aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/play_kube.go1
-rw-r--r--cmd/podman/shared/create.go9
-rw-r--r--pkg/spec/containerconfig.go4
-rw-r--r--pkg/spec/createconfig.go26
-rw-r--r--pkg/spec/spec.go47
5 files changed, 41 insertions, 46 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 967798399..2e51457c4 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -281,7 +281,6 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
// The default for MemorySwappiness is -1, not 0
containerConfig.Resources.MemorySwappiness = -1
- containerConfig.Runtime = runtime
containerConfig.Image = containerYAML.Image
containerConfig.ImageID = newImage.ID()
containerConfig.Name = containerYAML.Name
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index a1b7cee1c..ab695bcf4 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -139,7 +139,7 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
return ctr, createConfig, nil
}
-func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
+func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *libpod.Runtime) error {
var (
labelOpts []string
)
@@ -147,7 +147,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
if config.PidMode.IsHost() {
labelOpts = append(labelOpts, label.DisableSecOpt()...)
} else if config.PidMode.IsContainer() {
- ctr, err := config.Runtime.LookupContainer(config.PidMode.Container())
+ ctr, err := runtime.LookupContainer(config.PidMode.Container())
if err != nil {
return errors.Wrapf(err, "container %q not found", config.PidMode.Container())
}
@@ -161,7 +161,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error {
if config.IpcMode.IsHost() {
labelOpts = append(labelOpts, label.DisableSecOpt()...)
} else if config.IpcMode.IsContainer() {
- ctr, err := config.Runtime.LookupContainer(config.IpcMode.Container())
+ ctr, err := runtime.LookupContainer(config.IpcMode.Container())
if err != nil {
return errors.Wrapf(err, "container %q not found", config.IpcMode.Container())
}
@@ -604,7 +604,6 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
memorySwappiness := c.Int64("memory-swappiness")
config := &cc.CreateConfig{
- Runtime: runtime,
Annotations: annotations,
BuiltinImgVolumes: ImageVolumes,
ConmonPidFile: c.String("conmon-pidfile"),
@@ -711,7 +710,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
if config.Privileged {
config.LabelOpts = label.DisableSecOpt()
} else {
- if err := parseSecurityOpt(config, c.StringArray("security-opt")); err != nil {
+ if err := parseSecurityOpt(config, c.StringArray("security-opt"), runtime); err != nil {
return nil, err
}
}
diff --git a/pkg/spec/containerconfig.go b/pkg/spec/containerconfig.go
index 62108c012..775a2042d 100644
--- a/pkg/spec/containerconfig.go
+++ b/pkg/spec/containerconfig.go
@@ -8,12 +8,12 @@ import (
// MakeContainerConfig generates all configuration necessary to start a
// container with libpod from a completed CreateConfig struct.
func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error) {
- runtimeSpec, err := config.createConfigToOCISpec()
+ runtimeSpec, namedVolumes, err := config.createConfigToOCISpec(runtime)
if err != nil {
return nil, nil, err
}
- options, err := config.getContainerCreateOptions(runtime, pod)
+ options, err := config.getContainerCreateOptions(runtime, pod, namedVolumes)
if err != nil {
return nil, nil, err
}
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 76ce8032c..d2ae99de6 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -65,7 +65,6 @@ type CreateResourceConfig struct {
// CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI
type CreateConfig struct {
- Runtime *libpod.Runtime
Annotations map[string]string
Args []string
CapAdd []string // cap-add
@@ -129,7 +128,6 @@ type CreateConfig struct {
Mounts []spec.Mount //mounts
Volumes []string //volume
VolumesFrom []string
- NamedVolumes []*libpod.ContainerNamedVolume // Filled in by CreateConfigToOCISpec
WorkDir string //workdir
LabelOpts []string //SecurityOpts
NoNewPrivs bool //SecurityOpts
@@ -268,7 +266,7 @@ func (c *CreateConfig) GetVolumeMounts(specMounts []spec.Mount) ([]spec.Mount, e
// GetVolumesFrom reads the create-config artifact of the container to get volumes from
// and adds it to c.Volumes of the current container.
-func (c *CreateConfig) GetVolumesFrom() error {
+func (c *CreateConfig) GetVolumesFrom(runtime *libpod.Runtime) error {
if os.Geteuid() != 0 {
return nil
}
@@ -279,7 +277,7 @@ func (c *CreateConfig) GetVolumesFrom() error {
if len(splitVol) == 2 {
options = splitVol[1]
}
- ctr, err := c.Runtime.LookupContainer(splitVol[0])
+ ctr, err := runtime.LookupContainer(splitVol[0])
if err != nil {
return errors.Wrapf(err, "error looking up container %q", splitVol[0])
}
@@ -364,8 +362,8 @@ func (c *CreateConfig) GetTmpfsMounts() []spec.Mount {
return m
}
-func (c *CreateConfig) createExitCommand() ([]string, error) {
- config, err := c.Runtime.GetConfig()
+func (c *CreateConfig) createExitCommand(runtime *libpod.Runtime) ([]string, error) {
+ config, err := runtime.GetConfig()
if err != nil {
return nil, err
}
@@ -397,7 +395,7 @@ func (c *CreateConfig) createExitCommand() ([]string, error) {
}
// GetContainerCreateOptions takes a CreateConfig and returns a slice of CtrCreateOptions
-func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error) {
+func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod, namedVolumes []*libpod.ContainerNamedVolume) ([]libpod.CtrCreateOption, error) {
var options []libpod.CtrCreateOption
var portBindings []ocicni.PortMapping
var err error
@@ -448,8 +446,8 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
options = append(options, libpod.WithUserVolumes(volumes))
}
- if len(c.NamedVolumes) != 0 {
- options = append(options, libpod.WithNamedVolumes(c.NamedVolumes))
+ if len(namedVolumes) != 0 {
+ options = append(options, libpod.WithNamedVolumes(namedVolumes))
}
if len(c.Command) != 0 {
@@ -485,7 +483,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
return nil, err
}
} else if c.NetMode.IsContainer() {
- connectedCtr, err := c.Runtime.LookupContainer(c.NetMode.Container())
+ connectedCtr, err := runtime.LookupContainer(c.NetMode.Container())
if err != nil {
return nil, errors.Wrapf(err, "container %q not found", c.NetMode.Container())
}
@@ -496,7 +494,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
}
if c.PidMode.IsContainer() {
- connectedCtr, err := c.Runtime.LookupContainer(c.PidMode.Container())
+ connectedCtr, err := runtime.LookupContainer(c.PidMode.Container())
if err != nil {
return nil, errors.Wrapf(err, "container %q not found", c.PidMode.Container())
}
@@ -505,7 +503,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
}
if c.IpcMode.IsContainer() {
- connectedCtr, err := c.Runtime.LookupContainer(c.IpcMode.Container())
+ connectedCtr, err := runtime.LookupContainer(c.IpcMode.Container())
if err != nil {
return nil, errors.Wrapf(err, "container %q not found", c.IpcMode.Container())
}
@@ -517,7 +515,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
options = append(options, libpod.WithUTSNSFromPod(pod))
}
if c.UtsMode.IsContainer() {
- connectedCtr, err := c.Runtime.LookupContainer(c.UtsMode.Container())
+ connectedCtr, err := runtime.LookupContainer(c.UtsMode.Container())
if err != nil {
return nil, errors.Wrapf(err, "container %q not found", c.UtsMode.Container())
}
@@ -593,7 +591,7 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
}
// Always use a cleanup process to clean up Podman after termination
- exitCmd, err := c.createExitCommand()
+ exitCmd, err := c.createExitCommand(runtime)
if err != nil {
return nil, err
}
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 4c839921c..5ffa6dc4c 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -89,11 +89,11 @@ func getAvailableGids() (int64, error) {
}
// CreateConfigToOCISpec parses information needed to create a container into an OCI runtime spec
-func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //nolint
+func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime) (*spec.Spec, []*libpod.ContainerNamedVolume, error) { //nolint
cgroupPerm := "ro"
g, err := generate.New("linux")
if err != nil {
- return nil, err
+ return nil, nil, err
}
// Remove the default /dev/shm mount to ensure we overwrite it
g.RemoveMount("/dev/shm")
@@ -139,7 +139,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
if isRootless {
nGids, err := getAvailableGids()
if err != nil {
- return nil, err
+ return nil, nil, err
}
if nGids < 5 {
// If we have no GID mappings, the gid=5 default option would fail, so drop it.
@@ -214,7 +214,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
if hostname == "" && (config.NetMode.IsHost() || config.UtsMode.IsHost()) {
hostname, err = os.Hostname()
if err != nil {
- return nil, errors.Wrap(err, "unable to retrieve hostname")
+ return nil, nil, errors.Wrap(err, "unable to retrieve hostname")
}
}
g.RemoveHostname()
@@ -304,13 +304,13 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
// already adding them all.
if !rootless.IsRootless() {
if err := config.AddPrivilegedDevices(&g); err != nil {
- return nil, err
+ return nil, nil, err
}
}
} else {
for _, devicePath := range config.Devices {
if err := devicesFromPath(&g, devicePath); err != nil {
- return nil, err
+ return nil, nil, err
}
}
}
@@ -340,7 +340,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
spliti := strings.SplitN(i, ":", 2)
if len(spliti) > 1 {
if _, _, err := mount.ParseTmpfsOptions(spliti[1]); err != nil {
- return nil, err
+ return nil, nil, err
}
options = strings.Split(spliti[1], ",")
}
@@ -389,27 +389,27 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
}
if err := addRlimits(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
if err := addPidNS(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
if err := addUserNS(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
if err := addNetNS(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
if err := addUTSNS(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
if err := addIpcNS(config, &g); err != nil {
- return nil, err
+ return nil, nil, err
}
configSpec := g.Config
@@ -417,7 +417,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
// NOTE: Must happen before SECCOMP
if !config.Privileged {
if err := setupCapabilities(config, configSpec); err != nil {
- return nil, err
+ return nil, nil, err
}
} else {
g.SetupPrivileged(true)
@@ -428,7 +428,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
if config.SeccompProfilePath != "unconfined" {
seccompConfig, err := getSeccompConfig(config, configSpec)
if err != nil {
- return nil, err
+ return nil, nil, err
}
configSpec.Linux.Seccomp = seccompConfig
}
@@ -439,13 +439,13 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
}
// BIND MOUNTS
- if err := config.GetVolumesFrom(); err != nil {
- return nil, errors.Wrap(err, "error getting volume mounts from --volumes-from flag")
+ if err := config.GetVolumesFrom(runtime); err != nil {
+ return nil, nil, errors.Wrap(err, "error getting volume mounts from --volumes-from flag")
}
volumeMounts, err := config.GetVolumeMounts(configSpec.Mounts)
if err != nil {
- return nil, errors.Wrapf(err, "error getting volume mounts")
+ return nil, nil, errors.Wrapf(err, "error getting volume mounts")
}
configSpec.Mounts = supercedeUserMounts(volumeMounts, configSpec.Mounts)
@@ -455,12 +455,11 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
// Split normal mounts and named volumes
newMounts, namedVolumes := splitNamedVolumes(configSpec.Mounts)
configSpec.Mounts = newMounts
- config.NamedVolumes = namedVolumes
// BLOCK IO
blkio, err := config.CreateBlockIO()
if err != nil {
- return nil, errors.Wrapf(err, "error creating block io")
+ return nil, nil, errors.Wrapf(err, "error creating block io")
}
if blkio != nil {
configSpec.Linux.Resources.BlockIO = blkio
@@ -469,7 +468,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
if rootless.IsRootless() {
if addedResources {
- return nil, errors.New("invalid configuration, cannot set resources with rootless containers")
+ return nil, nil, errors.New("invalid configuration, cannot set resources with rootless containers")
}
configSpec.Linux.Resources = &spec.LinuxResources{}
}
@@ -477,7 +476,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
// Make sure that the bind mounts keep options like nosuid, noexec, nodev.
mounts, err := pmount.GetMounts()
if err != nil {
- return nil, err
+ return nil, nil, err
}
for i := range configSpec.Mounts {
m := &configSpec.Mounts[i]
@@ -493,7 +492,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
}
mount, err := findMount(m.Source, mounts)
if err != nil {
- return nil, err
+ return nil, nil, err
}
if mount == nil {
continue
@@ -511,7 +510,7 @@ func (config *CreateConfig) createConfigToOCISpec() (*spec.Spec, error) { //noli
}
}
- return configSpec, nil
+ return configSpec, namedVolumes, nil
}
func findMount(target string, mounts []*pmount.Info) (*pmount.Info, error) {