summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/create.go6
-rw-r--r--contrib/spec/podman.spec.in1
-rw-r--r--libpod/container.go38
-rw-r--r--libpod/container_api.go40
-rw-r--r--libpod/container_commit.go2
-rw-r--r--libpod/container_internal.go2
-rw-r--r--libpod/container_top.go4
7 files changed, 50 insertions, 43 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index a1d3ead20..b95309980 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -593,6 +593,12 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime, imageName string,
return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
}
+ // Validate domains are good
+ for _, dom := range c.StringSlice("dns-search") {
+ if _, err := validateDomain(dom); err != nil {
+ return nil, err
+ }
+ }
ImageVolumes := data.ContainerConfig.Volumes
var imageVolType = map[string]string{
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 68468c21b..b210fed81 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -77,6 +77,7 @@ Requires: conmon
Requires: iptables
Requires: containernetworking-cni
Requires: atomic-registries
+Requires: oci-systemd-hook
# vendored libraries
# awk '{print "Provides: bundled(golang("$1")) = "$2}' containerd-*/vendor.conf | sort
diff --git a/libpod/container.go b/libpod/container.go
index f778933c2..e532ecba2 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -96,10 +96,10 @@ type Container struct {
state *containerState
- // Locked indicates that a container has been locked as part of a
+ // Batched indicates that a container has been locked as part of a
// Batch() operation
- // Functions called on a locked container will not lock or sync
- locked bool
+ // Functions called on a batched container will not lock or sync
+ batched bool
valid bool
lock storage.Locker
@@ -521,7 +521,7 @@ func (c *Container) Hostname() string {
// State returns the current state of the container
func (c *Container) State() (ContainerStatus, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -535,7 +535,7 @@ func (c *Container) State() (ContainerStatus, error) {
// Mounted returns a bool as to if the container's storage
// is mounted
func (c *Container) Mounted() (bool, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -549,7 +549,7 @@ func (c *Container) Mounted() (bool, error) {
// If the container is not mounted, no error is returned, but the mountpoint
// will be ""
func (c *Container) Mountpoint() (string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -561,7 +561,7 @@ func (c *Container) Mountpoint() (string, error) {
// StartedTime is the time the container was started
func (c *Container) StartedTime() (time.Time, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -573,7 +573,7 @@ func (c *Container) StartedTime() (time.Time, error) {
// FinishedTime is the time the container was stopped
func (c *Container) FinishedTime() (time.Time, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -586,7 +586,7 @@ func (c *Container) FinishedTime() (time.Time, error) {
// ExitCode returns the exit code of the container as
// an int32
func (c *Container) ExitCode() (int32, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -598,7 +598,7 @@ func (c *Container) ExitCode() (int32, error) {
// OOMKilled returns whether the container was killed by an OOM condition
func (c *Container) OOMKilled() (bool, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -612,7 +612,7 @@ func (c *Container) OOMKilled() (bool, error) {
// If the container is not running, a pid of 0 will be returned. No error will
// occur.
func (c *Container) PID() (int, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -626,7 +626,7 @@ func (c *Container) PID() (int, error) {
// ExecSessions retrieves active exec sessions running in the container
func (c *Container) ExecSessions() ([]string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -646,7 +646,7 @@ func (c *Container) ExecSessions() ([]string, error) {
// ExecSession retrieves detailed information on a single active exec session in
// a container
func (c *Container) ExecSession(id string) (*ExecSession, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -672,7 +672,7 @@ func (c *Container) ExecSession(id string) (*ExecSession, error) {
// This will only be populated if the container is configured to created a new
// network namespace, and that namespace is presently active
func (c *Container) IPs() ([]net.IPNet, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -698,7 +698,7 @@ func (c *Container) IPs() ([]net.IPNet, error) {
// This will only be populated if the container is configured to created a new
// network namespace, and that namespace is presently active
func (c *Container) Routes() ([]types.Route, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -736,7 +736,7 @@ func (c *Container) Routes() ([]types.Route, error) {
// If the container has not been started yet, an empty map will be returned, as
// the files in question are only created when the container is started.
func (c *Container) BindMounts() (map[string]string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -760,7 +760,7 @@ func (c *Container) BindMounts() (map[string]string, error) {
// NamespacePath returns the path of one of the container's namespaces
// If the container is not running, an error will be returned
func (c *Container) NamespacePath(ns LinuxNS) (string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -786,7 +786,7 @@ func (c *Container) CGroupPath() cgroups.Path {
// RootFsSize returns the root FS size of the container
func (c *Container) RootFsSize() (int64, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -798,7 +798,7 @@ func (c *Container) RootFsSize() (int64, error) {
// RWSize returns the rw size of the container
func (c *Container) RWSize() (int64, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 2d5c2bef3..b038787f5 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -19,7 +19,7 @@ import (
// Init creates a container in the OCI runtime
func (c *Container) Init() (err error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -62,7 +62,7 @@ func (c *Container) Init() (err error) {
// Stopped containers will be deleted and re-created in runc, undergoing a fresh
// Init()
func (c *Container) Start() (err error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -125,7 +125,7 @@ func (c *Container) Start() (err error) {
// The channel will be closed automatically after the result of attach has been
// sent
func (c *Container) StartAndAttach(streams *AttachStreams, keys string, resize <-chan remotecommand.TerminalSize) (attachResChan <-chan error, err error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -198,7 +198,7 @@ func (c *Container) StartAndAttach(streams *AttachStreams, keys string, resize <
// Default stop timeout is 10 seconds, but can be overridden when the container
// is created
func (c *Container) Stop() error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -224,7 +224,7 @@ func (c *Container) Stop() error {
// manually. If timeout is 0, SIGKILL will be used immediately to kill the
// container.
func (c *Container) StopWithTimeout(timeout uint) error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -248,7 +248,7 @@ func (c *Container) StopWithTimeout(timeout uint) error {
// Kill sends a signal to a container
func (c *Container) Kill(signal uint) error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -271,7 +271,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
var capList []string
locked := false
- if !c.locked {
+ if !c.batched {
locked = true
c.lock.Lock()
@@ -377,7 +377,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
logrus.Debugf("Successfully started exec session %s in container %s", sessionID, c.ID())
// Unlock so other processes can use the container
- if !c.locked {
+ if !c.batched {
c.lock.Unlock()
locked = false
}
@@ -385,7 +385,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
waitErr := execCmd.Wait()
// Lock again
- if !c.locked {
+ if !c.batched {
locked = true
c.lock.Lock()
}
@@ -406,7 +406,7 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e
// Attach attaches to a container
func (c *Container) Attach(streams *AttachStreams, keys string, resize <-chan remotecommand.TerminalSize) error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
if err := c.syncContainer(); err != nil {
c.lock.Unlock()
@@ -426,7 +426,7 @@ func (c *Container) Attach(streams *AttachStreams, keys string, resize <-chan re
// Mount mounts a container's filesystem on the host
// The path where the container has been mounted is returned
func (c *Container) Mount() (string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -444,7 +444,7 @@ func (c *Container) Mount() (string, error) {
// Unmount unmounts a container's filesystem on the host
func (c *Container) Unmount() error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -467,7 +467,7 @@ func (c *Container) Unmount() error {
// Pause pauses a container
func (c *Container) Pause() error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -495,7 +495,7 @@ func (c *Container) Pause() error {
// Unpause unpauses a container
func (c *Container) Unpause() error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -521,7 +521,7 @@ func (c *Container) Unpause() error {
// Export exports a container's root filesystem as a tar archive
// The archive will be saved as a file at the given path
func (c *Container) Export(path string) error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -562,7 +562,7 @@ func (c *Container) RemoveArtifact(name string) error {
// Inspect a container for low-level information
func (c *Container) Inspect(size bool) (*inspect.ContainerInspectData, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -615,7 +615,7 @@ func (c *Container) Wait() (int32, error) {
// Cleanup unmounts all mount points in container and cleans up container storage
// It also cleans up the network stack
func (c *Container) Cleanup() error {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -664,13 +664,13 @@ func (c *Container) Batch(batchFunc func(*Container) error) error {
newCtr.lock = c.lock
newCtr.valid = true
- newCtr.locked = true
+ newCtr.batched = true
if err := batchFunc(newCtr); err != nil {
return err
}
- newCtr.locked = false
+ newCtr.batched = false
return c.save()
}
@@ -681,7 +681,7 @@ func (c *Container) Batch(batchFunc func(*Container) error) error {
// automatically.
// When called outside Batch(), Sync() is a no-op
func (c *Container) Sync() error {
- if !c.locked {
+ if !c.batched {
return nil
}
diff --git a/libpod/container_commit.go b/libpod/container_commit.go
index 7ad393b6c..bfdfb6ce4 100644
--- a/libpod/container_commit.go
+++ b/libpod/container_commit.go
@@ -25,7 +25,7 @@ type ContainerCommitOptions struct {
// Commit commits the changes between a container and its image, creating a new
// image
func (c *Container) Commit(destImage string, options ContainerCommitOptions) (*image.Image, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index c9454db8a..e0411e028 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -334,7 +334,7 @@ func (c *Container) getArtifactPath(name string) string {
// Used with Wait() to determine if a container has exited
func (c *Container) isStopped() (bool, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
}
diff --git a/libpod/container_top.go b/libpod/container_top.go
index bc007c408..28c1e33d2 100644
--- a/libpod/container_top.go
+++ b/libpod/container_top.go
@@ -15,7 +15,7 @@ import (
// GetContainerPids reads sysfs to obtain the pids associated with the container's cgroup
// and uses locking
func (c *Container) GetContainerPids() ([]string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {
@@ -41,7 +41,7 @@ func (c *Container) getContainerPids() ([]string, error) {
// GetContainerPidInformation calls ps with the appropriate options and returns
// the results as a string and the container's PIDs as a []string
func (c *Container) GetContainerPidInformation(args []string) ([]string, error) {
- if !c.locked {
+ if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
if err := c.syncContainer(); err != nil {