summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/source/markdown/podman-mount.1.md6
-rw-r--r--docs/source/markdown/podman-system-service.1.md4
-rw-r--r--docs/source/markdown/podman-unmount.1.md4
-rw-r--r--libpod/oci_conmon_exec_linux.go5
-rw-r--r--libpod/oci_conmon_linux.go17
-rw-r--r--libpod/runtime_ctr.go50
-rw-r--r--pkg/domain/infra/abi/containers.go73
-rw-r--r--test/system/060-mount.bats31
8 files changed, 167 insertions, 23 deletions
diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md
index 33c5aece8..a6ed3f10d 100644
--- a/docs/source/markdown/podman-mount.1.md
+++ b/docs/source/markdown/podman-mount.1.md
@@ -13,7 +13,9 @@ Mounts the specified containers' root file system in a location which can be
accessed from the host, and returns its location.
If you execute the command without any arguments, Podman will list all of the
-currently mounted containers.
+currently mounted containers, including external containers. External containers are
+containers in container/storage by tools other then Podman. For example Buildah and
+CRI-O.
Rootless mode only supports mounting VFS driver, unless you enter the user namespace
via the `podman unshare` command. All other storage drivers will fail to mount.
@@ -26,7 +28,7 @@ returned.
**--all**, **-a**
-Mount all containers.
+Mount all podman containers. (External containers will not be mounted)
**--format**=*format*
diff --git a/docs/source/markdown/podman-system-service.1.md b/docs/source/markdown/podman-system-service.1.md
index 7d18a6832..580630cdc 100644
--- a/docs/source/markdown/podman-system-service.1.md
+++ b/docs/source/markdown/podman-system-service.1.md
@@ -21,8 +21,8 @@ Both APIs are versioned, but the server will not reject requests with an unsuppo
**--time**, **-t**
-The time until the session expires in _milliseconds_. The default is 1
-second. A value of `0` means no timeout and the session will not expire.
+The time until the session expires in _seconds_. The default is 5
+seconds. A value of `0` means no timeout and the session will not expire.
**--help**, **-h**
diff --git a/docs/source/markdown/podman-unmount.1.md b/docs/source/markdown/podman-unmount.1.md
index 47c55cc0b..08d1286ab 100644
--- a/docs/source/markdown/podman-unmount.1.md
+++ b/docs/source/markdown/podman-unmount.1.md
@@ -22,6 +22,10 @@ container's root filesystem is physically unmounted only when the mount
counter reaches zero indicating no other processes are using the mount.
An unmount can be forced with the --force flag.
+Note: Podman can be used to unmount Podman containers as well as external containers.
+External containers are containers created in container/storage by other tools like
+Buildah and CRI-O.
+
## OPTIONS
**--all**, **-a**
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index 8651c1dc5..7068bf87a 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -444,10 +444,7 @@ func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *Ex
// }
// }
- conmonEnv, extraFiles, err := r.configureConmonEnv(c, runtimeDir)
- if err != nil {
- return nil, nil, err
- }
+ conmonEnv, extraFiles := r.configureConmonEnv(c, runtimeDir)
var filesToClose []*os.File
if options.PreserveFDs > 0 {
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 89d64537d..bd58610a2 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -32,6 +32,7 @@ import (
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/podman/v2/utils"
+ "github.com/containers/storage/pkg/homedir"
pmount "github.com/containers/storage/pkg/mount"
"github.com/coreos/go-systemd/v22/activation"
"github.com/coreos/go-systemd/v22/daemon"
@@ -1065,10 +1066,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
}
// 0, 1 and 2 are stdin, stdout and stderr
- conmonEnv, envFiles, err := r.configureConmonEnv(ctr, runtimeDir)
- if err != nil {
- return err
- }
+ conmonEnv, envFiles := r.configureConmonEnv(ctr, runtimeDir)
var filesToClose []*os.File
if ctr.config.PreserveFDs > 0 {
@@ -1268,16 +1266,15 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
// configureConmonEnv gets the environment values to add to conmon's exec struct
// TODO this may want to be less hardcoded/more configurable in the future
-func (r *ConmonOCIRuntime) configureConmonEnv(ctr *Container, runtimeDir string) ([]string, []*os.File, error) {
+func (r *ConmonOCIRuntime) configureConmonEnv(ctr *Container, runtimeDir string) ([]string, []*os.File) {
env := make([]string, 0, 6)
env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
env = append(env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
env = append(env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID")))
- home, err := util.HomeDir()
- if err != nil {
- return nil, nil, err
+ home := homedir.Get()
+ if home != "" {
+ env = append(env, fmt.Sprintf("HOME=%s", home))
}
- env = append(env, fmt.Sprintf("HOME=%s", home))
extraFiles := make([]*os.File, 0)
if ctr.config.SdNotifyMode == define.SdNotifyModeContainer {
@@ -1294,7 +1291,7 @@ func (r *ConmonOCIRuntime) configureConmonEnv(ctr *Container, runtimeDir string)
} else {
logrus.Debug("disabling SD notify")
}
- return env, extraFiles, nil
+ return env, extraFiles
}
// sharedConmonArgs takes common arguments for exec and create/restore and formats them for the conmon CLI
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index de73a9ff3..c84268889 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -918,6 +918,56 @@ func (r *Runtime) PruneContainers(filterFuncs []ContainerFilter) (map[string]int
return prunedContainers, pruneErrors, nil
}
+// MountStorageContainer mounts the storage container's root filesystem
+func (r *Runtime) MountStorageContainer(id string) (string, error) {
+ if _, err := r.GetContainer(id); err == nil {
+ return "", errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id)
+ }
+ container, err := r.store.Container(id)
+ if err != nil {
+ return "", err
+ }
+ mountPoint, err := r.store.Mount(container.ID, "")
+ if err != nil {
+ return "", errors.Wrapf(err, "error mounting storage for container %s", id)
+ }
+ return mountPoint, nil
+}
+
+// UnmountStorageContainer unmounts the storage container's root filesystem
+func (r *Runtime) UnmountStorageContainer(id string, force bool) (bool, error) {
+ if _, err := r.GetContainer(id); err == nil {
+ return false, errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id)
+ }
+ container, err := r.store.Container(id)
+ if err != nil {
+ return false, err
+ }
+ return r.store.Unmount(container.ID, force)
+}
+
+// MountedStorageContainer returns whether a storage container is mounted
+// along with the mount path
+func (r *Runtime) IsStorageContainerMounted(id string) (bool, string, error) {
+ var path string
+ if _, err := r.GetContainer(id); err == nil {
+ return false, "", errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id)
+ }
+
+ mountCnt, err := r.storageService.MountedContainerImage(id)
+ if err != nil {
+ return false, "", err
+ }
+ mounted := mountCnt > 0
+ if mounted {
+ path, err = r.storageService.GetMountpoint(id)
+ if err != nil {
+ return false, "", err
+ }
+ }
+ return mounted, path, nil
+}
+
// StorageContainers returns a list of containers from containers/storage that
// are not currently known to Podman.
func (r *Runtime) StorageContainers() ([]storage.Container, error) {
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 98b886845..855f9ece8 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -1058,11 +1058,23 @@ func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIDs []strin
os.Exit(ret)
}
}
- ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIDs, ic.Libpod)
+ reports := []*entities.ContainerMountReport{}
+ // Attempt to mount named containers directly from storage,
+ // this will fail and code will fall through to removing the container from libpod.`
+ names := []string{}
+ for _, ctr := range nameOrIDs {
+ report := entities.ContainerMountReport{Id: ctr}
+ if report.Path, report.Err = ic.Libpod.MountStorageContainer(ctr); report.Err != nil {
+ names = append(names, ctr)
+ } else {
+ reports = append(reports, &report)
+ }
+ }
+
+ ctrs, err := getContainersByContext(options.All, options.Latest, names, ic.Libpod)
if err != nil {
return nil, err
}
- reports := make([]*entities.ContainerMountReport, 0, len(ctrs))
for _, ctr := range ctrs {
report := entities.ContainerMountReport{Id: ctr.ID()}
report.Path, report.Err = ctr.Mount()
@@ -1072,6 +1084,30 @@ func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIDs []strin
return reports, nil
}
+ storageCtrs, err := ic.Libpod.StorageContainers()
+ if err != nil {
+ return nil, err
+ }
+
+ for _, sctr := range storageCtrs {
+ mounted, path, err := ic.Libpod.IsStorageContainerMounted(sctr.ID)
+ if err != nil {
+ return nil, err
+ }
+
+ var name string
+ if len(sctr.Names) > 0 {
+ name = sctr.Names[0]
+ }
+ if mounted {
+ reports = append(reports, &entities.ContainerMountReport{
+ Id: sctr.ID,
+ Name: name,
+ Path: path,
+ })
+ }
+ }
+
// No containers were passed, so we send back what is mounted
ctrs, err = getContainersByContext(true, false, []string{}, ic.Libpod)
if err != nil {
@@ -1091,15 +1127,44 @@ func (ic *ContainerEngine) ContainerMount(ctx context.Context, nameOrIDs []strin
})
}
}
+
return reports, nil
}
func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIDs []string, options entities.ContainerUnmountOptions) ([]*entities.ContainerUnmountReport, error) {
- ctrs, err := getContainersByContext(options.All, options.Latest, nameOrIDs, ic.Libpod)
+ reports := []*entities.ContainerUnmountReport{}
+ names := []string{}
+ if options.All {
+ storageCtrs, err := ic.Libpod.StorageContainers()
+ if err != nil {
+ return nil, err
+ }
+ for _, sctr := range storageCtrs {
+ mounted, _, _ := ic.Libpod.IsStorageContainerMounted(sctr.ID)
+ if mounted {
+ report := entities.ContainerUnmountReport{Id: sctr.ID}
+ if _, report.Err = ic.Libpod.UnmountStorageContainer(sctr.ID, options.Force); report.Err != nil {
+ if errors.Cause(report.Err) != define.ErrCtrExists {
+ reports = append(reports, &report)
+ }
+ } else {
+ reports = append(reports, &report)
+ }
+ }
+ }
+ }
+ for _, ctr := range nameOrIDs {
+ report := entities.ContainerUnmountReport{Id: ctr}
+ if _, report.Err = ic.Libpod.UnmountStorageContainer(ctr, options.Force); report.Err != nil {
+ names = append(names, ctr)
+ } else {
+ reports = append(reports, &report)
+ }
+ }
+ ctrs, err := getContainersByContext(options.All, options.Latest, names, ic.Libpod)
if err != nil {
return nil, err
}
- reports := []*entities.ContainerUnmountReport{}
for _, ctr := range ctrs {
state, err := ctr.State()
if err != nil {
diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats
index 73d210084..f04f34bf6 100644
--- a/test/system/060-mount.bats
+++ b/test/system/060-mount.bats
@@ -2,7 +2,6 @@
load helpers
-
@test "podman mount - basic test" {
# Only works with root (FIXME: does it work with rootless + vfs?)
skip_if_rootless "mount does not work rootless"
@@ -151,4 +150,34 @@ load helpers
run_podman rm -f $cid
}
+@test "podman mount external container - basic test" {
+ # Only works with root (FIXME: does it work with rootless + vfs?)
+ skip_if_rootless "mount does not work rootless"
+ skip_if_remote "mounting remote is meaningless"
+
+ # Create a container that podman does not know about
+ external_cid=$(buildah from $IMAGE)
+
+ run_podman mount $external_cid
+ mount_path=$output
+
+ # Test image will always have this file, and will always have the tag
+ test -d $mount_path
+ is $(< "$mount_path/home/podman/testimage-id") "$PODMAN_TEST_IMAGE_TAG" \
+ "Contents of well-known file in image"
+
+ # Make sure that 'podman mount' (no args) returns the expected path
+ run_podman mount --notruncate
+
+ reported_mountpoint=$(echo "$output" | awk '{print $2}')
+ is $reported_mountpoint $mount_path "mountpoint reported by 'podman mount'"
+
+ # umount, and make sure files are gone
+ run_podman umount $external_cid
+ if [ -d "$mount_path" ]; then
+ die "'podman umount' did not umount"
+ fi
+ buildah rm $external_cid
+}
+
# vim: filetype=sh