diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/container_inspect.go | 2 | ||||
-rw-r--r-- | libpod/define/container_inspect.go | 9 | ||||
-rw-r--r-- | libpod/define/errors.go | 13 | ||||
-rw-r--r-- | libpod/driver/driver.go | 37 | ||||
-rw-r--r-- | libpod/image/image.go | 3 | ||||
-rw-r--r-- | libpod/oci_util.go | 12 |
6 files changed, 42 insertions, 34 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 51474471b..870d92ca9 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -49,7 +49,7 @@ func (c *Container) Inspect(size bool) (*define.InspectContainerData, error) { return c.inspectLocked(size) } -func (c *Container) getContainerInspectData(size bool, driverData *driver.Data) (*define.InspectContainerData, error) { +func (c *Container) getContainerInspectData(size bool, driverData *define.DriverData) (*define.InspectContainerData, error) { config := c.config runtimeInfo := c.state ctrSpec, err := c.specFromState() diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index c61f7c159..9a93e2ffd 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -4,7 +4,6 @@ import ( "time" "github.com/containers/image/v5/manifest" - "github.com/containers/podman/v2/libpod/driver" ) // InspectContainerConfig holds further data about how a container was initially @@ -635,7 +634,7 @@ type InspectContainerData struct { EffectiveCaps []string `json:"EffectiveCaps"` BoundingCaps []string `json:"BoundingCaps"` ExecIDs []string `json:"ExecIDs"` - GraphDriver *driver.Data `json:"GraphDriver"` + GraphDriver *DriverData `json:"GraphDriver"` SizeRw *int64 `json:"SizeRw,omitempty"` SizeRootFs int64 `json:"SizeRootFs,omitempty"` Mounts []InspectMount `json:"Mounts"` @@ -700,3 +699,9 @@ type InspectExecProcess struct { // User is the user the exec session was started as. User string `json:"user"` } + +// DriverData handles the data for a storage driver +type DriverData struct { + Name string `json:"Name"` + Data map[string]string `json:"Data"` +} diff --git a/libpod/define/errors.go b/libpod/define/errors.go index b96d36429..568f8e88d 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -2,6 +2,7 @@ package define import ( "errors" + "fmt" ) var ( @@ -181,4 +182,16 @@ var ( // ErrNoNetwork indicates that a container has no net namespace, like network=none ErrNoNetwork = errors.New("container has no network namespace") + + // ErrSetSecurityAttribute indicates that a request to set a container's security attribute + // was not possible. + ErrSetSecurityAttribute = fmt.Errorf("%w: unable to assign security attribute", ErrOCIRuntime) + + // ErrGetSecurityAttribute indicates that a request to get a container's security attribute + // was not possible. + ErrGetSecurityAttribute = fmt.Errorf("%w: unable to get security attribute", ErrOCIRuntime) + + // ErrSecurityAttribute indicates that an error processing security attributes + // for the container + ErrSecurityAttribute = fmt.Errorf("%w: unable to process security attribute", ErrOCIRuntime) ) diff --git a/libpod/driver/driver.go b/libpod/driver/driver.go index 85eda5a21..de71c1f6e 100644 --- a/libpod/driver/driver.go +++ b/libpod/driver/driver.go @@ -1,40 +1,17 @@ package driver import ( - cstorage "github.com/containers/storage" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/storage" ) -// Data handles the data for a storage driver -type Data struct { - Name string `json:"Name"` - Data map[string]string `json:"Data"` -} - -// GetDriverName returns the name of the driver for the given store -func GetDriverName(store cstorage.Store) (string, error) { - driver, err := store.GraphDriver() - if err != nil { - return "", err - } - return driver.String(), nil -} - -// GetDriverMetadata returns the metadata regarding the driver for the layer in the given store -func GetDriverMetadata(store cstorage.Store, layerID string) (map[string]string, error) { +// GetDriverData returns information on a given store's running graph driver. +func GetDriverData(store storage.Store, layerID string) (*define.DriverData, error) { driver, err := store.GraphDriver() if err != nil { return nil, err } - return driver.Metadata(layerID) -} - -// GetDriverData returns the Data struct with information of the driver used by the store -func GetDriverData(store cstorage.Store, layerID string) (*Data, error) { - name, err := GetDriverName(store) - if err != nil { - return nil, err - } - metaData, err := GetDriverMetadata(store, layerID) + metaData, err := driver.Metadata(layerID) if err != nil { return nil, err } @@ -42,8 +19,8 @@ func GetDriverData(store cstorage.Store, layerID string) (*Data, error) { delete(metaData, "MergedDir") } - return &Data{ - Name: name, + return &define.DriverData{ + Name: driver.String(), Data: metaData, }, nil } diff --git a/libpod/image/image.go b/libpod/image/image.go index 39d740b7a..d732aecfe 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -29,6 +29,7 @@ import ( "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/libpod/driver" "github.com/containers/podman/v2/libpod/events" "github.com/containers/podman/v2/pkg/inspect" @@ -970,7 +971,7 @@ func (i *Image) toImageRef(ctx context.Context) (types.Image, error) { } // DriverData gets the driver data from the store on a layer -func (i *Image) DriverData() (*driver.Data, error) { +func (i *Image) DriverData() (*define.DriverData, error) { return driver.GetDriverData(i.imageruntime.store, i.TopLayer()) } diff --git a/libpod/oci_util.go b/libpod/oci_util.go index 2ba85c4b3..d40cf13bd 100644 --- a/libpod/oci_util.go +++ b/libpod/oci_util.go @@ -126,5 +126,17 @@ func getOCIRuntimeError(runtimeMsg string) error { } return errors.Wrapf(define.ErrOCIRuntimeNotFound, "%s", strings.Trim(errStr, "\n")) } + if match := regexp.MustCompile("`/proc/[a-z0-9-].+/attr.*`").FindString(runtimeMsg); match != "" { + errStr := match + if includeFullOutput { + errStr = runtimeMsg + } + if strings.HasSuffix(match, "/exec`") { + return errors.Wrapf(define.ErrSetSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } else if strings.HasSuffix(match, "/current`") { + return errors.Wrapf(define.ErrGetSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } + return errors.Wrapf(define.ErrSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } return errors.Wrapf(define.ErrOCIRuntime, "%s", strings.Trim(runtimeMsg, "\n")) } |