aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/common/specgen.go4
-rw-r--r--cmd/podman/containers/cp.go26
-rw-r--r--cmd/podman/containers/init.go33
-rw-r--r--cmd/podman/containers/mount.go3
-rw-r--r--cmd/podman/pods/create.go4
-rw-r--r--cmd/podman/registry/config.go29
-rw-r--r--cmd/podman/registry/config_abi.go7
-rw-r--r--cmd/podman/registry/config_tunnel.go7
-rw-r--r--cmd/podman/registry/registry.go20
-rw-r--r--cmd/podman/root.go2
-rw-r--r--cmd/podman/system/service.go2
-rw-r--r--cmd/podman/system/unshare.go50
12 files changed, 165 insertions, 22 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index ff7c39de2..664e66df8 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -519,6 +519,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
s.Sysctl = sysmap
+ if c.CIDFile != "" {
+ s.Annotations[define.InspectAnnotationCIDFile] = c.CIDFile
+ }
+
for _, opt := range c.SecurityOpt {
if opt == "no-new-privileges" {
s.ContainerSecurityConfig.NoNewPrivileges = true
diff --git a/cmd/podman/containers/cp.go b/cmd/podman/containers/cp.go
index f0f9a158d..ac7037621 100644
--- a/cmd/podman/containers/cp.go
+++ b/cmd/podman/containers/cp.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/pkg/rootless"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
+ "github.com/spf13/pflag"
)
var (
@@ -22,20 +23,41 @@ var (
RunE: cp,
Example: "podman cp [CONTAINER:]SRC_PATH [CONTAINER:]DEST_PATH",
}
+
+ containerCpCommand = &cobra.Command{
+ Use: cpCommand.Use,
+ Short: cpCommand.Short,
+ Long: cpCommand.Long,
+ Args: cpCommand.Args,
+ RunE: cpCommand.RunE,
+ Example: "podman container cp [CONTAINER:]SRC_PATH [CONTAINER:]DEST_PATH",
+ }
)
var (
cpOpts entities.ContainerCpOptions
)
+func cpFlags(flags *pflag.FlagSet) {
+ flags.BoolVar(&cpOpts.Extract, "extract", false, "Extract the tar file into the destination directory.")
+ flags.BoolVar(&cpOpts.Pause, "pause", copyPause(), "Pause the container while copying")
+}
+
func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Mode: []entities.EngineMode{entities.ABIMode},
Command: cpCommand,
})
flags := cpCommand.Flags()
- flags.BoolVar(&cpOpts.Extract, "extract", false, "Extract the tar file into the destination directory.")
- flags.BoolVar(&cpOpts.Pause, "pause", copyPause(), "Pause the container while copying")
+ cpFlags(flags)
+
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode},
+ Command: containerCpCommand,
+ Parent: containerCmd,
+ })
+ containerCpFlags := containerCpCommand.Flags()
+ cpFlags(containerCpFlags)
}
func cp(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/containers/init.go b/cmd/podman/containers/init.go
index bb02f22fd..417f170c3 100644
--- a/cmd/podman/containers/init.go
+++ b/cmd/podman/containers/init.go
@@ -8,6 +8,7 @@ import (
"github.com/containers/libpod/cmd/podman/utils"
"github.com/containers/libpod/pkg/domain/entities"
"github.com/spf13/cobra"
+ "github.com/spf13/pflag"
)
var (
@@ -25,21 +26,47 @@ var (
podman init 3c45ef19d893
podman init test1`,
}
+
+ containerInitCommand = &cobra.Command{
+ Use: initCommand.Use,
+ Short: initCommand.Short,
+ Long: initCommand.Long,
+ RunE: initCommand.RunE,
+ Args: initCommand.Args,
+ Example: `podman container init --latest
+ podman container init 3c45ef19d893
+ podman container init test1`,
+ }
)
var (
initOptions entities.ContainerInitOptions
)
+func initFlags(flags *pflag.FlagSet) {
+ flags.BoolVarP(&initOptions.All, "all", "a", false, "Initialize all containers")
+ flags.BoolVarP(&initOptions.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
+ if registry.IsRemote() {
+ _ = flags.MarkHidden("latest")
+ }
+}
+
func init() {
registry.Commands = append(registry.Commands, registry.CliCommand{
Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
Command: initCommand,
})
flags := initCommand.Flags()
- flags.BoolVarP(&initOptions.All, "all", "a", false, "Initialize all containers")
- flags.BoolVarP(&initOptions.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
- _ = flags.MarkHidden("latest")
+ initFlags(flags)
+
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode},
+ Parent: containerCmd,
+ Command: containerInitCommand,
+ })
+
+ containerInitFlags := containerInitCommand.Flags()
+ initFlags(containerInitFlags)
}
func initContainer(cmd *cobra.Command, args []string) error {
diff --git a/cmd/podman/containers/mount.go b/cmd/podman/containers/mount.go
index 0bdac72cb..af4d52caa 100644
--- a/cmd/podman/containers/mount.go
+++ b/cmd/podman/containers/mount.go
@@ -30,9 +30,6 @@ var (
Args: func(cmd *cobra.Command, args []string) error {
return parse.CheckAllLatestAndCIDFile(cmd, args, true, false)
},
- Annotations: map[string]string{
- registry.ParentNSRequired: "",
- },
}
containerMountCommmand = &cobra.Command{
diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go
index f97fa836a..e24cdef98 100644
--- a/cmd/podman/pods/create.go
+++ b/cmd/podman/pods/create.go
@@ -16,6 +16,7 @@ import (
"github.com/containers/libpod/pkg/specgen"
"github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)
@@ -81,6 +82,7 @@ func create(cmd *cobra.Command, args []string) error {
}
if !createOptions.Infra {
+ logrus.Debugf("Not creating an infra container")
if cmd.Flag("infra-command").Changed {
return errors.New("cannot set infra-command without an infra container")
}
@@ -114,6 +116,7 @@ func create(cmd *cobra.Command, args []string) error {
if err != nil {
return err
}
+ createOptions.Net.Network = specgen.Namespace{}
if cmd.Flag("network").Changed {
netInput, err := cmd.Flags().GetString("network")
if err != nil {
@@ -132,6 +135,7 @@ func create(cmd *cobra.Command, args []string) error {
n.NSMode = specgen.Bridge
createOptions.Net.CNINetworks = strings.Split(netInput, ",")
}
+ createOptions.Net.Network = n
}
if len(createOptions.Net.PublishPorts) > 0 {
if !createOptions.Infra {
diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go
index fc6eb538e..49d5bca74 100644
--- a/cmd/podman/registry/config.go
+++ b/cmd/podman/registry/config.go
@@ -22,6 +22,7 @@ const (
var (
podmanOptions entities.PodmanConfig
podmanSync sync.Once
+ abiSupport = false
)
// PodmanConfig returns an entities.PodmanConfig built up from
@@ -39,23 +40,31 @@ func newPodmanConfig() {
var mode entities.EngineMode
switch runtime.GOOS {
- case "darwin":
- fallthrough
- case "windows":
+ case "darwin", "windows":
mode = entities.TunnelMode
case "linux":
- mode = entities.ABIMode
+ // Some linux clients might only be compiled without ABI
+ // support (e.g., podman-remote).
+ if abiSupport {
+ mode = entities.ABIMode
+ } else {
+ mode = entities.TunnelMode
+ }
default:
fmt.Fprintf(os.Stderr, "%s is not a supported OS", runtime.GOOS)
os.Exit(1)
}
- // cobra.Execute() may not be called yet, so we peek at os.Args.
- for _, v := range os.Args {
- // Prefix checking works because of how default EngineMode's
- // have been defined.
- if strings.HasPrefix(v, "--remote") {
- mode = entities.TunnelMode
+ // Check if need to fallback to the tunnel mode if --remote is used.
+ if abiSupport && mode == entities.ABIMode {
+ // cobra.Execute() may not be called yet, so we peek at os.Args.
+ for _, v := range os.Args {
+ // Prefix checking works because of how default EngineMode's
+ // have been defined.
+ if strings.HasPrefix(v, "--remote") {
+ mode = entities.TunnelMode
+ break
+ }
}
}
diff --git a/cmd/podman/registry/config_abi.go b/cmd/podman/registry/config_abi.go
new file mode 100644
index 000000000..55430e1bf
--- /dev/null
+++ b/cmd/podman/registry/config_abi.go
@@ -0,0 +1,7 @@
+// +build ABISupport
+
+package registry
+
+func init() {
+ abiSupport = true
+}
diff --git a/cmd/podman/registry/config_tunnel.go b/cmd/podman/registry/config_tunnel.go
new file mode 100644
index 000000000..29e744dac
--- /dev/null
+++ b/cmd/podman/registry/config_tunnel.go
@@ -0,0 +1,7 @@
+// +build !ABISupport
+
+package registry
+
+func init() {
+ abiSupport = false
+}
diff --git a/cmd/podman/registry/registry.go b/cmd/podman/registry/registry.go
index 69e2babfc..71ee2bed0 100644
--- a/cmd/podman/registry/registry.go
+++ b/cmd/podman/registry/registry.go
@@ -2,14 +2,18 @@ package registry
import (
"context"
+ "path/filepath"
"github.com/containers/libpod/pkg/domain/entities"
"github.com/containers/libpod/pkg/domain/infra"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/util"
+ "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
-// DefaultAPIAddress is the default address of the REST socket
-const DefaultAPIAddress = "unix:/run/podman/podman.sock"
+// DefaultRootAPIAddress is the default address of the REST socket
+const DefaultRootAPIAddress = "unix:/run/podman/podman.sock"
// DefaultVarlinkAddress is the default address of the varlink socket
const DefaultVarlinkAddress = "unix:/run/podman/io.podman"
@@ -98,3 +102,15 @@ func GetContextWithOptions() context.Context {
func GetContext() context.Context {
return Context()
}
+
+func DefaultAPIAddress() string {
+ if rootless.IsRootless() {
+ xdg, err := util.GetRuntimeDir()
+ if err != nil {
+ logrus.Warnf("Failed to get rootless runtime dir for DefaultAPIAddress: %s", err)
+ return DefaultRootAPIAddress
+ }
+ return "unix:" + filepath.Join(xdg, "podman", "podman.sock")
+ }
+ return DefaultRootAPIAddress
+}
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index 502b6c03c..7d6f6f823 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -208,7 +208,7 @@ func syslogHook() {
func rootFlags(opts *entities.PodmanConfig, flags *pflag.FlagSet) {
// V2 flags
- flags.StringVarP(&opts.Uri, "remote", "r", "", "URL to access Podman service")
+ flags.StringVarP(&opts.Uri, "remote", "r", registry.DefaultAPIAddress(), "URL to access Podman service")
flags.StringSliceVar(&opts.Identities, "identity", []string{}, "path to SSH identity file")
cfg := opts.Config
diff --git a/cmd/podman/system/service.go b/cmd/podman/system/service.go
index f4b91dd78..552c72f79 100644
--- a/cmd/podman/system/service.go
+++ b/cmd/podman/system/service.go
@@ -139,6 +139,6 @@ func resolveApiURI(_url []string) (string, error) {
case srvArgs.Varlink:
return registry.DefaultVarlinkAddress, nil
default:
- return registry.DefaultAPIAddress, nil
+ return registry.DefaultRootAPIAddress, nil
}
}
diff --git a/cmd/podman/system/unshare.go b/cmd/podman/system/unshare.go
new file mode 100644
index 000000000..7db5d36d2
--- /dev/null
+++ b/cmd/podman/system/unshare.go
@@ -0,0 +1,50 @@
+package system
+
+import (
+ "os"
+
+ "github.com/containers/libpod/cmd/podman/registry"
+ "github.com/containers/libpod/pkg/domain/entities"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
+)
+
+var (
+ unshareDescription = "Runs a command in a modified user namespace."
+ unshareCommand = &cobra.Command{
+ Use: "unshare [flags] [COMMAND [ARG]]",
+ Short: "Run a command in a modified user namespace",
+ Long: unshareDescription,
+ RunE: unshare,
+ Example: `podman unshare id
+ podman unshare cat /proc/self/uid_map,
+ podman unshare podman-script.sh`,
+ }
+)
+
+func init() {
+ registry.Commands = append(registry.Commands, registry.CliCommand{
+ Mode: []entities.EngineMode{entities.ABIMode},
+ Command: unshareCommand,
+ })
+ flags := unshareCommand.Flags()
+ flags.SetInterspersed(false)
+}
+
+func unshare(cmd *cobra.Command, args []string) error {
+ if isRootless := rootless.IsRootless(); !isRootless {
+ return errors.Errorf("please use unshare with rootless")
+ }
+ // exec the specified command, if there is one
+ if len(args) < 1 {
+ // try to exec the shell, if one's set
+ shell, shellSet := os.LookupEnv("SHELL")
+ if !shellSet {
+ return errors.Errorf("no command specified and no $SHELL specified")
+ }
+ args = []string{shell}
+ }
+
+ return registry.ContainerEngine().Unshare(registry.Context(), args)
+}