diff options
| -rw-r--r-- | .cirrus.yml | 6 | ||||
| -rw-r--r-- | cmd/podman/common/completion.go | 7 | ||||
| -rw-r--r-- | cmd/podman/networks/create.go | 12 | ||||
| -rw-r--r-- | contrib/podmanimage/README.md | 7 | ||||
| -rw-r--r-- | docs/source/markdown/podman-network-create.1.md | 10 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 3 | ||||
| -rw-r--r-- | go.mod | 6 | ||||
| -rw-r--r-- | go.sum | 12 | ||||
| -rw-r--r-- | libpod/oci_conmon_exec_linux.go | 2 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 49 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 20 | ||||
| -rw-r--r-- | pkg/bindings/README.md | 4 | ||||
| -rw-r--r-- | pkg/machine/qemu/machine.go | 3 | ||||
| -rw-r--r-- | pkg/specgenutil/volumes.go | 2 | ||||
| -rw-r--r-- | pkg/util/mountOpts.go | 15 | ||||
| -rw-r--r-- | test/e2e/run_networking_test.go | 13 | ||||
| -rw-r--r-- | test/e2e/run_volume_test.go | 13 | ||||
| -rw-r--r-- | test/system/040-ps.bats | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/pkg/docker/config/config.go | 3 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/version/version.go | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/storage/pkg/archive/archive_linux.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 6 |
22 files changed, 128 insertions, 75 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 772843dd7..c984c8859 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -38,7 +38,7 @@ env: UBUNTU_NAME: "ubuntu-2110" # Google-cloud VM Images - IMAGE_SUFFIX: "c6464310661611520" + IMAGE_SUFFIX: "c4831699639992320" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" @@ -776,8 +776,8 @@ image_build_task: &image-build test_image_build_task: <<: *image-build - # Allow this to run inside a PR - only_if: $CI == $CI + # Allow this to run inside a PR w/ [CI:BUILD] + only_if: $CIRRUS_PR != '' && $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' # This takes a LONG time, only run when requested. N/B: Any task # made to depend on this one will block FOREVER unless triggered. trigger_type: manual diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 9ebdcda2b..1c0065006 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -1115,6 +1115,13 @@ func AutocompleteNetworkDriver(cmd *cobra.Command, args []string, toComplete str return drivers, cobra.ShellCompDirectiveNoFileComp } +// AutocompleteNetworkIPAMDriver - Autocomplete network ipam driver option. +// -> "bridge", "macvlan" +func AutocompleteNetworkIPAMDriver(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + drivers := []string{types.HostLocalIPAMDriver, types.DHCPIPAMDriver, types.NoneIPAMDriver} + return drivers, cobra.ShellCompDirectiveNoFileComp +} + // AutocompletePodShareNamespace - Autocomplete pod create --share flag option. // -> "ipc", "net", "pid", "user", "uts", "cgroup", "none" func AutocompletePodShareNamespace(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 8cf9bcada..84c58d4dc 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -33,6 +33,8 @@ var ( networkCreateOptions entities.NetworkCreateOptions labels []string opts []string + ipamDriverFlagName = "ipam-driver" + ipamDriver string ) func networkCreateFlags(cmd *cobra.Command) { @@ -66,8 +68,8 @@ func networkCreateFlags(cmd *cobra.Command) { flags.StringArrayVar(&labels, labelFlagName, nil, "set metadata on a network") _ = cmd.RegisterFlagCompletionFunc(labelFlagName, completion.AutocompleteNone) - // TODO not supported yet - // flags.StringVar(&networkCreateOptions.IPamDriver, "ipam-driver", "", "IP Address Management Driver") + flags.StringVar(&ipamDriver, ipamDriverFlagName, "", "IP Address Management Driver") + _ = cmd.RegisterFlagCompletionFunc(ipamDriverFlagName, common.AutocompleteNetworkIPAMDriver) flags.BoolVar(&networkCreateOptions.IPv6, "ipv6", false, "enable IPv6 networking") @@ -112,6 +114,12 @@ func networkCreate(cmd *cobra.Command, args []string) error { Internal: networkCreateOptions.Internal, } + if cmd.Flags().Changed(ipamDriverFlagName) { + network.IPAMOptions = map[string]string{ + types.Driver: ipamDriver, + } + } + // old --macvlan option if networkCreateOptions.MacVLAN != "" { logrus.Warn("The --macvlan option is deprecated, use `--driver macvlan --opt parent=<device>` instead") diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md index 2452d7293..4f184ca28 100644 --- a/contrib/podmanimage/README.md +++ b/contrib/podmanimage/README.md @@ -18,9 +18,10 @@ The container images are: * `quay.io/containers/podman:<version>` and `quay.io/podman/stable:<version>` - These images are built daily. They are intended to contain an unchanging - and stable version of podman. Though for the most recent `<version>` tag, - image contents will be updated to incorporate (especially) security upgrades. - For build details, please [see the configuration file](stable/Dockerfile). + and stable version of podman. For the most recent `<version>` tags (`vX`, + `vX.Y`, and `vX.Y.Z`) the image contents will be updated daily to incorporate + (especially) security upgrades. For build details, please [see the + configuration file](stable/Dockerfile). * `quay.io/containers/podman:latest` and `quay.io/podman/stable:latest` - Built daily using the same Dockerfile as above. The Podman version will remain the "latest" available in Fedora, however the other image diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 479c36318..0cdb6fe88 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -49,6 +49,16 @@ Allocate container IP from a range. The range must be a complete subnet and in must be used with a *subnet* option. Can be specified multiple times. The argument order of the **--subnet**, **--gateway** and **--ip-range** options must match. +#### **--ipam-driver**=*driver* + +Set the ipam driver (IP Address Management Driver) for the network. When unset podman will choose an +ipam driver automatically based on the network driver. Valid values are: + - `host-local`: IP addresses are assigned locally. + - `dhcp`: IP addresses are assigned from a dhcp server on your network. This driver is not yet supported with netavark. + - `none`: No ip addresses are assigned to the interfaces. + +You can see the driver in the **podman network inspect** output under the `ipam_options` field. + #### **--ipv6** Enable IPv6 (Dual Stack) networking. If not subnets are given it will allocate a ipv4 and ipv6 subnet. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index e9176e0b6..e4ccd0368 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1288,7 +1288,8 @@ The `--userns=auto` flag, requires that the user name `containers` and a range o Example: `containers:2147483647:2147483648`. -Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode +Podman allocates unique ranges of UIDs and GIDs from the `containers` subordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. +The rootless option `--userns=keep-id` uses all the subuids and subgids of the user. Using `--userns=auto` when starting new containers will not work as long as any containers exist that were started with `--userns=keep-id`. Valid `auto` options: @@ -12,12 +12,12 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 - github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 + github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 github.com/containers/conmon v2.0.20+incompatible - github.com/containers/image/v5 v5.21.0 + github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 github.com/containers/ocicrypt v1.1.3 github.com/containers/psgo v1.7.2 - github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d + github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 github.com/coreos/go-systemd/v22 v22.3.2 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 github.com/cyphar/filepath-securejoin v0.2.3 @@ -355,14 +355,14 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19 github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057 h1:lKSxhMBpcHyyQrj2QJYzcm56uiSeibRdSL2KoppF6rg= github.com/containers/buildah v1.25.2-0.20220406205807-5b8e79118057/go.mod h1:iSoopbYRb6K4b5c3hXgXNkGTI/T085t2+XiGjceud94= github.com/containers/common v0.47.5-0.20220331143923-5f14ec785c18/go.mod h1:Vr2Fn6EdzD6JNAbz8L8bTv3uWLv2p31Ih2O3EAK6Hyc= -github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 h1:l11SsRJ9tKgnmS+ltdzMrsc15TIFrOH/o8EE1FZ9jTo= -github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk= +github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 h1:IQeqv8Hf6CqFUlKaz95QFTrLc9V4sbVQyhP9jzGnNBc= +github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25/go.mod h1:0mfWn1RRdpBjXmiunOVLaJ1I86pQjXKAc8zuiAuUesk= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.19.2-0.20220224100137-1045fb70b094/go.mod h1:XoYK6kE0dpazFNcuS+a8lra+QfbC6s8tzv+cUuCrZpE= github.com/containers/image/v5 v5.20.1-0.20220404163228-d03e80fc66b3/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro= -github.com/containers/image/v5 v5.21.0 h1:pDS3kjJBlaGDItKzjvJDqKXwyQs01gv54b6QuMuaH4g= -github.com/containers/image/v5 v5.21.0/go.mod h1:2nEPM0WuinC/0ssPsMv5Iy8YaRueUUTmTp3C7bn5uro= +github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 h1:Md1CckW9KSYkdtMdKG70Fc+YqCCVgT+HAr7NS9Ilf8E= +github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0/go.mod h1:JhGkIpC7vKBpLc6mTBE4S8cZUAD+8HgicsxYaLv6BsQ= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a h1:spAGlqziZjCJL25C6F1zsQY05tfCKE9F5YwtEWWe6hU= github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -379,8 +379,8 @@ github.com/containers/storage v1.38.2/go.mod h1:INP0RPLHWBxx+pTsO5uiHlDUGHDFvWZP github.com/containers/storage v1.38.3-0.20220301151551-d06b0f81c0aa/go.mod h1:LkkL34WRi4dI4jt9Cp+ImdZi/P5i36glSHimT5CP5zM= github.com/containers/storage v1.39.0/go.mod h1:UAD0cKLouN4BOQRgZut/nMjrh/EnTCjSNPgp4ZuGWMs= github.com/containers/storage v1.39.1-0.20220330193934-f3200eb5a5d9/go.mod h1:IMa2AfBI+Fxxk2hQqLTGhpJX6z2pZS1/I785QJeUwUY= -github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d h1:Xapzm11C1zDNPpdb/1TgTqGvnQEnDoFHUwM487r64Eo= -github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d/go.mod h1:UuYvGSKIdmzkjHbT/PENtxLRVGQ974nyhMbYp0KP19w= +github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 h1:V3aVdbQt9qU6tu4HHAJtro4H8+Hnv6X/hrUNba8dll0= +github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877/go.mod h1:UuYvGSKIdmzkjHbT/PENtxLRVGQ974nyhMbYp0KP19w= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index 65123b37e..1005d18da 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -462,7 +462,7 @@ func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *Ex Setpgid: true, } - err = startCommandGivenSelinux(execCmd, c) + err = startCommand(execCmd, c) // We don't need children pipes on the parent side errorhandling.CloseQuiet(childSyncPipe) diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 264236dc1..06ba8a03f 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -38,7 +38,6 @@ import ( pmount "github.com/containers/storage/pkg/mount" "github.com/coreos/go-systemd/v22/daemon" spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -1247,7 +1246,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co if restoreOptions != nil { runtimeRestoreStarted = time.Now() } - err = startCommandGivenSelinux(cmd, ctr) + err = startCommand(cmd, ctr) // regardless of whether we errored or not, we no longer need the children pipes childSyncPipe.Close() @@ -1414,9 +1413,7 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p return args } -// startCommandGivenSelinux starts a container ensuring to set the labels of -// the process to make sure SELinux doesn't block conmon communication, if SELinux is enabled -func startCommandGivenSelinux(cmd *exec.Cmd, ctr *Container) error { +func startCommand(cmd *exec.Cmd, ctr *Container) error { // Make sure to unset the NOTIFY_SOCKET and reset if afterwards if needed. switch ctr.config.SdNotifyMode { case define.SdNotifyModeContainer, define.SdNotifyModeIgnore: @@ -1433,47 +1430,7 @@ func startCommandGivenSelinux(cmd *exec.Cmd, ctr *Container) error { } } - if !selinux.GetEnabled() { - return cmd.Start() - } - // Set the label of the conmon process to be level :s0 - // This will allow the container processes to talk to fifo-files - // passed into the container by conmon - var ( - plabel string - con selinux.Context - err error - ) - plabel, err = selinux.CurrentLabel() - if err != nil { - return errors.Wrapf(err, "failed to get current SELinux label") - } - - con, err = selinux.NewContext(plabel) - if err != nil { - return errors.Wrapf(err, "failed to get new context from SELinux label") - } - - runtime.LockOSThread() - if con["level"] != "s0" && con["level"] != "" { - con["level"] = "s0" - if err = label.SetProcessLabel(con.Get()); err != nil { - runtime.UnlockOSThread() - return err - } - } - err = cmd.Start() - // Ignore error returned from SetProcessLabel("") call, - // can't recover. - if labelErr := label.SetProcessLabel(""); labelErr == nil { - // Unlock the thread only if the process label could be restored - // successfully. Otherwise leave the thread locked and the Go runtime - // will terminate it once it returns to the threads pool. - runtime.UnlockOSThread() - } else { - logrus.Errorf("Unable to set process label: %q", labelErr) - } - return err + return cmd.Start() } // moveConmonToCgroupAndSignal gets a container's cgroupParent and moves the conmon process to that cgroup diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 8c3d283a5..f92898b1c 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -475,6 +475,26 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if isAnonymous { volOptions = append(volOptions, withSetAnon()) } + + // If volume-opts are set parse and add driver opts. + if len(vol.Options) > 0 { + isDriverOpts := false + driverOpts := make(map[string]string) + for _, opts := range vol.Options { + if strings.HasPrefix(opts, "volume-opt") { + isDriverOpts = true + driverOptKey, driverOptValue, err := util.ParseDriverOpts(opts) + if err != nil { + return nil, err + } + driverOpts[driverOptKey] = driverOptValue + } + } + if isDriverOpts { + parsedOptions := []VolumeCreateOption{WithVolumeOptions(driverOpts)} + volOptions = append(volOptions, parsedOptions...) + } + } newVol, err := r.newVolume(ctx, volOptions...) if err != nil { return nil, errors.Wrapf(err, "error creating named volume %q", vol.Name) diff --git a/pkg/bindings/README.md b/pkg/bindings/README.md index 2863039e4..ebc8a13d1 100644 --- a/pkg/bindings/README.md +++ b/pkg/bindings/README.md @@ -30,6 +30,10 @@ rootful connections is `/run/podman/podman.sock` and for rootless it is `/run/US information about the Podman system service, see `man podman-system-service`. ### Creating a connection +Ensure the [required dependencies](https://podman.io/getting-started/installation#build-and-run-dependencies) are installed, +as they will be required to compile a Go program making use of the bindings. + + The first step for using the bindings is to create a connection to the socket. As mentioned earlier, the destination of the socket depends on the user who owns it. In this case, a rootful connection is made. diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index e849bae3f..321c1b99c 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -859,6 +859,9 @@ func (v *MachineVM) Remove(_ string, opts machine.RemoveOptions) (string, func() return confirmationMessage, func() error { for _, f := range files { if err := os.Remove(f); err != nil { + if errors.Is(err, os.ErrNotExist) { + continue + } logrus.Error(err) } } diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 8a861077a..aa07de0af 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -523,6 +523,8 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) { for _, val := range args { kv := strings.SplitN(val, "=", 2) switch kv[0] { + case "volume-opt": + newVolume.Options = append(newVolume.Options, val) case "ro", "rw": if setRORW { return nil, errors.Wrapf(optionArgError, "cannot pass 'ro' and 'rw' options more than once") diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 2a0101791..e37394619 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -57,6 +57,9 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string switch splitOpt[0] { case "O": foundOverlay = true + case "volume-opt": + // Volume-opt should be relayed and processed by driver. + newOptions = append(newOptions, opt) case "exec", "noexec": if foundExec { return nil, errors.Wrapf(ErrDupeMntOption, "only one of 'noexec' and 'exec' can be used") @@ -175,3 +178,15 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string return newOptions, nil } + +func ParseDriverOpts(option string) (string, string, error) { + token := strings.SplitN(option, "=", 2) + if len(token) != 2 { + return "", "", errors.Wrapf(ErrBadMntOption, "cannot parse driver opts") + } + opt := strings.SplitN(token[1], "=", 2) + if len(opt) != 2 { + return "", "", errors.Wrapf(ErrBadMntOption, "cannot parse driver opts") + } + return opt[0], opt[1], nil +} diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index faf4db753..696668e52 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1119,4 +1119,17 @@ EXPOSE 2004-2005/tcp`, ALPINE) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman run with ipam none driver", func() { + net := "ipam" + stringid.GenerateNonCryptoID() + session := podmanTest.Podman([]string{"network", "create", "--ipam-driver=none", net}) + session.WaitWithDefaultTimeout() + defer podmanTest.removeNetwork(net) + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "--network", net, ALPINE, "ip", "addr", "show", "eth0"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToStringArray()).To(HaveLen(4), "output should only show link local address") + }) }) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 471b3a342..4887197f6 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -797,6 +797,19 @@ VOLUME /test/`, ALPINE) Expect(session.OutputToString()).Should(Equal("888:888")) }) + It("podman run with --mount and named volume with driver-opts", func() { + // anonymous volume mount with driver opts + vol := "type=volume,source=test_vol,dst=/test,volume-opt=type=tmpfs,volume-opt=device=tmpfs,volume-opt=o=nodev" + session := podmanTest.Podman([]string{"run", "--rm", "--mount", vol, ALPINE, "echo", "hello"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + inspectVol := podmanTest.Podman([]string{"volume", "inspect", "test_vol"}) + inspectVol.WaitWithDefaultTimeout() + Expect(inspectVol).Should(Exit(0)) + Expect(inspectVol.OutputToString()).To(ContainSubstring("nodev")) + }) + It("volume permissions after run", func() { imgName := "testimg" dockerfile := fmt.Sprintf(`FROM %s diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 8d0a405d2..6fc0b9b6e 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -99,9 +99,7 @@ EOF local t1=$SECONDS local delta_t=$((t1 - t0)) if [[ $delta_t -gt 10 ]]; then - # FIXME FIXME FIXME: when buildah issue 3544 gets fixed and vendored, - # change 'echo' to 'die' - echo "podman build did not get killed within 10 seconds (actual time: $delta_t seconds)" + die "podman build did not get killed within 10 seconds (actual time: $delta_t seconds)" fi run_podman ps -a diff --git a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go index 1d73dc405..52734bead 100644 --- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go +++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go @@ -15,6 +15,7 @@ import ( "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" "github.com/containers/storage/pkg/homedir" + "github.com/containers/storage/pkg/ioutils" helperclient "github.com/docker/docker-credential-helpers/client" "github.com/docker/docker-credential-helpers/credentials" "github.com/hashicorp/go-multierror" @@ -605,7 +606,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) ( return "", errors.Wrapf(err, "marshaling JSON %q", path) } - if err = ioutil.WriteFile(path, newData, 0600); err != nil { + if err = ioutils.AtomicWriteFile(path, newData, 0600); err != nil { return "", errors.Wrapf(err, "writing to file %q", path) } } diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index c928b87ab..9447d53c4 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,10 +8,10 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 21 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "-dev" ) // Version is the specification version that the package types support. diff --git a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go index 2f548b661..51fbd9a21 100644 --- a/vendor/github.com/containers/storage/pkg/archive/archive_linux.go +++ b/vendor/github.com/containers/storage/pkg/archive/archive_linux.go @@ -36,7 +36,7 @@ func (o overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi // we just rename the file and make it normal dir, filename := filepath.Split(hdr.Name) hdr.Name = filepath.Join(dir, WhiteoutPrefix+filename) - hdr.Mode = 0600 + hdr.Mode = 0 hdr.Typeflag = tar.TypeReg hdr.Size = 0 } diff --git a/vendor/modules.txt b/vendor/modules.txt index 541e78b78..a3fdf4600 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.47.5-0.20220405040919-5d3a1effbf99 +# github.com/containers/common v0.47.5-0.20220406101255-3dd66c046c25 ## explicit github.com/containers/common/libimage github.com/containers/common/libimage/manifests @@ -153,7 +153,7 @@ github.com/containers/common/version # github.com/containers/conmon v2.0.20+incompatible ## explicit github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.21.0 +# github.com/containers/image/v5 v5.21.1-0.20220405081457-d1b64686e1d0 ## explicit github.com/containers/image/v5/copy github.com/containers/image/v5/directory @@ -233,7 +233,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.39.1-0.20220406221121-28f3ba9b891d +# github.com/containers/storage v1.39.1-0.20220412073713-ea4008e14877 ## explicit github.com/containers/storage github.com/containers/storage/drivers |