summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/common/create.go8
-rw-r--r--docs/source/markdown/options/env-merge.md5
-rw-r--r--docs/source/markdown/podman-create.1.md.in2
-rw-r--r--docs/source/markdown/podman-run.1.md.in2
-rw-r--r--docs/source/markdown/podman-system-service.1.md2
-rw-r--r--go.mod3
-rw-r--r--go.sum10
-rw-r--r--libpod/define/volume_inspect.go2
-rw-r--r--libpod/options.go14
-rw-r--r--libpod/plugin/volume_api.go19
-rw-r--r--libpod/runtime.go2
-rw-r--r--libpod/runtime_volume_linux.go2
-rw-r--r--libpod/volume.go2
-rw-r--r--libpod/volume_inspect.go7
-rw-r--r--pkg/api/handlers/compat/containers_create.go1
-rw-r--r--pkg/api/handlers/types.go1
-rw-r--r--pkg/domain/entities/pods.go1
-rw-r--r--pkg/domain/infra/abi/parse/parse.go5
-rw-r--r--pkg/specgen/generate/container.go12
-rw-r--r--pkg/specgen/specgen.go3
-rw-r--r--pkg/specgenutil/specgen.go3
-rw-r--r--test/apiv2/python/rest_api/fixtures/api_testcase.py2
-rw-r--r--test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py2
-rw-r--r--test/e2e/config/containers.conf2
-rw-r--r--test/e2e/run_env_test.go11
-rw-r--r--test/e2e/volume_create_test.go15
-rw-r--r--test/e2e/volume_plugin_test.go34
-rw-r--r--test/system/272-system-connection.bats4
-rw-r--r--test/system/900-ssh.bats2
-rw-r--r--test/testvol/util.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go55
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go4
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go61
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go2
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go3
-rw-r--r--vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go6
-rw-r--r--vendor/github.com/containers/common/libimage/inspect.go2
-rw-r--r--vendor/github.com/containers/common/libimage/load.go2
-rw-r--r--vendor/github.com/containers/common/libnetwork/cni/network.go14
-rw-r--r--vendor/github.com/containers/common/libnetwork/network/interface.go1
-rw-r--r--vendor/github.com/containers/common/pkg/config/config.go67
-rw-r--r--vendor/github.com/containers/common/pkg/config/config_darwin.go2
-rw-r--r--vendor/github.com/containers/common/pkg/config/containers.conf17
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go6
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_darwin.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_freebsd.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_linux.go5
-rw-r--r--vendor/github.com/containers/common/pkg/config/default_windows.go5
-rw-r--r--vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go2
-rw-r--r--vendor/modules.txt7
52 files changed, 341 insertions, 114 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 00873b95b..1e573cc2d 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -124,6 +124,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
"This is a Docker specific option and is a NOOP",
)
+ envMergeFlagName := "env-merge"
+ createFlags.StringArrayVar(
+ &cf.EnvMerge,
+ envMergeFlagName, []string{},
+ "Preprocess environment variables from image before injecting them into the container",
+ )
+ _ = cmd.RegisterFlagCompletionFunc(envMergeFlagName, completion.AutocompleteNone)
+
envFlagName := "env"
createFlags.StringArrayP(
envFlagName, "e", Env(),
diff --git a/docs/source/markdown/options/env-merge.md b/docs/source/markdown/options/env-merge.md
new file mode 100644
index 000000000..aa1aa003d
--- /dev/null
+++ b/docs/source/markdown/options/env-merge.md
@@ -0,0 +1,5 @@
+#### **--env-merge**=*env*
+
+Preprocess default environment variables for the containers. For example
+if image contains environment variable `hello=world` user can preprocess
+it using `--env-merge hello=${hello}-some` so new value will be `hello=world-some`.
diff --git a/docs/source/markdown/podman-create.1.md.in b/docs/source/markdown/podman-create.1.md.in
index dec560080..f002418c5 100644
--- a/docs/source/markdown/podman-create.1.md.in
+++ b/docs/source/markdown/podman-create.1.md.in
@@ -208,6 +208,8 @@ Read in a line delimited file of environment variables. See **Environment** note
@@option env-host
+@@option env-merge
+
@@option expose
@@option gidmap.container
diff --git a/docs/source/markdown/podman-run.1.md.in b/docs/source/markdown/podman-run.1.md.in
index b77ccf945..a5a8ac6c5 100644
--- a/docs/source/markdown/podman-run.1.md.in
+++ b/docs/source/markdown/podman-run.1.md.in
@@ -243,6 +243,8 @@ Read in a line delimited file of environment variables. See **Environment** note
@@option env-host
+@@option env-merge
+
@@option expose
@@option gidmap.container
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md
index 99fde8ce4..3e7a00362 100644
--- a/docs/source/markdown/podman-system-service.1.md
+++ b/docs/source/markdown/podman-system-service.1.md
@@ -8,7 +8,7 @@ podman\-system\-service - Run an API service
## DESCRIPTION
The **podman system service** command creates a listening service that will answer API calls for Podman. You may
-optionally provide an endpoint for the API in URI form. For example, *unix:///tmp/foobar.sock* or *tcp:localhost:8080*.
+optionally provide an endpoint for the API in URI form. For example, *unix:///tmp/foobar.sock* or *tcp://localhost:8080*.
If no endpoint is provided, defaults will be used. The default endpoint for a rootful
service is *unix:///run/podman/podman.sock* and rootless is *unix://$XDG_RUNTIME_DIR/podman/podman.sock* (for
example *unix:///run/user/1000/podman/podman.sock*)
diff --git a/go.mod b/go.mod
index 635c0a17d..2f061494f 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.1.1
github.com/containers/buildah v1.27.0
- github.com/containers/common v0.49.2-0.20220817132854-f6679f170eca
+ github.com/containers/common v0.49.2-0.20220823130605-72a7da3358ac
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.22.0
github.com/containers/ocicrypt v1.1.5
@@ -49,6 +49,7 @@ require (
github.com/opencontainers/runtime-spec v1.0.3-0.20211214071223-8958f93039ab
github.com/opencontainers/runtime-tools v0.9.1-0.20220714195903-17b3287fafb7
github.com/opencontainers/selinux v1.10.1
+ github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
github.com/rootless-containers/rootlesskit v1.0.1
github.com/sirupsen/logrus v1.9.0
github.com/spf13/cobra v1.5.0
diff --git a/go.sum b/go.sum
index 5053589c5..a476729ee 100644
--- a/go.sum
+++ b/go.sum
@@ -140,8 +140,9 @@ github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwT
github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0=
github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg=
github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
-github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo=
github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
+github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I=
+github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@@ -323,8 +324,9 @@ github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0
github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s=
github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE=
-github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0=
github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0=
+github.com/containerd/containerd v1.6.8 h1:h4dOFDwzHmqFEP754PgfgTeVXFnLiRc6kiqC7tplDJs=
+github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@@ -395,8 +397,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19
github.com/containers/buildah v1.27.0 h1:LJ1ks7vKxwPzJGr5BWVvigbtVL9w7XeHtNEmiIOPJqI=
github.com/containers/buildah v1.27.0/go.mod h1:anH3ExvDXRNP9zLQCrOc1vWb5CrhqLF/aYFim4tslvA=
github.com/containers/common v0.49.1/go.mod h1:ueM5hT0itKqCQvVJDs+EtjornAQtrHYxQJzP2gxeGIg=
-github.com/containers/common v0.49.2-0.20220817132854-f6679f170eca h1:OjhEBVpFskIJ6Vq9nikYW7M6YXfkTxOBu+EQBoCyhuM=
-github.com/containers/common v0.49.2-0.20220817132854-f6679f170eca/go.mod h1:eT2iSsNzjOlF5VFLkyj9OU2SXznURvEYndsioQImuoE=
+github.com/containers/common v0.49.2-0.20220823130605-72a7da3358ac h1:rLbTzosxPKrQd+EgMRxfC1WYm3azPiQfig+Lr7mCQ4k=
+github.com/containers/common v0.49.2-0.20220823130605-72a7da3358ac/go.mod h1:xC4qkLfW9R+YSDknlT9xU+NDNxIw017U8AyohGtr9Ec=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.22.0 h1:KemxPmD4D2YYOFZN2SgoTk7nBFcnwPiPW0MqjYtknSE=
diff --git a/libpod/define/volume_inspect.go b/libpod/define/volume_inspect.go
index 9279812da..76120647c 100644
--- a/libpod/define/volume_inspect.go
+++ b/libpod/define/volume_inspect.go
@@ -57,7 +57,7 @@ type InspectVolumeData struct {
// UID/GID.
NeedsChown bool `json:"NeedsChown,omitempty"`
// Timeout is the specified driver timeout if given
- Timeout int `json:"Timeout,omitempty"`
+ Timeout uint `json:"Timeout,omitempty"`
}
type VolumeReload struct {
diff --git a/libpod/options.go b/libpod/options.go
index 43ed1ff78..d31741094 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1695,14 +1695,22 @@ func withSetAnon() VolumeCreateOption {
}
}
-// WithVolumeDriverTimeout sets the volume creation timeout period
-func WithVolumeDriverTimeout(timeout int) VolumeCreateOption {
+// WithVolumeDriverTimeout sets the volume creation timeout period.
+// Only usable if a non-local volume driver is in use.
+func WithVolumeDriverTimeout(timeout uint) VolumeCreateOption {
return func(volume *Volume) error {
if volume.valid {
return define.ErrVolumeFinalized
}
- volume.config.Timeout = timeout
+ if volume.config.Driver == "" || volume.config.Driver == define.VolumeDriverLocal {
+ return fmt.Errorf("Volume driver timeout can only be used with non-local volume drivers: %w", define.ErrInvalidArg)
+ }
+
+ tm := timeout
+
+ volume.config.Timeout = &tm
+
return nil
}
}
diff --git a/libpod/plugin/volume_api.go b/libpod/plugin/volume_api.go
index 0a5eaae53..b13578388 100644
--- a/libpod/plugin/volume_api.go
+++ b/libpod/plugin/volume_api.go
@@ -3,6 +3,7 @@ package plugin
import (
"bytes"
"context"
+ "errors"
"fmt"
"io/ioutil"
"net"
@@ -13,8 +14,7 @@ import (
"sync"
"time"
- "errors"
-
+ "github.com/containers/common/pkg/config"
"github.com/containers/podman/v4/libpod/define"
"github.com/docker/go-plugins-helpers/sdk"
"github.com/docker/go-plugins-helpers/volume"
@@ -40,7 +40,6 @@ var (
)
const (
- defaultTimeout = 5 * time.Second
volumePluginType = "VolumeDriver"
)
@@ -129,7 +128,7 @@ func validatePlugin(newPlugin *VolumePlugin) error {
// GetVolumePlugin gets a single volume plugin, with the given name, at the
// given path.
-func GetVolumePlugin(name string, path string, timeout int) (*VolumePlugin, error) {
+func GetVolumePlugin(name string, path string, timeout *uint, cfg *config.Config) (*VolumePlugin, error) {
pluginsLock.Lock()
defer pluginsLock.Unlock()
@@ -152,13 +151,11 @@ func GetVolumePlugin(name string, path string, timeout int) (*VolumePlugin, erro
// Need an HTTP client to force a Unix connection.
// And since we can reuse it, might as well cache it.
client := new(http.Client)
- client.Timeout = defaultTimeout
- // if the user specified a non-zero timeout, use their value. Else, keep the default.
- if timeout != 0 {
- if time.Duration(timeout)*time.Second < defaultTimeout {
- logrus.Warnf("the default timeout for volume creation is %d seconds, setting a time less than that may break this feature.", defaultTimeout)
- }
- client.Timeout = time.Duration(timeout) * time.Second
+ client.Timeout = 5 * time.Second
+ if timeout != nil {
+ client.Timeout = time.Duration(*timeout) * time.Second
+ } else if cfg != nil {
+ client.Timeout = time.Duration(cfg.Engine.VolumePluginTimeout) * time.Second
}
// This bit borrowed from pkg/bindings/connection.go
client.Transport = &http.Transport{
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 684f4abd7..9b97fd724 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -1097,7 +1097,7 @@ func (r *Runtime) getVolumePlugin(volConfig *VolumeConfig) (*plugin.VolumePlugin
return nil, fmt.Errorf("no volume plugin with name %s available: %w", name, define.ErrMissingPlugin)
}
- return plugin.GetVolumePlugin(name, pluginPath, timeout)
+ return plugin.GetVolumePlugin(name, pluginPath, timeout, r.config)
}
// GetSecretsStorageDir returns the directory that the secrets manager should take
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 1f354e41b..65f2a1005 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -184,7 +184,7 @@ func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload
)
for driverName, socket := range r.config.Engine.VolumePlugins {
- driver, err := volplugin.GetVolumePlugin(driverName, socket, 0)
+ driver, err := volplugin.GetVolumePlugin(driverName, socket, nil, r.config)
if err != nil {
errs = append(errs, err)
continue
diff --git a/libpod/volume.go b/libpod/volume.go
index 2e8cd77a5..a054e4032 100644
--- a/libpod/volume.go
+++ b/libpod/volume.go
@@ -56,7 +56,7 @@ type VolumeConfig struct {
// quota tracking.
DisableQuota bool `json:"disableQuota,omitempty"`
// Timeout allows users to override the default driver timeout of 5 seconds
- Timeout int
+ Timeout *uint `json:"timeout,omitempty"`
}
// VolumeState holds the volume's mutable state.
diff --git a/libpod/volume_inspect.go b/libpod/volume_inspect.go
index dd2f3fd01..c3872bca7 100644
--- a/libpod/volume_inspect.go
+++ b/libpod/volume_inspect.go
@@ -64,7 +64,12 @@ func (v *Volume) Inspect() (*define.InspectVolumeData, error) {
data.MountCount = v.state.MountCount
data.NeedsCopyUp = v.state.NeedsCopyUp
data.NeedsChown = v.state.NeedsChown
- data.Timeout = v.config.Timeout
+
+ if v.config.Timeout != nil {
+ data.Timeout = *v.config.Timeout
+ } else if v.UsesVolumeDriver() {
+ data.Timeout = v.runtime.config.Engine.VolumePluginTimeout
+ }
return data, nil
}
diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 9fff8b4c8..d4f5d5f36 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -408,6 +408,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
Systemd: "true", // podman default
TmpFS: parsedTmp,
TTY: cc.Config.Tty,
+ EnvMerge: cc.EnvMerge,
UnsetEnv: cc.UnsetEnv,
UnsetEnvAll: cc.UnsetEnvAll,
User: cc.Config.User,
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index 6d245d950..aab905878 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -127,6 +127,7 @@ type CreateContainerConfig struct {
dockerContainer.Config // desired container configuration
HostConfig dockerContainer.HostConfig // host dependent configuration for container
NetworkingConfig dockerNetwork.NetworkingConfig // network configuration for container
+ EnvMerge []string // preprocess env variables from image before injecting into containers
UnsetEnv []string // unset specified default environment variables
UnsetEnvAll bool // unset all default environment variables
}
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 14ce370c1..33ca2c807 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -263,6 +263,7 @@ type ContainerCreateOptions struct {
TTY bool
Timezone string
Umask string
+ EnvMerge []string
UnsetEnv []string
UnsetEnvAll bool
UIDMap []string
diff --git a/pkg/domain/infra/abi/parse/parse.go b/pkg/domain/infra/abi/parse/parse.go
index 19699589b..fb2876bb2 100644
--- a/pkg/domain/infra/abi/parse/parse.go
+++ b/pkg/domain/infra/abi/parse/parse.go
@@ -86,8 +86,11 @@ func VolumeOptions(opts map[string]string) ([]libpod.VolumeCreateOption, error)
if err != nil {
return nil, fmt.Errorf("cannot convert Timeout %s to an integer: %w", splitO[1], err)
}
+ if intTimeout < 0 {
+ return nil, fmt.Errorf("volume timeout cannot be negative (got %d)", intTimeout)
+ }
logrus.Debugf("Removing timeout from options and adding WithTimeout for Timeout %d", intTimeout)
- libpodOptions = append(libpodOptions, libpod.WithVolumeDriverTimeout(intTimeout))
+ libpodOptions = append(libpodOptions, libpod.WithVolumeDriverTimeout(uint(intTimeout)))
default:
finalVal = append(finalVal, o)
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 85cd8f5ca..e293ce010 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -19,6 +19,7 @@ import (
"github.com/containers/podman/v4/pkg/signal"
"github.com/containers/podman/v4/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/openshift/imagebuilder"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
@@ -131,6 +132,17 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
defaultEnvs = envLib.Join(envLib.DefaultEnvVariables(), envLib.Join(defaultEnvs, envs))
}
+ for _, e := range s.EnvMerge {
+ processedWord, err := imagebuilder.ProcessWord(e, envLib.Slice(defaultEnvs))
+ if err != nil {
+ return nil, fmt.Errorf("unable to process variables for --env-merge %s: %w", e, err)
+ }
+ splitWord := strings.Split(processedWord, "=")
+ if _, ok := defaultEnvs[splitWord[0]]; ok {
+ defaultEnvs[splitWord[0]] = splitWord[1]
+ }
+ }
+
for _, e := range s.UnsetEnv {
delete(defaultEnvs, e)
}
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index b90f07ef8..51b6736a9 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -204,6 +204,9 @@ type ContainerBasicConfig struct {
// The execution domain system allows Linux to provide limited support
// for binaries compiled under other UNIX-like operating systems.
Personality *spec.LinuxPersonality `json:"personality,omitempty"`
+ // EnvMerge takes the specified environment variables from image and preprocess them before injecting them into the
+ // container.
+ EnvMerge []string `json:"envmerge,omitempty"`
// UnsetEnv unsets the specified default environment variables from the image or from buildin or containers.conf
// Optional.
UnsetEnv []string `json:"unsetenv,omitempty"`
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 7392e7b44..aab2eebd5 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -839,6 +839,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if !s.Volatile {
s.Volatile = c.Rm
}
+ if len(s.EnvMerge) == 0 || len(c.EnvMerge) != 0 {
+ s.EnvMerge = c.EnvMerge
+ }
if len(s.UnsetEnv) == 0 || len(c.UnsetEnv) != 0 {
s.UnsetEnv = c.UnsetEnv
}
diff --git a/test/apiv2/python/rest_api/fixtures/api_testcase.py b/test/apiv2/python/rest_api/fixtures/api_testcase.py
index f47136555..edb34b31e 100644
--- a/test/apiv2/python/rest_api/fixtures/api_testcase.py
+++ b/test/apiv2/python/rest_api/fixtures/api_testcase.py
@@ -20,7 +20,7 @@ class APITestCase(unittest.TestCase):
APITestCase.podman = Podman()
APITestCase.service = APITestCase.podman.open(
- "system", "service", "tcp:localhost:8080", "--time=0"
+ "system", "service", "tcp://localhost:8080", "--time=0"
)
# give the service some time to be ready...
time.sleep(2)
diff --git a/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py b/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
index 905c29683..2274f25bf 100644
--- a/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
+++ b/test/apiv2/python/rest_api/v1_test_rest_v1_0_0.py
@@ -63,7 +63,7 @@ class TestApi(unittest.TestCase):
podman(),
"system",
"service",
- "tcp:localhost:8080",
+ "tcp://localhost:8080",
"--log-level=debug",
"--time=0",
],
diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf
index c33f32ab4..94bb316b1 100644
--- a/test/e2e/config/containers.conf
+++ b/test/e2e/config/containers.conf
@@ -61,6 +61,8 @@ no_hosts=true
network_cmd_options=["allow_host_loopback=true"]
service_timeout=1234
+volume_plugin_timeout = 15
+
# We need to ensure each test runs on a separate plugin instance...
# For now, let's just make a bunch of plugin paths and have each test use one.
[engine.volume_plugins]
diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go
index bab52efc5..9e78e150a 100644
--- a/test/e2e/run_env_test.go
+++ b/test/e2e/run_env_test.go
@@ -82,6 +82,17 @@ var _ = Describe("Podman run", func() {
Expect(session.OutputToString()).To(ContainSubstring("HOSTNAME"))
})
+ It("podman run with --env-merge", func() {
+ dockerfile := `FROM quay.io/libpod/alpine:latest
+ENV hello=world
+`
+ podmanTest.BuildImage(dockerfile, "test", "false")
+ session := podmanTest.Podman([]string{"run", "--rm", "--env-merge", "hello=${hello}-earth", "test", "env"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("world-earth"))
+ })
+
It("podman run --env-host environment test", func() {
env := append(os.Environ(), "FOO=BAR")
session := podmanTest.PodmanAsUser([]string{"run", "--rm", "--env-host", ALPINE, "/bin/printenv", "FOO"}, 0, 0, "", env)
diff --git a/test/e2e/volume_create_test.go b/test/e2e/volume_create_test.go
index 7a975f6a5..499283cab 100644
--- a/test/e2e/volume_create_test.go
+++ b/test/e2e/volume_create_test.go
@@ -162,19 +162,4 @@ var _ = Describe("Podman volume create", func() {
Expect(inspectOpts).Should(Exit(0))
Expect(inspectOpts.OutputToString()).To(Equal(optionStrFormatExpect))
})
-
- It("podman create volume with o=timeout", func() {
- volName := "testVol"
- timeout := 10
- timeoutStr := "10"
- session := podmanTest.Podman([]string{"volume", "create", "--opt", fmt.Sprintf("o=timeout=%d", timeout), volName})
- session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
-
- inspectTimeout := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName})
- inspectTimeout.WaitWithDefaultTimeout()
- Expect(inspectTimeout).Should(Exit(0))
- Expect(inspectTimeout.OutputToString()).To(Equal(timeoutStr))
-
- })
})
diff --git a/test/e2e/volume_plugin_test.go b/test/e2e/volume_plugin_test.go
index b585f8dd8..a44e75a54 100644
--- a/test/e2e/volume_plugin_test.go
+++ b/test/e2e/volume_plugin_test.go
@@ -256,4 +256,38 @@ Removed:
Expect(session.OutputToStringArray()).To(ContainElements(localvol, vol2))
Expect(session.ErrorToString()).To(Equal("")) // make no errors are shown
})
+
+ It("volume driver timeouts test", func() {
+ podmanTest.AddImageToRWStore(volumeTest)
+
+ pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes")
+ err := os.Mkdir(pluginStatePath, 0755)
+ Expect(err).ToNot(HaveOccurred())
+
+ // Keep this distinct within tests to avoid multiple tests using the same plugin.
+ pluginName := "testvol6"
+ plugin := podmanTest.Podman([]string{"run", "--security-opt", "label=disable", "-v", "/run/docker/plugins:/run/docker/plugins", "-v", fmt.Sprintf("%v:%v", pluginStatePath, pluginStatePath), "-d", volumeTest, "--sock-name", pluginName, "--path", pluginStatePath})
+ plugin.WaitWithDefaultTimeout()
+ Expect(plugin).Should(Exit(0))
+
+ volName := "testVolume1"
+ create := podmanTest.Podman([]string{"volume", "create", "--driver", pluginName, volName})
+ create.WaitWithDefaultTimeout()
+ Expect(create).Should(Exit(0))
+
+ volInspect := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName})
+ volInspect.WaitWithDefaultTimeout()
+ Expect(volInspect).Should(Exit(0))
+ Expect(volInspect.OutputToString()).To(ContainSubstring("15"))
+
+ volName2 := "testVolume2"
+ create2 := podmanTest.Podman([]string{"volume", "create", "--driver", pluginName, "--opt", "o=timeout=3", volName2})
+ create2.WaitWithDefaultTimeout()
+ Expect(create2).Should(Exit(0))
+
+ volInspect2 := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName2})
+ volInspect2.WaitWithDefaultTimeout()
+ Expect(volInspect2).Should(Exit(0))
+ Expect(volInspect2.OutputToString()).To(ContainSubstring("3"))
+ })
})
diff --git a/test/system/272-system-connection.bats b/test/system/272-system-connection.bats
index e9e9a01ea..e937a7273 100644
--- a/test/system/272-system-connection.bats
+++ b/test/system/272-system-connection.bats
@@ -95,12 +95,12 @@ $c2[ ]\+tcp://localhost:54321[ ]\+true" \
# we need for the server.
${PODMAN%%-remote*} --root ${PODMAN_TMPDIR}/root \
--runroot ${PODMAN_TMPDIR}/runroot \
- system service -t 99 tcp:localhost:$_SERVICE_PORT &
+ system service -t 99 tcp://localhost:$_SERVICE_PORT &
_SERVICE_PID=$!
wait_for_port localhost $_SERVICE_PORT
_run_podman_remote info --format '{{.Host.RemoteSocket.Path}}'
- is "$output" "tcp:localhost:$_SERVICE_PORT" \
+ is "$output" "tcp://localhost:$_SERVICE_PORT" \
"podman info works, and talks to the correct server"
_run_podman_remote info --format '{{.Store.GraphRoot}}'
diff --git a/test/system/900-ssh.bats b/test/system/900-ssh.bats
index 0757f5838..4f1682d48 100644
--- a/test/system/900-ssh.bats
+++ b/test/system/900-ssh.bats
@@ -46,7 +46,7 @@ function _run_podman_remote() {
${PODMAN%%-remote*} --root ${PODMAN_TMPDIR}/root \
--runroot ${PODMAN_TMPDIR}/runroot \
- system service -t 99 tcp:localhost:$_SERVICE_PORT &
+ system service -t 99 tcp://localhost:$_SERVICE_PORT &
_SERVICE_PID=$!
wait_for_port localhost $_SERVICE_PORT
diff --git a/test/testvol/util.go b/test/testvol/util.go
index b50bb3afb..b4961e097 100644
--- a/test/testvol/util.go
+++ b/test/testvol/util.go
@@ -25,5 +25,5 @@ func getPluginName(pathOrName string) string {
func getPlugin(sockNameOrPath string) (*plugin.VolumePlugin, error) {
path := getSocketPath(sockNameOrPath)
name := getPluginName(sockNameOrPath)
- return plugin.GetVolumePlugin(name, path, 0)
+ return plugin.GetVolumePlugin(name, path, nil, nil)
}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
index 3d640ac7b..5d6acd69e 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
@@ -57,7 +57,7 @@ func pollIOCP(ctx context.Context, iocpHandle windows.Handle) {
}).Warn("failed to parse job object message")
continue
}
- if err := msq.Write(notification); err == queue.ErrQueueClosed {
+ if err := msq.Enqueue(notification); err == queue.ErrQueueClosed {
// Write will only return an error when the queue is closed.
// The only time a queue would ever be closed is when we call `Close` on
// the job it belongs to which also removes it from the jobMap, so something
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
index 9c2726416..c9fdd921a 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
@@ -68,6 +68,9 @@ type Options struct {
// `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject.
// Defaults to false.
UseNTVariant bool
+ // `IOTracking` enables tracking I/O statistics on the job object. More specifically this
+ // calls SetInformationJobObject with the JobObjectIoAttribution class.
+ EnableIOTracking bool
}
// Create creates a job object.
@@ -134,6 +137,12 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
job.mq = mq
}
+ if options.EnableIOTracking {
+ if err := enableIOTracking(jobHandle); err != nil {
+ return nil, err
+ }
+ }
+
return job, nil
}
@@ -235,7 +244,7 @@ func (job *JobObject) PollNotification() (interface{}, error) {
if job.mq == nil {
return nil, ErrNotRegistered
}
- return job.mq.ReadOrWait()
+ return job.mq.Dequeue()
}
// UpdateProcThreadAttribute updates the passed in ProcThreadAttributeList to contain what is necessary to
@@ -330,7 +339,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicProcessIdList,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
)
@@ -356,7 +365,7 @@ func (job *JobObject) Pids() ([]uint32, error) {
if err = winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicProcessIdList,
- uintptr(unsafe.Pointer(&buf[0])),
+ unsafe.Pointer(&buf[0]),
uint32(len(buf)),
nil,
); err != nil {
@@ -384,7 +393,7 @@ func (job *JobObject) QueryMemoryStats() (*winapi.JOBOBJECT_MEMORY_USAGE_INFORMA
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectMemoryUsageInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -406,7 +415,7 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectBasicAccountingInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -415,7 +424,9 @@ func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_
return &info, nil
}
-// QueryStorageStats gets the storage (I/O) stats for the job object.
+// QueryStorageStats gets the storage (I/O) stats for the job object. This call will error
+// if either `EnableIOTracking` wasn't set to true on creation of the job, or SetIOTracking()
+// hasn't been called since creation of the job.
func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION, error) {
job.handleLock.RLock()
defer job.handleLock.RUnlock()
@@ -430,7 +441,7 @@ func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFO
if err := winapi.QueryInformationJobObject(
job.handle,
winapi.JobObjectIoAttribution,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -476,7 +487,7 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
status := winapi.NtQueryInformationProcess(
h,
winapi.ProcessVmCounters,
- uintptr(unsafe.Pointer(&vmCounters)),
+ unsafe.Pointer(&vmCounters),
uint32(unsafe.Sizeof(vmCounters)),
nil,
)
@@ -497,3 +508,31 @@ func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
return jobWorkingSetSize, nil
}
+
+// SetIOTracking enables IO tracking for processes in the job object.
+// This enables use of the QueryStorageStats method.
+func (job *JobObject) SetIOTracking() error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ return enableIOTracking(job.handle)
+}
+
+func enableIOTracking(job windows.Handle) error {
+ info := winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION{
+ ControlFlags: winapi.JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE,
+ }
+ if _, err := windows.SetInformationJobObject(
+ job,
+ winapi.JobObjectIoAttribution,
+ uintptr(unsafe.Pointer(&info)),
+ uint32(unsafe.Sizeof(info)),
+ ); err != nil {
+ return fmt.Errorf("failed to enable IO tracking on job object: %w", err)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
index 4be297788..4efde292c 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
@@ -202,7 +202,7 @@ func (job *JobObject) getExtendedInformation() (*windows.JOBOBJECT_EXTENDED_LIMI
if err := winapi.QueryInformationJobObject(
job.handle,
windows.JobObjectExtendedLimitInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
@@ -224,7 +224,7 @@ func (job *JobObject) getCPURateControlInformation() (*winapi.JOBOBJECT_CPU_RATE
if err := winapi.QueryInformationJobObject(
job.handle,
windows.JobObjectCpuRateControlInformation,
- uintptr(unsafe.Pointer(&info)),
+ unsafe.Pointer(&info),
uint32(unsafe.Sizeof(info)),
nil,
); err != nil {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
index e177c9a62..4eb9bb9f1 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
@@ -5,10 +5,7 @@ import (
"sync"
)
-var (
- ErrQueueClosed = errors.New("the queue is closed for reading and writing")
- ErrQueueEmpty = errors.New("the queue is empty")
-)
+var ErrQueueClosed = errors.New("the queue is closed for reading and writing")
// MessageQueue represents a threadsafe message queue to be used to retrieve or
// write messages to.
@@ -29,8 +26,8 @@ func NewMessageQueue() *MessageQueue {
}
}
-// Write writes `msg` to the queue.
-func (mq *MessageQueue) Write(msg interface{}) error {
+// Enqueue writes `msg` to the queue.
+func (mq *MessageQueue) Enqueue(msg interface{}) error {
mq.m.Lock()
defer mq.m.Unlock()
@@ -43,55 +40,37 @@ func (mq *MessageQueue) Write(msg interface{}) error {
return nil
}
-// Read will read a value from the queue if available, otherwise return an error.
-func (mq *MessageQueue) Read() (interface{}, error) {
+// Dequeue will read a value from the queue and remove it. If the queue
+// is empty, this will block until the queue is closed or a value gets enqueued.
+func (mq *MessageQueue) Dequeue() (interface{}, error) {
mq.m.Lock()
defer mq.m.Unlock()
- if mq.closed {
- return nil, ErrQueueClosed
- }
- if mq.isEmpty() {
- return nil, ErrQueueEmpty
+
+ for !mq.closed && mq.size() == 0 {
+ mq.c.Wait()
}
- val := mq.messages[0]
- mq.messages[0] = nil
- mq.messages = mq.messages[1:]
- return val, nil
-}
-// ReadOrWait will read a value from the queue if available, else it will wait for a
-// value to become available. This will block forever if nothing gets written or until
-// the queue gets closed.
-func (mq *MessageQueue) ReadOrWait() (interface{}, error) {
- mq.m.Lock()
+ // We got woken up, check if it's because the queue got closed.
if mq.closed {
- mq.m.Unlock()
return nil, ErrQueueClosed
}
- if mq.isEmpty() {
- for !mq.closed && mq.isEmpty() {
- mq.c.Wait()
- }
- mq.m.Unlock()
- return mq.Read()
- }
+
val := mq.messages[0]
mq.messages[0] = nil
mq.messages = mq.messages[1:]
- mq.m.Unlock()
return val, nil
}
-// IsEmpty returns if the queue is empty
-func (mq *MessageQueue) IsEmpty() bool {
+// Size returns the size of the queue.
+func (mq *MessageQueue) Size() int {
mq.m.RLock()
defer mq.m.RUnlock()
- return len(mq.messages) == 0
+ return mq.size()
}
-// Nonexported empty check that doesn't lock so we can call this in Read and Write.
-func (mq *MessageQueue) isEmpty() bool {
- return len(mq.messages) == 0
+// Nonexported size check to check if the queue is empty inside already locked functions.
+func (mq *MessageQueue) size() int {
+ return len(mq.messages)
}
// Close closes the queue for future writes or reads. Any attempts to read or write from the
@@ -99,13 +78,15 @@ func (mq *MessageQueue) isEmpty() bool {
func (mq *MessageQueue) Close() {
mq.m.Lock()
defer mq.m.Unlock()
- // Already closed
+
+ // Already closed, noop
if mq.closed {
return
}
+
mq.messages = nil
mq.closed = true
- // If there's anybody currently waiting on a value from ReadOrWait, we need to
+ // If there's anybody currently waiting on a value from Dequeue, we need to
// broadcast so the read(s) can return ErrQueueClosed.
mq.c.Broadcast()
}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
index 479649db3..7eb13f8f0 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
@@ -175,7 +175,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct {
// LPDWORD lpReturnLength
// );
//
-//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
+//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
// HANDLE OpenJobObjectW(
// DWORD dwDesiredAccess,
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
index 5f9e03fd2..222529f43 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
@@ -18,7 +18,7 @@ const ProcessVmCounters = 3
// [out, optional] PULONG ReturnLength
// );
//
-//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
+//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
// typedef struct _VM_COUNTERS_EX
// {
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
index 327f57d7c..78fe01a4b 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
@@ -12,7 +12,8 @@ const STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
// ULONG SystemInformationLength,
// PULONG ReturnLength
// );
-//sys NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
+//
+//sys NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
type SYSTEM_PROCESS_INFORMATION struct {
NextEntryOffset uint32 // ULONG
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
index 39fb3e1ad..1f16cf0b8 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
@@ -100,7 +100,7 @@ func resizePseudoConsole(hPc windows.Handle, size uint32) (hr error) {
return
}
-func NtQuerySystemInformation(systemInfoClass int, systemInformation uintptr, systemInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) {
r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(systemInfoClass), uintptr(systemInformation), uintptr(systemInfoLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
status = uint32(r0)
return
@@ -152,7 +152,7 @@ func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result
return
}
-func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
+func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0)
if r1 == 0 {
if e1 != 0 {
@@ -244,7 +244,7 @@ func LocalFree(ptr uintptr) {
return
}
-func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo uintptr, processInfoLength uint32, returnLength *uint32) (status uint32) {
+func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) {
r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(processHandle), uintptr(processInfoClass), uintptr(processInfo), uintptr(processInfoLength), uintptr(unsafe.Pointer(returnLength)), 0)
status = uint32(r0)
return
diff --git a/vendor/github.com/containers/common/libimage/inspect.go b/vendor/github.com/containers/common/libimage/inspect.go
index 5da8df1bf..c6632d9a2 100644
--- a/vendor/github.com/containers/common/libimage/inspect.go
+++ b/vendor/github.com/containers/common/libimage/inspect.go
@@ -190,7 +190,7 @@ func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageDat
// NOTE: Health checks may be listed in the container config or
// the config.
data.HealthCheck = dockerManifest.ContainerConfig.Healthcheck
- if data.HealthCheck == nil {
+ if data.HealthCheck == nil && dockerManifest.Config != nil {
data.HealthCheck = dockerManifest.Config.Healthcheck
}
}
diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go
index 89faa4635..593eef04b 100644
--- a/vendor/github.com/containers/common/libimage/load.go
+++ b/vendor/github.com/containers/common/libimage/load.go
@@ -99,7 +99,7 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
}
// loadMultiImageDockerArchive loads the docker archive specified by ref. In
-// case the path@reference notation was used, only the specifiec image will be
+// case the path@reference notation was used, only the specified image will be
// loaded. Otherwise, all images will be loaded.
func (r *Runtime) loadMultiImageDockerArchive(ctx context.Context, ref types.ImageReference, options *CopyOptions) ([]string, error) {
// If we cannot stat the path, it either does not exist OR the correct
diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go
index fce8f0066..11f1bbe14 100644
--- a/vendor/github.com/containers/common/libnetwork/cni/network.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/network.go
@@ -19,6 +19,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/storage/pkg/lockfile"
"github.com/sirupsen/logrus"
+ "golang.org/x/sys/unix"
)
type cniNetwork struct {
@@ -62,6 +63,8 @@ type InitConfig struct {
CNIConfigDir string
// CNIPluginDirs is a list of directories where cni should look for the plugins.
CNIPluginDirs []string
+ // RunDir is a directory where temporary files can be stored.
+ RunDir string
// DefaultNetwork is the name for the default network.
DefaultNetwork string
@@ -81,7 +84,16 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock
lock, err := lockfile.GetLockfile(filepath.Join(conf.CNIConfigDir, "cni.lock"))
if err != nil {
- return nil, err
+ // If we're on a read-only filesystem, there is no risk of
+ // contention. Fall back to a local lockfile.
+ if errors.Is(err, unix.EROFS) {
+ lock, err = lockfile.GetLockfile(filepath.Join(conf.RunDir, "cni.lock"))
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ return nil, err
+ }
}
defaultNetworkName := conf.DefaultNetwork
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index 639ff4e45..545655fd3 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -169,6 +169,7 @@ func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
return cni.NewCNINetworkInterface(&cni.InitConfig{
CNIConfigDir: confDir,
CNIPluginDirs: conf.Network.CNIPluginDirs,
+ RunDir: conf.Engine.TmpDir,
DefaultNetwork: conf.Network.DefaultNetwork,
DefaultSubnet: conf.Network.DefaultSubnet,
DefaultsubnetPools: conf.Network.DefaultSubnetPools,
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index de1d91ae3..858f961b6 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -7,6 +7,7 @@ import (
"os"
"os/exec"
"path/filepath"
+ "runtime"
"sort"
"strings"
"sync"
@@ -27,6 +28,8 @@ const (
_configPath = "containers/containers.conf"
// UserOverrideContainersConfig holds the containers config path overridden by the rootless user
UserOverrideContainersConfig = ".config/" + _configPath
+ // Token prefix for looking for helper binary under $BINDIR
+ bindirPrefix = "$BINDIR"
)
// RuntimeStateStore is a constant indicating which state store implementation
@@ -454,6 +457,13 @@ type EngineConfig struct {
// may not be by other drivers.
VolumePath string `toml:"volume_path,omitempty"`
+ // VolumePluginTimeout sets the default timeout, in seconds, for
+ // operations that must contact a volume plugin. Plugins are external
+ // programs accessed via REST API; this sets a timeout for requests to
+ // that API.
+ // A value of 0 is treated as no timeout.
+ VolumePluginTimeout uint `toml:"volume_plugin_timeout,omitempty,omitzero"`
+
// VolumePlugins is a set of plugins that can be used as the backend for
// Podman named volumes. Each volume is specified as a name (what Podman
// will refer to the plugin as) mapped to a path, which must point to a
@@ -815,6 +825,18 @@ func (c *Config) Validate() error {
return nil
}
+// URI returns the URI Path to the machine image
+func (m *MachineConfig) URI() string {
+ uri := m.Image
+ for _, val := range []string{"$ARCH", "$arch"} {
+ uri = strings.Replace(uri, val, runtime.GOARCH, 1)
+ }
+ for _, val := range []string{"$OS", "$os"} {
+ uri = strings.Replace(uri, val, runtime.GOOS, 1)
+ }
+ return uri
+}
+
func (c *EngineConfig) findRuntime() string {
// Search for crun first followed by runc, kata, runsc
for _, name := range []string{"crun", "runc", "runj", "kata", "runsc"} {
@@ -1241,10 +1263,37 @@ func (c *Config) ActiveDestination() (uri, identity string, err error) {
return "", "", errors.New("no service destination configured")
}
+var (
+ bindirFailed = false
+ bindirCached = ""
+)
+
+func findBindir() string {
+ if bindirCached != "" || bindirFailed {
+ return bindirCached
+ }
+ execPath, err := os.Executable()
+ if err == nil {
+ // Resolve symbolic links to find the actual binary file path.
+ execPath, err = filepath.EvalSymlinks(execPath)
+ }
+ if err != nil {
+ // If failed to find executable (unlikely to happen), warn about it.
+ // The bindirFailed flag will track this, so we only warn once.
+ logrus.Warnf("Failed to find $BINDIR: %v", err)
+ bindirFailed = true
+ return ""
+ }
+ bindirCached = filepath.Dir(execPath)
+ return bindirCached
+}
+
// FindHelperBinary will search the given binary name in the configured directories.
// If searchPATH is set to true it will also search in $PATH.
func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
dirList := c.Engine.HelperBinariesDir
+ bindirPath := ""
+ bindirSearched := false
// If set, search this directory first. This is used in testing.
if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
@@ -1252,6 +1301,24 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error)
}
for _, path := range dirList {
+ if path == bindirPrefix || strings.HasPrefix(path, bindirPrefix+string(filepath.Separator)) {
+ // Calculate the path to the executable first time we encounter a $BINDIR prefix.
+ if !bindirSearched {
+ bindirSearched = true
+ bindirPath = findBindir()
+ }
+ // If there's an error, don't stop the search for the helper binary.
+ // findBindir() will have warned once during the first failure.
+ if bindirPath == "" {
+ continue
+ }
+ // Replace the $BINDIR prefix with the path to the directory of the current binary.
+ if path == bindirPrefix {
+ path = bindirPath
+ } else {
+ path = filepath.Join(bindirPath, strings.TrimPrefix(path, bindirPrefix+string(filepath.Separator)))
+ }
+ }
fullpath := filepath.Join(path, name)
if fi, err := os.Stat(fullpath); err == nil && fi.Mode().IsRegular() {
return fullpath, nil
diff --git a/vendor/github.com/containers/common/pkg/config/config_darwin.go b/vendor/github.com/containers/common/pkg/config/config_darwin.go
index 0ab9e0294..5283665e1 100644
--- a/vendor/github.com/containers/common/pkg/config/config_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/config_darwin.go
@@ -35,4 +35,6 @@ var defaultHelperBinariesDir = []string{
"/usr/local/lib/podman",
"/usr/libexec/podman",
"/usr/lib/podman",
+ // Relative to the binary directory
+ "$BINDIR/../libexec/podman",
}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index d1ac7c0e8..5b5aaa00a 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -605,6 +605,12 @@ default_sysctls = [
#
#volume_path = "/var/lib/containers/storage/volumes"
+# Default timeout (in seconds) for volume plugin operations.
+# Plugins are external programs accessed via a REST API; this sets a timeout
+# for requests to that API.
+# A value of 0 is treated as no timeout.
+#volume_plugin_timeout = 5
+
# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
[engine.runtimes]
#crun = [
@@ -665,9 +671,16 @@ default_sysctls = [
#
#disk_size=10
-# The image used when creating a podman-machine VM.
+# Default image URI when creating a new VM using `podman machine init`.
+# Options: On Linux/Mac, `testing`, `stable`, `next`. On Windows, the major
+# version of the OS (e.g `36`) for Fedora 36. For all platforms you can
+# alternatively specify a custom download URL to an image. Container engines
+# translate URIs $OS and $ARCH to the native OS and ARCH. URI
+# "https://example.com/$OS/$ARCH/foobar.ami" becomes
+# "https://example.com/linux/amd64/foobar.ami" on a Linux AMD machine.
+# The default value is `testing`.
#
-#image = "testing"
+# image = "testing"
# Memory in MB a machine is created with.
#
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 6bca7312a..b0d62779b 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -168,6 +168,8 @@ const (
SeccompOverridePath = _etcDir + "/containers/seccomp.json"
// SeccompDefaultPath defines the default seccomp path.
SeccompDefaultPath = _installPrefix + "/share/containers/seccomp.json"
+ // DefaultVolumePluginTimeout is the default volume plugin timeout, in seconds
+ DefaultVolumePluginTimeout = 5
)
// DefaultConfig defines the default values from containers.conf.
@@ -264,7 +266,7 @@ func defaultMachineConfig() MachineConfig {
Image: getDefaultMachineImage(),
Memory: 2048,
User: getDefaultMachineUser(),
- Volumes: []string{"$HOME:$HOME"},
+ Volumes: getDefaultMachineVolumes(),
}
}
@@ -304,6 +306,8 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
c.StaticDir = filepath.Join(storeOpts.GraphRoot, "libpod")
c.VolumePath = filepath.Join(storeOpts.GraphRoot, "volumes")
+ c.VolumePluginTimeout = DefaultVolumePluginTimeout
+
c.HelperBinariesDir = defaultHelperBinariesDir
if additionalHelperBinariesDir != "" {
c.HelperBinariesDir = append(c.HelperBinariesDir, additionalHelperBinariesDir)
diff --git a/vendor/github.com/containers/common/pkg/config/default_darwin.go b/vendor/github.com/containers/common/pkg/config/default_darwin.go
index c502ea55e..5d857df4f 100644
--- a/vendor/github.com/containers/common/pkg/config/default_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/default_darwin.go
@@ -11,3 +11,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_freebsd.go b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
index 8b10ac1f7..9c827dbfe 100644
--- a/vendor/github.com/containers/common/pkg/config/default_freebsd.go
+++ b/vendor/github.com/containers/common/pkg/config/default_freebsd.go
@@ -18,3 +18,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/var/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_linux.go b/vendor/github.com/containers/common/pkg/config/default_linux.go
index 86873beb1..15052c10e 100644
--- a/vendor/github.com/containers/common/pkg/config/default_linux.go
+++ b/vendor/github.com/containers/common/pkg/config/default_linux.go
@@ -70,3 +70,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{"$HOME:$HOME"}
+}
diff --git a/vendor/github.com/containers/common/pkg/config/default_windows.go b/vendor/github.com/containers/common/pkg/config/default_windows.go
index 1ff88fc42..08a0bf223 100644
--- a/vendor/github.com/containers/common/pkg/config/default_windows.go
+++ b/vendor/github.com/containers/common/pkg/config/default_windows.go
@@ -44,3 +44,8 @@ func getDefaultLockType() string {
func getLibpodTmpDir() string {
return "/run/libpod"
}
+
+// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
+func getDefaultMachineVolumes() []string {
+ return []string{}
+}
diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
index ff82b5a39..02b6dfb09 100644
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
@@ -372,7 +372,7 @@ func mountExists(mounts []rspec.Mount, dest string) bool {
return false
}
-// resolveSymbolicLink resolves a possbile symlink path. If the path is a symlink, returns resolved
+// resolveSymbolicLink resolves symlink paths. If the path is a symlink, returns resolved
// path; if not, returns the original path.
func resolveSymbolicLink(path string) (string, error) {
info, err := os.Lstat(path)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index eb9c7a34d..62feec8d8 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -11,7 +11,7 @@ github.com/Microsoft/go-winio/backuptar
github.com/Microsoft/go-winio/pkg/guid
github.com/Microsoft/go-winio/pkg/security
github.com/Microsoft/go-winio/vhd
-# github.com/Microsoft/hcsshim v0.9.3
+# github.com/Microsoft/hcsshim v0.9.4
github.com/Microsoft/hcsshim
github.com/Microsoft/hcsshim/computestorage
github.com/Microsoft/hcsshim/internal/cow
@@ -67,7 +67,7 @@ github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
github.com/container-orchestrated-devices/container-device-interface/specs-go
# github.com/containerd/cgroups v1.0.3
github.com/containerd/cgroups/stats/v1
-# github.com/containerd/containerd v1.6.6
+# github.com/containerd/containerd v1.6.8
github.com/containerd/containerd/errdefs
github.com/containerd/containerd/log
github.com/containerd/containerd/pkg/userns
@@ -114,7 +114,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
-# github.com/containers/common v0.49.2-0.20220817132854-f6679f170eca
+# github.com/containers/common v0.49.2-0.20220823130605-72a7da3358ac
## explicit
github.com/containers/common/libimage
github.com/containers/common/libimage/define
@@ -620,6 +620,7 @@ github.com/opencontainers/selinux/go-selinux/label
github.com/opencontainers/selinux/pkg/pwalk
github.com/opencontainers/selinux/pkg/pwalkdir
# github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
+## explicit
github.com/openshift/imagebuilder
github.com/openshift/imagebuilder/dockerfile/command
github.com/openshift/imagebuilder/dockerfile/parser