summaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go146
1 files changed, 92 insertions, 54 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 0557b30d0..867ecc2ad 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -70,7 +70,7 @@ func (c *Container) unmountSHM(mount string) error {
return errors.Wrapf(err, "error unmounting container %s SHM mount %s", c.ID(), mount)
}
// If it's just an EINVAL or ENOENT, debug logs only
- logrus.Debugf("container %s failed to unmount %s : %v", c.ID(), mount, err)
+ logrus.Debugf("Container %s failed to unmount %s : %v", c.ID(), mount, err)
}
return nil
}
@@ -143,7 +143,7 @@ func (c *Container) prepare() error {
}
if mountStorageErr != nil {
if createErr != nil {
- logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr)
+ logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
}
createErr = mountStorageErr
}
@@ -154,7 +154,7 @@ func (c *Container) prepare() error {
if err := c.cleanupStorage(); err != nil {
// createErr is guaranteed non-nil, so print
// unconditionally
- logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr)
+ logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
createErr = errors.Wrapf(err, "error unmounting storage for container %s after network create failure", c.ID())
}
}
@@ -163,7 +163,7 @@ func (c *Container) prepare() error {
// isn't ready it will do nothing.
if createErr != nil {
if err := c.cleanupNetwork(); err != nil {
- logrus.Errorf("Error preparing container %s: %v", c.ID(), createErr)
+ logrus.Errorf("Preparing container %s: %v", c.ID(), createErr)
createErr = errors.Wrapf(err, "error cleaning up container %s network after setup failure", c.ID())
}
}
@@ -258,7 +258,7 @@ func (c *Container) cleanupNetwork() error {
// Stop the container's network namespace (if it has one)
if err := c.runtime.teardownNetNS(c); err != nil {
- logrus.Errorf("unable to cleanup network for container %s: %q", c.ID(), err)
+ logrus.Errorf("Unable to cleanup network for container %s: %q", c.ID(), err)
}
c.state.NetNS = nil
@@ -369,13 +369,46 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if err != nil {
return nil, err
}
- volMount := spec.Mount{
- Type: "bind",
- Source: mountPoint,
- Destination: namedVol.Dest,
- Options: namedVol.Options,
+
+ overlayFlag := false
+ for _, o := range namedVol.Options {
+ if o == "O" {
+ overlayFlag = true
+ }
+ }
+
+ if overlayFlag {
+ contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
+ if err != nil {
+ return nil, err
+ }
+ overlayMount, err := overlay.Mount(contentDir, mountPoint, namedVol.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
+ if err != nil {
+ return nil, errors.Wrapf(err, "mounting overlay failed %q", mountPoint)
+ }
+
+ for _, o := range namedVol.Options {
+ switch o {
+ case "U":
+ if err := chown.ChangeHostPathOwnership(mountPoint, true, int(hostUID), int(hostGID)); err != nil {
+ return nil, err
+ }
+
+ if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
+ return nil, err
+ }
+ }
+ }
+ g.AddMount(overlayMount)
+ } else {
+ volMount := spec.Mount{
+ Type: "bind",
+ Source: mountPoint,
+ Destination: namedVol.Dest,
+ Options: namedVol.Options,
+ }
+ g.AddMount(volMount)
}
- g.AddMount(volMount)
}
// Check if the spec file mounts contain the options z, Z or U.
@@ -566,7 +599,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if isGIDAvailable {
g.AddProcessAdditionalGid(uint32(gid))
} else {
- logrus.Warnf("additional gid=%d is not present in the user namespace, skip setting it", gid)
+ logrus.Warnf("Additional gid=%d is not present in the user namespace, skip setting it", gid)
}
}
}
@@ -607,7 +640,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if err != nil {
if os.IsNotExist(err) {
// The kernel-provided files only exist if user namespaces are supported
- logrus.Debugf("user or group ID mappings not available: %s", err)
+ logrus.Debugf("User or group ID mappings not available: %s", err)
} else {
return nil, err
}
@@ -748,7 +781,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
if rootPropagation != "" {
- logrus.Debugf("set root propagation to %q", rootPropagation)
+ logrus.Debugf("Set root propagation to %q", rootPropagation)
if err := g.SetLinuxRootPropagation(rootPropagation); err != nil {
return nil, err
}
@@ -805,7 +838,7 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
}
notifyDir := filepath.Join(c.bundlePath(), "notify")
- logrus.Debugf("checking notify %q dir", notifyDir)
+ logrus.Debugf("Checking notify %q dir", notifyDir)
if err := os.MkdirAll(notifyDir, 0755); err != nil {
if !os.IsExist(err) {
return errors.Wrapf(err, "unable to create notify %q dir", notifyDir)
@@ -814,7 +847,7 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
if err := label.Relabel(notifyDir, c.MountLabel(), true); err != nil {
return errors.Wrapf(err, "relabel failed %q", notifyDir)
}
- logrus.Debugf("add bindmount notify %q dir", notifyDir)
+ logrus.Debugf("Add bindmount notify %q dir", notifyDir)
if _, ok := c.state.BindMounts["/run/notify"]; !ok {
c.state.BindMounts["/run/notify"] = notifyDir
}
@@ -1166,7 +1199,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
for _, del := range cleanup {
file := filepath.Join(c.bundlePath(), del)
if err := os.Remove(file); err != nil {
- logrus.Debugf("unable to remove file %s", file)
+ logrus.Debugf("Unable to remove file %s", file)
}
}
}
@@ -1266,7 +1299,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
var netStatus map[string]types.StatusBlock
_, err := metadata.ReadJSONFile(&netStatus, c.bundlePath(), metadata.NetworkStatusFile)
if err != nil {
- logrus.Infof("failed to unmarshal network status, cannot restore the same ip/mac: %v", err)
+ logrus.Infof("Failed to unmarshal network status, cannot restore the same ip/mac: %v", err)
}
// If the restored container should get a new name, the IP address of
// the container will not be restored. This assumes that if a new name is
@@ -1277,7 +1310,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
if err == nil && options.Name == "" && (!options.IgnoreStaticIP || !options.IgnoreStaticMAC) {
// The file with the network.status does exist. Let's restore the
// container with the same networks settings as during checkpointing.
- aliases, err := c.runtime.state.GetAllNetworkAliases(c)
+ aliases, err := c.GetAllNetworkAliases()
if err != nil {
return err
}
@@ -1316,7 +1349,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
defer func() {
if retErr != nil {
if err := c.cleanup(ctx); err != nil {
- logrus.Errorf("error cleaning up container %s: %v", c.ID(), err)
+ logrus.Errorf("Cleaning up container %s: %v", c.ID(), err)
}
}
}()
@@ -1870,11 +1903,11 @@ func (c *Container) generateResolvConf() (string, error) {
for _, nsIP := range status.DNSServerIPs {
networkNameServers = append(networkNameServers, nsIP.String())
}
- logrus.Debugf("adding nameserver(s) from network status of '%q'", status.DNSServerIPs)
+ logrus.Debugf("Adding nameserver(s) from network status of '%q'", status.DNSServerIPs)
}
if status.DNSSearchDomains != nil {
networkSearchDomains = append(networkSearchDomains, status.DNSSearchDomains...)
- logrus.Debugf("adding search domain(s) from network status of '%q'", status.DNSSearchDomains)
+ logrus.Debugf("Adding search domain(s) from network status of '%q'", status.DNSSearchDomains)
}
}
@@ -1923,7 +1956,7 @@ func (c *Container) generateResolvConf() (string, error) {
if c.config.NetMode.IsSlirp4netns() {
slirp4netnsDNS, err := GetSlirp4netnsDNS(c.slirp4netnsSubnet)
if err != nil {
- logrus.Warn("failed to determine Slirp4netns DNS: ", err.Error())
+ logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error())
} else {
nameservers = append([]string{slirp4netnsDNS.String()}, nameservers...)
}
@@ -2025,7 +2058,7 @@ func (c *Container) getHosts() string {
// When using slirp4netns, the interface gets a static IP
slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
if err != nil {
- logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error())
+ logrus.Warnf("Failed to determine slirp4netnsIP: %v", err.Error())
} else {
hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name)
}
@@ -2033,15 +2066,16 @@ func (c *Container) getHosts() string {
// Do we have a network namespace?
netNone := false
- for _, ns := range c.config.Spec.Linux.Namespaces {
- if ns.Type == spec.NetworkNamespace {
- if ns.Path == "" && !c.config.CreateNetNS {
- netNone = true
+ if c.config.NetNsCtr == "" && !c.config.CreateNetNS {
+ for _, ns := range c.config.Spec.Linux.Namespaces {
+ if ns.Type == spec.NetworkNamespace {
+ if ns.Path == "" {
+ netNone = true
+ }
+ break
}
- break
}
}
-
// If we are net=none (have a network namespace, but not connected to
// anything) add the container's name and hostname to localhost.
if netNone {
@@ -2049,35 +2083,39 @@ func (c *Container) getHosts() string {
}
}
- // Add gateway entry
- var depCtr *Container
- netStatus := c.getNetworkStatus()
- if c.config.NetNsCtr != "" {
- // ignoring the error because there isn't anything to do
- depCtr, _ = c.getRootNetNsDepCtr()
- } else if len(netStatus) != 0 {
- depCtr = c
- }
-
- if depCtr != nil {
- for _, status := range depCtr.getNetworkStatus() {
- for _, netInt := range status.Interfaces {
- for _, netAddress := range netInt.Networks {
- if netAddress.Gateway != nil {
- hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String())
+ // Add gateway entry if we are not in a machine. If we use podman machine
+ // the gvproxy dns server will take care of host.containers.internal.
+ // https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08
+ if !c.runtime.config.Engine.MachineEnabled {
+ var depCtr *Container
+ netStatus := c.getNetworkStatus()
+ if c.config.NetNsCtr != "" {
+ // ignoring the error because there isn't anything to do
+ depCtr, _ = c.getRootNetNsDepCtr()
+ } else if len(netStatus) != 0 {
+ depCtr = c
+ }
+
+ if depCtr != nil {
+ for _, status := range depCtr.getNetworkStatus() {
+ for _, netInt := range status.Interfaces {
+ for _, netAddress := range netInt.Networks {
+ if netAddress.Gateway != nil {
+ hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String())
+ }
}
}
}
- }
- } else if c.config.NetMode.IsSlirp4netns() {
- gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet)
- if err != nil {
- logrus.Warn("failed to determine gatewayIP: ", err.Error())
+ } else if c.config.NetMode.IsSlirp4netns() {
+ gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet)
+ if err != nil {
+ logrus.Warn("Failed to determine gatewayIP: ", err.Error())
+ } else {
+ hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String())
+ }
} else {
- hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String())
+ logrus.Debug("Network configuration does not support host.containers.internal address")
}
- } else {
- logrus.Debug("network configuration does not support host.containers.internal address")
}
return hosts