diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | RELEASE_NOTES.md | 18 | ||||
| -rw-r--r-- | changelog.txt | 48 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 2 | ||||
| -rw-r--r-- | docs/podman-create.1.md | 2 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 2 | ||||
| -rw-r--r-- | libpod/driver/driver.go | 4 | ||||
| -rw-r--r-- | libpod/events/journal_linux.go | 5 | ||||
| -rw-r--r-- | libpod/runtime_pod_infra_linux.go | 3 | ||||
| -rw-r--r-- | libpod/util_linux.go | 11 | ||||
| -rw-r--r-- | pkg/adapter/pods.go | 2 | ||||
| -rw-r--r-- | pkg/cgroups/cgroups.go | 73 | ||||
| -rw-r--r-- | pkg/cgroups/systemd.go | 23 | ||||
| -rw-r--r-- | pkg/hooks/hooks.go | 3 | ||||
| -rw-r--r-- | pkg/spec/storage.go | 4 | ||||
| -rw-r--r-- | pkg/util/mountOpts.go | 3 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 24 | ||||
| -rw-r--r-- | test/system/030-run.bats | 13 | ||||
| -rw-r--r-- | test/system/055-rm.bats | 42 | ||||
| -rw-r--r-- | version/version.go | 2 |
20 files changed, 253 insertions, 33 deletions
@@ -2,7 +2,7 @@ export GO111MODULE=off GO ?= go DESTDIR ?= -EPOCH_TEST_COMMIT ?= bb80586e275fe0d3f47700ec54c9718a28b1e59c +EPOCH_TEST_COMMIT ?= b9a176bea94b8e3a97a70dd7cd599f1a057777b0 HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index f55fd9b18..3cfd8ed86 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,23 @@ # Release Notes +## 1.5.1 +### Features +- The hostname of pods is now set to the pod's name + +### Bugfixes +- Fixed a bug where `podman run` and `podman create` did not honor the `--authfile` option ([#3730](https://github.com/containers/libpod/issues/3730)) +- Fixed a bug where containers restored with `podman container restore --import` would incorrectly duplicate the Conmon PID file of the original container +- Fixed a bug where `podman build` ignored the default OCI runtime configured in `libpod.conf` +- Fixed a bug where `podman run --rm` (or force-removing any running container with `podman rm --force`) were not retrieving the correct exit code ([#3795](https://github.com/containers/libpod/issues/3795)) +- Fixed a bug where Podman would exit with an error if any configured hooks directory was not present +- Fixed a bug where `podman inspect` and `podman commit` would not use the correct `CMD` for containers run with `podman play kube` +- Fixed a bug created pods when using rootless Podman and CGroups V2 ([#3801](https://github.com/containers/libpod/issues/3801)) +- Fixed a bug where the `podman events` command with the `--since` or `--until` options could take a very long time to complete + +### Misc +- Rootless Podman will now inherit OCI runtime configuration from the root configuration ([#3781](https://github.com/containers/libpod/issues/3781)) +- Podman now properly sets a user agent while contacting registries ([#3788](https://github.com/containers/libpod/issues/3788)) + ## 1.5.0 ### Features - Podman containers can now join the user namespaces of other containers with `--userns=container:$ID`, or a user namespace at an arbitary path with `--userns=ns:$PATH` diff --git a/changelog.txt b/changelog.txt index beea8dd5c..b0a847aee 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,51 @@ +- Changelog for v1.5.1 (2019-08-15) + * Add release notes for v1.5.1 + * Set Pod hostname as Pod name + * tests for exit status on podman run --rm + * performance fix for podman events with large journalds + * pkg/cgroups: use DBUS session when rootless + * Fix play kube command in pod yaml + * removMergeDir from inspect result if not mounted + * Running Podman with a nonexistent hooks dir is nonfatal + * Cirrus: Install varlink on Ubuntu + * Cirrus: Install varlink on Fedora + * Add missing stage-packages in snapcraft.yaml. + * Add RHEL and SUSE to snap doc + * start groundwork for adding snap + * Add user systemd service and socket + * Small optimization - only store exit code when nonzero + * Fix container exit code with Journald backend + * Revert "Cirrus: Temp. workaround missing imgprune image" + * Homebrew installation in install.md + * varlink endpoint for containerstats requires root + * Adjust get_ci_vm.sh for substitution + * Cirrus: Add verification for cgroupv2 image + * Cirrus: Add experimental fedora VM image & test + * image: add user agent to Docker registry options + * Cirrus: Minor, use newer Ubuntu base image + * tests: disable some tests currently failing when not using runc + * containers: look also for 'file not found' in the error message + * cirrus: add tests with crun on Fedora 30 + * rootless: cherry-pick runtime from the system configuration + * cirrus: install crun + * cmd: drop check for euid==0 + * storage: drop unused geteuid check + * cmd, stats: fix check for rootless mode + * oci: drop check for euid==0 + * build: use the configured runtime + * Adjust read count so that a newline can be added afterwards + * Fix incorrect use of realloc() + * Bump gitvalidation epoch + * Bump to v1.5.1-dev + * Fix a couple of errors descovered by coverity + * Test that restored container does not depend on the original container + * Fix up ConmonPidFile after restore + * Cirrus: Enable updates-testing repo for Fedora + * enable windows remote client + * implement 'make remotesystem' + * Squish a few tpyo nits in container.go doc + * Cirrus: Add Second partition for storage testing + - Changelog for v1.5.0 (2019-08-09) * vendor github.com/containers/storage@v1.13.2 * Improve dns-search validation, empty domains now return an error diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 35f3b2014..934f785db 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -39,7 +39,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.5.1 +Version: 1.5.2 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 50fca3541..6fe224bd4 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -715,7 +715,7 @@ $ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: -`rw,noexec,nosuid,nodev,size=65536k`. +`rw,noexec,nosuid,nodev`. **--tty**, **-t**=*true|false* diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index e7c898b25..4f6c3568b 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -752,7 +752,7 @@ $ podman run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: -`rw,noexec,nosuid,nodev,size=65536k`. +`rw,noexec,nosuid,nodev`. **--tty**, **-t**=*true|false* diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go index f9442fa21..85eda5a21 100644 --- a/libpod/driver/driver.go +++ b/libpod/driver/driver.go @@ -38,6 +38,10 @@ func GetDriverData(store cstorage.Store, layerID string) (*Data, error) { if err != nil { return nil, err } + if mountTimes, err := store.Mounted(layerID); mountTimes == 0 || err != nil { + delete(metaData, "MergedDir") + } + return &Data{ Name: name, Data: metaData, diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go index 3bc3f6de7..470c76959 100644 --- a/libpod/events/journal_linux.go +++ b/libpod/events/journal_linux.go @@ -73,6 +73,11 @@ func (e EventJournalD) Read(options ReadOptions) error { if err := j.SeekTail(); err != nil { return errors.Wrap(err, "failed to seek end of journal") } + } else { + podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint + if err := j.AddMatch(podmanJournal.String()); err != nil { + return errors.Wrap(err, "failed to add filter for event log") + } } // the api requires a next|prev before getting a cursor if _, err := j.Next(); err != nil { diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index da35b7f93..24651099f 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -30,6 +30,9 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID return nil, err } + // Set Pod hostname as Pod name + g.Config.Hostname = p.config.Name + isRootless := rootless.IsRootless() entryCmd := []string{r.config.InfraCommand} diff --git a/libpod/util_linux.go b/libpod/util_linux.go index 78cbc75a7..d5c113daf 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -48,6 +48,9 @@ func makeSystemdCgroup(path string) error { return err } + if rootless.IsRootless() { + return controller.CreateSystemdUserUnit(path, rootless.GetRootlessUID()) + } return controller.CreateSystemdUnit(path) } @@ -57,6 +60,14 @@ func deleteSystemdCgroup(path string) error { if err != nil { return err } + if rootless.IsRootless() { + conn, err := cgroups.GetUserConnection(rootless.GetRootlessUID()) + if err != nil { + return err + } + defer conn.Close() + return controller.DeleteByPathConn(path, conn) + } return controller.DeleteByPath(path) } diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index e25238956..2743dfdc6 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -707,6 +707,8 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container return nil, errors.Errorf("No command specified in container YAML or as CMD or ENTRYPOINT in this image for %s", containerConfig.Name) } + containerConfig.UserCommand = containerConfig.Command + containerConfig.StopSignal = 15 // If the user does not pass in ID mappings, just set to basics diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index f2c6b548e..085718855 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -10,6 +10,8 @@ import ( "strconv" "strings" + systemdDbus "github.com/coreos/go-systemd/dbus" + "github.com/godbus/dbus" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -352,7 +354,56 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error { if !c.systemd { return fmt.Errorf("the cgroup controller is not using systemd") } - return systemdCreate(path) + + conn, err := systemdDbus.New() + if err != nil { + return err + } + defer conn.Close() + + return systemdCreate(path, conn) +} + +// GetUserConnection returns an user connection to D-BUS +func GetUserConnection(uid int) (*systemdDbus.Conn, error) { + return systemdDbus.NewConnection(func() (*dbus.Conn, error) { + return dbusAuthConnection(uid, dbus.SessionBusPrivate) + }) +} + +// CreateSystemdUserUnit creates the systemd cgroup for the specified user +func (c *CgroupControl) CreateSystemdUserUnit(path string, uid int) error { + if !c.systemd { + return fmt.Errorf("the cgroup controller is not using systemd") + } + + conn, err := GetUserConnection(uid) + if err != nil { + return err + } + defer conn.Close() + + return systemdCreate(path, conn) +} + +func dbusAuthConnection(uid int, createBus func(opts ...dbus.ConnOption) (*dbus.Conn, error)) (*dbus.Conn, error) { + conn, err := createBus() + if err != nil { + return nil, err + } + + methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(uid))} + + err = conn.Auth(methods) + if err != nil { + conn.Close() + return nil, err + } + if err := conn.Hello(); err != nil { + return nil, err + } + + return conn, nil } // Delete cleans a cgroup @@ -386,10 +437,11 @@ func rmDirRecursively(path string) error { return nil } -// DeleteByPath deletes the specified cgroup path -func (c *CgroupControl) DeleteByPath(path string) error { +// DeleteByPathConn deletes the specified cgroup path using the specified +// dbus connection if needed. +func (c *CgroupControl) DeleteByPathConn(path string, conn *systemdDbus.Conn) error { if c.systemd { - return systemdDestroy(path) + return systemdDestroyConn(path, conn) } if c.cgroup2 { return rmDirRecursively(filepath.Join(cgroupRoot, c.path)) @@ -413,6 +465,19 @@ func (c *CgroupControl) DeleteByPath(path string) error { return lastError } +// DeleteByPath deletes the specified cgroup path +func (c *CgroupControl) DeleteByPath(path string) error { + if c.systemd { + conn, err := systemdDbus.New() + if err != nil { + return err + } + defer conn.Close() + return c.DeleteByPathConn(path, conn) + } + return c.DeleteByPathConn(path, nil) +} + // Update updates the cgroups func (c *CgroupControl) Update(resources *spec.LinuxResources) error { for _, h := range handlers { diff --git a/pkg/cgroups/systemd.go b/pkg/cgroups/systemd.go index e72e456bc..b8e6db156 100644 --- a/pkg/cgroups/systemd.go +++ b/pkg/cgroups/systemd.go @@ -9,13 +9,7 @@ import ( "github.com/godbus/dbus" ) -func systemdCreate(path string) error { - c, err := systemdDbus.New() - if err != nil { - return err - } - defer c.Close() - +func systemdCreate(path string, c *systemdDbus.Conn) error { slice, name := filepath.Split(path) slice = strings.TrimSuffix(slice, "/") @@ -43,7 +37,7 @@ func systemdCreate(path string) error { } ch := make(chan string) - _, err = c.StartTransientUnit(name, "replace", properties, ch) + _, err := c.StartTransientUnit(name, "replace", properties, ch) if err != nil { lastError = err continue @@ -55,7 +49,7 @@ func systemdCreate(path string) error { } /* - systemdDestroy is copied from containerd/cgroups/systemd.go file, that + systemdDestroyConn is copied from containerd/cgroups/systemd.go file, that has the following license: Copyright The containerd Authors. @@ -72,18 +66,11 @@ func systemdCreate(path string) error { See the License for the specific language governing permissions and limitations under the License. */ - -func systemdDestroy(path string) error { - c, err := systemdDbus.New() - if err != nil { - return err - } - defer c.Close() - +func systemdDestroyConn(path string, c *systemdDbus.Conn) error { name := filepath.Base(path) ch := make(chan string) - _, err = c.StopUnit(name, "replace", ch) + _, err := c.StopUnit(name, "replace", ch) if err != nil { return err } diff --git a/pkg/hooks/hooks.go b/pkg/hooks/hooks.go index b962ffa5c..0d26bf4af 100644 --- a/pkg/hooks/hooks.go +++ b/pkg/hooks/hooks.go @@ -4,6 +4,7 @@ package hooks import ( "context" "fmt" + "os" "sort" "strings" "sync" @@ -56,7 +57,7 @@ func New(ctx context.Context, directories []string, extensionStages []string) (m for _, dir := range directories { err = ReadDir(dir, manager.extensionStages, manager.hooks) - if err != nil { + if err != nil && !os.IsNotExist(err) { return nil, err } } diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index a8dc7f4a8..b634f4cac 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -168,14 +168,14 @@ func (config *CreateConfig) parseVolumes(runtime *libpod.Runtime) ([]spec.Mount, "/run": false, } if config.ReadOnlyRootfs && config.ReadOnlyTmpfs { - options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup", "size=65536k"} + options := []string{"rw", "rprivate", "nosuid", "nodev", "tmpcopyup"} for dest := range readonlyTmpfs { if _, ok := baseMounts[dest]; ok { continue } localOpts := options if dest == "/run" { - localOpts = append(localOpts, "noexec") + localOpts = append(localOpts, "noexec", "size=65536k") } baseMounts[dest] = spec.Mount{ Destination: dest, diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 40c99384d..9b2c734c0 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -92,9 +92,6 @@ func ProcessTmpfsOptions(options []string) ([]string, error) { if !foundWrite { baseOpts = append(baseOpts, "rw") } - if !foundSize { - baseOpts = append(baseOpts, "size=65536k") - } if !foundProp { baseOpts = append(baseOpts, "rprivate") } diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 331412a39..b0a9f2ead 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -140,6 +140,30 @@ var _ = Describe("Podman generate kube", func() { Expect(inspect.OutputToString()).To(ContainSubstring(ctrCmd[0])) }) + It("podman play kube test correct output", func() { + ctrName := "testCtr" + ctrCmd := []string{"echo", "hello"} + testContainer := Container{ctrCmd, ALPINE, ctrName, false, nil, nil} + tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") + + err := generateKubeYaml([]Container{testContainer}, tempFile) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", tempFile}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + logs := podmanTest.Podman([]string{"logs", ctrName}) + logs.WaitWithDefaultTimeout() + Expect(logs.ExitCode()).To(Equal(0)) + Expect(logs.OutputToString()).To(ContainSubstring("hello")) + + inspect := podmanTest.Podman([]string{"inspect", ctrName, "--format", "'{{ .Config.Cmd }}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(ContainSubstring("hello")) + }) + It("podman play kube cap add", func() { ctrName := "testCtr" ctrCmd := []string{"cat", "/proc/self/status"} diff --git a/test/system/030-run.bats b/test/system/030-run.bats index cefff0e2c..9e609b434 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -43,4 +43,17 @@ echo $rand | 0 | $rand is "$output" "" "unwanted /sys/kernel in 'mount' output (with --net=host)" } +# 'run --rm' goes through different code paths and may lose exit status. +# See https://github.com/containers/libpod/issues/3795 +@test "podman run --rm" { + skip_if_remote "podman-remote does not handle exit codes" + + run_podman 0 run --rm $IMAGE /bin/true + run_podman 1 run --rm $IMAGE /bin/false + + # Believe it or not, 'sh -c' resulted in different behavior + run_podman 0 run --rm $IMAGE sh -c /bin/true + run_podman 1 run --rm $IMAGE sh -c /bin/false +} + # vim: filetype=sh diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats new file mode 100644 index 000000000..c13c8c52e --- /dev/null +++ b/test/system/055-rm.bats @@ -0,0 +1,42 @@ +#!/usr/bin/env bats -*- bats -*- +# +# tests for podman rm +# + +load helpers + +@test "podman rm" { + rand=$(random_string 30) + run_podman run --name $rand $IMAGE /bin/true + + # Don't care about output, just check exit status (it should exist) + run_podman 0 inspect $rand + + # container should be in output of 'ps -a' + run_podman ps -a + is "$output" ".* $IMAGE .*/true .* $rand" "Container present in 'ps -a'" + + # Remove container; now 'inspect' should fail + run_podman rm $rand + run_podman 125 inspect $rand +} + +# I'm sorry! This test takes 13 seconds. There's not much I can do about it, +# please know that I think it's justified: podman 1.5.0 had a strange bug +# in with exit status was not preserved on some code paths with 'rm -f' +# or 'podman run --rm' (see also 030-run.bats). The test below is a bit +# kludgy: what we care about is the exit status of the killed container, +# not 'podman rm', but BATS has no provision (that I know of) for forking, +# so what we do is start the 'rm' beforehand and monitor the exit status +# of the 'sleep' container. +# +# See https://github.com/containers/libpod/issues/3795 +@test "podman rm -f" { + skip_if_remote "podman-remote does not handle exit codes" + + rand=$(random_string 30) + ( sleep 3; run_podman rm -f $rand ) & + run_podman 137 run --name $rand $IMAGE sleep 30 +} + +# vim: filetype=sh diff --git a/version/version.go b/version/version.go index d5f91210e..f0823f260 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.5.1-dev" +const Version = "1.5.2-dev" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility |