summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/define/errors.go4
-rw-r--r--libpod/events/journal_linux.go19
-rw-r--r--libpod/image/docker_registry_options.go7
-rw-r--r--libpod/oci_internal_linux.go42
-rw-r--r--libpod/runtime.go69
-rw-r--r--libpod/runtime_ctr.go8
-rw-r--r--libpod/runtime_img.go7
7 files changed, 125 insertions, 31 deletions
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index a4368a9aa..9d532263c 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -107,4 +107,8 @@ var (
// ErrOCIRuntimeNotFound indicates the OCI runtime attempted to invoke a command
// that was not found
ErrOCIRuntimeNotFound = errors.New("OCI runtime command not found error")
+
+ // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH)
+ // is out of date for the current podman version
+ ErrConmonOutdated = errors.New("outdated conmon version")
)
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index ae96e3b3b..7d195dc79 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -54,14 +54,17 @@ func (e EventJournalD) Read(options ReadOptions) error {
if err != nil {
return errors.Wrapf(err, "failed to generate event options")
}
- podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint
- j, err := sdjournal.NewJournal() //nolint
+ j, err := sdjournal.NewJournal() //nolint
if err != nil {
return err
}
- if err := j.AddMatch(podmanJournal.String()); err != nil {
- return errors.Wrap(err, "failed to add filter for event log")
- }
+ // TODO AddMatch and Seek seem to conflict
+ // Issue filed upstream -> https://github.com/coreos/go-systemd/issues/315
+ // Leaving commented code in case upstream fixes things
+ //podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"} //nolint
+ //if err := j.AddMatch(podmanJournal.String()); err != nil {
+ // return errors.Wrap(err, "failed to add filter for event log")
+ //}
if len(options.Since) == 0 && len(options.Until) == 0 && options.Stream {
if err := j.SeekTail(); err != nil {
return errors.Wrap(err, "failed to seek end of journal")
@@ -96,6 +99,12 @@ func (e EventJournalD) Read(options ReadOptions) error {
if err != nil {
return err
}
+ // TODO this keeps us from feeding the podman event parser with
+ // with regular journal content; it can be removed if the above
+ // problem with AddMatch is resolved.
+ if entry.Fields["PODMAN_EVENT"] == "" {
+ continue
+ }
newEvent, err := newEventFromJournalEntry(entry)
if err != nil {
// We can't decode this event.
diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go
index c191a3ca2..60bb3c33f 100644
--- a/libpod/image/docker_registry_options.go
+++ b/libpod/image/docker_registry_options.go
@@ -1,8 +1,12 @@
package image
import (
+ "fmt"
+
"github.com/containers/image/docker/reference"
"github.com/containers/image/types"
+
+ podmanVersion "github.com/containers/libpod/version"
)
// DockerRegistryOptions encapsulates settings that affect how we connect or
@@ -36,6 +40,7 @@ func (o DockerRegistryOptions) GetSystemContext(parent *types.SystemContext, add
sc.SignaturePolicyPath = parent.SignaturePolicyPath
sc.AuthFilePath = parent.AuthFilePath
sc.DirForceCompress = parent.DirForceCompress
+ sc.DockerRegistryUserAgent = parent.DockerRegistryUserAgent
}
return sc
}
@@ -48,5 +53,7 @@ func GetSystemContext(signaturePolicyPath, authFilePath string, forceCompress bo
}
sc.AuthFilePath = authFilePath
sc.DirForceCompress = forceCompress
+ sc.DockerRegistryUserAgent = fmt.Sprintf("libpod/%s", podmanVersion.Version)
+
return sc
}
diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go
index 52cebefab..e2c73f5ed 100644
--- a/libpod/oci_internal_linux.go
+++ b/libpod/oci_internal_linux.go
@@ -352,31 +352,29 @@ func startCommandGivenSelinux(cmd *exec.Cmd) error {
// it then signals for conmon to start by sending nonse data down the start fd
func (r *OCIRuntime) moveConmonToCgroupAndSignal(ctr *Container, cmd *exec.Cmd, startFd *os.File, uuid string) error {
cgroupParent := ctr.CgroupParent()
- if os.Geteuid() == 0 {
- if r.cgroupManager == SystemdCgroupsManager {
- unitName := createUnitName("libpod-conmon", ctr.ID())
-
- realCgroupParent := cgroupParent
- splitParent := strings.Split(cgroupParent, "/")
- if strings.HasSuffix(cgroupParent, ".slice") && len(splitParent) > 1 {
- realCgroupParent = splitParent[len(splitParent)-1]
- }
+ if r.cgroupManager == SystemdCgroupsManager {
+ unitName := createUnitName("libpod-conmon", ctr.ID())
- logrus.Infof("Running conmon under slice %s and unitName %s", realCgroupParent, unitName)
- if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName); err != nil {
- logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err)
- }
+ realCgroupParent := cgroupParent
+ splitParent := strings.Split(cgroupParent, "/")
+ if strings.HasSuffix(cgroupParent, ".slice") && len(splitParent) > 1 {
+ realCgroupParent = splitParent[len(splitParent)-1]
+ }
+
+ logrus.Infof("Running conmon under slice %s and unitName %s", realCgroupParent, unitName)
+ if err := utils.RunUnderSystemdScope(cmd.Process.Pid, realCgroupParent, unitName); err != nil {
+ logrus.Warnf("Failed to add conmon to systemd sandbox cgroup: %v", err)
+ }
+ } else {
+ cgroupPath := filepath.Join(ctr.config.CgroupParent, "conmon")
+ control, err := cgroups.New(cgroupPath, &spec.LinuxResources{})
+ if err != nil {
+ logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
} else {
- cgroupPath := filepath.Join(ctr.config.CgroupParent, "conmon")
- control, err := cgroups.New(cgroupPath, &spec.LinuxResources{})
- if err != nil {
+ // we need to remove this defer and delete the cgroup once conmon exits
+ // maybe need a conmon monitor?
+ if err := control.AddPid(cmd.Process.Pid); err != nil {
logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
- } else {
- // we need to remove this defer and delete the cgroup once conmon exits
- // maybe need a conmon monitor?
- if err := control.AddPid(cmd.Process.Pid); err != nil {
- logrus.Warnf("Failed to add conmon to cgroupfs sandbox cgroup: %v", err)
- }
}
}
}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 38bfac8ba..8a4eee081 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -1,6 +1,7 @@
package libpod
import (
+ "bytes"
"context"
"fmt"
"io/ioutil"
@@ -8,6 +9,8 @@ import (
"os/exec"
"os/user"
"path/filepath"
+ "regexp"
+ "strconv"
"strings"
"sync"
"syscall"
@@ -271,6 +274,8 @@ type runtimeConfiguredFrom struct {
runtimePath bool
cniPluginDir bool
noPivotRoot bool
+ runtimeSupportsJSON bool
+ ociRuntime bool
}
func defaultRuntimeConfig() (RuntimeConfig, error) {
@@ -590,6 +595,12 @@ func newRuntimeFromConfig(ctx context.Context, userConfigPath string, options ..
if tmpConfig.NoPivotRoot {
runtime.configuredFrom.noPivotRoot = true
}
+ if tmpConfig.RuntimeSupportsJSON != nil {
+ runtime.configuredFrom.runtimeSupportsJSON = true
+ }
+ if tmpConfig.OCIRuntime != "" {
+ runtime.configuredFrom.ociRuntime = true
+ }
if _, err := toml.Decode(string(contents), runtime.config); err != nil {
return nil, errors.Wrapf(err, "error decoding configuration file %s", configPath)
@@ -630,6 +641,13 @@ func newRuntimeFromConfig(ctx context.Context, userConfigPath string, options ..
if !runtime.configuredFrom.noPivotRoot {
runtime.config.NoPivotRoot = tmpConfig.NoPivotRoot
}
+ if !runtime.configuredFrom.runtimeSupportsJSON {
+ runtime.config.RuntimeSupportsJSON = tmpConfig.RuntimeSupportsJSON
+ }
+ if !runtime.configuredFrom.ociRuntime {
+ runtime.config.OCIRuntime = tmpConfig.OCIRuntime
+ }
+
break
}
}
@@ -739,11 +757,43 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) {
return manager, nil
}
+// probeConmon calls conmon --version and verifies it is a new enough version for
+// the runtime expectations podman currently has
+func probeConmon(conmonBinary string) error {
+ cmd := exec.Command(conmonBinary, "--version")
+ var out bytes.Buffer
+ cmd.Stdout = &out
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+ r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
+
+ matches := r.FindStringSubmatch(out.String())
+ if len(matches) != 4 {
+ return errors.Wrapf(err, "conmon version changed format")
+ }
+ major, err := strconv.Atoi(matches[1])
+ if err != nil || major < 1 {
+ return define.ErrConmonOutdated
+ }
+ // conmon used to be shipped with CRI-O, and was versioned along with it.
+ // even though the conmon that came with crio-1.9 to crio-1.15 has a higher
+ // version number than conmon 1.0.0, 1.0.0 is newer, so we need this check
+ minor, err := strconv.Atoi(matches[2])
+ if err != nil || minor > 9 {
+ return define.ErrConmonOutdated
+ }
+
+ return nil
+}
+
// Make a new runtime based on the given configuration
// Sets up containers/storage, state store, OCI runtime
func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// Find a working conmon binary
foundConmon := false
+ foundOutdatedConmon := false
for _, path := range runtime.config.ConmonPath {
stat, err := os.Stat(path)
if err != nil {
@@ -752,6 +802,11 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
if stat.IsDir() {
continue
}
+ if err := probeConmon(path); err != nil {
+ logrus.Warnf("conmon at %s invalid: %v", path, err)
+ foundOutdatedConmon = true
+ continue
+ }
foundConmon = true
runtime.conmonPath = path
logrus.Debugf("using conmon: %q", path)
@@ -761,13 +816,21 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// Search the $PATH as last fallback
if !foundConmon {
if conmon, err := exec.LookPath("conmon"); err == nil {
- foundConmon = true
- runtime.conmonPath = conmon
- logrus.Debugf("using conmon from $PATH: %q", conmon)
+ if err := probeConmon(conmon); err != nil {
+ logrus.Warnf("conmon at %s is invalid: %v", conmon, err)
+ foundOutdatedConmon = true
+ } else {
+ foundConmon = true
+ runtime.conmonPath = conmon
+ logrus.Debugf("using conmon from $PATH: %q", conmon)
+ }
}
}
if !foundConmon {
+ if foundOutdatedConmon {
+ return errors.Wrapf(define.ErrConmonOutdated, "please update to v1.0.0 or later")
+ }
return errors.Wrapf(define.ErrInvalidArg,
"could not find a working conmon binary (configured options: %v)",
runtime.config.ConmonPath)
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 61a871b28..92b2faefb 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -54,6 +54,14 @@ func (r *Runtime) RestoreContainer(ctx context.Context, rSpec *spec.Spec, config
}
// For an imported checkpoint no one has ever set the StartedTime. Set it now.
ctr.state.StartedTime = time.Now()
+
+ // If the path to ConmonPidFile starts with the default value (RunRoot), then
+ // the user has not specified '--conmon-pidfile' during run or create (probably).
+ // In that case reset ConmonPidFile to be set to the default value later.
+ if strings.HasPrefix(ctr.config.ConmonPidFile, r.config.StorageConfig.RunRoot) {
+ ctr.config.ConmonPidFile = ""
+ }
+
return r.setupContainer(ctx, ctr)
}
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 4055734eb..20dee4080 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -28,6 +28,7 @@ import (
// RemoveImage deletes an image from local storage
// Images being used by running containers can only be removed if force=true
func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool) (string, error) {
+ var returnMessage string
r.lock.Lock()
defer r.lock.Unlock()
@@ -93,7 +94,11 @@ func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool)
err = errStorage
}
}
- return img.ID(), err
+ for _, name := range img.Names() {
+ returnMessage = returnMessage + fmt.Sprintf("Untagged: %s\n", name)
+ }
+ returnMessage = returnMessage + fmt.Sprintf("Deleted: %s", img.ID())
+ return returnMessage, err
}
// Remove containers that are in storage rather than Podman.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-29 00:35:41 +0000