summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--libpod/events/config.go2
-rw-r--r--libpod/events/events.go2
-rw-r--r--libpod/networking_linux.go16
-rw-r--r--libpod/runtime_img.go13
5 files changed, 34 insertions, 1 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index e2bc4e50f..fdee3877c 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -626,7 +626,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
Destination: "/sys/fs/cgroup/systemd",
Type: "bind",
Source: "/sys/fs/cgroup/systemd",
- Options: []string{"bind", "nodev", "noexec", "nosuid", "rslave"},
+ Options: []string{"bind", "nodev", "noexec", "nosuid", "rprivate"},
}
g.AddMount(systemdMnt)
g.AddLinuxMaskedPaths("/sys/fs/cgroup/systemd/release_agent")
diff --git a/libpod/events/config.go b/libpod/events/config.go
index c34408e63..bb35c03c0 100644
--- a/libpod/events/config.go
+++ b/libpod/events/config.go
@@ -101,6 +101,8 @@ const (
Attach Status = "attach"
// AutoUpdate ...
AutoUpdate Status = "auto-update"
+ // Build ...
+ Build Status = "build"
// Checkpoint ...
Checkpoint Status = "checkpoint"
// Cleanup ...
diff --git a/libpod/events/events.go b/libpod/events/events.go
index 0253b1ee5..722c9595e 100644
--- a/libpod/events/events.go
+++ b/libpod/events/events.go
@@ -127,6 +127,8 @@ func StringToStatus(name string) (Status, error) {
switch name {
case Attach.String():
return Attach, nil
+ case Build.String():
+ return Build, nil
case Checkpoint.String():
return Checkpoint, nil
case Cleanup.String():
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index ed8f82c46..6f266e5d6 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -171,6 +171,7 @@ type slirpFeatures struct {
HasMTU bool
HasEnableSandbox bool
HasEnableSeccomp bool
+ HasCIDR bool
HasOutboundAddr bool
HasIPv6 bool
}
@@ -199,6 +200,7 @@ func checkSlirpFlags(path string) (*slirpFeatures, error) {
HasMTU: strings.Contains(string(out), "--mtu"),
HasEnableSandbox: strings.Contains(string(out), "--enable-sandbox"),
HasEnableSeccomp: strings.Contains(string(out), "--enable-seccomp"),
+ HasCIDR: strings.Contains(string(out), "--cidr"),
HasOutboundAddr: strings.Contains(string(out), "--outbound-addr"),
HasIPv6: strings.Contains(string(out), "--enable-ipv6"),
}, nil
@@ -227,6 +229,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
havePortMapping := len(ctr.Config().PortMappings) > 0
logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
+ cidr := ""
isSlirpHostForward := false
disableHostLoopback := true
enableIPv6 := false
@@ -240,6 +243,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
option, value := parts[0], parts[1]
switch option {
+ case "cidr":
+ ipv4, _, err := net.ParseCIDR(value)
+ if err != nil || ipv4.To4() == nil {
+ return errors.Errorf("invalid cidr %q", value)
+ }
+ cidr = value
case "port_handler":
switch value {
case "slirp4netns":
@@ -309,6 +318,13 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
cmdArgs = append(cmdArgs, "--enable-seccomp")
}
+ if cidr != "" {
+ if !slirpFeatures.HasCIDR {
+ return errors.Errorf("cidr not supported")
+ }
+ cmdArgs = append(cmdArgs, fmt.Sprintf("--cidr=%s", cidr))
+ }
+
if enableIPv6 {
if !slirpFeatures.HasIPv6 {
return errors.Errorf("enable_ipv6 not supported")
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 4b5129f44..a95cd1d7a 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -17,6 +17,7 @@ import (
"github.com/containers/image/v5/oci/layout"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v2/libpod/define"
+ "github.com/containers/podman/v2/libpod/events"
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage"
@@ -150,9 +151,21 @@ func removeStorageContainers(ctrIDs []string, store storage.Store) error {
return nil
}
+// newBuildEvent creates a new event based on completion of a built image
+func (r *Runtime) newImageBuildCompleteEvent(idOrName string) {
+ e := events.NewEvent(events.Build)
+ e.Type = events.Image
+ e.Name = idOrName
+ if err := r.eventer.Write(e); err != nil {
+ logrus.Errorf("unable to write build event: %q", err)
+ }
+}
+
// Build adds the runtime to the imagebuildah call
func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, dockerfiles ...string) (string, reference.Canonical, error) {
id, ref, err := imagebuildah.BuildDockerfiles(ctx, r.store, options, dockerfiles...)
+ // Write event for build completion
+ r.newImageBuildCompleteEvent(id)
return id, ref, err
}