summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/common/specgen.go32
-rw-r--r--cmd/podman/containers/create.go17
-rw-r--r--cmd/podman/containers/run.go8
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--libpod/container_internal.go4
-rw-r--r--pkg/selinux/selinux.go8
-rw-r--r--pkg/specgen/container_validate.go2
-rw-r--r--pkg/specgen/generate/config_linux_cgo.go3
-rw-r--r--pkg/specgen/generate/container.go6
-rw-r--r--pkg/specgen/generate/container_create.go21
-rw-r--r--pkg/specgen/generate/namespaces.go2
-rw-r--r--pkg/specgen/specgen.go9
-rw-r--r--test/e2e/run_cgroup_parent_test.go1
-rw-r--r--test/e2e/run_test.go10
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go7
-rw-r--r--vendor/modules.txt2
17 files changed, 91 insertions, 47 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index b90030f7f..abec1213c 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -119,13 +119,13 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (
func getPidsLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) (*specs.LinuxPids, error) {
pids := &specs.LinuxPids{}
hasLimits := false
+ if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 {
+ return nil, nil
+ }
if c.PIDsLimit > 0 {
pids.Limit = c.PIDsLimit
hasLimits = true
}
- if c.CGroupsMode == "disabled" && c.PIDsLimit > 0 {
- s.ResourceLimits.Pids.Limit = -1
- }
if !hasLimits {
return nil, nil
}
@@ -288,7 +288,23 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if c.EnvHost {
env = envLib.Join(env, osEnv)
+ } else if c.HTTPProxy {
+ for _, envSpec := range []string{
+ "http_proxy",
+ "HTTP_PROXY",
+ "https_proxy",
+ "HTTPS_PROXY",
+ "ftp_proxy",
+ "FTP_PROXY",
+ "no_proxy",
+ "NO_PROXY",
+ } {
+ if v, ok := osEnv[envSpec]; ok {
+ env[envSpec] = v
+ }
+ }
}
+
// env-file overrides any previous variables
for _, f := range c.EnvFile {
fileEnv, err := envLib.ParseFile(f)
@@ -449,6 +465,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.CgroupParent = c.CGroupParent
s.CgroupsMode = c.CGroupsMode
+ s.Groups = c.GroupAdd
// TODO WTF
//cgroup := &cc.CgroupConfig{
// Cgroupns: c.String("cgroupns"),
@@ -585,7 +602,14 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if len(split) < 2 {
return errors.Errorf("invalid log option %q", o)
}
- logOpts[split[0]] = split[1]
+ switch {
+ case split[0] == "driver":
+ s.LogConfiguration.Driver = split[1]
+ case split[0] == "path":
+ s.LogConfiguration.Path = split[1]
+ default:
+ logOpts[split[0]] = split[1]
+ }
}
s.LogConfiguration.Options = logOpts
s.Name = c.Name
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 8f140e2b8..da550b606 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -75,8 +75,7 @@ func init() {
func create(cmd *cobra.Command, args []string) error {
var (
- err error
- rawImageInput string
+ err error
)
cliVals.Net, err = common.NetFlagsToNetOptions(cmd)
if err != nil {
@@ -92,20 +91,16 @@ func create(cmd *cobra.Command, args []string) error {
defer errorhandling.SyncQuiet(cidFile)
}
- if rfs := cliVals.RootFS; !rfs {
- rawImageInput = args[0]
- }
-
if err := createInit(cmd); err != nil {
return err
}
- if err := pullImage(args[0]); err != nil {
- return err
+ if !cliVals.RootFS {
+ if err := pullImage(args[0]); err != nil {
+ return err
+ }
}
-
- //TODO rootfs still
- s := specgen.NewSpecGenerator(rawImageInput)
+ s := specgen.NewSpecGenerator(args[0], cliVals.RootFS)
if err := common.FillOutSpecGen(s, &cliVals, args); err != nil {
return err
}
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 409b72198..e3fe4cd0b 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -104,8 +104,10 @@ func run(cmd *cobra.Command, args []string) error {
return err
}
- if err := pullImage(args[0]); err != nil {
- return err
+ if !cliVals.RootFS {
+ if err := pullImage(args[0]); err != nil {
+ return err
+ }
}
// If -i is not set, clear stdin
@@ -136,7 +138,7 @@ func run(cmd *cobra.Command, args []string) error {
}
runOpts.Detach = cliVals.Detach
runOpts.DetachKeys = cliVals.DetachKeys
- s := specgen.NewSpecGenerator(args[0])
+ s := specgen.NewSpecGenerator(args[0], cliVals.RootFS)
if err := common.FillOutSpecGen(s, &cliVals, args); err != nil {
return err
}
diff --git a/go.mod b/go.mod
index 9bbe9da84..09077188c 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
github.com/containernetworking/plugins v0.8.5
github.com/containers/buildah v1.14.8
- github.com/containers/common v0.9.4
+ github.com/containers/common v0.9.5
github.com/containers/conmon v2.0.14+incompatible
github.com/containers/image/v5 v5.4.3
github.com/containers/psgo v1.4.0
diff --git a/go.sum b/go.sum
index cae07d467..92ea6f545 100644
--- a/go.sum
+++ b/go.sum
@@ -66,8 +66,8 @@ github.com/containernetworking/plugins v0.8.5/go.mod h1:UZ2539umj8djuRQmBxuazHeJ
github.com/containers/buildah v1.14.8 h1:JbMI0QSOmyZ30Mr2633uCXAj+Fajgh/EFS9xX/Y14oQ=
github.com/containers/buildah v1.14.8/go.mod h1:ytEjHJQnRXC1ygXMyc0FqYkjcoCydqBQkOdxbH563QU=
github.com/containers/common v0.8.1/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs=
-github.com/containers/common v0.9.4 h1:Rh4vZRT4XJ+lQouE2XpOXr/xV/+wxv4pE7ZmdxmjRt8=
-github.com/containers/common v0.9.4/go.mod h1:9YGKPwu6NFYQG2NtSP9bRhNGA8mgd1mUCCkOU2tr+Pc=
+github.com/containers/common v0.9.5 h1:rqGMfYuD1euB38kW2sbQQTRelnrXPQ1E2vkcOP9HNnA=
+github.com/containers/common v0.9.5/go.mod h1:9YGKPwu6NFYQG2NtSP9bRhNGA8mgd1mUCCkOU2tr+Pc=
github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y=
github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 4cb80a98b..3fcf687ec 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -435,12 +435,12 @@ func (c *Container) setupStorage(ctx context.Context) error {
processLabel := containerInfo.ProcessLabel
switch {
case c.ociRuntime.SupportsKVM():
- processLabel, err = selinux.SELinuxKVMLabel(processLabel)
+ processLabel, err = selinux.KVMLabel(processLabel)
if err != nil {
return err
}
case c.config.Systemd:
- processLabel, err = selinux.SELinuxInitLabel(processLabel)
+ processLabel, err = selinux.InitLabel(processLabel)
if err != nil {
return err
}
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 975519cce..6b6d065f7 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -4,8 +4,8 @@ import (
"github.com/opencontainers/selinux/go-selinux"
)
-// SELinuxKVMLabel returns labels for running kvm isolated containers
-func SELinuxKVMLabel(cLabel string) (string, error) {
+// KVMLabel returns labels for running kvm isolated containers
+func KVMLabel(cLabel string) (string, error) {
if cLabel == "" {
// selinux is disabled
return "", nil
@@ -15,8 +15,8 @@ func SELinuxKVMLabel(cLabel string) (string, error) {
return swapSELinuxLabel(cLabel, processLabel)
}
-// SELinuxInitLabel returns labels for running systemd based containers
-func SELinuxInitLabel(cLabel string) (string, error) {
+// InitLabel returns labels for running systemd based containers
+func InitLabel(cLabel string) (string, error) {
if cLabel == "" {
// selinux is disabled
return "", nil
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 56c1a7ea9..87fc59dfe 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -34,7 +34,7 @@ func (s *SpecGenerator) Validate() error {
}
// Cannot set hostname and utsns
if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() {
- return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when creating an UTS namespace")
+ return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace")
}
// systemd values must be true, false, or always
if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) {
diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go
index b06ef5c9a..5d629a6e6 100644
--- a/pkg/specgen/generate/config_linux_cgo.go
+++ b/pkg/specgen/generate/config_linux_cgo.go
@@ -24,6 +24,9 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *imag
}
if scp == seccomp.PolicyImage {
+ if img == nil {
+ return nil, errors.New("cannot read seccomp profile without a valid image")
+ }
labels, err := img.Labels(context.Background())
if err != nil {
return nil, err
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index de3239fda..9797ad572 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -15,7 +15,11 @@ import (
func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error {
var appendEntryPoint bool
- // TODO add support for raw rootfs
+ // If a rootfs is used, then there is no image data
+ if s.ContainerStorageConfig.Rootfs != "" {
+ return nil
+ }
+
newImage, err := r.ImageRuntime().NewFromLocal(s.Image)
if err != nil {
return err
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 1be77d315..49a717c5d 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
+ "github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/specgen"
"github.com/containers/storage"
"github.com/pkg/errors"
@@ -15,9 +16,6 @@ import (
// MakeContainer creates a container based on the SpecGenerator
func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Container, error) {
- if err := s.Validate(); err != nil {
- return nil, errors.Wrap(err, "invalid config provided")
- }
rtc, err := rt.GetConfig()
if err != nil {
return nil, err
@@ -87,12 +85,19 @@ func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Contai
return nil, err
}
options = append(options, createExitCommandOption(s, rt.StorageConfig(), rtc, podmanPath))
- newImage, err := rt.ImageRuntime().NewFromLocal(s.Image)
- if err != nil {
- return nil, err
+ var newImage *image.Image
+ if s.Rootfs != "" {
+ options = append(options, libpod.WithRootFS(s.Rootfs))
+ } else {
+ newImage, err = rt.ImageRuntime().NewFromLocal(s.Image)
+ if err != nil {
+ return nil, err
+ }
+ options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName))
+ }
+ if err := s.Validate(); err != nil {
+ return nil, errors.Wrap(err, "invalid config provided")
}
-
- options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName))
runtimeSpec, err := SpecGenToOCI(s, rt, newImage)
if err != nil {
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 2aaeb9513..2e0e088bf 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -26,7 +26,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
nsType = strings.ToLower(nsType)
// If the pod is not nil - check shared namespaces
- if pod != nil {
+ if pod != nil && pod.HasInfraContainer() {
podMode := false
switch {
case nsType == "pid" && pod.SharesPID():
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 37f2b3190..275af1f49 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -402,8 +402,13 @@ type NamedVolume struct {
}
// NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs
-func NewSpecGenerator(image string) *SpecGenerator {
- csc := ContainerStorageConfig{Image: image}
+func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator {
+ csc := ContainerStorageConfig{}
+ if rootfs {
+ csc.Rootfs = arg
+ } else {
+ csc.Image = arg
+ }
return &SpecGenerator{
ContainerStorageConfig: csc,
}
diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go
index 69b4f920c..14294eeac 100644
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@@ -18,7 +18,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
)
BeforeEach(func() {
- Skip(v2fail)
SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index c84bbe91f..7d4039819 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -29,7 +29,6 @@ var _ = Describe("Podman run", func() {
)
BeforeEach(func() {
- Skip(v2fail)
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
@@ -252,14 +251,15 @@ var _ = Describe("Podman run", func() {
})
It("podman run --host-env environment test", func() {
- os.Setenv("FOO", "BAR")
- session := podmanTest.Podman([]string{"run", "--rm", "--env-host", ALPINE, "printenv", "FOO"})
+ env := append(os.Environ(), "FOO=BAR")
+ session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env)
+
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
match, _ := session.GrepString("BAR")
Expect(match).Should(BeTrue())
- session = podmanTest.Podman([]string{"run", "--rm", "--env", "FOO=BAR1", "--env-host", ALPINE, "printenv", "FOO"})
+ session = podmanTest.PodmanAsUser([]string{"run", "--rm", "--env", "FOO=BAR1", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env)
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
match, _ = session.GrepString("BAR1")
@@ -708,6 +708,7 @@ USER mail`
})
It("podman run --volumes-from flag with built-in volumes", func() {
+ Skip(v2fail)
session := podmanTest.Podman([]string{"create", redis, "sh"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -802,6 +803,7 @@ USER mail`
})
It("podman run --pod automatically", func() {
+ Skip(v2fail)
session := podmanTest.Podman([]string{"run", "--pod", "new:foobar", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index d0f8649c5..446382ac7 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -141,13 +141,18 @@ func DefaultConfig() (*Config, error) {
netns = "slirp4netns"
}
+ cgroupNS := "host"
+ if cgroup2, _ := cgroupv2.Enabled(); cgroup2 {
+ cgroupNS = "private"
+ }
+
return &Config{
Containers: ContainersConfig{
Devices: []string{},
Volumes: []string{},
Annotations: []string{},
ApparmorProfile: DefaultApparmorProfile,
- CgroupNS: "private",
+ CgroupNS: cgroupNS,
Cgroups: "enabled",
DefaultCapabilities: DefaultCapabilities,
DefaultSysctls: []string{},
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ba7990fb7..782a905a1 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/secrets
github.com/containers/buildah/pkg/supplemented
github.com/containers/buildah/pkg/umask
github.com/containers/buildah/util
-# github.com/containers/common v0.9.4
+# github.com/containers/common v0.9.5
github.com/containers/common/pkg/apparmor
github.com/containers/common/pkg/auth
github.com/containers/common/pkg/capabilities