diff options
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config.go | 81 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config_local.go | 81 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config_remote.go | 25 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config_unix.go | 15 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config_windows.go | 10 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/default.go | 17 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/libpodConfig.go | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go | 11 | ||||
-rw-r--r-- | vendor/modules.txt | 2 |
12 files changed, 159 insertions, 95 deletions
@@ -22,7 +22,7 @@ ETCDIR ?= /etc TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system USERSYSTEMDDIR ?= ${PREFIX}/lib/systemd/user -REMOTETAGS ?= !ABISupport remoteclient exclude_graphdriver_btrfs btrfs_noversion exclude_graphdriver_devicemapper containers_image_openpgp +REMOTETAGS ?= !ABISupport remote exclude_graphdriver_btrfs btrfs_noversion exclude_graphdriver_devicemapper containers_image_openpgp BUILDTAGS ?= \ $(shell hack/apparmor_tag.sh) \ $(shell hack/btrfs_installed_tag.sh) \ @@ -11,7 +11,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.6 github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 - github.com/containers/common v0.11.4 + github.com/containers/common v0.12.0 github.com/containers/conmon v2.0.16+incompatible github.com/containers/image/v5 v5.4.4 github.com/containers/psgo v1.5.0 @@ -69,8 +69,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 h1:EqwBZRqyUYvU7JOmmSSPviSaAoUP1wN0cefXXDZ9ATo= github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224/go.mod h1:5ZkWjOuK90yl55L5R+purJNLfUo0VUr8pstJazNtYck= github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY= -github.com/containers/common v0.11.4 h1:M7lmjaVY+29g+YiaWH/UP4YeHjT/pZMxvRgmsWsQn74= -github.com/containers/common v0.11.4/go.mod h1:AOxw4U5TJJrR/J1QPRvWbjHNdwU13wMy79rjK+7+aJE= +github.com/containers/common v0.12.0 h1:LR/sYyzFa22rFhfu6J9dEYhVkrWjagUigz/ewHhHL9s= +github.com/containers/common v0.12.0/go.mod h1:PKlahPDnQQYcXuIw5qq8mq6yNuCHBtgABphzy6pN0iI= github.com/containers/conmon v2.0.16+incompatible h1:QFOlb9Id4WoJ24BelCFWwDSPTquwKMp3L3g2iGmRTq4= github.com/containers/conmon v2.0.16+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index ef75d9847..d0b56c7f6 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -7,7 +7,6 @@ import ( "path/filepath" "strings" "sync" - "syscall" "github.com/BurntSushi/toml" "github.com/containers/common/pkg/capabilities" @@ -263,6 +262,13 @@ type EngineConfig struct { // PullPolicy determines whether to pull image before creating or running a container // default is "missing" PullPolicy string `toml:"pull_policy"` + + // Indicates whether the application should be running in Remote mode + Remote bool `toml:"_"` + + // RemoteURI containers connection information used to connect to remote system. + RemoteURI string `toml:"remote_uri,omitempty"` + // RuntimePath is the path to OCI runtime binary for launching containers. // The first path pointing to a valid file will be used This is used only // when there are no OCIRuntime/OCIRuntimes defined. It is used only to be @@ -540,17 +546,8 @@ func (c *Config) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *EngineConfig) Validate() error { - // Relative paths can cause nasty bugs, because core paths we use could - // shift between runs (or even parts of the program - the OCI runtime - // uses a different working directory than we do, for example. - if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { - return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) - } - if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { - return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) - } - if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { - return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + if err := c.validatePaths(); err != nil { + return err } // Check if the pullPolicy from containers.conf is valid @@ -566,22 +563,13 @@ func (c *EngineConfig) Validate() error { // It returns an `error` on validation failure, otherwise // `nil`. func (c *ContainersConfig) Validate() error { - for _, u := range c.DefaultUlimits { - ul, err := units.ParseUlimit(u) - if err != nil { - return fmt.Errorf("unrecognized ulimit %s: %v", u, err) - } - _, err = ul.GetRlimit() - if err != nil { - return err - } + + if err := c.validateUlimits(); err != nil { + return err } - for _, d := range c.Devices { - _, _, _, err := Device(d) - if err != nil { - return err - } + if err := c.validateDevices(); err != nil { + return err } if c.LogSizeMax >= 0 && c.LogSizeMax < OCIBufSize { @@ -600,8 +588,7 @@ func (c *ContainersConfig) Validate() error { // execution checks. It returns an `error` on validation failure, otherwise // `nil`. func (c *NetworkConfig) Validate() error { - - if c.NetworkConfigDir != cniConfigDir { + if c.NetworkConfigDir != _cniConfigDir { err := isDirectory(c.NetworkConfigDir) if err != nil { return errors.Wrapf(err, "invalid network_config_dir: %s", c.NetworkConfigDir) @@ -803,31 +790,6 @@ func resolveHomeDir(path string) (string, error) { return strings.Replace(path, "~", home, 1), nil } -// isDirectory tests whether the given path exists and is a directory. It -// follows symlinks. -func isDirectory(path string) error { - path, err := resolveHomeDir(path) - if err != nil { - return err - } - - info, err := os.Stat(path) - if err != nil { - return err - } - - if !info.Mode().IsDir() { - // Return a PathError to be consistent with os.Stat(). - return &os.PathError{ - Op: "stat", - Path: path, - Err: syscall.ENOTDIR, - } - } - - return nil -} - func rootlessConfigPath() (string, error) { if configHome := os.Getenv("XDG_CONFIG_HOME"); configHome != "" { return filepath.Join(configHome, _configPath), nil @@ -878,3 +840,16 @@ func Default() (*Config, error) { }) return config, err } + +func Path() string { + if path := os.Getenv("CONTAINERS_CONF"); path != "" { + return path + } + if unshare.IsRootless() { + if rpath, err := rootlessConfigPath(); err == nil { + return rpath + } + return "$HOME/" + UserOverrideContainersConfig + } + return OverrideContainersConfig +} diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go new file mode 100644 index 000000000..8f4daa3d7 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_local.go @@ -0,0 +1,81 @@ +// +build !remote + +package config + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + + units "github.com/docker/go-units" +) + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + path, err := resolveHomeDir(path) + if err != nil { + return err + } + + info, err := os.Stat(path) + if err != nil { + return err + } + + if !info.Mode().IsDir() { + // Return a PathError to be consistent with os.Stat(). + return &os.PathError{ + Op: "stat", + Path: path, + Err: syscall.ENOTDIR, + } + } + + return nil +} + +func (c *EngineConfig) validatePaths() error { + // Relative paths can cause nasty bugs, because core paths we use could + // shift between runs or even parts of the program. - The OCI runtime + // uses a different working directory than we do, for example. + if c.StaticDir != "" && !filepath.IsAbs(c.StaticDir) { + return fmt.Errorf("static directory must be an absolute path - instead got %q", c.StaticDir) + } + if c.TmpDir != "" && !filepath.IsAbs(c.TmpDir) { + return fmt.Errorf("temporary directory must be an absolute path - instead got %q", c.TmpDir) + } + if c.VolumePath != "" && !filepath.IsAbs(c.VolumePath) { + return fmt.Errorf("volume path must be an absolute path - instead got %q", c.VolumePath) + } + return nil +} + +func (c *ContainersConfig) validateDevices() error { + for _, d := range c.Devices { + _, _, _, err := Device(d) + if err != nil { + return err + } + } + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + for _, u := range c.DefaultUlimits { + ul, err := units.ParseUlimit(u) + if err != nil { + return fmt.Errorf("unrecognized ulimit %s: %v", u, err) + } + _, err = ul.GetRlimit() + if err != nil { + return err + } + } + return nil +} + +func isRemote() bool { + return false +} diff --git a/vendor/github.com/containers/common/pkg/config/config_remote.go b/vendor/github.com/containers/common/pkg/config/config_remote.go new file mode 100644 index 000000000..d012dbd2f --- /dev/null +++ b/vendor/github.com/containers/common/pkg/config/config_remote.go @@ -0,0 +1,25 @@ +// +build remote + +package config + +// isDirectory tests whether the given path exists and is a directory. It +// follows symlinks. +func isDirectory(path string) error { + return nil +} + +func isRemote() bool { + return true +} + +func (c *EngineConfig) validatePaths() error { + return nil +} + +func (c *ContainersConfig) validateDevices() error { + return nil +} + +func (c *ContainersConfig) validateUlimits() error { + return nil +} diff --git a/vendor/github.com/containers/common/pkg/config/config_unix.go b/vendor/github.com/containers/common/pkg/config/config_unix.go deleted file mode 100644 index f270f2e95..000000000 --- a/vendor/github.com/containers/common/pkg/config/config_unix.go +++ /dev/null @@ -1,15 +0,0 @@ -// +build !windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "/etc/cni/net.d/" -) - -var cniBinDir = []string{ - "/usr/libexec/cni", - "/usr/lib/cni", - "/usr/local/lib/cni", - "/opt/cni/bin", -} diff --git a/vendor/github.com/containers/common/pkg/config/config_windows.go b/vendor/github.com/containers/common/pkg/config/config_windows.go deleted file mode 100644 index f6a6512a1..000000000 --- a/vendor/github.com/containers/common/pkg/config/config_windows.go +++ /dev/null @@ -1,10 +0,0 @@ -// +build windows - -package config - -// Defaults for linux/unix if none are specified -const ( - cniConfigDir = "C:\\cni\\etc\\net.d\\" -) - -var cniBinDir = []string{"C:\\cni\\bin\\"} diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 185ce8cee..fe523cbf5 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -53,9 +53,6 @@ var ( // DefaultDetachKeys is the default keys sequence for detaching a // container DefaultDetachKeys = "ctrl-p,ctrl-q" -) - -var ( // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") @@ -80,15 +77,24 @@ var ( "CAP_SETUID", "CAP_SYS_CHROOT", } + + cniBinDir = []string{ + "/usr/libexec/cni", + "/usr/lib/cni", + "/usr/local/lib/cni", + "/opt/cni/bin", + } ) const ( - // EtcDir is the sysconfdir where podman should look for system config files. + // _etcDir is the sysconfdir where podman should look for system config files. // It can be overridden at build time. _etcDir = "/etc" // InstallPrefix is the prefix where podman will be installed. // It can be overridden at build time. _installPrefix = "/usr" + // _cniConfigDir is the directory where cni plugins are found + _cniConfigDir = "/etc/cni/net.d/" // CgroupfsCgroupsManager represents cgroupfs native cgroup manager CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. @@ -191,7 +197,7 @@ func DefaultConfig() (*Config, error) { }, Network: NetworkConfig{ DefaultNetwork: "podman", - NetworkConfigDir: cniConfigDir, + NetworkConfigDir: _cniConfigDir, CNIPluginDirs: cniBinDir, }, Engine: *defaultEngineConfig, @@ -233,6 +239,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.CgroupManager = defaultCgroupManager() c.StopTimeout = uint(10) + c.Remote = isRemote() c.OCIRuntimes = map[string][]string{ "runc": { "/usr/bin/runc", diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go index a8e4c9c93..ab507e864 100644 --- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go +++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go @@ -226,7 +226,7 @@ func newLibpodConfig(c *Config) error { // hard code EventsLogger to "file" to match older podman versions. if config.EventsLogger != "file" { - logrus.Debugf("Ignoring lipod.conf EventsLogger setting %q. Use containers.conf if you want to change this setting and remove libpod.conf files.", config.EventsLogger) + logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger) config.EventsLogger = "file" } @@ -262,7 +262,7 @@ func systemLibpodConfigs() ([]string, error) { } // TODO: Raise to Warnf, when Podman is updated to // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath) + logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath) return []string{path}, nil } return nil, err diff --git a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go index 269ea686a..fcb3cab72 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/sysinfo_linux.go @@ -40,7 +40,7 @@ func New(quiet bool) *SysInfo { sysInfo.cgroupCPUInfo = checkCgroupCPU(cgMounts, quiet) sysInfo.cgroupBlkioInfo = checkCgroupBlkioInfo(cgMounts, quiet) sysInfo.cgroupCpusetInfo = checkCgroupCpusetInfo(cgMounts, quiet) - sysInfo.cgroupPids = checkCgroupPids(quiet) + sysInfo.cgroupPids = checkCgroupPids(cgMounts, quiet) } _, ok := cgMounts["devices"] @@ -227,16 +227,17 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI } // checkCgroupPids reads the pids information from the pids cgroup mount point. -func checkCgroupPids(quiet bool) cgroupPids { +func checkCgroupPids(cgMounts map[string]string, quiet bool) cgroupPids { cgroup2, err := cgroupv2.Enabled() if err != nil { logrus.Errorf("Failed to check cgroups version: %v", err) + return cgroupPids{} } if !cgroup2 { - _, err := cgroups.FindCgroupMountpoint("", "pids") - if err != nil { + _, ok := cgMounts["pids"] + if !ok { if !quiet { - logrus.Warn(err) + logrus.Warn("unable to find pids cgroup in mounts") } return cgroupPids{} } diff --git a/vendor/modules.txt b/vendor/modules.txt index b3c8b96ae..bc0143238 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.11.4 +# github.com/containers/common v0.12.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |