summaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/podman/checkpoint.go73
-rw-r--r--cmd/podman/container.go2
-rw-r--r--cmd/podman/restore.go73
-rw-r--r--cmd/podman/runlabel.go9
-rw-r--r--cmd/podman/shared/funcs.go5
-rw-r--r--cmd/podman/shared/funcs_test.go10
6 files changed, 164 insertions, 8 deletions
diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go
new file mode 100644
index 000000000..cbbbcd740
--- /dev/null
+++ b/cmd/podman/checkpoint.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+
+ "github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/pkg/errors"
+ "github.com/urfave/cli"
+)
+
+var (
+ checkpointDescription = `
+ podman container checkpoint
+
+ Checkpoints one or more running containers. The container name or ID can be used.
+`
+ checkpointFlags = []cli.Flag{
+ cli.BoolFlag{
+ Name: "keep, k",
+ Usage: "keep all temporary checkpoint files",
+ },
+ }
+ checkpointCommand = cli.Command{
+ Name: "checkpoint",
+ Usage: "Checkpoints one or more containers",
+ Description: checkpointDescription,
+ Flags: checkpointFlags,
+ Action: checkpointCmd,
+ ArgsUsage: "CONTAINER-NAME [CONTAINER-NAME ...]",
+ }
+)
+
+func checkpointCmd(c *cli.Context) error {
+ if rootless.IsRootless() {
+ return errors.New("checkpointing a container requires root")
+ }
+
+ runtime, err := libpodruntime.GetRuntime(c)
+ if err != nil {
+ return errors.Wrapf(err, "could not get runtime")
+ }
+ defer runtime.Shutdown(false)
+
+ keep := c.Bool("keep")
+ args := c.Args()
+ if len(args) < 1 {
+ return errors.Errorf("you must provide at least one container name or id")
+ }
+
+ var lastError error
+ for _, arg := range args {
+ ctr, err := runtime.LookupContainer(arg)
+ if err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "error looking up container %q", arg)
+ continue
+ }
+ if err = ctr.Checkpoint(context.TODO(), keep); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to checkpoint container %v", ctr.ID())
+ } else {
+ fmt.Println(ctr.ID())
+ }
+ }
+ return lastError
+}
diff --git a/cmd/podman/container.go b/cmd/podman/container.go
index 82c1c824d..ff634278f 100644
--- a/cmd/podman/container.go
+++ b/cmd/podman/container.go
@@ -7,6 +7,7 @@ import (
var (
subCommands = []cli.Command{
attachCommand,
+ checkpointCommand,
cleanupCommand,
commitCommand,
createCommand,
@@ -23,6 +24,7 @@ var (
// pruneCommand,
refreshCommand,
restartCommand,
+ restoreCommand,
rmCommand,
runCommand,
runlabelCommand,
diff --git a/cmd/podman/restore.go b/cmd/podman/restore.go
new file mode 100644
index 000000000..43ef87ca2
--- /dev/null
+++ b/cmd/podman/restore.go
@@ -0,0 +1,73 @@
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+
+ "github.com/containers/libpod/cmd/podman/libpodruntime"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/pkg/errors"
+ "github.com/urfave/cli"
+)
+
+var (
+ restoreDescription = `
+ podman container restore
+
+ Restores a container from a checkpoint. The container name or ID can be used.
+`
+ restoreFlags = []cli.Flag{
+ cli.BoolFlag{
+ Name: "keep, k",
+ Usage: "keep all temporary checkpoint files",
+ },
+ }
+ restoreCommand = cli.Command{
+ Name: "restore",
+ Usage: "Restores one or more containers from a checkpoint",
+ Description: restoreDescription,
+ Flags: restoreFlags,
+ Action: restoreCmd,
+ ArgsUsage: "CONTAINER-NAME [CONTAINER-NAME ...]",
+ }
+)
+
+func restoreCmd(c *cli.Context) error {
+ if rootless.IsRootless() {
+ return errors.New("restoring a container requires root")
+ }
+
+ runtime, err := libpodruntime.GetRuntime(c)
+ if err != nil {
+ return errors.Wrapf(err, "could not get runtime")
+ }
+ defer runtime.Shutdown(false)
+
+ keep := c.Bool("keep")
+ args := c.Args()
+ if len(args) < 1 {
+ return errors.Errorf("you must provide at least one container name or id")
+ }
+
+ var lastError error
+ for _, arg := range args {
+ ctr, err := runtime.LookupContainer(arg)
+ if err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "error looking up container %q", arg)
+ continue
+ }
+ if err = ctr.Restore(context.TODO(), keep); err != nil {
+ if lastError != nil {
+ fmt.Fprintln(os.Stderr, lastError)
+ }
+ lastError = errors.Wrapf(err, "failed to restore container %v", ctr.ID())
+ } else {
+ fmt.Println(ctr.ID())
+ }
+ }
+ return lastError
+}
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index c5dd98ee6..34e6b9093 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -94,6 +94,14 @@ func runlabelCmd(c *cli.Context) error {
newImage *image.Image
)
+ // Evil images could trick into recursively executing the runlabel
+ // command. Avoid this by setting the "PODMAN_RUNLABEL_NESTED" env
+ // variable when executing a label first.
+ nested := os.Getenv("PODMAN_RUNLABEL_NESTED")
+ if nested == "1" {
+ return fmt.Errorf("nested runlabel calls: runlabels cannot execute the runlabel command")
+ }
+
opts := make(map[string]string)
runtime, err := libpodruntime.GetRuntime(c)
if err != nil {
@@ -177,6 +185,7 @@ func runlabelCmd(c *cli.Context) error {
cmd := shared.GenerateCommand(runLabel, imageName, c.String("name"))
env := shared.GenerateRunEnvironment(c.String("name"), imageName, opts)
+ env = append(env, "PODMAN_RUNLABEL_NESTED=1")
if !c.Bool("quiet") {
fmt.Printf("Command: %s\n", strings.Join(cmd, " "))
diff --git a/cmd/podman/shared/funcs.go b/cmd/podman/shared/funcs.go
index 5c401634c..21e7fe10d 100644
--- a/cmd/podman/shared/funcs.go
+++ b/cmd/podman/shared/funcs.go
@@ -15,9 +15,8 @@ func GenerateCommand(command, imageName, name string) []string {
name = imageName
}
cmd := strings.Split(command, " ")
- // Replace the first position of cmd with podman whether
- // it is docker, /usr/bin/docker, or podman
- newCommand = append(newCommand, "podman")
+ // Replace the first element of cmd with "/proc/self/exe"
+ newCommand = append(newCommand, "/proc/self/exe")
for _, arg := range cmd[1:] {
var newArg string
switch arg {
diff --git a/cmd/podman/shared/funcs_test.go b/cmd/podman/shared/funcs_test.go
index 3d0ac005f..612be480b 100644
--- a/cmd/podman/shared/funcs_test.go
+++ b/cmd/podman/shared/funcs_test.go
@@ -15,35 +15,35 @@ var (
func TestGenerateCommand(t *testing.T) {
inputCommand := "docker run -it --name NAME -e NAME=NAME -e IMAGE=IMAGE IMAGE echo install"
- correctCommand := "podman run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
+ correctCommand := "/proc/self/exe run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
newCommand := GenerateCommand(inputCommand, "foo", "bar")
assert.Equal(t, correctCommand, strings.Join(newCommand, " "))
}
func TestGenerateCommandPath(t *testing.T) {
inputCommand := "/usr/bin/docker run -it --name NAME -e NAME=NAME -e IMAGE=IMAGE IMAGE echo install"
- correctCommand := "podman run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
+ correctCommand := "/proc/self/exe run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
newCommand := GenerateCommand(inputCommand, "foo", "bar")
assert.Equal(t, correctCommand, strings.Join(newCommand, " "))
}
func TestGenerateCommandNoSetName(t *testing.T) {
inputCommand := "docker run -it --name NAME -e NAME=NAME -e IMAGE=IMAGE IMAGE echo install"
- correctCommand := "podman run -it --name foo -e NAME=foo -e IMAGE=foo foo echo install"
+ correctCommand := "/proc/self/exe run -it --name foo -e NAME=foo -e IMAGE=foo foo echo install"
newCommand := GenerateCommand(inputCommand, "foo", "")
assert.Equal(t, correctCommand, strings.Join(newCommand, " "))
}
func TestGenerateCommandNoName(t *testing.T) {
inputCommand := "docker run -it -e IMAGE=IMAGE IMAGE echo install"
- correctCommand := "podman run -it -e IMAGE=foo foo echo install"
+ correctCommand := "/proc/self/exe run -it -e IMAGE=foo foo echo install"
newCommand := GenerateCommand(inputCommand, "foo", "")
assert.Equal(t, correctCommand, strings.Join(newCommand, " "))
}
func TestGenerateCommandAlreadyPodman(t *testing.T) {
inputCommand := "podman run -it --name NAME -e NAME=NAME -e IMAGE=IMAGE IMAGE echo install"
- correctCommand := "podman run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
+ correctCommand := "/proc/self/exe run -it --name bar -e NAME=bar -e IMAGE=foo foo echo install"
newCommand := GenerateCommand(inputCommand, "foo", "bar")
assert.Equal(t, correctCommand, strings.Join(newCommand, " "))
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-06 03:30:54 +0000