diff options
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/attach.go | 3 | ||||
-rw-r--r-- | cmd/podman/build.go | 12 | ||||
-rw-r--r-- | cmd/podman/cliconfig/config.go | 19 | ||||
-rw-r--r-- | cmd/podman/common.go | 10 | ||||
-rw-r--r-- | cmd/podman/cp.go | 11 | ||||
-rw-r--r-- | cmd/podman/create.go | 7 | ||||
-rw-r--r-- | cmd/podman/exec.go | 3 | ||||
-rw-r--r-- | cmd/podman/images.go | 4 | ||||
-rw-r--r-- | cmd/podman/login.go | 4 | ||||
-rw-r--r-- | cmd/podman/logout.go | 11 | ||||
-rw-r--r-- | cmd/podman/logs.go | 2 | ||||
-rw-r--r-- | cmd/podman/main_local.go | 11 | ||||
-rw-r--r-- | cmd/podman/play_kube.go | 12 | ||||
-rw-r--r-- | cmd/podman/pull.go | 10 | ||||
-rw-r--r-- | cmd/podman/push.go | 10 | ||||
-rw-r--r-- | cmd/podman/restore.go | 1 | ||||
-rw-r--r-- | cmd/podman/rm.go | 2 | ||||
-rw-r--r-- | cmd/podman/run.go | 7 | ||||
-rw-r--r-- | cmd/podman/runlabel.go | 9 | ||||
-rw-r--r-- | cmd/podman/search.go | 11 | ||||
-rw-r--r-- | cmd/podman/shared/create.go | 194 | ||||
-rw-r--r-- | cmd/podman/shared/funcs.go | 21 | ||||
-rw-r--r-- | cmd/podman/start.go | 2 | ||||
-rw-r--r-- | cmd/podman/utils.go | 13 |
24 files changed, 211 insertions, 178 deletions
diff --git a/cmd/podman/attach.go b/cmd/podman/attach.go index b78633ed6..b03673f29 100644 --- a/cmd/podman/attach.go +++ b/cmd/podman/attach.go @@ -2,6 +2,7 @@ package main import ( "github.com/containers/libpod/cmd/podman/cliconfig" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -31,7 +32,7 @@ func init() { attachCommand.SetHelpTemplate(HelpTemplate()) attachCommand.SetUsageTemplate(UsageTemplate()) flags := attachCommand.Flags() - flags.StringVar(&attachCommand.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`") + flags.StringVar(&attachCommand.DetachKeys, "detach-keys", define.DefaultDetachKeys, "Select the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`") flags.BoolVar(&attachCommand.NoStdin, "no-stdin", false, "Do not attach STDIN. The default is false") flags.BoolVar(&attachCommand.SigProxy, "sig-proxy", true, "Proxy received signals to the process") flags.BoolVarP(&attachCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") diff --git a/cmd/podman/build.go b/cmd/podman/build.go index e9ebc50aa..fbf85fc97 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -11,7 +11,7 @@ import ( buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/adapter" "github.com/docker/go-units" "github.com/opencontainers/runtime-spec/specs-go" @@ -155,6 +155,11 @@ func buildCmd(c *cliconfig.BuildValues) error { tags = tags[1:] } } + if c.BudResults.Authfile != "" { + if _, err := os.Stat(c.BudResults.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.BudResults.Authfile) + } + } pullPolicy := imagebuildah.PullNever if c.Pull { @@ -238,6 +243,9 @@ func buildCmd(c *cliconfig.BuildValues) error { if contextDir == "" { return errors.Errorf("no context directory specified, and no containerfile specified") } + if !fileIsDir(contextDir) { + return errors.Errorf("context must be a directory: %v", contextDir) + } if len(containerfiles) == 0 { if checkIfFileExists(filepath.Join(contextDir, "Containerfile")) { containerfiles = append(containerfiles, filepath.Join(contextDir, "Containerfile")) @@ -260,7 +268,7 @@ func buildCmd(c *cliconfig.BuildValues) error { if err != nil { return err } - if conf != nil && conf.CgroupManager == libpod.SystemdCgroupsManager { + if conf != nil && conf.CgroupManager == define.SystemdCgroupsManager { runtimeFlags = append(runtimeFlags, "--systemd-cgroup") } // end from buildah diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index 1bb5fa30c..780b68333 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -251,7 +251,7 @@ type LogsValues struct { Details bool Follow bool Since string - Tail uint64 + Tail int64 Timestamps bool Latest bool } @@ -467,14 +467,15 @@ type RestartValues struct { type RestoreValues struct { PodmanCommand - All bool - Keep bool - Latest bool - TcpEstablished bool - Import string - Name string - IgnoreRootfs bool - IgnoreStaticIP bool + All bool + Keep bool + Latest bool + TcpEstablished bool + Import string + Name string + IgnoreRootfs bool + IgnoreStaticIP bool + IgnoreStaticMAC bool } type RmValues struct { diff --git a/cmd/podman/common.go b/cmd/podman/common.go index 33a848553..4db043f31 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -7,8 +7,8 @@ import ( "strings" "github.com/containers/buildah" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/sysinfo" @@ -112,7 +112,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "Attach to STDIN, STDOUT or STDERR (default [])", ) createFlags.String( - "authfile", shared.GetAuthFile(""), + "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override", ) createFlags.String( @@ -132,7 +132,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "Drop capabilities from the container", ) createFlags.String( - "cgroupns", "host", + "cgroupns", "", "cgroup namespace to use", ) createFlags.String( @@ -188,7 +188,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "Run container in background and print container ID", ) createFlags.String( - "detach-keys", "", + "detach-keys", define.DefaultDetachKeys, "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`", ) createFlags.StringSlice( @@ -328,7 +328,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { ) createFlags.String( "mac-address", "", - "Container MAC address (e.g. 92:d0:c6:0a:29:33), not currently supported", + "Container MAC address (e.g. 92:d0:c6:0a:29:33)", ) createFlags.StringP( "memory", "m", "", diff --git a/cmd/podman/cp.go b/cmd/podman/cp.go index 75a23afd6..c53a97df3 100644 --- a/cmd/podman/cp.go +++ b/cmd/podman/cp.go @@ -257,8 +257,15 @@ func parsePath(runtime *libpod.Runtime, path string) (*libpod.Container, string) return nil, path } +func evalSymlinks(path string) (string, error) { + if path == os.Stdin.Name() { + return path, nil + } + return filepath.EvalSymlinks(path) +} + func getPathInfo(path string) (string, os.FileInfo, error) { - path, err := filepath.EvalSymlinks(path) + path, err := evalSymlinks(path) if err != nil { return "", nil, errors.Wrapf(err, "error evaluating symlinks %q", path) } @@ -270,7 +277,7 @@ func getPathInfo(path string) (string, os.FileInfo, error) { } func copy(src, destPath, dest string, idMappingOpts storage.IDMappingOptions, chownOpts *idtools.IDPair, extract, isFromHostToCtr bool) error { - srcPath, err := filepath.EvalSymlinks(src) + srcPath, err := evalSymlinks(src) if err != nil { return errors.Wrapf(err, "error evaluating symlinks %q", srcPath) } diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 3c24729c5..73fba5a8c 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -2,6 +2,7 @@ package main import ( "fmt" + "os" "strings" "github.com/containers/libpod/cmd/podman/cliconfig" @@ -50,6 +51,12 @@ func createCmd(c *cliconfig.CreateValues) error { defer span.Finish() } + if c.String("authfile") != "" { + if _, err := os.Stat(c.String("authfile")); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.String("authfile")) + } + } + if err := createInit(&c.PodmanCommand); err != nil { return err } diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go index 649a7b0db..afa701897 100644 --- a/cmd/podman/exec.go +++ b/cmd/podman/exec.go @@ -2,6 +2,7 @@ package main import ( "github.com/containers/libpod/cmd/podman/cliconfig" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -34,7 +35,7 @@ func init() { execCommand.SetUsageTemplate(UsageTemplate()) flags := execCommand.Flags() flags.SetInterspersed(false) - flags.StringVar(&execCommand.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, , or _") + flags.StringVar(&execCommand.DetachKeys, "detach-keys", define.DefaultDetachKeys, "Select the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value> where <value> is one of: a-z, @, ^, [, , or _") flags.StringArrayVarP(&execCommand.Env, "env", "e", []string{}, "Set environment variables") flags.BoolVarP(&execCommand.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached") flags.BoolVarP(&execCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 6157fda2a..7d498517c 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -291,6 +291,10 @@ func getImagesTemplateOutput(ctx context.Context, images []*adapter.ContainerIma if len(tag) == 71 && strings.HasPrefix(tag, "sha256:") { imageDigest = digest.Digest(tag) tag = "" + } else { + if img.Digest() != "" { + imageDigest = img.Digest() + } } params := imagesTemplateParams{ Repository: repo, diff --git a/cmd/podman/login.go b/cmd/podman/login.go index f91366eac..369e0da16 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -6,11 +6,11 @@ import ( "os" "strings" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/docker" "github.com/containers/image/v5/pkg/docker/config" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" "github.com/docker/docker-credential-helpers/credentials" "github.com/pkg/errors" @@ -54,7 +54,7 @@ func init() { flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin") // Disabled flags for the remote client if !remote { - flags.StringVar(&loginCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&loginCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry") flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") } diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go index ef3452afe..4a113b1d0 100644 --- a/cmd/podman/logout.go +++ b/cmd/podman/logout.go @@ -3,11 +3,11 @@ package main import ( "fmt" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/docker" "github.com/containers/image/v5/pkg/docker/config" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/shared" - "github.com/containers/libpod/libpod/image" "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -40,7 +40,7 @@ func init() { logoutCommand.SetUsageTemplate(UsageTemplate()) flags := logoutCommand.Flags() flags.BoolVarP(&logoutCommand.All, "all", "a", false, "Remove the cached credentials for all registries in the auth file") - flags.StringVar(&logoutCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&logoutCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") markFlagHiddenForRemoteClient("authfile", flags) } @@ -59,7 +59,10 @@ func logoutCmd(c *cliconfig.LogoutValues) error { server = scrubServer(args[0]) } - sc := image.GetSystemContext("", c.Authfile, false) + sc, err := shared.GetSystemContext(c.Authfile) + if err != nil { + return err + } if c.All { if err := config.RemoveAllAuthentication(sc); err != nil { @@ -69,7 +72,7 @@ func logoutCmd(c *cliconfig.LogoutValues) error { return nil } - err := config.RemoveAuthentication(sc, server) + err = config.RemoveAuthentication(sc, server) switch errors.Cause(err) { case nil: fmt.Printf("Removed login credentials for %s\n", server) diff --git a/cmd/podman/logs.go b/cmd/podman/logs.go index 32605389e..a2594b5bf 100644 --- a/cmd/podman/logs.go +++ b/cmd/podman/logs.go @@ -52,7 +52,7 @@ func init() { flags.BoolVarP(&logsCommand.Follow, "follow", "f", false, "Follow log output. The default is false") flags.BoolVarP(&logsCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") flags.StringVar(&logsCommand.Since, "since", "", "Show logs since TIMESTAMP") - flags.Uint64Var(&logsCommand.Tail, "tail", 0, "Output the specified number of LINES at the end of the logs. Defaults to 0, which prints all lines") + flags.Int64Var(&logsCommand.Tail, "tail", -1, "Output the specified number of LINES at the end of the logs. Defaults to -1, which prints all lines") flags.BoolVarP(&logsCommand.Timestamps, "timestamps", "t", false, "Output the timestamps in the log") markFlagHidden(flags, "details") flags.SetInterspersed(false) diff --git a/cmd/podman/main_local.go b/cmd/podman/main_local.go index 202d93b35..f630f1210 100644 --- a/cmd/podman/main_local.go +++ b/cmd/podman/main_local.go @@ -16,7 +16,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" - "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/tracing" @@ -32,10 +32,7 @@ import ( const remote = false func init() { - cgroupManager := libpod.SystemdCgroupsManager - if runtimeConfig, err := libpod.DefaultRuntimeConfig(); err == nil { - cgroupManager = runtimeConfig.CgroupManager - } + cgroupManager := define.SystemdCgroupsManager cgroupHelp := "Cgroup manager to use (cgroupfs or systemd)" cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() if rootless.IsRootless() && !cgroupv2 { @@ -181,7 +178,7 @@ func setupRootless(cmd *cobra.Command, args []string) error { if !ownsCgroup { unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { - if conf.CgroupManager == libpod.SystemdCgroupsManager { + if conf.CgroupManager == define.SystemdCgroupsManager { logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) } else { logrus.Debugf("Failed to add podman to systemd sandbox cgroup: %v", err) @@ -225,7 +222,7 @@ func setupRootless(cmd *cobra.Command, args []string) error { if err != nil { return err } - if conf.CgroupManager == libpod.SystemdCgroupsManager { + if conf.CgroupManager == define.SystemdCgroupsManager { logrus.Warnf("Failed to add pause process to systemd sandbox cgroup: %v", err) } else { logrus.Debugf("Failed to add pause process to systemd sandbox cgroup: %v", err) diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go index 9a5cc3ec1..fc9f2d5b6 100644 --- a/cmd/podman/play_kube.go +++ b/cmd/podman/play_kube.go @@ -2,8 +2,10 @@ package main import ( "fmt" + "os" + + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/pkg/adapter" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -40,7 +42,7 @@ func init() { flags.BoolVarP(&playKubeCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images") // Disabled flags for the remote client if !remote { - flags.StringVar(&playKubeCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&playKubeCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") @@ -57,6 +59,12 @@ func playKubeCmd(c *cliconfig.KubePlayValues) error { return errors.New("you must supply at least one file") } + if c.Authfile != "" { + if _, err := os.Stat(c.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.Authfile) + } + } + ctx := getContext() runtime, err := adapter.GetRuntime(ctx, &c.PodmanCommand) if err != nil { diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index d64793147..c6baf6b61 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -6,12 +6,12 @@ import ( "os" "strings" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/docker" dockerarchive "github.com/containers/image/v5/docker/archive" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/util" @@ -60,7 +60,7 @@ func init() { markFlagHidden(flags, "override-os") // Disabled flags for the remote client if !remote { - flags.StringVar(&pullCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&pullCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") @@ -96,6 +96,12 @@ func pullCmd(c *cliconfig.PullValues) (retError error) { return errors.Errorf("too many arguments. Requires exactly 1") } + if c.Authfile != "" { + if _, err := os.Stat(c.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.Authfile) + } + } + arr := strings.SplitN(args[0], ":", 2) if len(arr) == 2 { if c.Bool("all-tags") { diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 0fdfb6202..1be8dfe11 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -6,11 +6,11 @@ import ( "os" "strings" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/directory" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/adapter" "github.com/containers/libpod/pkg/util" @@ -59,7 +59,7 @@ func init() { // Disabled flags for the remote client if !remote { - flags.StringVar(&pushCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&pushCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)") flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") @@ -74,6 +74,12 @@ func pushCmd(c *cliconfig.PushValues) error { destName string ) + if c.Authfile != "" { + if _, err := os.Stat(c.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.Authfile) + } + } + args := c.InputArgs if len(args) == 0 || len(args) > 2 { return errors.New("podman push requires at least one image name, and optionally a second to specify a different destination name") diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go index 90d0b2dc4..caefadb6d 100644 --- a/cmd/podman/restore.go +++ b/cmd/podman/restore.go @@ -47,6 +47,7 @@ func init() { flags.StringVarP(&restoreCommand.Name, "name", "n", "", "Specify new name for container restored from exported checkpoint (only works with --import)") flags.BoolVar(&restoreCommand.IgnoreRootfs, "ignore-rootfs", false, "Do not apply root file-system changes when importing from exported checkpoint") flags.BoolVar(&restoreCommand.IgnoreStaticIP, "ignore-static-ip", false, "Ignore IP address set via --static-ip") + flags.BoolVar(&restoreCommand.IgnoreStaticMAC, "ignore-static-mac", false, "Ignore MAC address set via --mac-address") markFlagHiddenForRemoteClient("latest", flags) } diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 89062f524..6329a9d8e 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -43,7 +43,7 @@ func init() { flags.BoolVarP(&rmCommand.Force, "force", "f", false, "Force removal of a running or unusable container. The default is false") flags.BoolVarP(&rmCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") flags.BoolVar(&rmCommand.Storage, "storage", false, "Remove container from storage library") - flags.BoolVarP(&rmCommand.Volumes, "volumes", "v", false, "Remove the volumes associated with the container") + flags.BoolVarP(&rmCommand.Volumes, "volumes", "v", false, "Remove anonymous volumes associated with the container") markFlagHiddenForRemoteClient("storage", flags) markFlagHiddenForRemoteClient("latest", flags) } diff --git a/cmd/podman/run.go b/cmd/podman/run.go index 7aa4cb3c4..a6468f225 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -1,6 +1,8 @@ package main import ( + "os" + "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" "github.com/opentracing/opentracing-go" @@ -45,6 +47,11 @@ func runCmd(c *cliconfig.RunValues) error { span, _ := opentracing.StartSpanFromContext(Ctx, "runCmd") defer span.Finish() } + if c.String("authfile") != "" { + if _, err := os.Stat(c.String("authfile")); err != nil { + return errors.Wrapf(err, "error checking authfile path %s", c.String("authfile")) + } + } if err := createInit(&c.PodmanCommand); err != nil { return err } diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go index 7359bc0c7..358538155 100644 --- a/cmd/podman/runlabel.go +++ b/cmd/podman/runlabel.go @@ -6,6 +6,7 @@ import ( "os" "strings" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" @@ -60,7 +61,7 @@ func init() { flags.BoolVarP(&runlabelCommand.Quiet, "quiet", "q", false, "Suppress output information when installing images") // Disabled flags for the remote client if !remote { - flags.StringVar(&runlabelCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&runlabelCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") @@ -97,6 +98,12 @@ func runlabelCmd(c *cliconfig.RunlabelValues) error { } defer runtime.DeferredShutdown(false) + if c.Authfile != "" { + if _, err := os.Stat(c.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.Authfile) + } + } + args := c.InputArgs if len(args) < 2 { return errors.Errorf("the runlabel command requires at least 2 arguments: LABEL IMAGE") diff --git a/cmd/podman/search.go b/cmd/podman/search.go index cdcb30a59..87a26e544 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -1,13 +1,14 @@ package main import ( + "os" "reflect" "strings" + buildahcli "github.com/containers/buildah/pkg/cli" "github.com/containers/buildah/pkg/formats" "github.com/containers/image/v5/types" "github.com/containers/libpod/cmd/podman/cliconfig" - "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -45,7 +46,7 @@ func init() { flags.BoolVar(&searchCommand.NoTrunc, "no-trunc", false, "Do not truncate the output") // Disabled flags for the remote client if !remote { - flags.StringVar(&searchCommand.Authfile, "authfile", shared.GetAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") + flags.StringVar(&searchCommand.Authfile, "authfile", buildahcli.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") } } @@ -65,6 +66,12 @@ func searchCmd(c *cliconfig.SearchValues) error { return err } + if c.Authfile != "" { + if _, err := os.Stat(c.Authfile); err != nil { + return errors.Wrapf(err, "error getting authfile %s", c.Authfile) + } + } + searchOptions := image.SearchOptions{ NoTrunc: c.NoTrunc, Limit: c.Limit, diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index dc343e694..c7ea2e389 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -26,7 +26,6 @@ import ( "github.com/docker/docker/pkg/signal" "github.com/docker/go-connections/nat" "github.com/docker/go-units" - "github.com/opencontainers/selinux/go-selinux/label" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -94,7 +93,7 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. ArchitectureChoice: c.String("override-arch"), } - newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, GetAuthFile(c.String("authfile")), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType) + newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, c.String("authfile"), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType) if err != nil { return nil, nil, err } @@ -195,72 +194,6 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. return ctr, createConfig, nil } -func parseSecurityOpt(config *cc.CreateConfig, securityOpts []string, runtime *libpod.Runtime) error { - var ( - labelOpts []string - ) - - if config.PidMode.IsHost() { - labelOpts = append(labelOpts, label.DisableSecOpt()...) - } else if config.PidMode.IsContainer() { - ctr, err := runtime.LookupContainer(config.PidMode.Container()) - if err != nil { - return errors.Wrapf(err, "container %q not found", config.PidMode.Container()) - } - secopts, err := label.DupSecOpt(ctr.ProcessLabel()) - if err != nil { - return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel()) - } - labelOpts = append(labelOpts, secopts...) - } - - if config.IpcMode.IsHost() { - labelOpts = append(labelOpts, label.DisableSecOpt()...) - } else if config.IpcMode.IsContainer() { - ctr, err := runtime.LookupContainer(config.IpcMode.Container()) - if err != nil { - return errors.Wrapf(err, "container %q not found", config.IpcMode.Container()) - } - secopts, err := label.DupSecOpt(ctr.ProcessLabel()) - if err != nil { - return errors.Wrapf(err, "failed to duplicate label %q ", ctr.ProcessLabel()) - } - labelOpts = append(labelOpts, secopts...) - } - - for _, opt := range securityOpts { - if opt == "no-new-privileges" { - config.NoNewPrivs = true - } else { - con := strings.SplitN(opt, "=", 2) - if len(con) != 2 { - return fmt.Errorf("invalid --security-opt 1: %q", opt) - } - - switch con[0] { - case "label": - labelOpts = append(labelOpts, con[1]) - case "apparmor": - config.ApparmorProfile = con[1] - case "seccomp": - config.SeccompProfilePath = con[1] - default: - return fmt.Errorf("invalid --security-opt 2: %q", opt) - } - } - } - - if config.SeccompProfilePath == "" { - var err error - config.SeccompProfilePath, err = libpod.DefaultSeccompPath() - if err != nil { - return err - } - } - config.LabelOpts = labelOpts - return nil -} - func configureEntrypoint(c *GenericCLIResults, data *inspect.ImageData) []string { entrypoint := []string{} if c.IsSet("entrypoint") { @@ -336,10 +269,6 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. return nil, err } - if c.String("mac-address") != "" { - return nil, errors.Errorf("--mac-address option not currently supported") - } - imageID := "" inputCommand = c.InputArgs[1:] @@ -352,11 +281,6 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. rootfs = c.InputArgs[0] } - sysctl, err := validateSysctl(c.StringSlice("sysctl")) - if err != nil { - return nil, errors.Wrapf(err, "invalid value for sysctl") - } - if c.String("memory") != "" { memoryLimit, err = units.RAMInBytes(c.String("memory")) if err != nil { @@ -695,61 +619,96 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. pidsLimit = 0 } + pid := &cc.PidConfig{ + PidMode: pidMode, + } + ipc := &cc.IpcConfig{ + IpcMode: ipcMode, + } + + cgroup := &cc.CgroupConfig{ + Cgroups: c.String("cgroups"), + Cgroupns: c.String("cgroupns"), + CgroupParent: c.String("cgroup-parent"), + CgroupMode: cgroupMode, + } + + userns := &cc.UserConfig{ + GroupAdd: c.StringSlice("group-add"), + IDMappings: idmappings, + UsernsMode: usernsMode, + User: user, + } + + uts := &cc.UtsConfig{ + UtsMode: utsMode, + NoHosts: c.Bool("no-hosts"), + HostAdd: c.StringSlice("add-host"), + Hostname: c.String("hostname"), + } + + net := &cc.NetworkConfig{ + DNSOpt: c.StringSlice("dns-opt"), + DNSSearch: c.StringSlice("dns-search"), + DNSServers: c.StringSlice("dns"), + HTTPProxy: c.Bool("http-proxy"), + MacAddress: c.String("mac-address"), + Network: network, + NetMode: netMode, + IPAddress: c.String("ip"), + Publish: c.StringSlice("publish"), + PublishAll: c.Bool("publish-all"), + PortBindings: portBindings, + } + + sysctl, err := validateSysctl(c.StringSlice("sysctl")) + if err != nil { + return nil, errors.Wrapf(err, "invalid value for sysctl") + } + + secConfig := &cc.SecurityConfig{ + CapAdd: c.StringSlice("cap-add"), + CapDrop: c.StringSlice("cap-drop"), + Privileged: c.Bool("privileged"), + ReadOnlyRootfs: c.Bool("read-only"), + ReadOnlyTmpfs: c.Bool("read-only-tmpfs"), + Sysctl: sysctl, + } + + if err := secConfig.SetLabelOpts(runtime, pid, ipc); err != nil { + return nil, err + } + if err := secConfig.SetSecurityOpts(runtime, c.StringArray("security-opt")); err != nil { + return nil, err + } + config := &cc.CreateConfig{ Annotations: annotations, BuiltinImgVolumes: ImageVolumes, ConmonPidFile: c.String("conmon-pidfile"), ImageVolumeType: c.String("image-volume"), - CapAdd: c.StringSlice("cap-add"), - CapDrop: c.StringSlice("cap-drop"), CidFile: c.String("cidfile"), - Cgroupns: c.String("cgroupns"), - Cgroups: c.String("cgroups"), - CgroupParent: c.String("cgroup-parent"), Command: command, UserCommand: userCommand, Detach: c.Bool("detach"), Devices: c.StringSlice("device"), - DNSOpt: c.StringSlice("dns-opt"), - DNSSearch: c.StringSlice("dns-search"), - DNSServers: c.StringSlice("dns"), Entrypoint: entrypoint, Env: env, // ExposedPorts: ports, - GroupAdd: c.StringSlice("group-add"), - Hostname: c.String("hostname"), - HostAdd: c.StringSlice("add-host"), - HTTPProxy: c.Bool("http-proxy"), - NoHosts: c.Bool("no-hosts"), - IDMappings: idmappings, Init: c.Bool("init"), InitPath: c.String("init-path"), Image: imageName, ImageID: imageID, Interactive: c.Bool("interactive"), // IP6Address: c.String("ipv6"), // Not implemented yet - needs CNI support for static v6 - IPAddress: c.String("ip"), - Labels: labels, + Labels: labels, // LinkLocalIP: c.StringSlice("link-local-ip"), // Not implemented yet LogDriver: logDriver, LogDriverOpt: c.StringSlice("log-opt"), - MacAddress: c.String("mac-address"), Name: c.String("name"), - Network: network, // NetworkAlias: c.StringSlice("network-alias"), // Not implemented - does this make sense in Podman? - IpcMode: ipcMode, - NetMode: netMode, - UtsMode: utsMode, - PidMode: pidMode, - CgroupMode: cgroupMode, - Pod: podName, - Privileged: c.Bool("privileged"), - Publish: c.StringSlice("publish"), - PublishAll: c.Bool("publish-all"), - PortBindings: portBindings, - Quiet: c.Bool("quiet"), - ReadOnlyRootfs: c.Bool("read-only"), - ReadOnlyTmpfs: c.Bool("read-only-tmpfs"), + Pod: podName, + Quiet: c.Bool("quiet"), Resources: cc.CreateResourceConfig{ BlkioWeight: blkioWeight, BlkioWeightDevice: c.StringSlice("blkio-weight-device"), @@ -778,30 +737,27 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. }, RestartPolicy: c.String("restart"), Rm: c.Bool("rm"), + Security: *secConfig, StopSignal: stopSignal, StopTimeout: c.Uint("stop-timeout"), - Sysctl: sysctl, Systemd: systemd, Tmpfs: c.StringArray("tmpfs"), Tty: tty, - User: user, - UsernsMode: usernsMode, MountsFlag: c.StringArray("mount"), Volumes: c.StringArray("volume"), WorkDir: workDir, Rootfs: rootfs, VolumesFrom: c.StringSlice("volumes-from"), Syslog: c.Bool("syslog"), - } - if config.Privileged { - config.LabelOpts = label.DisableSecOpt() - } else { - if err := parseSecurityOpt(config, c.StringArray("security-opt"), runtime); err != nil { - return nil, err - } + Pid: *pid, + Ipc: *ipc, + Cgroup: *cgroup, + User: *userns, + Uts: *uts, + Network: *net, } - config.SecurityOpts = c.StringArray("security-opt") + warnings, err := verifyContainerResources(config, false) if err != nil { return nil, err diff --git a/cmd/podman/shared/funcs.go b/cmd/podman/shared/funcs.go index 9362e8e9b..404d0f288 100644 --- a/cmd/podman/shared/funcs.go +++ b/cmd/podman/shared/funcs.go @@ -6,24 +6,19 @@ import ( "path/filepath" "strings" - "github.com/containers/libpod/pkg/util" + "github.com/containers/image/v5/types" + "github.com/containers/libpod/libpod/image" "github.com/google/shlex" + "github.com/pkg/errors" ) -func GetAuthFile(authfile string) string { +func GetSystemContext(authfile string) (*types.SystemContext, error) { if authfile != "" { - return authfile - } - - authfile = os.Getenv("REGISTRY_AUTH_FILE") - if authfile != "" { - return authfile - } - - if runtimeDir, err := util.GetRuntimeDir(); err == nil { - return filepath.Join(runtimeDir, "containers/auth.json") + if _, err := os.Stat(authfile); err != nil { + return nil, errors.Wrapf(err, "error checking authfile path %s", authfile) + } } - return "" + return image.GetSystemContext("", authfile, false), nil } func substituteCommand(cmd string) (string, error) { diff --git a/cmd/podman/start.go b/cmd/podman/start.go index 2d2cf74d2..d4b4534bb 100644 --- a/cmd/podman/start.go +++ b/cmd/podman/start.go @@ -35,7 +35,7 @@ func init() { startCommand.SetUsageTemplate(UsageTemplate()) flags := startCommand.Flags() flags.BoolVarP(&startCommand.Attach, "attach", "a", false, "Attach container's STDOUT and STDERR") - flags.StringVar(&startCommand.DetachKeys, "detach-keys", "", "Override the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`") + flags.StringVar(&startCommand.DetachKeys, "detach-keys", define.DefaultDetachKeys, "Select the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-z`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`") flags.BoolVarP(&startCommand.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached") flags.BoolVarP(&startCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of") flags.BoolVar(&startCommand.SigProxy, "sig-proxy", false, "Proxy received signals to the process (default true if attaching, false otherwise)") diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go index 592d7a1d1..21389b43a 100644 --- a/cmd/podman/utils.go +++ b/cmd/podman/utils.go @@ -68,8 +68,19 @@ func aliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName { // Check if a file exists and is not a directory func checkIfFileExists(name string) bool { file, err := os.Stat(name) - if os.IsNotExist(err) { + // All errors return file == nil + if err != nil { return false } return !file.IsDir() } + +// Check if a file is or is not a directory +func fileIsDir(name string) bool { + file, err := os.Stat(name) + // All errors return file == nil + if err != nil { + return false + } + return file.IsDir() +} |