summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/container_inspect.go2
-rw-r--r--libpod/define/container_inspect.go9
-rw-r--r--libpod/define/errors.go13
-rw-r--r--libpod/driver/driver.go37
-rw-r--r--libpod/image/image.go3
-rw-r--r--libpod/oci_util.go12
6 files changed, 42 insertions, 34 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 51474471b..870d92ca9 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -49,7 +49,7 @@ func (c *Container) Inspect(size bool) (*define.InspectContainerData, error) {
return c.inspectLocked(size)
}
-func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*define.InspectContainerData, error) {
+func (c *Container) getContainerInspectData(size bool, driverData *define.DriverData) (*define.InspectContainerData, error) {
config := c.config
runtimeInfo := c.state
ctrSpec, err := c.specFromState()
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index c61f7c159..9a93e2ffd 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -4,7 +4,6 @@ import (
"time"
"github.com/containers/image/v5/manifest"
- "github.com/containers/podman/v2/libpod/driver"
)
// InspectContainerConfig holds further data about how a container was initially
@@ -635,7 +634,7 @@ type InspectContainerData struct {
EffectiveCaps []string `json:"EffectiveCaps"`
BoundingCaps []string `json:"BoundingCaps"`
ExecIDs []string `json:"ExecIDs"`
- GraphDriver *driver.Data `json:"GraphDriver"`
+ GraphDriver *DriverData `json:"GraphDriver"`
SizeRw *int64 `json:"SizeRw,omitempty"`
SizeRootFs int64 `json:"SizeRootFs,omitempty"`
Mounts []InspectMount `json:"Mounts"`
@@ -700,3 +699,9 @@ type InspectExecProcess struct {
// User is the user the exec session was started as.
User string `json:"user"`
}
+
+// DriverData handles the data for a storage driver
+type DriverData struct {
+ Name string `json:"Name"`
+ Data map[string]string `json:"Data"`
+}
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index b96d36429..568f8e88d 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -2,6 +2,7 @@ package define
import (
"errors"
+ "fmt"
)
var (
@@ -181,4 +182,16 @@ var (
// ErrNoNetwork indicates that a container has no net namespace, like network=none
ErrNoNetwork = errors.New("container has no network namespace")
+
+ // ErrSetSecurityAttribute indicates that a request to set a container's security attribute
+ // was not possible.
+ ErrSetSecurityAttribute = fmt.Errorf("%w: unable to assign security attribute", ErrOCIRuntime)
+
+ // ErrGetSecurityAttribute indicates that a request to get a container's security attribute
+ // was not possible.
+ ErrGetSecurityAttribute = fmt.Errorf("%w: unable to get security attribute", ErrOCIRuntime)
+
+ // ErrSecurityAttribute indicates that an error processing security attributes
+ // for the container
+ ErrSecurityAttribute = fmt.Errorf("%w: unable to process security attribute", ErrOCIRuntime)
)
diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go
index 85eda5a21..de71c1f6e 100644
--- a/libpod/driver/driver.go
+++ b/libpod/driver/driver.go
@@ -1,40 +1,17 @@
package driver
import (
- cstorage "github.com/containers/storage"
+ "github.com/containers/podman/v2/libpod/define"
+ "github.com/containers/storage"
)
-// Data handles the data for a storage driver
-type Data struct {
- Name string `json:"Name"`
- Data map[string]string `json:"Data"`
-}
-
-// GetDriverName returns the name of the driver for the given store
-func GetDriverName(store cstorage.Store) (string, error) {
- driver, err := store.GraphDriver()
- if err != nil {
- return "", err
- }
- return driver.String(), nil
-}
-
-// GetDriverMetadata returns the metadata regarding the driver for the layer in the given store
-func GetDriverMetadata(store cstorage.Store, layerID string) (map[string]string, error) {
+// GetDriverData returns information on a given store's running graph driver.
+func GetDriverData(store storage.Store, layerID string) (*define.DriverData, error) {
driver, err := store.GraphDriver()
if err != nil {
return nil, err
}
- return driver.Metadata(layerID)
-}
-
-// GetDriverData returns the Data struct with information of the driver used by the store
-func GetDriverData(store cstorage.Store, layerID string) (*Data, error) {
- name, err := GetDriverName(store)
- if err != nil {
- return nil, err
- }
- metaData, err := GetDriverMetadata(store, layerID)
+ metaData, err := driver.Metadata(layerID)
if err != nil {
return nil, err
}
@@ -42,8 +19,8 @@ func GetDriverData(store cstorage.Store, layerID string) (*Data, error) {
delete(metaData, "MergedDir")
}
- return &Data{
- Name: name,
+ return &define.DriverData{
+ Name: driver.String(),
Data: metaData,
}, nil
}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 39d740b7a..d732aecfe 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -29,6 +29,7 @@ import (
"github.com/containers/image/v5/transports"
"github.com/containers/image/v5/transports/alltransports"
"github.com/containers/image/v5/types"
+ "github.com/containers/podman/v2/libpod/define"
"github.com/containers/podman/v2/libpod/driver"
"github.com/containers/podman/v2/libpod/events"
"github.com/containers/podman/v2/pkg/inspect"
@@ -970,7 +971,7 @@ func (i *Image) toImageRef(ctx context.Context) (types.Image, error) {
}
// DriverData gets the driver data from the store on a layer
-func (i *Image) DriverData() (*driver.Data, error) {
+func (i *Image) DriverData() (*define.DriverData, error) {
return driver.GetDriverData(i.imageruntime.store, i.TopLayer())
}
diff --git a/libpod/oci_util.go b/libpod/oci_util.go
index 2ba85c4b3..d40cf13bd 100644
--- a/libpod/oci_util.go
+++ b/libpod/oci_util.go
@@ -126,5 +126,17 @@ func getOCIRuntimeError(runtimeMsg string) error {
}
return errors.Wrapf(define.ErrOCIRuntimeNotFound, "%s", strings.Trim(errStr, "\n"))
}
+ if match := regexp.MustCompile("`/proc/[a-z0-9-].+/attr.*`").FindString(runtimeMsg); match != "" {
+ errStr := match
+ if includeFullOutput {
+ errStr = runtimeMsg
+ }
+ if strings.HasSuffix(match, "/exec`") {
+ return errors.Wrapf(define.ErrSetSecurityAttribute, "%s", strings.Trim(errStr, "\n"))
+ } else if strings.HasSuffix(match, "/current`") {
+ return errors.Wrapf(define.ErrGetSecurityAttribute, "%s", strings.Trim(errStr, "\n"))
+ }
+ return errors.Wrapf(define.ErrSecurityAttribute, "%s", strings.Trim(errStr, "\n"))
+ }
return errors.Wrapf(define.ErrOCIRuntime, "%s", strings.Trim(runtimeMsg, "\n"))
}