summaryrefslogtreecommitdiff
path: root/cmd/podman/common
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/common')
-rw-r--r--cmd/podman/common/create.go15
-rw-r--r--cmd/podman/common/create_opts.go5
-rw-r--r--cmd/podman/common/createparse.go2
-rw-r--r--cmd/podman/common/default.go2
-rw-r--r--cmd/podman/common/netflags.go16
-rw-r--r--cmd/podman/common/specgen.go91
-rw-r--r--cmd/podman/common/util.go2
-rw-r--r--cmd/podman/common/volumes.go99
8 files changed, 155 insertions, 77 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index a26bbf718..e96b6a8d6 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -5,8 +5,8 @@ import (
"os"
"github.com/containers/common/pkg/auth"
- "github.com/containers/libpod/v2/cmd/podman/registry"
- "github.com/containers/libpod/v2/libpod/define"
+ "github.com/containers/podman/v2/cmd/podman/registry"
+ "github.com/containers/podman/v2/libpod/define"
"github.com/spf13/pflag"
)
@@ -155,6 +155,10 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
"device-write-iops", []string{},
"Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)",
)
+ createFlags.Bool(
+ "disable-content-trust", false,
+ "This is a Docker specific option and is a NOOP",
+ )
createFlags.String("entrypoint", "",
"Overwrite the default ENTRYPOINT of the image",
)
@@ -401,7 +405,7 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
)
createFlags.StringArrayVar(
&cf.SecurityOpt,
- "security-opt", containerConfig.SecurityOptions(),
+ "security-opt", []string{},
"Security Options",
)
createFlags.String(
@@ -459,6 +463,11 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
"tz", containerConfig.TZ(),
"Set timezone in container",
)
+ createFlags.StringVar(
+ &cf.Umask,
+ "umask", containerConfig.Umask(),
+ "Set umask in container",
+ )
createFlags.StringSliceVar(
&cf.UIDMap,
"uidmap", []string{},
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index a544846aa..f9e4d7ca5 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -1,6 +1,6 @@
package common
-import "github.com/containers/libpod/v2/pkg/domain/entities"
+import "github.com/containers/podman/v2/pkg/domain/entities"
type ContainerCLIOpts struct {
Annotation []string
@@ -10,7 +10,7 @@ type ContainerCLIOpts struct {
BlkIOWeightDevice []string
CapAdd []string
CapDrop []string
- CGroupsNS string
+ CgroupNS string
CGroupsMode string
CGroupParent string
CIDFile string
@@ -93,6 +93,7 @@ type ContainerCLIOpts struct {
TmpFS []string
TTY bool
Timezone string
+ Umask string
UIDMap []string
Ulimit []string
User string
diff --git a/cmd/podman/common/createparse.go b/cmd/podman/common/createparse.go
index 7f10d578e..059f9050f 100644
--- a/cmd/podman/common/createparse.go
+++ b/cmd/podman/common/createparse.go
@@ -1,7 +1,7 @@
package common
import (
- "github.com/containers/libpod/v2/pkg/util"
+ "github.com/containers/podman/v2/pkg/util"
"github.com/pkg/errors"
)
diff --git a/cmd/podman/common/default.go b/cmd/podman/common/default.go
index b4fd2f604..af64e7162 100644
--- a/cmd/podman/common/default.go
+++ b/cmd/podman/common/default.go
@@ -1,7 +1,7 @@
package common
import (
- "github.com/containers/libpod/v2/cmd/podman/registry"
+ "github.com/containers/podman/v2/cmd/podman/registry"
)
var (
diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index 5c83a3c9c..1b8297c36 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -2,11 +2,12 @@ package common
import (
"net"
+ "strings"
- "github.com/containers/libpod/v2/cmd/podman/parse"
- "github.com/containers/libpod/v2/libpod/define"
- "github.com/containers/libpod/v2/pkg/domain/entities"
- "github.com/containers/libpod/v2/pkg/specgen"
+ "github.com/containers/podman/v2/cmd/podman/parse"
+ "github.com/containers/podman/v2/libpod/define"
+ "github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/containers/podman/v2/pkg/specgen"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
@@ -164,11 +165,18 @@ func NetFlagsToNetOptions(cmd *cobra.Command) (*entities.NetOptions, error) {
return nil, err
}
+ parts := strings.SplitN(network, ":", 2)
+
ns, cniNets, err := specgen.ParseNetworkNamespace(network)
if err != nil {
return nil, err
}
+ if len(parts) > 1 {
+ opts.NetworkOptions = make(map[string][]string)
+ opts.NetworkOptions[parts[0]] = strings.Split(parts[1], ",")
+ cniNets = nil
+ }
opts.Network = ns
opts.CNINetworks = cniNets
}
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 8a265cedf..0b6897d3a 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -8,14 +8,14 @@ import (
"time"
"github.com/containers/image/v5/manifest"
- "github.com/containers/libpod/v2/cmd/podman/parse"
- "github.com/containers/libpod/v2/libpod/define"
- ann "github.com/containers/libpod/v2/pkg/annotations"
- envLib "github.com/containers/libpod/v2/pkg/env"
- ns "github.com/containers/libpod/v2/pkg/namespaces"
- "github.com/containers/libpod/v2/pkg/specgen"
- systemdGen "github.com/containers/libpod/v2/pkg/systemd/generate"
- "github.com/containers/libpod/v2/pkg/util"
+ "github.com/containers/podman/v2/cmd/podman/parse"
+ "github.com/containers/podman/v2/libpod/define"
+ ann "github.com/containers/podman/v2/pkg/annotations"
+ envLib "github.com/containers/podman/v2/pkg/env"
+ ns "github.com/containers/podman/v2/pkg/namespaces"
+ "github.com/containers/podman/v2/pkg/specgen"
+ systemdGen "github.com/containers/podman/v2/pkg/systemd/generate"
+ "github.com/containers/podman/v2/pkg/util"
"github.com/docker/go-units"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
@@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu
return memory, nil
}
+func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error {
+ var err error
+
+ if c.PID != "" {
+ s.PidNS, err = specgen.ParseNamespace(c.PID)
+ if err != nil {
+ return err
+ }
+ }
+ if c.IPC != "" {
+ s.IpcNS, err = specgen.ParseNamespace(c.IPC)
+ if err != nil {
+ return err
+ }
+ }
+ if c.UTS != "" {
+ s.UtsNS, err = specgen.ParseNamespace(c.UTS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.CgroupNS != "" {
+ s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS)
+ if err != nil {
+ return err
+ }
+ }
+ // userns must be treated differently
+ if c.UserNS != "" {
+ s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
+ if err != nil {
+ return err
+ }
+ }
+ if c.Net != nil {
+ s.NetNS = c.Net.Network
+ }
+ return nil
+}
+
func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error {
var (
err error
@@ -252,28 +292,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Expose = expose
- for k, v := range map[string]*specgen.Namespace{
- c.IPC: &s.IpcNS,
- c.PID: &s.PidNS,
- c.UTS: &s.UtsNS,
- c.CGroupsNS: &s.CgroupNS,
- } {
- if k != "" {
- *v, err = specgen.ParseNamespace(k)
- if err != nil {
- return err
- }
- }
- }
- // userns must be treated differently
- if c.UserNS != "" {
- s.UserNS, err = specgen.ParseUserNamespace(c.UserNS)
- if err != nil {
- return err
- }
- }
- if c.Net != nil {
- s.NetNS = c.Net.Network
+ if err := setNamespaces(s, c); err != nil {
+ return err
}
if sig := c.StopSignal; len(sig) > 0 {
@@ -417,6 +437,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.DNSOptions = c.Net.DNSOptions
s.StaticIP = c.Net.StaticIP
s.StaticMAC = c.Net.StaticMAC
+ s.NetworkOptions = c.Net.NetworkOptions
s.UseImageHosts = c.Net.NoHosts
s.ImageVolumeMode = c.ImageVolume
@@ -511,10 +532,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1])
s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=")
case "apparmor":
- if !c.Privileged {
- s.ContainerSecurityConfig.ApparmorProfile = con[1]
- s.Annotations[define.InspectAnnotationApparmor] = con[1]
- }
+ s.ContainerSecurityConfig.ApparmorProfile = con[1]
+ s.Annotations[define.InspectAnnotationApparmor] = con[1]
case "seccomp":
s.SeccompProfilePath = con[1]
s.Annotations[define.InspectAnnotationSeccomp] = con[1]
@@ -530,12 +549,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
// Only add read-only tmpfs mounts in case that we are read-only and the
// read-only tmpfs flag has been set.
- mounts, volumes, err := parseVolumes(c.Volume, c.Mount, c.TmpFS, c.ReadOnlyTmpFS && c.ReadOnly)
+ mounts, volumes, overlayVolumes, err := parseVolumes(c.Volume, c.Mount, c.TmpFS, c.ReadOnlyTmpFS && c.ReadOnly)
if err != nil {
return err
}
s.Mounts = mounts
s.Volumes = volumes
+ s.OverlayVolumes = overlayVolumes
for _, dev := range c.Devices {
s.Devices = append(s.Devices, specs.LinuxDevice{Path: dev})
@@ -611,6 +631,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.Remove = c.Rm
s.StopTimeout = &c.StopTimeout
s.Timezone = c.Timezone
+ s.Umask = c.Umask
return nil
}
diff --git a/cmd/podman/common/util.go b/cmd/podman/common/util.go
index e21e349d9..41432c6f0 100644
--- a/cmd/podman/common/util.go
+++ b/cmd/podman/common/util.go
@@ -6,7 +6,7 @@ import (
"strconv"
"strings"
- "github.com/containers/libpod/v2/pkg/specgen"
+ "github.com/containers/podman/v2/pkg/specgen"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
diff --git a/cmd/podman/common/volumes.go b/cmd/podman/common/volumes.go
index b201786f0..3b8f7ec6e 100644
--- a/cmd/podman/common/volumes.go
+++ b/cmd/podman/common/volumes.go
@@ -6,8 +6,8 @@ import (
"strings"
"github.com/containers/buildah/pkg/parse"
- "github.com/containers/libpod/v2/pkg/specgen"
- "github.com/containers/libpod/v2/pkg/util"
+ "github.com/containers/podman/v2/pkg/specgen"
+ "github.com/containers/podman/v2/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -34,43 +34,43 @@ var (
// Does not handle image volumes, init, and --volumes-from flags.
// Can also add tmpfs mounts from read-only tmpfs.
// TODO: handle options parsing/processing via containers/storage/pkg/mount
-func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bool) ([]spec.Mount, []*specgen.NamedVolume, error) {
+func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bool) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
// Get mounts from the --mounts flag.
unifiedMounts, unifiedVolumes, err := getMounts(mountFlag)
if err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
// Next --volumes flag.
- volumeMounts, volumeVolumes, err := getVolumeMounts(volumeFlag)
+ volumeMounts, volumeVolumes, overlayVolumes, err := getVolumeMounts(volumeFlag)
if err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
// Next --tmpfs flag.
tmpfsMounts, err := getTmpfsMounts(tmpfsFlag)
if err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
// Unify mounts from --mount, --volume, --tmpfs.
// Start with --volume.
for dest, mount := range volumeMounts {
if _, ok := unifiedMounts[dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, dest)
}
unifiedMounts[dest] = mount
}
for dest, volume := range volumeVolumes {
if _, ok := unifiedVolumes[dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, dest)
}
unifiedVolumes[dest] = volume
}
// Now --tmpfs
for dest, tmpfs := range tmpfsMounts {
if _, ok := unifiedMounts[dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, dest)
}
unifiedMounts[dest] = tmpfs
}
@@ -101,15 +101,29 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo
}
}
- // Check for conflicts between named volumes and mounts
+ // Check for conflicts between named volumes, overlay volumes, and mounts
for dest := range unifiedMounts {
if _, ok := unifiedVolumes[dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ }
+ if _, ok := overlayVolumes[dest]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
}
}
for dest := range unifiedVolumes {
if _, ok := unifiedMounts[dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ }
+ if _, ok := overlayVolumes[dest]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ }
+ }
+ for dest := range overlayVolumes {
+ if _, ok := unifiedMounts[dest]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
+ }
+ if _, ok := unifiedVolumes[dest]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, "conflict at mount destination %v", dest)
}
}
@@ -119,7 +133,7 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo
if mount.Type == TypeBind {
absSrc, err := filepath.Abs(mount.Source)
if err != nil {
- return nil, nil, errors.Wrapf(err, "error getting absolute path of %s", mount.Source)
+ return nil, nil, nil, errors.Wrapf(err, "error getting absolute path of %s", mount.Source)
}
mount.Source = absSrc
}
@@ -129,8 +143,12 @@ func parseVolumes(volumeFlag, mountFlag, tmpfsFlag []string, addReadOnlyTmpfs bo
for _, volume := range unifiedVolumes {
finalVolumes = append(finalVolumes, volume)
}
+ finalOverlayVolume := make([]*specgen.OverlayVolume, 0)
+ for _, volume := range overlayVolumes {
+ finalOverlayVolume = append(finalOverlayVolume, volume)
+ }
- return finalMounts, finalVolumes, nil
+ return finalMounts, finalVolumes, finalOverlayVolume, nil
}
// getMounts takes user-provided input from the --mount flag and creates OCI
@@ -465,9 +483,10 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) {
return newVolume, nil
}
-func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*specgen.NamedVolume, error) {
+func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*specgen.NamedVolume, map[string]*specgen.OverlayVolume, error) {
mounts := make(map[string]spec.Mount)
volumes := make(map[string]*specgen.NamedVolume)
+ overlayVolumes := make(map[string]*specgen.OverlayVolume)
volumeFormatErr := errors.Errorf("incorrect volume format, should be [host-dir:]ctr-dir[:option]")
@@ -481,7 +500,7 @@ func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*sp
splitVol := strings.Split(vol, ":")
if len(splitVol) > 3 {
- return nil, nil, errors.Wrapf(volumeFormatErr, vol)
+ return nil, nil, nil, errors.Wrapf(volumeFormatErr, vol)
}
src = splitVol[0]
@@ -496,34 +515,54 @@ func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*sp
}
if len(splitVol) > 2 {
if options, err = parse.ValidateVolumeOpts(strings.Split(splitVol[2], ",")); err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
}
// Do not check source dir for anonymous volumes
if len(splitVol) > 1 {
if err := parse.ValidateVolumeHostDir(src); err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
}
if err := parse.ValidateVolumeCtrDir(dest); err != nil {
- return nil, nil, err
+ return nil, nil, nil, err
}
cleanDest := filepath.Clean(dest)
if strings.HasPrefix(src, "/") || strings.HasPrefix(src, ".") {
// This is not a named volume
- newMount := spec.Mount{
- Destination: cleanDest,
- Type: string(TypeBind),
- Source: src,
- Options: options,
+ overlayFlag := false
+ for _, o := range options {
+ if o == "O" {
+ overlayFlag = true
+ if len(options) > 1 {
+ return nil, nil, nil, errors.New("can't use 'O' with other options")
+ }
+ }
}
- if _, ok := mounts[newMount.Destination]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, newMount.Destination)
+ if overlayFlag {
+ // This is a overlay volume
+ newOverlayVol := new(specgen.OverlayVolume)
+ newOverlayVol.Destination = cleanDest
+ newOverlayVol.Source = src
+ if _, ok := overlayVolumes[newOverlayVol.Destination]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, newOverlayVol.Destination)
+ }
+ overlayVolumes[newOverlayVol.Destination] = newOverlayVol
+ } else {
+ newMount := spec.Mount{
+ Destination: cleanDest,
+ Type: string(TypeBind),
+ Source: src,
+ Options: options,
+ }
+ if _, ok := mounts[newMount.Destination]; ok {
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, newMount.Destination)
+ }
+ mounts[newMount.Destination] = newMount
}
- mounts[newMount.Destination] = newMount
} else {
// This is a named volume
newNamedVol := new(specgen.NamedVolume)
@@ -532,7 +571,7 @@ func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*sp
newNamedVol.Options = options
if _, ok := volumes[newNamedVol.Dest]; ok {
- return nil, nil, errors.Wrapf(errDuplicateDest, newNamedVol.Dest)
+ return nil, nil, nil, errors.Wrapf(errDuplicateDest, newNamedVol.Dest)
}
volumes[newNamedVol.Dest] = newNamedVol
}
@@ -540,7 +579,7 @@ func getVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*sp
logrus.Debugf("User mount %s:%s options %v", src, dest, options)
}
- return mounts, volumes, nil
+ return mounts, volumes, overlayVolumes, nil
}
// GetTmpfsMounts creates spec.Mount structs for user-requested tmpfs mounts
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-06 10:24:45 +0000