summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go1
-rw-r--r--libpod/define/config.go2
-rw-r--r--libpod/define/mount.go2
-rw-r--r--libpod/define/mount_freebsd.go8
-rw-r--r--libpod/define/mount_linux.go8
-rw-r--r--libpod/define/mount_unsupported.go8
-rw-r--r--libpod/kube.go4
-rw-r--r--libpod/runtime.go8
-rw-r--r--libpod/runtime_test.go28
9 files changed, 64 insertions, 5 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 5c5fd471b..bb50ddc43 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -682,6 +682,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
// User and Group must go together
g.SetProcessUID(uint32(execUser.Uid))
g.SetProcessGID(uint32(execUser.Gid))
+ g.AddProcessAdditionalGid(uint32(execUser.Gid))
}
if c.config.Umask != "" {
diff --git a/libpod/define/config.go b/libpod/define/config.go
index 34c1a675d..1fad5cc9a 100644
--- a/libpod/define/config.go
+++ b/libpod/define/config.go
@@ -85,4 +85,4 @@ const PassthroughLogging = "passthrough"
const RLimitDefaultValue = uint64(1048576)
// BindMountPrefix distinguishes its annotations from others
-const BindMountPrefix = "bind-mount-options:"
+const BindMountPrefix = "bind-mount-options"
diff --git a/libpod/define/mount.go b/libpod/define/mount.go
index 1b0d019c8..db444fd83 100644
--- a/libpod/define/mount.go
+++ b/libpod/define/mount.go
@@ -1,8 +1,6 @@
package define
const (
- // TypeBind is the type for mounting host dir
- TypeBind = "bind"
// TypeVolume is the type for named volumes
TypeVolume = "volume"
// TypeTmpfs is the type for mounting tmpfs
diff --git a/libpod/define/mount_freebsd.go b/libpod/define/mount_freebsd.go
new file mode 100644
index 000000000..e080c9ec6
--- /dev/null
+++ b/libpod/define/mount_freebsd.go
@@ -0,0 +1,8 @@
+//go:build freebsd
+
+package define
+
+const (
+ // TypeBind is the type for mounting host dir
+ TypeBind = "nullfs"
+)
diff --git a/libpod/define/mount_linux.go b/libpod/define/mount_linux.go
new file mode 100644
index 000000000..5ef848905
--- /dev/null
+++ b/libpod/define/mount_linux.go
@@ -0,0 +1,8 @@
+//go:build linux
+
+package define
+
+const (
+ // TypeBind is the type for mounting host dir
+ TypeBind = "bind"
+)
diff --git a/libpod/define/mount_unsupported.go b/libpod/define/mount_unsupported.go
new file mode 100644
index 000000000..cb8642fe2
--- /dev/null
+++ b/libpod/define/mount_unsupported.go
@@ -0,0 +1,8 @@
+//go:build !linux && !freebsd
+
+package define
+
+const (
+ // TypeBind is the type for mounting host dir
+ TypeBind = "bind"
+)
diff --git a/libpod/kube.go b/libpod/kube.go
index a70782d69..d4414aabd 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -385,7 +385,7 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
return nil, err
}
for k, v := range annotations {
- podAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+ podAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
}
// Since port bindings for the pod are handled by the
// infra container, wipe them here only if we are sharing the net namespace
@@ -529,7 +529,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container) (*v1.Pod,
return nil, err
}
for k, v := range annotations {
- kubeAnnotations[define.BindMountPrefix+k] = TruncateKubeAnnotation(v)
+ kubeAnnotations[define.BindMountPrefix] = TruncateKubeAnnotation(k + ":" + v)
}
if isInit {
kubeInitCtrs = append(kubeInitCtrs, kubeCtr)
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 9b97fd724..1503b2344 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -5,6 +5,7 @@ import (
"context"
"errors"
"fmt"
+ "math/rand"
"os"
"path/filepath"
"strings"
@@ -112,6 +113,13 @@ type Runtime struct {
secretsManager *secrets.SecretsManager
}
+func init() {
+ // generateName calls namesgenerator.GetRandomName which the
+ // global RNG from math/rand. Seed it here to make sure we
+ // don't get the same name every time.
+ rand.Seed(time.Now().UnixNano())
+}
+
// SetXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set.
// containers/image uses XDG_RUNTIME_DIR to locate the auth file, XDG_CONFIG_HOME is
// use for the containers.conf configuration file.
diff --git a/libpod/runtime_test.go b/libpod/runtime_test.go
new file mode 100644
index 000000000..2e16c7fcd
--- /dev/null
+++ b/libpod/runtime_test.go
@@ -0,0 +1,28 @@
+package libpod
+
+import (
+ "math/rand"
+ "os"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func Test_generateName(t *testing.T) {
+ state, path, _, err := getEmptyBoltState()
+ assert.NoError(t, err)
+ defer os.RemoveAll(path)
+ defer state.Close()
+
+ r := &Runtime{
+ state: state,
+ }
+
+ // Test that (*Runtime).generateName returns different names
+ // if called twice, even if the global RNG has the default
+ // seed.
+ n1, _ := r.generateName()
+ rand.Seed(1)
+ n2, _ := r.generateName()
+ assert.NotEqual(t, n1, n2)
+}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-03-12 09:51:24 +0000