +388,10 @@ testing_task: timeout_in: 120m env: - ADD_SECOND_PARTITION: true + ADD_SECOND_PARTITION: 'true' matrix: - TEST_REMOTE_CLIENT: true - TEST_REMOTE_CLIENT: false + TEST_REMOTE_CLIENT: 'true' + TEST_REMOTE_CLIENT: 'false' networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh' setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' @@ -428,11 +435,11 @@ special_testing_rootless_task: $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' env: - ADD_SECOND_PARTITION: true + ADD_SECOND_PARTITION: 'true' SPECIALMODE: 'rootless' # See docs matrix: - TEST_REMOTE_CLIENT: true - TEST_REMOTE_CLIENT: false + TEST_REMOTE_CLIENT: 'true' + TEST_REMOTE_CLIENT: 'false' timeout_in: 60m @@ -469,7 +476,8 @@ special_testing_in_podman_task: image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" env: - ADD_SECOND_PARTITION: true + ADD_SECOND_PARTITION: 'true' + MOD_LIBPOD_CONF: 'false' # Use existing/native setup SPECIALMODE: 'in_podman' # See docs # TODO: Support both runc and crun (cgroups v1 and v2 container images) # matrix: @@ -628,10 +636,10 @@ verify_test_built_images_task: image_name: "${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}" env: - ADD_SECOND_PARTITION: true + ADD_SECOND_PARTITION: 'true' matrix: - TEST_REMOTE_CLIENT: true - TEST_REMOTE_CLIENT: false + TEST_REMOTE_CLIENT: 'true' + TEST_REMOTE_CLIENT: 'false' matrix: # Required env. var. by check_image_script PACKER_BUILDER_NAME: "fedora-30" diff --git a/changelog.txt b/changelog.txt index 0dac716d0..84d6dcea0 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,44 @@ +- Changelog for v1.8.1-rc2 (2020-02-27) + * Update release notes for v1.8.1-rc2 + * Vendor in latest containers/buildah + * kill test: clean up warnings; document better + * curb flakes in integration tests + * spec: allow container alias name in lookup + * add epoch for specfile + * fix trivial typo + * Add support for multiple CNI networks in podman inspect + * Remove 1 sec delay + * Temp. skip "remove pause by id" bindings test + * Fix kill test obtaining CID + * System Tests: Force default signal handlers + * Fix cgroupsv2 run test, unexpected output + * Cirrus: SELinux Enforcing for F31 w/ CGv2 + * Cirrus: collect podman system info + * Cirrus: F31: Force systemd cgroup mgr + * Cirrus: Temp. disable F31 p-in-p testing + * Cirrus: Handle runc->crun when both are possible + * Cirrus: Use deadline elevator in F31 + * Cirrus: Support testing with F31 + * rootless: become root only if the pause file is specified + * rootless: fix segfault when open fd >= FD_SETSIZE + * apiv2 tests: add more pod tests, timing check + * Update vendor of buildah and containers/common + * build: move initialization after SetXdgDirs + * utils: relax check for directory to use + * add apiv2 tests for podman pause and stop + * always run the docs task on post-merge + * Fixed build_rpm.sh script for Fedora 30 + * Add basic deadlock detection for container start/remove + * Friendly amendment: tests, and a help message + * fix port list by container with port + * more image binding tests + * docs: symlink to host device is resolved + * Add --no-healthcheck command to create/run + * enable ci on go binding tests + * add more image tests for go bindings + * Bump to v1.8.1-dev + * build(deps): bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 + - Changelog for v1.8.1-rc1 (2020-02-21) * Update release notes for v1.8.1 * disable generation of cni firewall plugin diff --git a/cmd/podman/build.go b/cmd/podman/build.go index fa4689211..b8b315c68 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -352,6 +352,7 @@ func buildCmd(c *cliconfig.BuildValues) error { ContextDirectory: contextDir, DefaultMountsFilePath: c.GlobalFlags.DefaultMountsFile, Err: stderr, + In: os.Stdin, ForceRmIntermediateCtrs: c.ForceRm, IIDFile: c.Iidfile, Labels: c.Label, diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index 6bc8aa4a3..ccc30c603 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -260,6 +260,7 @@ type LogsValues struct { Tail int64 Timestamps bool Latest bool + UseName bool } type MountValues struct { diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go index ebc53ddf8..0a86fa128 100644 --- a/cmd/podman/logs.go +++ b/cmd/podman/logs.go @@ -37,6 +37,7 @@ var ( return nil }, Example: `podman logs ctrID + podman logs --names ctrID1 ctrID2 podman logs --tail 2 mywebserver podman logs --follow=true --since 10m ctrID podman logs mywebserver mydbserver`, @@ -54,6 +55,7 @@ func init() { flags.StringVar(&logsCommand.Since, "since", "", "Show logs since TIMESTAMP") flags.Int64Var(&logsCommand.Tail, "tail", -1, "Output the specified number of LINES at the end of the logs. Defaults to -1, which prints all lines") flags.BoolVarP(&logsCommand.Timestamps, "timestamps", "t", false, "Output the timestamps in the log") + flags.BoolVarP(&logsCommand.UseName, "names", "n", false, "Output the container name in the log") markFlagHidden(flags, "details") flags.SetInterspersed(false) @@ -85,6 +87,7 @@ func logsCmd(c *cliconfig.LogsValues) error { Since: sinceTime, Tail: c.Tail, Timestamps: c.Timestamps, + UseName: c.UseName, } return runtime.Log(c, options) } diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index d5e6ec884..20e067c93 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -16,16 +16,6 @@ fi cd "$GOSRC" -# Transition workaround: runc is still the default for upstream development -handle_crun() { - # For systems with crun installed, assume CgroupsV2 and use it - if type -P crun &> /dev/null - then - warn "Replacing runc -> crun in libpod.conf" - sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' /usr/share/containers/libpod.conf - fi -} - case "$SPECIALMODE" in in_podman) ${CONTAINER_RUNTIME} run --rm --privileged --net=host \ @@ -49,7 +39,6 @@ case "$SPECIALMODE" in endpoint) make make install PREFIX=/usr ETCDIR=/etc - #handle_crun make test-binaries make endpoint ;; @@ -63,7 +52,6 @@ case "$SPECIALMODE" in make install PREFIX=/usr ETCDIR=/etc make install.config PREFIX=/usr make test-binaries - handle_crun if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then make remote${TESTSUITE} VARLINK_LOG=$VARLINK_LOG diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 71ad67c74..1ffe554e9 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -88,6 +88,7 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)' SPECIALMODE="${SPECIALMODE:-none}" +MOD_LIBPOD_CONF="${MOD_LIBPOD_CONF:false}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -105,6 +106,8 @@ OS_RELEASE_ID="$(source /etc/os-release; echo $ID)" OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | cut -d '.' -f 1)" # Combined to ease soe usage OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" +# Type of filesystem used for cgroups +CG_FS_TYPE="$(stat -f -c %T /sys/fs/cgroup)" # Installed into cache-images, supports overrides # by user-data in case of breakage or for debugging. diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 591a59a05..20014e5f3 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -8,7 +8,7 @@ set -e # Load in library (copied by packer, before this script was run) source /tmp/libpod/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC +req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER install_ooe @@ -17,9 +17,14 @@ trap "sudo rm -rf $GOPATH" EXIT $BIGTO ooe.sh sudo dnf update -y -echo "Enabling updates-testing repository" -$LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' -$LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing +# Do not enable update-stesting on the previous Fedora release +if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then + warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" + $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' + $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing +else + warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" +fi echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" REMOVE_PACKAGES=() @@ -98,6 +103,7 @@ case "$OS_RELEASE_VER" in python2-future runc ) + REMOVE_PACKAGES+=(crun) ;; 31) INSTALL_PACKAGES+=(crun) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 5364dd510..d2e1b8767 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -6,15 +6,19 @@ source $(dirname $0)/lib.sh req_env_var USER HOME GOSRC SCRIPT_BASE SETUP_MARKER_FILEPATH -show_env_vars - # Ensure this script only executes successfully once and always logs ending timestamp -[[ ! -e "$SETUP_MARKER_FILEPATH" ]] || exit 0 +if [[ -e "$SETUP_MARKER_FILEPATH" ]]; then + show_env_vars + exit 0 +fi + exithandler() { RET=$? echo "." echo "$(basename $0) exit status: $RET" [[ "$RET" -eq "0" ]] && date +%s >> "$SETUP_MARKER_FILEPATH" + show_env_vars + [ "$RET" -eq "0" ]] || warn "Non-zero exit caused by error ABOVE env. var. display." } trap exithandler EXIT @@ -46,42 +50,59 @@ case "${OS_RELEASE_ID}" in # All SELinux distros need this for systemd-in-a-container setsebool container_manage_cgroup true if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then - bash "$SCRIPT_BASE/add_second_partition.sh"; fi + bash "$SCRIPT_BASE/add_second_partition.sh" + fi - if [[ "$OS_RELEASE_VER" == "31" ]]; then - warn "Switching io schedular to deadline to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" > /sys/block/sda/queue/scheduler - cat /sys/block/sda/queue/scheduler + warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" > /sys/block/sda/queue/scheduler + cat /sys/block/sda/queue/scheduler - warn "Forcing systemd cgroup manager" - X=$(echo "export CGROUP_MANAGER=systemd" | \ - tee -a /etc/environment) && eval "$X" && echo "$X" + warn "Forcing systemd cgroup manager" + X=$(echo "export CGROUP_MANAGER=systemd" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + ;; + centos) # Current VM is an image-builder-image no local podman/testing + echo "No further setup required for VM image building" + exit 0 + ;; + *) bad_os_id_ver ;; +esac - warn "Testing with crun instead of runc" - X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ - tee -a /etc/environment) && eval "$X" && echo "$X" +# Reload to incorporate any changes from above +source "$SCRIPT_BASE/lib.sh" + +case "$CG_FS_TYPE" in + tmpfs) + warn "Forcing testing with runc instead of crun" + X=$(echo "export OCI_RUNTIME=/usr/bin/runc" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + ;; + cgroup2fs) + # This is necessary since we've built/installed from source, which uses runc as the default. + warn "Forcing testing with crun instead of runc" + X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + + if [[ "$MOD_LIBPOD_CONF" == "true" ]]; then + warn "Updating runtime setting in repo. copy of libpod.conf" + sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' $GOSRC/libpod.conf + git diff $GOSRC/libpod.conf + fi + if [[ "$OS_RELEASE_ID" == "fedora" ]]; then warn "Upgrading to the latest crun" # Normally not something to do for stable testing # but crun is new, and late-breaking fixes may be required # on short notice dnf update -y crun - - #warn "Setting SELinux into Permissive mode" - #setenforce 0 fi ;; - centos) # Current VM is an image-builder-image no local podman/testing - echo "No further setup required for VM image building" - exit 0 + *) + die 110 "Unsure how to handle cgroup filesystem type '$CG_FS_TYPE'" ;; - *) bad_os_id_ver ;; esac -# Reload to incorporate any changes from above -source "$SCRIPT_BASE/lib.sh" - # Must execute before possible setup_rootless() make install.tools @@ -42,7 +42,7 @@ require ( github.com/opencontainers/runc v1.0.0-rc9 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 github.com/opencontainers/runtime-tools v0.9.0 - github.com/opencontainers/selinux v1.3.2 + github.com/opencontainers/selinux v1.3.3 github.com/opentracing/opentracing-go v1.1.0 github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.0 @@ -402,6 +402,8 @@ github.com/opencontainers/selinux v1.3.1 h1:dn2Rc3wTEvTB6iVqoFrKKeMb0uZ38ZheeyMu github.com/opencontainers/selinux v1.3.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/opencontainers/selinux v1.3.2 h1:DR4lL9SYVjgcTZKEZIncvDU06fKSc/eygjmNGOA3E1s= github.com/opencontainers/selinux v1.3.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= +github.com/opencontainers/selinux v1.3.3 h1:RX0wAeqtvVSYQcr017X3pFXPkLEtB6V4NjRD7gVQgg4= +github.com/opencontainers/selinux v1.3.3/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o= github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10= github.com/openshift/imagebuilder v1.1.1 h1:KAUR31p8UBJdfVO42azWgb+LeMAed2zaKQ19e0C0X2I= diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh index 768137213..7e31c19c6 100755 --- a/hack/get_ci_vm.sh +++ b/hack/get_ci_vm.sh @@ -96,7 +96,7 @@ env=yaml.load(open(".cirrus.yml"), Loader=yaml.SafeLoader)["env"] keys=[k for k in env if "ENCRYPTED" not in str(env[k])] for k,v in env.items(): v=str(v) - if "ENCRYPTED" not in v: + if "ENCRYPTED" not in v and "ADD_SECOND_PARTITION" not in v: print("{0}=\"{1}\"".format(k, v)), ' } @@ -181,7 +181,7 @@ parse_args(){ [[ -z "$ROOTLESS_USER" ]] || \ ENVS="$ENVS ROOTLESS_USER=$ROOTLESS_USER" - SETUP_CMD="env $ENVS $GOSRC/contrib/cirrus/setup_environment.sh" + SETUP_CMD="env $ENVS ADD_SECOND_PARTITIO=True $GOSRC/contrib/cirrus/setup_environment.sh" VMNAME="${VMNAME:-${USER}-${IMAGE_NAME}}" CREATE_CMD="$PGCLOUD compute instances create --zone=$ZONE --image=${IMAGE_NAME} --custom-cpu=$CPUS --custom-memory=$MEMORY --boot-disk-size=$DISK --labels=in-use-by=$USER $IBI_ARGS $VMNAME" diff --git a/libpod/container.log.go b/libpod/container.log.go index 7c46dde9a..514edb8c8 100644 --- a/libpod/container.log.go +++ b/libpod/container.log.go @@ -41,6 +41,7 @@ func (c *Container) readFromLogFile(options *logs.LogOptions, logChannel chan *l if len(tailLog) > 0 { for _, nll := range tailLog { nll.CID = c.ID() + nll.CName = c.Name() if nll.Since(options.Since) { logChannel <- nll } @@ -63,6 +64,7 @@ func (c *Container) readFromLogFile(options *logs.LogOptions, logChannel chan *l partial = "" } nll.CID = c.ID() + nll.CName = c.Name() if nll.Since(options.Since) { logChannel <- nll } diff --git a/libpod/container_api.go b/libpod/container_api.go index 77fa372cc..aa932e0b8 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -270,11 +270,6 @@ func (c *Container) Exec(tty, privileged bool, env map[string]string, cmd []stri } }() - // if the user is empty, we should inherit the user that the container is currently running with - if user == "" { - user = c.config.User - } - opts := new(ExecOptions) opts.Cmd = cmd opts.CapAdd = capList diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 739026264..63968918c 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -330,7 +330,10 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { // Add addition groups if c.config.GroupAdd is not empty if len(c.config.Groups) > 0 { - gids, _ := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, nil) + gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides) + if err != nil { + return nil, errors.Wrapf(err, "error looking up supplemental groups for container %s", c.ID()) + } for _, gid := range gids { g.AddProcessAdditionalGid(gid) } diff --git a/libpod/logs/log.go b/libpod/logs/log.go index bd918abae..200ef3e99 100644 --- a/libpod/logs/log.go +++ b/libpod/logs/log.go @@ -38,6 +38,7 @@ type LogOptions struct { Timestamps bool Multi bool WaitGroup *sync.WaitGroup + UseName bool } // LogLine describes the information for each line of a log @@ -47,6 +48,7 @@ type LogLine struct { Time time.Time Msg string CID string + CName string } // GetLogFile returns an hp tail for a container given options @@ -164,11 +166,16 @@ func getTailLog(path string, tail int) ([]*LogLine, error) { func (l *LogLine) String(options *LogOptions) string { var out string if options.Multi { - cid := l.CID - if len(cid) > 12 { - cid = cid[:12] + if options.UseName { + cname := l.CName + out = fmt.Sprintf("%s ", cname) + } else { + cid := l.CID + if len(cid) > 12 { + cid = cid[:12] + } + out = fmt.Sprintf("%s ", cid) } - out = fmt.Sprintf("%s ", cid) } if options.Timestamps { out += fmt.Sprintf("%s ", l.Time.Format(LogTimeFormat)) diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 07d38693f..800f89603 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1252,18 +1252,35 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se } + var addGroups []string + var sgids []uint32 + + // if the user is empty, we should inherit the user that the container is currently running with + if user == "" { + user = c.config.User + addGroups = c.config.Groups + } + overrides := c.getUserOverrides() execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, overrides) if err != nil { return nil, err } + if len(addGroups) > 0 { + sgids, err = lookup.GetContainerGroups(addGroups, c.state.Mountpoint, overrides) + if err != nil { + return nil, errors.Wrapf(err, "error looking up supplemental groups for container %s exec session %s", c.ID(), sessionID) + } + } + // If user was set, look it up in the container to get a UID to use on // the host - if user != "" { - sgids := make([]uint32, 0, len(execUser.Sgids)) - for _, sgid := range execUser.Sgids { - sgids = append(sgids, uint32(sgid)) + if user != "" || len(sgids) > 0 { + if user != "" { + for _, sgid := range execUser.Sgids { + sgids = append(sgids, uint32(sgid)) + } } processUser := spec.User{ UID: uint32(execUser.Uid), diff --git a/libpod/pod.go b/libpod/pod.go index 1b4c06c9d..4cdeb1033 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -88,6 +88,7 @@ type PodInspect struct { type PodInspectState struct { CgroupPath string `json:"cgroupPath"` InfraContainerID string `json:"infraContainerID"` + Status string `json:"status"` } // PodContainerInfo keeps information on a container in a pod diff --git a/libpod/pod_api.go b/libpod/pod_api.go index cb04f7411..200732652 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -407,7 +407,10 @@ func (p *Pod) Status() (map[string]define.ContainerStatus, error) { if err != nil { return nil, err } + return containerStatusFromContainers(allCtrs) +} +func containerStatusFromContainers(allCtrs []*Container) (map[string]define.ContainerStatus, error) { // We need to lock all the containers for _, ctr := range allCtrs { ctr.lock.Lock() @@ -443,6 +446,14 @@ func (p *Pod) Inspect() (*PodInspect, error) { if err != nil { return &PodInspect{}, err } + ctrStatuses, err := containerStatusFromContainers(containers) + if err != nil { + return nil, err + } + status, err := CreatePodStatusResults(ctrStatuses) + if err != nil { + return nil, err + } for _, c := range containers { containerStatus := "unknown" // Ignoring possible errors here because we don't want this to be @@ -468,6 +479,7 @@ func (p *Pod) Inspect() (*PodInspect, error) { State: &PodInspectState{ CgroupPath: p.state.CgroupPath, InfraContainerID: infraContainerID, + Status: status, }, Containers: podContainers, } diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go index 75322ead4..670321f21 100644 --- a/pkg/bindings/containers/containers.go +++ b/pkg/bindings/containers/containers.go @@ -238,7 +238,7 @@ func Exists(ctx context.Context, nameOrID string) (bool, error) { if err != nil { return false, err } - response, err := conn.DoRequest(nil, http.MethodGet, "containers/%s/exists", nil, nameOrID) + response, err := conn.DoRequest(nil, http.MethodGet, "/containers/%s/exists", nil, nameOrID) if err != nil { return false, err } diff --git a/pkg/bindings/test/common_test.go b/pkg/bindings/test/common_test.go index 38f5014ca..1fc774074 100644 --- a/pkg/bindings/test/common_test.go +++ b/pkg/bindings/test/common_test.go @@ -240,3 +240,7 @@ func createCache() { } b.cleanup() } + +func isStopped(state string) bool { + return state == "exited" || state == "stopped" +} diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go index e875fb2f8..299a78ac2 100644 --- a/pkg/bindings/test/containers_test.go +++ b/pkg/bindings/test/containers_test.go @@ -232,7 +232,7 @@ var _ = Describe("Podman containers ", func() { // Ensure container is stopped data, err := containers.Inspect(connText, name, nil) Expect(err).To(BeNil()) - Expect(data.State.Status).To(Equal("exited")) + Expect(isStopped(data.State.Status)).To(BeTrue()) }) It("podman stop a running container by ID", func() { @@ -247,7 +247,7 @@ var _ = Describe("Podman containers ", func() { // Ensure container is stopped data, err = containers.Inspect(connText, name, nil) Expect(err).To(BeNil()) - Expect(data.State.Status).To(Equal("exited")) + Expect(isStopped(data.State.Status)).To(BeTrue()) }) It("podman wait no condition", func() { diff --git a/pkg/bindings/test/pods_test.go b/pkg/bindings/test/pods_test.go index 4bea2f8d7..afffee4e6 100644 --- a/pkg/bindings/test/pods_test.go +++ b/pkg/bindings/test/pods_test.go @@ -13,7 +13,7 @@ import ( "github.com/onsi/gomega/gexec" ) -var _ = Describe("Podman images", func() { +var _ = Describe("Podman pods", func() { var ( bt *bindingTest s *gexec.Session @@ -120,6 +120,7 @@ var _ = Describe("Podman images", func() { err = pods.Pause(connText, newpod) Expect(err).To(BeNil()) response, err = pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStatePaused)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). To(Equal(define.ContainerStatePaused)) @@ -129,6 +130,7 @@ var _ = Describe("Podman images", func() { err = pods.Unpause(connText, newpod) Expect(err).To(BeNil()) response, err = pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateRunning)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). To(Equal(define.ContainerStateRunning)) @@ -159,6 +161,7 @@ var _ = Describe("Podman images", func() { Expect(err).To(BeNil()) response, err := pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateRunning)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). To(Equal(define.ContainerStateRunning)) @@ -172,6 +175,7 @@ var _ = Describe("Podman images", func() { err = pods.Stop(connText, newpod, nil) Expect(err).To(BeNil()) response, _ = pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateExited)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). To(Equal(define.ContainerStateStopped)) @@ -184,13 +188,66 @@ var _ = Describe("Podman images", func() { err = pods.Restart(connText, newpod) Expect(err).To(BeNil()) response, _ = pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateRunning)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). To(Equal(define.ContainerStateRunning)) } }) - // Remove all stopped pods and their container to be implemented. + // Test to validate all the pods in the stopped/exited state are pruned sucessfully. It("prune pod", func() { + // Add a new pod + var newpod2 string = "newpod2" + bt.Podcreate(&newpod2) + // No pods pruned since no pod in exited state + err = pods.Prune(connText) + Expect(err).To(BeNil()) + podSummary, err := pods.List(connText, nil) + Expect(err).To(BeNil()) + Expect(len(podSummary)).To(Equal(2)) + + // Prune only one pod which is in exited state. + // Start then stop a pod. + // pod moves to exited state one pod should be pruned now. + err = pods.Start(connText, newpod) + Expect(err).To(BeNil()) + err = pods.Stop(connText, newpod, nil) + Expect(err).To(BeNil()) + response, err := pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateExited)) + err = pods.Prune(connText) + Expect(err).To(BeNil()) + podSummary, err = pods.List(connText, nil) + Expect(err).To(BeNil()) + Expect(len(podSummary)).To(Equal(1)) + + // Test prune all pods in exited state. + bt.Podcreate(&newpod) + err = pods.Start(connText, newpod) + Expect(err).To(BeNil()) + err = pods.Start(connText, newpod2) + Expect(err).To(BeNil()) + err = pods.Stop(connText, newpod, nil) + Expect(err).To(BeNil()) + response, err = pods.Inspect(connText, newpod) + Expect(response.State.Status).To(Equal(define.PodStateExited)) + for _, i := range response.Containers { + Expect(define.StringToContainerStatus(i.State)). + To(Equal(define.ContainerStateStopped)) + } + err = pods.Stop(connText, newpod2, nil) + Expect(err).To(BeNil()) + response, err = pods.Inspect(connText, newpod2) + Expect(response.State.Status).To(Equal(define.PodStateExited)) + for _, i := range response.Containers { + Expect(define.StringToContainerStatus(i.State)). + To(Equal(define.ContainerStateStopped)) + } + err = pods.Prune(connText) + Expect(err).To(BeNil()) + podSummary, err = pods.List(connText, nil) + Expect(err).To(BeNil()) + Expect(len(podSummary)).To(Equal(0)) }) }) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index ed4eb3335..ab806f683 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "strings" @@ -244,4 +245,27 @@ var _ = Describe("Podman exec", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman exec preserves --group-add groups", func() { + groupName := "group1" + gid := "4444" + ctrName1 := "ctr1" + ctr1 := podmanTest.Podman([]string{"run", "-ti", "--name", ctrName1, fedoraMinimal, "groupadd", "-g", gid, groupName}) + ctr1.WaitWithDefaultTimeout() + Expect(ctr1.ExitCode()).To(Equal(0)) + + imgName := "img1" + commit := podmanTest.Podman([]string{"commit", ctrName1, imgName}) + commit.WaitWithDefaultTimeout() + Expect(commit.ExitCode()).To(Equal(0)) + + ctrName2 := "ctr2" + ctr2 := podmanTest.Podman([]string{"run", "-d", "--name", ctrName2, "--group-add", groupName, imgName, "sleep", "300"}) + ctr2.WaitWithDefaultTimeout() + Expect(ctr2.ExitCode()).To(Equal(0)) + + exec := podmanTest.Podman([]string{"exec", "-ti", ctrName2, "id"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(Equal(0)) + Expect(strings.Contains(exec.OutputToString(), fmt.Sprintf("%s(%s)", gid, groupName))).To(BeTrue()) + }) }) diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 0e97a0778..c51ddfda2 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -115,7 +115,7 @@ func verifySELinuxfsMount(mnt string) bool { return false } - if buf.Type != unix.SELINUX_MAGIC { + if uint32(buf.Type) != uint32(unix.SELINUX_MAGIC) { return false } if (buf.Flags & stRdOnly) != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index 564717381..a0adafc5f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -405,7 +405,7 @@ github.com/opencontainers/runtime-tools/generate github.com/opencontainers/runtime-tools/generate/seccomp github.com/opencontainers/runtime-tools/specerror github.com/opencontainers/runtime-tools/validate -# github.com/opencontainers/selinux v1.3.2 +# github.com/opencontainers/selinux v1.3.3 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label # github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 |