diff options
Diffstat (limited to 'cmd/podman/shared/create.go')
| -rw-r--r-- | cmd/podman/shared/create.go | 112 |
1 files changed, 16 insertions, 96 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index d927e5bf6..d694027db 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strconv" @@ -14,7 +13,6 @@ import ( "time" "github.com/containers/image/manifest" - "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared/parse" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/image" @@ -35,12 +33,7 @@ import ( "github.com/sirupsen/logrus" ) -// getContext returns a non-nil, empty context -func getContext() context.Context { - return context.TODO() -} - -func CreateContainer(ctx context.Context, c *cliconfig.PodmanCommand, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { +func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { var ( healthCheck *manifest.Schema2HealthConfig err error @@ -75,7 +68,8 @@ func CreateContainer(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l imageName := "" var data *inspect.ImageData = nil - if rootfs == "" && !rootless.SkipStorageSetup() { + // Set the storage if we are running as euid == 0 and there is no rootfs specified + if rootfs == "" && os.Geteuid() == 0 { var writer io.Writer if !c.Bool("quiet") { writer = os.Stderr @@ -221,7 +215,7 @@ func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string) error { return nil } -func configureEntrypoint(c *cliconfig.PodmanCommand, data *inspect.ImageData) []string { +func configureEntrypoint(c *GenericCLIResults, data *inspect.ImageData) []string { entrypoint := []string{} if c.IsSet("entrypoint") { // Force entrypoint to "" @@ -241,7 +235,7 @@ func configureEntrypoint(c *cliconfig.PodmanCommand, data *inspect.ImageData) [] return entrypoint } -func configurePod(c *cliconfig.PodmanCommand, runtime *libpod.Runtime, namespaces map[string]string, podName string) (map[string]string, error) { +func configurePod(c *GenericCLIResults, runtime *libpod.Runtime, namespaces map[string]string, podName string) (map[string]string, error) { pod, err := runtime.LookupPod(podName) if err != nil { return namespaces, err @@ -270,7 +264,7 @@ func configurePod(c *cliconfig.PodmanCommand, runtime *libpod.Runtime, namespace // Parses CLI options related to container creation into a config which can be // parsed into an OCI runtime spec -func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *libpod.Runtime, imageName string, data *inspect.ImageData) (*cc.CreateConfig, error) { +func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime, imageName string, data *inspect.ImageData) (*cc.CreateConfig, error) { var ( inputCommand, command []string memoryLimit, memoryReservation, memorySwap, memoryKernel int64 @@ -353,14 +347,14 @@ func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l tty := c.Bool("tty") - if c.Flag("cpu-period").Changed && c.Flag("cpus").Changed { + if c.Changed("cpu-period") && c.Changed("cpus") { return nil, errors.Errorf("--cpu-period and --cpus cannot be set together") } - if c.Flag("cpu-quota").Changed && c.Flag("cpus").Changed { + if c.Changed("cpu-quota") && c.Changed("cpus") { return nil, errors.Errorf("--cpu-quota and --cpus cannot be set together") } - if c.Bool("no-hosts") && c.Flag("add-host").Changed { + if c.Bool("no-hosts") && c.Changed("add-host") { return nil, errors.Errorf("--no-hosts and --add-host cannot be set together") } @@ -379,7 +373,7 @@ func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l // However, that also involves setting up security opts // when the pod's namespace is integrated namespaceNet := c.String("network") - if c.Flag("net").Changed { + if c.Changed("net") { namespaceNet = c.String("net") } namespaces = map[string]string{ @@ -548,7 +542,7 @@ func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l // WORKING DIRECTORY workDir := "/" - if c.IsSet("workdir") || c.IsSet("w") { + if c.IsSet("workdir") { workDir = c.String("workdir") } else if data != nil && data.Config.WorkingDir != "" { workDir = data.Config.WorkingDir @@ -624,14 +618,12 @@ func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l // This is done because cobra cannot have two aliased flags. So we have to check // both network := c.String("network") - if c.Flag("net").Changed { + if c.Changed("net") { network = c.String("net") } - var memorySwappiness int64 - if c.Flags().Lookup("memory-swappiness") != nil { - memorySwappiness, _ = c.Flags().GetInt64("memory-swappiness") - } + memorySwappiness := c.Int64("memory-swappiness") + config := &cc.CreateConfig{ Runtime: runtime, Annotations: annotations, @@ -719,7 +711,7 @@ func ParseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l WorkDir: workDir, Rootfs: rootfs, VolumesFrom: c.StringSlice("volumes-from"), - Syslog: c.GlobalFlags.Syslog, + Syslog: c.Bool("syslog"), } if c.Bool("init") { initPath := c.String("init-path") @@ -758,71 +750,6 @@ type namespace interface { Container() string } -func joinOrCreateRootlessUserNamespace(createConfig *cc.CreateConfig, runtime *libpod.Runtime) (bool, int, error) { - if os.Geteuid() == 0 { - return false, 0, nil - } - - if createConfig.Pod != "" { - pod, err := runtime.LookupPod(createConfig.Pod) - if err != nil { - return false, -1, err - } - inspect, err := pod.Inspect() - for _, ctr := range inspect.Containers { - prevCtr, err := runtime.LookupContainer(ctr.ID) - if err != nil { - return false, -1, err - } - s, err := prevCtr.State() - if err != nil { - return false, -1, err - } - if s != libpod.ContainerStateRunning && s != libpod.ContainerStatePaused { - continue - } - data, err := ioutil.ReadFile(prevCtr.Config().ConmonPidFile) - if err != nil { - return false, -1, errors.Wrapf(err, "cannot read conmon PID file %q", prevCtr.Config().ConmonPidFile) - } - conmonPid, err := strconv.Atoi(string(data)) - if err != nil { - return false, -1, errors.Wrapf(err, "cannot parse PID %q", data) - } - return rootless.JoinDirectUserAndMountNS(uint(conmonPid)) - } - } - - namespacesStr := []string{string(createConfig.IpcMode), string(createConfig.NetMode), string(createConfig.UsernsMode), string(createConfig.PidMode), string(createConfig.UtsMode)} - for _, i := range namespacesStr { - if cc.IsNS(i) { - return rootless.JoinNSPath(cc.NS(i)) - } - } - - namespaces := []namespace{createConfig.IpcMode, createConfig.NetMode, createConfig.UsernsMode, createConfig.PidMode, createConfig.UtsMode} - for _, i := range namespaces { - if i.IsContainer() { - ctr, err := runtime.LookupContainer(i.Container()) - if err != nil { - return false, -1, err - } - pid, err := ctr.PID() - if err != nil { - return false, -1, err - } - if pid == 0 { - if createConfig.Pod != "" { - continue - } - return false, -1, errors.Errorf("dependency container %s is not running", ctr.ID()) - } - return rootless.JoinNS(uint(pid), 0) - } - } - return rootless.BecomeRootInUserNS() -} - func CreateContainerFromCreateConfig(r *libpod.Runtime, createConfig *cc.CreateConfig, ctx context.Context, pod *libpod.Pod) (*libpod.Container, error) { runtimeSpec, err := cc.CreateConfigToOCISpec(createConfig) if err != nil { @@ -833,13 +760,6 @@ func CreateContainerFromCreateConfig(r *libpod.Runtime, createConfig *cc.CreateC if err != nil { return nil, err } - became, ret, err := joinOrCreateRootlessUserNamespace(createConfig, r) - if err != nil { - return nil, err - } - if became { - os.Exit(ret) - } ctr, err := r.NewContainer(ctx, runtimeSpec, options...) if err != nil { @@ -861,7 +781,7 @@ var defaultEnvVariables = map[string]string{ "TERM": "xterm", } -func makeHealthCheckFromCli(c *cliconfig.PodmanCommand) (*manifest.Schema2HealthConfig, error) { +func makeHealthCheckFromCli(c *GenericCLIResults) (*manifest.Schema2HealthConfig, error) { inCommand := c.String("healthcheck-command") inInterval := c.String("healthcheck-interval") inRetries := c.Uint("healthcheck-retries") |