diff options
| -rw-r--r-- | cmd/podman/common/create_opts.go | 1 | ||||
| -rw-r--r-- | docs/source/markdown/podman-generate-systemd.1.md | 7 | ||||
| -rw-r--r-- | go.mod | 6 | ||||
| -rw-r--r-- | go.sum | 12 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 20 | ||||
| -rw-r--r-- | pkg/api/handlers/libpod/containers_create.go | 13 | ||||
| -rw-r--r-- | pkg/specgen/specgen.go | 8 | ||||
| -rw-r--r-- | pkg/specgenutil/volumes.go | 2 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers.go | 19 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers_test.go | 163 | ||||
| -rw-r--r-- | pkg/util/mountOpts.go | 15 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 43 | ||||
| -rw-r--r-- | test/apiv2/containers.no_hosts.conf | 2 | ||||
| -rw-r--r-- | test/e2e/run_volume_test.go | 13 | ||||
| -rw-r--r-- | test/system/045-start.bats | 13 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/pkg/docker/config/config.go | 3 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/version/version.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/storage/pkg/archive/archive_linux.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 6 |
19 files changed, 308 insertions, 44 deletions
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index ad6b3870a..39146f918 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -181,6 +181,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c Network: nsmode, PublishPorts: specPorts, NetworkOptions: netOpts, + NoHosts: rtc.Containers.NoHosts, } // network names diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 650ffa52f..8c3c32d04 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -145,7 +145,12 @@ RequiresMountsFor=/var/run/container/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure ExecStartPre=/bin/rm -f %t/%n-pid %t/%n-cid -ExecStart=/usr/local/bin/podman run --conmon-pidfile %t/%n-pid --cidfile %t/%n-cid --cgroups=no-conmon -d -dit alpine +ExecStart=/usr/local/bin/podman run + --conmon-pidfile %t/%n-pid + --cidfile %t/%n-cid + --cgroups=no-conmon + -d + -dit alpine ExecStop=/usr/local/bin/podman stop --ignore --cidfile %t/%n-cid -t 10 ExecStopPost=/usr/local/bin/podman rm --ignore -f --cidfile %t/%n-cid PIDFile=%t/%n-pid @@ -12,12 +12,12 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 - github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 + github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 github.com/containers/conmon v2.0.20+incompatible - github.com/containers/image/v5 v5.21.0 + github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 github.com/containers/ocicrypt v1.1.3 github.com/containers/psgo v1.7.2 - github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d + github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 github.com/coreos/go-systemd/v22 v22.3.2 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 github.com/cyphar/filepath-securejoin v0.2.3 @@ -355,14 +355,14 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 h1:lKSxhMBpcHyyQrj2QJYzcm56uiSeibRdSL2KoppF6rg= github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057/go.mod h1:iSoopbYRb6K4b5c3hXgXNkGTI/T085t2+XiGjceud94= github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc= -github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 h1:l11SsRJ9tKgnmS+ltdzMrsc15TIFrOH/o8EE1FZ9jTo= -github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk= +github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 h1:IQeqv8Hf6CqFUlKaz95QFTrLc9V4sbVQyhP9jzGnNBc= +github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE= github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro= -github.com/containers/image/v5 v5.21.0 h1:pDS3kjJBlaGDItKzjvJDqKXwyQs01gv54b6QuMuaH4g= -github.com/containers/image/v5 v5.21.0/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro= +github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 h1:Md1CckW9KSYkdtMdKG70Fc+YqCCVgT+HAr7NS9Ilf8E= +github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0/go.mod h1:JhGkIpC7vKBpLc6mTBE4S8cZUAD+8HgicsxYaLv6BsQ= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -379,8 +379,8 @@ github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZP github.com/containers/storage v1.38.3-0.20220301151551-d06b0f81c0aa/go.mod h1:LkkL34WRi4dI4jt9Cp+ImdZi/P5i36glSHimT5CP5zM= github.com/containers/storage v1.39.0/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs= github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9/go.mod h1:IMa2AfBI+Fxxk2hQqLTGhpJX6z2pZS1/I785QJeUwUY= -github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d h1:Xapzm11C1zDNPpdb/1TgTqGvnQEnDoFHUwM487r64Eo= -github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d/go.mod h1:UuYvGSKIdmzkjHbT/PENtxLRVGQ974nyhMbYp0KP19w= +github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 h1:V3aVdbQt9qU6tu4HHAJtro4H8+Hnv6X/hrUNba8dll0= +github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877/go.mod h1:UuYvGSKIdmzkjHbT/PENtxLRVGQ974nyhMbYp0KP19w= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 8c3d283a5..f92898b1c 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -475,6 +475,26 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if isAnonymous { volOptions = append(volOptions, withSetAnon()) } + + // If volume-opts are set parse and add driver opts. + if len(vol.Options) > 0 { + isDriverOpts := false + driverOpts := make(map[string]string) + for _, opts := range vol.Options { + if strings.HasPrefix(opts, "volume-opt") { + isDriverOpts = true + driverOptKey, driverOptValue, err := util.ParseDriverOpts(opts) + if err != nil { + return nil, err + } + driverOpts[driverOptKey] = driverOptValue + } + } + if isDriverOpts { + parsedOptions := []VolumeCreateOption{WithVolumeOptions(driverOpts)} + volOptions = append(volOptions, parsedOptions...) + } + } newVol, err := r.newVolume(ctx, volOptions...) if err != nil { return nil, errors.Wrapf(err, "error creating named volume %q", vol.Name) diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go index 61f437faf..4f9dc008d 100644 --- a/pkg/api/handlers/libpod/containers_create.go +++ b/pkg/api/handlers/libpod/containers_create.go @@ -18,7 +18,18 @@ import ( // the new container ID on success along with any warnings. func CreateContainer(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) - var sg specgen.SpecGenerator + conf, err := runtime.GetConfigNoCopy() + if err != nil { + utils.InternalServerError(w, err) + return + } + + // we have to set the default before we decode to make sure the correct default is set when the field is unset + sg := specgen.SpecGenerator{ + ContainerNetworkConfig: specgen.ContainerNetworkConfig{ + UseImageHosts: conf.Containers.NoHosts, + }, + } if err := json.NewDecoder(r.Body).Decode(&sg); err != nil { utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "Decode()")) diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 27d77af9f..dfac1d457 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -467,7 +467,13 @@ type ContainerNetworkConfig struct { // UseImageHosts indicates that /etc/hosts should not be managed by // Podman, and instead sourced from the image. // Conflicts with HostAdd. - UseImageHosts bool `json:"use_image_hosts,omitempty"` + // Do not set omitempty here, if this is false it should be set to not get + // the server default. + // Ideally this would be a pointer so we could differentiate between an + // explicitly false/true and unset (containers.conf default). However + // specgen is stable so we can not change this right now. + // TODO (5.0): change to pointer + UseImageHosts bool `json:"use_image_hosts"` // HostAdd is a set of hosts which will be added to the container's // /etc/hosts file. // Conflicts with UseImageHosts. diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 8a861077a..aa07de0af 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -523,6 +523,8 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) { for _, val := range args { kv := strings.SplitN(val, "=", 2) switch kv[0] { + case "volume-opt": + newVolume.Options = append(newVolume.Options, val) case "ro", "rw": if setRORW { return nil, errors.Wrapf(optionArgError, "cannot pass 'ro' and 'rw' options more than once") diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index e11aed771..d552e21ed 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -282,6 +282,22 @@ func setContainerNameForTemplate(startCommand []string, info *containerInfo) ([] return startCommand, nil } +func formatOptions(options []string) string { + var formatted strings.Builder + if len(options) == 0 { + return "" + } + formatted.WriteString(options[0]) + for _, o := range options[1:] { + if strings.HasPrefix(o, "-") { + formatted.WriteString(" \\\n\t" + o) + continue + } + formatted.WriteString(" " + o) + } + return formatted.String() +} + // executeContainerTemplate executes the container template on the specified // containerInfo. Note that the containerInfo is also post processed and // completed, which allows for an easier unit testing. @@ -475,9 +491,8 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst return "", err } } - info.ExecStart = strings.Join(startCommand, " ") + info.ExecStart = formatOptions(startCommand) } - info.TimeoutStopSec = minTimeoutStopSec + info.StopTimeout if info.PodmanVersion == "" { diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index b9bf7c317..640aa298e 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -266,7 +266,15 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" +ExecStart=/usr/bin/podman container run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --replace \ + --name jadda-jadda \ + --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -291,7 +299,15 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm -d --replace --sdnotify=container --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" +ExecStart=/usr/bin/podman container run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + -d \ + --replace \ + --sdnotify=container \ + --name jadda-jadda \ + --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -316,7 +332,15 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + --replace \ + -d \ + --name jadda-jadda \ + --hostname hello-world awesome-image:latest command arg1 ... argN ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -341,7 +365,16 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --pod-id-file %t/pod-foobar.pod-id-file --sdnotify=conmon --replace -d --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --pod-id-file %t/pod-foobar.pod-id-file \ + --sdnotify=conmon \ + --replace \ + -d \ + --name jadda-jadda \ + --hostname hello-world awesome-image:latest command arg1 ... argN ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -366,7 +399,15 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace --detach --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + --replace \ + --detach \ + --name jadda-jadda \ + --hostname hello-world awesome-image:latest command arg1 ... argN ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -391,7 +432,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -417,7 +463,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon ` + +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + ` + detachparam + ` awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id @@ -446,7 +497,16 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test -p 80:80 awesome-image:latest somecmd --detach=false +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --replace \ + --name test \ + -p 80:80 awesome-image:latest somecmd \ + --detach=false ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -471,7 +531,14 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman --events-backend none --runroot /root run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStart=/usr/bin/podman \ + --events-backend none \ + --runroot /root run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -496,7 +563,12 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStart=/usr/bin/podman container run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -521,7 +593,16 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test --log-driver=journald --log-opt=tag={{.Name}} awesome-image:latest +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --replace \ + --name test \ + --log-driver=journald \ + --log-opt=tag={{.Name}} awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -546,7 +627,15 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test awesome-image:latest sh -c "kill $$$$ && echo %%\\" +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --replace \ + --name test awesome-image:latest sh \ + -c "kill $$$$ && echo %%\\" ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -571,7 +660,16 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --conmon-pidfile=foo awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo alpine +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --conmon-pidfile=foo awesome-image:latest podman run \ + --cgroups=foo \ + --conmon-pidfile=foo \ + --cidfile=foo alpine ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -596,7 +694,18 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --pod-id-file %t/pod-foobar.pod-id-file --sdnotify=conmon -d --conmon-pidfile=foo awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo --pod-id-file /tmp/pod-foobar.pod-id-file alpine +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --pod-id-file %t/pod-foobar.pod-id-file \ + --sdnotify=conmon \ + -d \ + --conmon-pidfile=foo awesome-image:latest podman run \ + --cgroups=foo \ + --conmon-pidfile=foo \ + --cidfile=foo \ + --pod-id-file /tmp/pod-foobar.pod-id-file alpine ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -622,7 +731,16 @@ Environment=FOO=abc "BAR=my test" USER=%%a Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --env FOO --env=BAR --env=MYENV=2 -e USER awesome-image:latest +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d \ + --env FOO \ + --env=BAR \ + --env=MYENV=2 \ + -e USER awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -648,7 +766,12 @@ Restart=on-failure StartLimitBurst=42 TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStart=/usr/bin/podman run \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify @@ -674,7 +797,13 @@ Restart=on-failure StartLimitBurst=42 TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id -ExecStart=/usr/bin/podman run --name=container-foo-%i --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStart=/usr/bin/podman run \ + --name=container-foo-%i \ + --cidfile=%t/%n.ctr-id \ + --cgroups=no-conmon \ + --rm \ + --sdnotify=conmon \ + -d awesome-image:latest ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id Type=notify diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 2a0101791..e37394619 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -57,6 +57,9 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string switch splitOpt[0] { case "O": foundOverlay = true + case "volume-opt": + // Volume-opt should be relayed and processed by driver. + newOptions = append(newOptions, opt) case "exec", "noexec": if foundExec { return nil, errors.Wrapf(ErrDupeMntOption, "only one of 'noexec' and 'exec' can be used") @@ -175,3 +178,15 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string return newOptions, nil } + +func ParseDriverOpts(option string) (string, string, error) { + token := strings.SplitN(option, "=", 2) + if len(token) != 2 { + return "", "", errors.Wrapf(ErrBadMntOption, "cannot parse driver opts") + } + opt := strings.SplitN(token[1], "=", 2) + if len(opt) != 2 { + return "", "", errors.Wrapf(ErrBadMntOption, "cannot parse driver opts") + } + return opt[0], opt[1], nil +} diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 94de2cf24..a3675d40a 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -447,3 +447,46 @@ t GET images/$iid/json 200 \ t DELETE containers/$cid 204 t DELETE images/docker.io/library/newrepo:v3?force=false 200 + +# test create without default no_hosts +t POST containers/create \ + Image=$IMAGE \ + 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") + +t POST libpod/containers/$cid/init 204 + +t GET libpod/containers/$cid/json 200 + +cpid_file=$(jq -r '.ConmonPidFile' <<<"$output") +userdata_path=$(dirname $cpid_file) + +t GET libpod/containers/$cid/json 200 \ + .HostsPath=$userdata_path/hosts + +t DELETE containers/$cid 204 + +# test create with default no_hosts=true +stop_service + +CONTAINERS_CONF=$TESTS_DIR/containers.no_hosts.conf start_service + +# check docker and libpod endpoint +for endpoint in containers/create libpod/containers/create; do + t POST $endpoint \ + Image=$IMAGE \ + 201 \ + .Id~[0-9a-f]\\{64\\} + cid=$(jq -r '.Id' <<<"$output") + + t POST libpod/containers/$cid/init 204 + + t GET libpod/containers/$cid/json 200 \ + .HostsPath="" + + t DELETE containers/$cid 204 +done + +stop_service +start_service diff --git a/test/apiv2/containers.no_hosts.conf b/test/apiv2/containers.no_hosts.conf new file mode 100644 index 000000000..b4c78bedb --- /dev/null +++ b/test/apiv2/containers.no_hosts.conf @@ -0,0 +1,2 @@ +[containers] +no_hosts=true diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 471b3a342..4887197f6 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -797,6 +797,19 @@ VOLUME /test/`, ALPINE) Expect(session.OutputToString()).Should(Equal("888:888")) }) + It("podman run with --mount and named volume with driver-opts", func() { + // anonymous volume mount with driver opts + vol := "type=volume,source=test_vol,dst=/test,volume-opt=type=tmpfs,volume-opt=device=tmpfs,volume-opt=o=nodev" + session := podmanTest.Podman([]string{"run", "--rm", "--mount", vol, ALPINE, "echo", "hello"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + inspectVol := podmanTest.Podman([]string{"volume", "inspect", "test_vol"}) + inspectVol.WaitWithDefaultTimeout() + Expect(inspectVol).Should(Exit(0)) + Expect(inspectVol.OutputToString()).To(ContainSubstring("nodev")) + }) + It("volume permissions after run", func() { imgName := "testimg" dockerfile := fmt.Sprintf(`FROM %s diff --git a/test/system/045-start.bats b/test/system/045-start.bats index 2ea057cd3..31e924ca5 100644 --- a/test/system/045-start.bats +++ b/test/system/045-start.bats @@ -41,18 +41,19 @@ load helpers @test "podman start --filter - start only containers that match the filter" { run_podman run -d $IMAGE /bin/true cid="$output" - run_podman start --filter restart-policy=always $cid "CID of restart-policy=always container" - is "$output" "" + run_podman start --filter restart-policy=always $cid + is "$output" "" "CID of restart-policy=always container" - run_podman start --filter restart-policy=none $cid "CID of restart-policy=none container" - is "$output" "$cid" + run_podman start --filter restart-policy=none $cid + is "$output" "$cid" "CID of restart-policy=none container" } @test "podman start --filter invalid-restart-policy - return error" { run_podman run -d $IMAGE /bin/true cid="$output" - run_podman 125 start --filter restart-policy=fakepolicy $cid "CID of restart-policy=<not-exists> container" - is "$output" "Error: fakepolicy invalid restart policy" + run_podman 125 start --filter restart-policy=fakepolicy $cid + is "$output" "Error: fakepolicy invalid restart policy" \ + "CID of restart-policy=<not-exists> container" } @test "podman start --all --filter" { diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go index 1d73dc405..52734bead 100644 --- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go @@ -15,6 +15,7 @@ import ( "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" "github.com/containers/storage/pkg/homedir" + "github.com/containers/storage/pkg/ioutils" helperclient "github.com/docker/docker-credential-helpers/client" "github.com/docker/docker-credential-helpers/credentials" "github.com/hashicorp/go-multierror" @@ -605,7 +606,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) ( return "", errors.Wrapf(err, "marshaling JSON %q", path) } - if err = ioutil.WriteFile(path, newData, 0600); err != nil { + if err = ioutils.AtomicWriteFile(path, newData, 0600); err != nil { return "", errors.Wrapf(err, "writing to file %q", path) } } diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index c928b87ab..9447d53c4 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,10 +8,10 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 21 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "-dev" ) // Version is the specification version that the package types support. diff --git a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go index 2f548b661..51fbd9a21 100644 --- a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go +++ b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go @@ -36,7 +36,7 @@ func (o overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi // we just rename the file and make it normal dir, filename := filepath.Split(hdr.Name) hdr.Name = filepath.Join(dir, WhiteoutPrefix+filename) - hdr.Mode = 0600 + hdr.Mode = 0 hdr.Typeflag = tar.TypeReg hdr.Size = 0 } diff --git a/vendor/modules.txt b/vendor/modules.txt index 9bb30b5b3..11ee3b189 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 +# github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 ## explicit github.com/containers/common/libimage github.com/containers/common/libimage/manifests @@ -153,7 +153,7 @@ github.com/containers/common/version # github.com/containers/conmon v2.0.20+incompatible ## explicit github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.21.0 +# github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 ## explicit github.com/containers/image/v5/copy github.com/containers/image/v5/directory @@ -233,7 +233,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d +# github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 ## explicit github.com/containers/storage github.com/containers/storage/drivers |