diff options
Diffstat (limited to 'libpod/container_internal_linux.go')
| -rw-r--r-- | libpod/container_internal_linux.go | 131 |
1 files changed, 84 insertions, 47 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 6ebbfd1f3..dd6f3878a 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -70,7 +70,7 @@ func (c *Container) unmountSHM(mount string) error { return errors.Wrapf(err, "error unmounting container %s SHM mount %s", c.ID(), mount) } // If it's just an EINVAL or ENOENT, debug logs only - logrus.Debugf("container %s failed to unmount %s : %v", c.ID(), mount, err) + logrus.Debugf("Container %s failed to unmount %s : %v", c.ID(), mount, err) } return nil } @@ -143,7 +143,7 @@ func (c *Container) prepare() error { } if mountStorageErr != nil { if createErr != nil { - logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr) + logrus.Errorf("Preparing container %s: %v", c.ID(), createErr) } createErr = mountStorageErr } @@ -154,7 +154,7 @@ func (c *Container) prepare() error { if err := c.cleanupStorage(); err != nil { // createErr is guaranteed non-nil, so print // unconditionally - logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr) + logrus.Errorf("Preparing container %s: %v", c.ID(), createErr) createErr = errors.Wrapf(err, "error unmounting storage for container %s after network create failure", c.ID()) } } @@ -163,7 +163,7 @@ func (c *Container) prepare() error { // isn't ready it will do nothing. if createErr != nil { if err := c.cleanupNetwork(); err != nil { - logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr) + logrus.Errorf("Preparing container %s: %v", c.ID(), createErr) createErr = errors.Wrapf(err, "error cleaning up container %s network after setup failure", c.ID()) } } @@ -258,7 +258,7 @@ func (c *Container) cleanupNetwork() error { // Stop the container's network namespace (if it has one) if err := c.runtime.teardownNetNS(c); err != nil { - logrus.Errorf("unable to cleanup network for container %s: %q", c.ID(), err) + logrus.Errorf("Unable to cleanup network for container %s: %q", c.ID(), err) } c.state.NetNS = nil @@ -369,13 +369,46 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if err != nil { return nil, err } - volMount := spec.Mount{ - Type: "bind", - Source: mountPoint, - Destination: namedVol.Dest, - Options: namedVol.Options, + + overlayFlag := false + for _, o := range namedVol.Options { + if o == "O" { + overlayFlag = true + } + } + + if overlayFlag { + contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID()) + if err != nil { + return nil, err + } + overlayMount, err := overlay.Mount(contentDir, mountPoint, namedVol.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions()) + if err != nil { + return nil, errors.Wrapf(err, "mounting overlay failed %q", mountPoint) + } + + for _, o := range namedVol.Options { + switch o { + case "U": + if err := chown.ChangeHostPathOwnership(mountPoint, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + + if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil { + return nil, err + } + } + } + g.AddMount(overlayMount) + } else { + volMount := spec.Mount{ + Type: "bind", + Source: mountPoint, + Destination: namedVol.Dest, + Options: namedVol.Options, + } + g.AddMount(volMount) } - g.AddMount(volMount) } // Check if the spec file mounts contain the options z, Z or U. @@ -566,7 +599,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if isGIDAvailable { g.AddProcessAdditionalGid(uint32(gid)) } else { - logrus.Warnf("additional gid=%d is not present in the user namespace, skip setting it", gid) + logrus.Warnf("Additional gid=%d is not present in the user namespace, skip setting it", gid) } } } @@ -607,7 +640,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { if err != nil { if os.IsNotExist(err) { // The kernel-provided files only exist if user namespaces are supported - logrus.Debugf("user or group ID mappings not available: %s", err) + logrus.Debugf("User or group ID mappings not available: %s", err) } else { return nil, err } @@ -748,7 +781,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } if rootPropagation != "" { - logrus.Debugf("set root propagation to %q", rootPropagation) + logrus.Debugf("Set root propagation to %q", rootPropagation) if err := g.SetLinuxRootPropagation(rootPropagation); err != nil { return nil, err } @@ -805,7 +838,7 @@ func (c *Container) mountNotifySocket(g generate.Generator) error { } notifyDir := filepath.Join(c.bundlePath(), "notify") - logrus.Debugf("checking notify %q dir", notifyDir) + logrus.Debugf("Checking notify %q dir", notifyDir) if err := os.MkdirAll(notifyDir, 0755); err != nil { if !os.IsExist(err) { return errors.Wrapf(err, "unable to create notify %q dir", notifyDir) @@ -814,7 +847,7 @@ func (c *Container) mountNotifySocket(g generate.Generator) error { if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil { return errors.Wrapf(err, "relabel failed %q", notifyDir) } - logrus.Debugf("add bindmount notify %q dir", notifyDir) + logrus.Debugf("Add bindmount notify %q dir", notifyDir) if _, ok := c.state.BindMounts["/run/notify"]; !ok { c.state.BindMounts["/run/notify"] = notifyDir } @@ -1166,7 +1199,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO for _, del := range cleanup { file := filepath.Join(c.bundlePath(), del) if err := os.Remove(file); err != nil { - logrus.Debugf("unable to remove file %s", file) + logrus.Debugf("Unable to remove file %s", file) } } } @@ -1266,7 +1299,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti var netStatus map[string]types.StatusBlock _, err := metadata.ReadJSONFile(&netStatus, c.bundlePath(), metadata.NetworkStatusFile) if err != nil { - logrus.Infof("failed to unmarshal network status, cannot restore the same ip/mac: %v", err) + logrus.Infof("Failed to unmarshal network status, cannot restore the same ip/mac: %v", err) } // If the restored container should get a new name, the IP address of // the container will not be restored. This assumes that if a new name is @@ -1316,7 +1349,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti defer func() { if retErr != nil { if err := c.cleanup(ctx); err != nil { - logrus.Errorf("error cleaning up container %s: %v", c.ID(), err) + logrus.Errorf("Cleaning up container %s: %v", c.ID(), err) } } }() @@ -1870,11 +1903,11 @@ func (c *Container) generateResolvConf() (string, error) { for _, nsIP := range status.DNSServerIPs { networkNameServers = append(networkNameServers, nsIP.String()) } - logrus.Debugf("adding nameserver(s) from network status of '%q'", status.DNSServerIPs) + logrus.Debugf("Adding nameserver(s) from network status of '%q'", status.DNSServerIPs) } if status.DNSSearchDomains != nil { networkSearchDomains = append(networkSearchDomains, status.DNSSearchDomains...) - logrus.Debugf("adding search domain(s) from network status of '%q'", status.DNSSearchDomains) + logrus.Debugf("Adding search domain(s) from network status of '%q'", status.DNSSearchDomains) } } @@ -1923,7 +1956,7 @@ func (c *Container) generateResolvConf() (string, error) { if c.config.NetMode.IsSlirp4netns() { slirp4netnsDNS, err := GetSlirp4netnsDNS(c.slirp4netnsSubnet) if err != nil { - logrus.Warn("failed to determine Slirp4netns DNS: ", err.Error()) + logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error()) } else { nameservers = append([]string{slirp4netnsDNS.String()}, nameservers...) } @@ -2025,7 +2058,7 @@ func (c *Container) getHosts() string { // When using slirp4netns, the interface gets a static IP slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet) if err != nil { - logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error()) + logrus.Warnf("Failed to determine slirp4netnsIP: %v", err.Error()) } else { hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name) } @@ -2050,35 +2083,39 @@ func (c *Container) getHosts() string { } } - // Add gateway entry - var depCtr *Container - netStatus := c.getNetworkStatus() - if c.config.NetNsCtr != "" { - // ignoring the error because there isn't anything to do - depCtr, _ = c.getRootNetNsDepCtr() - } else if len(netStatus) != 0 { - depCtr = c - } - - if depCtr != nil { - for _, status := range depCtr.getNetworkStatus() { - for _, netInt := range status.Interfaces { - for _, netAddress := range netInt.Networks { - if netAddress.Gateway != nil { - hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String()) + // Add gateway entry if we are not in a machine. If we use podman machine + // the gvproxy dns server will take care of host.containers.internal. + // https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08 + if !c.runtime.config.Engine.MachineEnabled { + var depCtr *Container + netStatus := c.getNetworkStatus() + if c.config.NetNsCtr != "" { + // ignoring the error because there isn't anything to do + depCtr, _ = c.getRootNetNsDepCtr() + } else if len(netStatus) != 0 { + depCtr = c + } + + if depCtr != nil { + for _, status := range depCtr.getNetworkStatus() { + for _, netInt := range status.Interfaces { + for _, netAddress := range netInt.Networks { + if netAddress.Gateway != nil { + hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String()) + } } } } - } - } else if c.config.NetMode.IsSlirp4netns() { - gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet) - if err != nil { - logrus.Warn("failed to determine gatewayIP: ", err.Error()) + } else if c.config.NetMode.IsSlirp4netns() { + gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet) + if err != nil { + logrus.Warn("Failed to determine gatewayIP: ", err.Error()) + } else { + hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String()) + } } else { - hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String()) + logrus.Debug("Network configuration does not support host.containers.internal address") } - } else { - logrus.Debug("network configuration does not support host.containers.internal address") } return hosts |