diff options
Diffstat (limited to 'libpod')
95 files changed, 839 insertions, 473 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go index 38881d3e4..e98a6e907 100644 --- a/libpod/boltdb_state.go +++ b/libpod/boltdb_state.go @@ -6,7 +6,7 @@ import ( "strings" "sync" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" jsoniter "github.com/json-iterator/go" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index 5b339e7c2..ddbd40da8 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -6,8 +6,8 @@ import ( "runtime" "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/boltdb_state_linux.go b/libpod/boltdb_state_linux.go index 4fe0a3eaa..e39b151f7 100644 --- a/libpod/boltdb_state_linux.go +++ b/libpod/boltdb_state_linux.go @@ -3,7 +3,7 @@ package libpod import ( - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/common_test.go b/libpod/common_test.go index dff04af5c..4eeb5c317 100644 --- a/libpod/common_test.go +++ b/libpod/common_test.go @@ -8,8 +8,8 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/lock" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/opencontainers/runtime-tools/generate" "github.com/stretchr/testify/assert" @@ -19,33 +19,41 @@ import ( func getTestContainer(id, name string, manager lock.Manager) (*Container, error) { ctr := &Container{ config: &ContainerConfig{ - ID: id, - Name: name, - RootfsImageID: id, - RootfsImageName: "testimg", - StaticDir: "/does/not/exist/", - LogPath: "/does/not/exist/", - Stdin: true, - Labels: map[string]string{"a": "b", "c": "d"}, - StopSignal: 0, - StopTimeout: 0, - CreatedTime: time.Now(), - Privileged: true, - Mounts: []string{"/does/not/exist"}, - DNSServer: []net.IP{net.ParseIP("192.168.1.1"), net.ParseIP("192.168.2.2")}, - DNSSearch: []string{"example.com", "example.example.com"}, - PortMappings: []ocicni.PortMapping{ - { - HostPort: 80, - ContainerPort: 90, - Protocol: "tcp", - HostIP: "192.168.3.3", - }, - { - HostPort: 100, - ContainerPort: 110, - Protocol: "udp", - HostIP: "192.168.4.4", + ID: id, + Name: name, + ContainerRootFSConfig: ContainerRootFSConfig{ + RootfsImageID: id, + RootfsImageName: "testimg", + StaticDir: "/does/not/exist/", + Mounts: []string{"/does/not/exist"}, + }, + ContainerMiscConfig: ContainerMiscConfig{ + LogPath: "/does/not/exist/", + Stdin: true, + Labels: map[string]string{"a": "b", "c": "d"}, + StopSignal: 0, + StopTimeout: 0, + CreatedTime: time.Now(), + }, + ContainerSecurityConfig: ContainerSecurityConfig{ + Privileged: true, + }, + ContainerNetworkConfig: ContainerNetworkConfig{ + DNSServer: []net.IP{net.ParseIP("192.168.1.1"), net.ParseIP("192.168.2.2")}, + DNSSearch: []string{"example.com", "example.example.com"}, + PortMappings: []ocicni.PortMapping{ + { + HostPort: 80, + ContainerPort: 90, + Protocol: "tcp", + HostIP: "192.168.3.3", + }, + { + HostPort: 100, + ContainerPort: 110, + Protocol: "udp", + HostIP: "192.168.4.4", + }, }, }, }, diff --git a/libpod/container.go b/libpod/container.go index f7abfb005..9b4ccbd5f 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -13,11 +13,10 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/lock" - "github.com/containers/libpod/v2/pkg/namespaces" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/lock" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/utils" "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -215,226 +214,6 @@ type ContainerState struct { containerPlatformState } -// ContainerConfig contains all information that was used to create the -// container. It may not be changed once created. -// It is stored, read-only, on disk -type ContainerConfig struct { - Spec *spec.Spec `json:"spec"` - ID string `json:"id"` - Name string `json:"name"` - // Full ID of the pood the container belongs to - Pod string `json:"pod,omitempty"` - // Namespace the container is in - Namespace string `json:"namespace,omitempty"` - // ID of this container's lock - LockID uint32 `json:"lockID"` - - // CreateCommand is the full command plus arguments of the process the - // container has been created with. - CreateCommand []string `json:"CreateCommand,omitempty"` - - // RawImageName is the raw and unprocessed name of the image when creating - // the container (as specified by the user). May or may not be set. One - // use case to store this data are auto-updates where we need the _exact_ - // name and not some normalized instance of it. - RawImageName string `json:"RawImageName,omitempty"` - - // TODO consider breaking these subsections up into smaller structs - - // UID/GID mappings used by the storage - IDMappings storage.IDMappingOptions `json:"idMappingsOptions,omitempty"` - - // Information on the image used for the root filesystem - RootfsImageID string `json:"rootfsImageID,omitempty"` - RootfsImageName string `json:"rootfsImageName,omitempty"` - // Rootfs to use for the container, this conflicts with RootfsImageID - Rootfs string `json:"rootfs,omitempty"` - // Src path to be mounted on /dev/shm in container. - ShmDir string `json:"ShmDir,omitempty"` - // Size of the container's SHM. - ShmSize int64 `json:"shmSize"` - // Static directory for container content that will persist across - // reboot. - StaticDir string `json:"staticDir"` - // Mounts list contains all additional mounts into the container rootfs. - // These include the SHM mount. - // These must be unmounted before the container's rootfs is unmounted. - Mounts []string `json:"mounts,omitempty"` - // NamedVolumes lists the named volumes to mount into the container. - NamedVolumes []*ContainerNamedVolume `json:"namedVolumes,omitempty"` - - // Security Config - - // Whether the container is privileged - Privileged bool `json:"privileged"` - // SELinux process label for container - ProcessLabel string `json:"ProcessLabel,omitempty"` - // SELinux mount label for root filesystem - MountLabel string `json:"MountLabel,omitempty"` - // LabelOpts are options passed in by the user to setup SELinux labels - LabelOpts []string `json:"labelopts,omitempty"` - // User and group to use in the container - // Can be specified by name or UID/GID - User string `json:"user,omitempty"` - // Additional groups to add - Groups []string `json:"groups,omitempty"` - // AddCurrentUserPasswdEntry indicates that the current user passwd entry - // should be added to the /etc/passwd within the container - AddCurrentUserPasswdEntry bool `json:"addCurrentUserPasswdEntry,omitempty"` - - // Namespace Config - // IDs of container to share namespaces with - // NetNsCtr conflicts with the CreateNetNS bool - // These containers are considered dependencies of the given container - // They must be started before the given container is started - IPCNsCtr string `json:"ipcNsCtr,omitempty"` - MountNsCtr string `json:"mountNsCtr,omitempty"` - NetNsCtr string `json:"netNsCtr,omitempty"` - PIDNsCtr string `json:"pidNsCtr,omitempty"` - UserNsCtr string `json:"userNsCtr,omitempty"` - UTSNsCtr string `json:"utsNsCtr,omitempty"` - CgroupNsCtr string `json:"cgroupNsCtr,omitempty"` - - // IDs of dependency containers. - // These containers must be started before this container is started. - Dependencies []string - - // Network Config - - // CreateNetNS indicates that libpod should create and configure a new - // network namespace for the container. - // This cannot be set if NetNsCtr is also set. - CreateNetNS bool `json:"createNetNS"` - // StaticIP is a static IP to request for the container. - // This cannot be set unless CreateNetNS is set. - // If not set, the container will be dynamically assigned an IP by CNI. - StaticIP net.IP `json:"staticIP"` - // StaticMAC is a static MAC to request for the container. - // This cannot be set unless CreateNetNS is set. - // If not set, the container will be dynamically assigned a MAC by CNI. - StaticMAC net.HardwareAddr `json:"staticMAC"` - // PortMappings are the ports forwarded to the container's network - // namespace - // These are not used unless CreateNetNS is true - PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"` - // UseImageResolvConf indicates that resolv.conf should not be - // bind-mounted inside the container. - // Conflicts with DNSServer, DNSSearch, DNSOption. - UseImageResolvConf bool - // DNS servers to use in container resolv.conf - // Will override servers in host resolv if set - DNSServer []net.IP `json:"dnsServer,omitempty"` - // DNS Search domains to use in container resolv.conf - // Will override search domains in host resolv if set - DNSSearch []string `json:"dnsSearch,omitempty"` - // DNS options to be set in container resolv.conf - // With override options in host resolv if set - DNSOption []string `json:"dnsOption,omitempty"` - // UseImageHosts indicates that /etc/hosts should not be - // bind-mounted inside the container. - // Conflicts with HostAdd. - UseImageHosts bool - // Hosts to add in container - // Will be appended to host's host file - HostAdd []string `json:"hostsAdd,omitempty"` - // Network names (CNI) to add container to. Empty to use default network. - Networks []string `json:"networks,omitempty"` - // Network mode specified for the default network. - NetMode namespaces.NetworkMode `json:"networkMode,omitempty"` - - // Image Config - - // UserVolumes contains user-added volume mounts in the container. - // These will not be added to the container's spec, as it is assumed - // they are already present in the spec given to Libpod. Instead, it is - // used when committing containers to generate the VOLUMES field of the - // image that is created, and for triggering some OCI hooks which do not - // fire unless user-added volume mounts are present. - UserVolumes []string `json:"userVolumes,omitempty"` - // Entrypoint is the container's entrypoint. - // It is not used in spec generation, but will be used when the - // container is committed to populate the entrypoint of the new image. - Entrypoint []string `json:"entrypoint,omitempty"` - // Command is the container's command. - // It is not used in spec generation, but will be used when the - // container is committed to populate the command of the new image. - Command []string `json:"command,omitempty"` - - // Misc Options - - // Whether to keep container STDIN open - Stdin bool `json:"stdin,omitempty"` - // Labels is a set of key-value pairs providing additional information - // about a container - Labels map[string]string `json:"labels,omitempty"` - // StopSignal is the signal that will be used to stop the container - StopSignal uint `json:"stopSignal,omitempty"` - // StopTimeout is the signal that will be used to stop the container - StopTimeout uint `json:"stopTimeout,omitempty"` - // Time container was created - CreatedTime time.Time `json:"createdTime"` - // NoCgroups indicates that the container will not create CGroups. It is - // incompatible with CgroupParent. Deprecated in favor of CgroupsMode. - NoCgroups bool `json:"noCgroups,omitempty"` - // CgroupsMode indicates how the container will create cgroups - // (disabled, no-conmon, enabled). It supersedes NoCgroups. - CgroupsMode string `json:"cgroupsMode,omitempty"` - // Cgroup parent of the container - CgroupParent string `json:"cgroupParent"` - // LogPath log location - LogPath string `json:"logPath"` - // LogTag is the tag used for logging - LogTag string `json:"logTag"` - // LogDriver driver for logs - LogDriver string `json:"logDriver"` - // File containing the conmon PID - ConmonPidFile string `json:"conmonPidFile,omitempty"` - // RestartPolicy indicates what action the container will take upon - // exiting naturally. - // Allowed options are "no" (take no action), "on-failure" (restart on - // non-zero exit code, up an a maximum of RestartRetries times), - // and "always" (always restart the container on any exit code). - // The empty string is treated as the default ("no") - RestartPolicy string `json:"restart_policy,omitempty"` - // RestartRetries indicates the number of attempts that will be made to - // restart the container. Used only if RestartPolicy is set to - // "on-failure". - RestartRetries uint `json:"restart_retries,omitempty"` - // TODO log options for log drivers - - // PostConfigureNetNS needed when a user namespace is created by an OCI runtime - // if the network namespace is created before the user namespace it will be - // owned by the wrong user namespace. - PostConfigureNetNS bool `json:"postConfigureNetNS"` - - // OCIRuntime used to create the container - OCIRuntime string `json:"runtime,omitempty"` - - // ExitCommand is the container's exit command. - // This Command will be executed when the container exits - ExitCommand []string `json:"exitCommand,omitempty"` - // IsInfra is a bool indicating whether this container is an infra container used for - // sharing kernel namespaces in a pod - IsInfra bool `json:"pause"` - - // SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed - SdNotifyMode string `json:"sdnotifyMode,omitempty"` - // Systemd tells libpod to setup the container in systemd mode - Systemd bool `json:"systemd"` - - // HealthCheckConfig has the health check command and related timings - HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"` - - // PreserveFDs is a number of additional file descriptors (in addition - // to 0, 1, 2) that will be passed to the executed process. The total FDs - // passed will be 3 + PreserveFDs. - PreserveFDs uint `json:"preserveFds,omitempty"` - - // Timezone is the timezone inside the container. - // Local means it has the same timezone as the host machine - Timezone string `json:"timezone,omitempty"` -} - // ContainerNamedVolume is a named volume that will be mounted into the // container. Each named volume is a libpod Volume present in the state. type ContainerNamedVolume struct { @@ -447,6 +226,15 @@ type ContainerNamedVolume struct { Options []string `json:"options,omitempty"` } +// ContainerOverlayVolume is a overlay volume that will be mounted into the +// container. Each volume is a libpod Volume present in the state. +type ContainerOverlayVolume struct { + // Destination is the absolute path where the mount will be placed in the container. + Dest string `json:"dest"` + // Source specifies the source path of the mount. + Source string `json:"source,omitempty"` +} + // Config accessors // Unlocked @@ -1261,7 +1049,13 @@ func (c *Container) AutoRemove() bool { return c.Spec().Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue } +// Timezone returns the timezone configured inside the container. +// Local means it has the same timezone as the host machine func (c *Container) Timezone() string { return c.config.Timezone +} +// Umask returns the Umask bits configured inside the container. +func (c *Container) Umask() string { + return c.config.Umask } diff --git a/libpod/container_api.go b/libpod/container_api.go index 487f75e67..c44e89042 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -10,9 +10,9 @@ import ( "sync" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/libpod/logs" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/libpod/logs" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/container_commit.go b/libpod/container_commit.go index e35ae1148..3386a17bd 100644 --- a/libpod/container_commit.go +++ b/libpod/container_commit.go @@ -9,10 +9,10 @@ import ( "github.com/containers/buildah/util" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/libpod/image" - libpodutil "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/libpod/image" + libpodutil "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/container_config.go b/libpod/container_config.go new file mode 100644 index 000000000..301b867fc --- /dev/null +++ b/libpod/container_config.go @@ -0,0 +1,256 @@ +package libpod + +import ( + "net" + "time" + + "github.com/containers/image/v5/manifest" + "github.com/containers/podman/v2/pkg/namespaces" + "github.com/containers/storage" + "github.com/cri-o/ocicni/pkg/ocicni" + spec "github.com/opencontainers/runtime-spec/specs-go" +) + +// ContainerConfig contains all information that was used to create the +// container. It may not be changed once created. +// It is stored, read-only, on disk +type ContainerConfig struct { + Spec *spec.Spec `json:"spec"` + + ID string `json:"id"` + + Name string `json:"name"` + + // Full ID of the pood the container belongs to + Pod string `json:"pod,omitempty"` + + // Namespace the container is in + Namespace string `json:"namespace,omitempty"` + + // ID of this container's lock + LockID uint32 `json:"lockID"` + + // CreateCommand is the full command plus arguments of the process the + // container has been created with. + CreateCommand []string `json:"CreateCommand,omitempty"` + + // RawImageName is the raw and unprocessed name of the image when creating + // the container (as specified by the user). May or may not be set. One + // use case to store this data are auto-updates where we need the _exact_ + // name and not some normalized instance of it. + RawImageName string `json:"RawImageName,omitempty"` + + // UID/GID mappings used by the storage + IDMappings storage.IDMappingOptions `json:"idMappingsOptions,omitempty"` + + // IDs of dependency containers. + // These containers must be started before this container is started. + Dependencies []string + + // embedded sub-configs + ContainerRootFSConfig + ContainerSecurityConfig + ContainerNameSpaceConfig + ContainerNetworkConfig + ContainerImageConfig + ContainerMiscConfig +} + +// ContainerRootFSConfig is an embedded sub-config providing config info +// about the container's root fs. +type ContainerRootFSConfig struct { + RootfsImageID string `json:"rootfsImageID,omitempty"` + RootfsImageName string `json:"rootfsImageName,omitempty"` + // Rootfs to use for the container, this conflicts with RootfsImageID + Rootfs string `json:"rootfs,omitempty"` + // Src path to be mounted on /dev/shm in container. + ShmDir string `json:"ShmDir,omitempty"` + // Size of the container's SHM. + ShmSize int64 `json:"shmSize"` + // Static directory for container content that will persist across + // reboot. + StaticDir string `json:"staticDir"` + // Mounts list contains all additional mounts into the container rootfs. + // These include the SHM mount. + // These must be unmounted before the container's rootfs is unmounted. + Mounts []string `json:"mounts,omitempty"` + // NamedVolumes lists the named volumes to mount into the container. + NamedVolumes []*ContainerNamedVolume `json:"namedVolumes,omitempty"` + // OverlayVolumes lists the overlay volumes to mount into the container. + OverlayVolumes []*ContainerOverlayVolume `json:"overlayVolumes,omitempty"` +} + +// ContainerSecurityConfig is an embedded sub-config providing security configuration +// to the container. +type ContainerSecurityConfig struct { + // Whether the container is privileged + Privileged bool `json:"privileged"` + // SELinux process label for container + ProcessLabel string `json:"ProcessLabel,omitempty"` + // SELinux mount label for root filesystem + MountLabel string `json:"MountLabel,omitempty"` + // LabelOpts are options passed in by the user to setup SELinux labels + LabelOpts []string `json:"labelopts,omitempty"` + // User and group to use in the container + // Can be specified by name or UID/GID + User string `json:"user,omitempty"` + // Additional groups to add + Groups []string `json:"groups,omitempty"` + // AddCurrentUserPasswdEntry indicates that the current user passwd entry + // should be added to the /etc/passwd within the container + AddCurrentUserPasswdEntry bool `json:"addCurrentUserPasswdEntry,omitempty"` +} + +// ContainerNameSpaceConfig is an embedded sub-config providing +// namespace configuration to the container. +type ContainerNameSpaceConfig struct { + // IDs of container to share namespaces with + // NetNsCtr conflicts with the CreateNetNS bool + // These containers are considered dependencies of the given container + // They must be started before the given container is started + IPCNsCtr string `json:"ipcNsCtr,omitempty"` + MountNsCtr string `json:"mountNsCtr,omitempty"` + NetNsCtr string `json:"netNsCtr,omitempty"` + PIDNsCtr string `json:"pidNsCtr,omitempty"` + UserNsCtr string `json:"userNsCtr,omitempty"` + UTSNsCtr string `json:"utsNsCtr,omitempty"` + CgroupNsCtr string `json:"cgroupNsCtr,omitempty"` +} + +// ContainerNetworkConfig is an embedded sub-config providing network configuration +// to the container. +type ContainerNetworkConfig struct { + // CreateNetNS indicates that libpod should create and configure a new + // network namespace for the container. + // This cannot be set if NetNsCtr is also set. + CreateNetNS bool `json:"createNetNS"` + // StaticIP is a static IP to request for the container. + // This cannot be set unless CreateNetNS is set. + // If not set, the container will be dynamically assigned an IP by CNI. + StaticIP net.IP `json:"staticIP"` + // StaticMAC is a static MAC to request for the container. + // This cannot be set unless CreateNetNS is set. + // If not set, the container will be dynamically assigned a MAC by CNI. + StaticMAC net.HardwareAddr `json:"staticMAC"` + // PortMappings are the ports forwarded to the container's network + // namespace + // These are not used unless CreateNetNS is true + PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"` + // UseImageResolvConf indicates that resolv.conf should not be + // bind-mounted inside the container. + // Conflicts with DNSServer, DNSSearch, DNSOption. + UseImageResolvConf bool + // DNS servers to use in container resolv.conf + // Will override servers in host resolv if set + DNSServer []net.IP `json:"dnsServer,omitempty"` + // DNS Search domains to use in container resolv.conf + // Will override search domains in host resolv if set + DNSSearch []string `json:"dnsSearch,omitempty"` + // DNS options to be set in container resolv.conf + // With override options in host resolv if set + DNSOption []string `json:"dnsOption,omitempty"` + // UseImageHosts indicates that /etc/hosts should not be + // bind-mounted inside the container. + // Conflicts with HostAdd. + UseImageHosts bool + // Hosts to add in container + // Will be appended to host's host file + HostAdd []string `json:"hostsAdd,omitempty"` + // Network names (CNI) to add container to. Empty to use default network. + Networks []string `json:"networks,omitempty"` + // Network mode specified for the default network. + NetMode namespaces.NetworkMode `json:"networkMode,omitempty"` + // NetworkOptions are additional options for each network + NetworkOptions map[string][]string `json:"network_options,omitempty"` +} + +// ContainerImageConfig is an embedded sub-config providing image configuration +// to the container. +type ContainerImageConfig struct { + // UserVolumes contains user-added volume mounts in the container. + // These will not be added to the container's spec, as it is assumed + // they are already present in the spec given to Libpod. Instead, it is + // used when committing containers to generate the VOLUMES field of the + // image that is created, and for triggering some OCI hooks which do not + // fire unless user-added volume mounts are present. + UserVolumes []string `json:"userVolumes,omitempty"` + // Entrypoint is the container's entrypoint. + // It is not used in spec generation, but will be used when the + // container is committed to populate the entrypoint of the new image. + Entrypoint []string `json:"entrypoint,omitempty"` + // Command is the container's command. + // It is not used in spec generation, but will be used when the + // container is committed to populate the command of the new image. + Command []string `json:"command,omitempty"` +} + +// ContainerMiscConfig is an embedded sub-config providing misc configuration +// to the container. +type ContainerMiscConfig struct { + // Whether to keep container STDIN open + Stdin bool `json:"stdin,omitempty"` + // Labels is a set of key-value pairs providing additional information + // about a container + Labels map[string]string `json:"labels,omitempty"` + // StopSignal is the signal that will be used to stop the container + StopSignal uint `json:"stopSignal,omitempty"` + // StopTimeout is the signal that will be used to stop the container + StopTimeout uint `json:"stopTimeout,omitempty"` + // Time container was created + CreatedTime time.Time `json:"createdTime"` + // NoCgroups indicates that the container will not create CGroups. It is + // incompatible with CgroupParent. Deprecated in favor of CgroupsMode. + NoCgroups bool `json:"noCgroups,omitempty"` + // CgroupsMode indicates how the container will create cgroups + // (disabled, no-conmon, enabled). It supersedes NoCgroups. + CgroupsMode string `json:"cgroupsMode,omitempty"` + // Cgroup parent of the container + CgroupParent string `json:"cgroupParent"` + // LogPath log location + LogPath string `json:"logPath"` + // LogTag is the tag used for logging + LogTag string `json:"logTag"` + // LogDriver driver for logs + LogDriver string `json:"logDriver"` + // File containing the conmon PID + ConmonPidFile string `json:"conmonPidFile,omitempty"` + // RestartPolicy indicates what action the container will take upon + // exiting naturally. + // Allowed options are "no" (take no action), "on-failure" (restart on + // non-zero exit code, up an a maximum of RestartRetries times), + // and "always" (always restart the container on any exit code). + // The empty string is treated as the default ("no") + RestartPolicy string `json:"restart_policy,omitempty"` + // RestartRetries indicates the number of attempts that will be made to + // restart the container. Used only if RestartPolicy is set to + // "on-failure". + RestartRetries uint `json:"restart_retries,omitempty"` + // TODO log options for log drivers + // PostConfigureNetNS needed when a user namespace is created by an OCI runtime + // if the network namespace is created before the user namespace it will be + // owned by the wrong user namespace. + PostConfigureNetNS bool `json:"postConfigureNetNS"` + // OCIRuntime used to create the container + OCIRuntime string `json:"runtime,omitempty"` + // ExitCommand is the container's exit command. + // This Command will be executed when the container exits + ExitCommand []string `json:"exitCommand,omitempty"` + // IsInfra is a bool indicating whether this container is an infra container used for + // sharing kernel namespaces in a pod + IsInfra bool `json:"pause"` + // SdNotifyMode tells libpod what to do with a NOTIFY_SOCKET if passed + SdNotifyMode string `json:"sdnotifyMode,omitempty"` + // Systemd tells libpod to setup the container in systemd mode + Systemd bool `json:"systemd"` + // HealthCheckConfig has the health check command and related timings + HealthCheckConfig *manifest.Schema2HealthConfig `json:"healthcheck"` + // PreserveFDs is a number of additional file descriptors (in addition + // to 0, 1, 2) that will be passed to the executed process. The total FDs + // passed will be 3 + PreserveFDs. + PreserveFDs uint `json:"preserveFds,omitempty"` + // Timezone is the timezone inside the container. + // Local means it has the same timezone as the host machine + Timezone string `json:"timezone,omitempty"` + // Umask is the umask inside the container. + Umask string `json:"umask,omitempty"` +} diff --git a/libpod/container_exec.go b/libpod/container_exec.go index bd04ee9b9..08e95e6dd 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -10,8 +10,8 @@ import ( "time" "github.com/containers/common/pkg/capabilities" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -729,10 +729,6 @@ func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resi return -1, err } - if exitCode != 0 { - return exitCode, errors.Wrapf(define.ErrOCIRuntime, "exec session exited with non-zero exit code %d", exitCode) - } - return exitCode, nil } diff --git a/libpod/container_graph.go b/libpod/container_graph.go index f38493b4e..39f6ed281 100644 --- a/libpod/container_graph.go +++ b/libpod/container_graph.go @@ -4,7 +4,7 @@ import ( "context" "strings" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/container_graph_test.go b/libpod/container_graph_test.go index 579b6eead..518f3e74b 100644 --- a/libpod/container_graph_test.go +++ b/libpod/container_graph_test.go @@ -3,7 +3,7 @@ package libpod import ( "testing" - "github.com/containers/libpod/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/lock" "github.com/stretchr/testify/assert" ) diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 680776dba..437729c2d 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -5,9 +5,9 @@ import ( "strings" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/driver" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/driver" + "github.com/containers/podman/v2/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/validate" @@ -325,6 +325,14 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp ctrConfig.Timezone = c.config.Timezone + // Pad Umask to 4 characters + if len(c.config.Umask) < 4 { + pad := strings.Repeat("0", 4-len(c.config.Umask)) + ctrConfig.Umask = pad + c.config.Umask + } else { + ctrConfig.Umask = c.config.Umask + } + return ctrConfig } diff --git a/libpod/container_internal.go b/libpod/container_internal.go index a79b9e5a8..a5208a0df 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -12,14 +12,14 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/ctime" - "github.com/containers/libpod/v2/pkg/hooks" - "github.com/containers/libpod/v2/pkg/hooks/exec" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/selinux" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/ctime" + "github.com/containers/podman/v2/pkg/hooks" + "github.com/containers/podman/v2/pkg/hooks/exec" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/selinux" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/idtools" @@ -1557,7 +1557,7 @@ func (c *Container) chownVolume(volumeName string) error { if err != nil { return err } - if err := os.Chown(path, uid, gid); err != nil { + if err := os.Lchown(path, uid, gid); err != nil { return err } return nil @@ -1588,6 +1588,12 @@ func (c *Container) cleanupStorage() error { } } + if err := c.cleanupOverlayMounts(); err != nil { + // If the container can't remove content report the error + logrus.Errorf("Failed to cleanup overlay mounts for %s: %v", c.ID(), err) + cleanupErr = err + } + if c.config.Rootfs != "" { return cleanupErr } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 574525315..4cfe992ea 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -20,19 +20,20 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" + "github.com/containers/buildah/pkg/overlay" "github.com/containers/buildah/pkg/secrets" "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/annotations" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/criu" - "github.com/containers/libpod/v2/pkg/lookup" - "github.com/containers/libpod/v2/pkg/resolvconf" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/annotations" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/criu" + "github.com/containers/podman/v2/pkg/lookup" + "github.com/containers/podman/v2/pkg/resolvconf" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" + "github.com/containers/podman/v2/utils" "github.com/containers/storage/pkg/archive" securejoin "github.com/cyphar/filepath-securejoin" User "github.com/opencontainers/runc/libcontainer/user" @@ -249,7 +250,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } // Apply AppArmor checks and load the default profile if needed. - if !c.config.Privileged { + if len(c.config.Spec.Process.ApparmorProfile) > 0 { updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) if err != nil { return nil, err @@ -319,6 +320,19 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } } + // Add overlay volumes + for _, overlayVol := range c.config.OverlayVolumes { + contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID()) + if err != nil { + return nil, errors.Wrapf(err, "failed to create TempDir in the %s directory", c.config.StaticDir) + } + overlayMount, err := overlay.Mount(contentDir, overlayVol.Source, overlayVol.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions()) + if err != nil { + return nil, errors.Wrapf(err, "creating overlay failed %q", overlayVol.Source) + } + g.AddMount(overlayMount) + } + hasHomeSet := false for _, s := range c.config.Spec.Process.Env { if strings.HasPrefix(s, "HOME=") { @@ -341,6 +355,14 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.SetProcessGID(uint32(execUser.Gid)) } + if c.config.Umask != "" { + decVal, err := strconv.ParseUint(c.config.Umask, 8, 32) + if err != nil { + return nil, errors.Wrapf(err, "Invalid Umask Value") + } + g.SetProcessUmask(uint32(decVal)) + } + // Add addition groups if c.config.GroupAdd is not empty if len(c.config.Groups) > 0 { gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides) @@ -1680,3 +1702,7 @@ func (c *Container) copyTimezoneFile(zonePath string) (string, error) { } return localtimeCopy, err } + +func (c *Container) cleanupOverlayMounts() error { + return overlay.CleanupContent(c.config.StaticDir) +} diff --git a/libpod/container_internal_linux_test.go b/libpod/container_internal_linux_test.go index 078cc53a7..41c22fb45 100644 --- a/libpod/container_internal_linux_test.go +++ b/libpod/container_internal_linux_test.go @@ -20,8 +20,10 @@ func TestGenerateUserPasswdEntry(t *testing.T) { c := Container{ config: &ContainerConfig{ - User: "123:456", Spec: &spec.Spec{}, + ContainerSecurityConfig: ContainerSecurityConfig{ + User: "123:456", + }, }, state: &ContainerState{ Mountpoint: "/does/not/exist/tmp/", diff --git a/libpod/container_internal_test.go b/libpod/container_internal_test.go index fdf7c2e20..2b50093b2 100644 --- a/libpod/container_internal_test.go +++ b/libpod/container_internal_test.go @@ -35,7 +35,9 @@ func TestPostDeleteHooks(t *testing.T) { "a": "b", }, }, - StaticDir: dir, // not the bundle, but good enough for this test + ContainerRootFSConfig: ContainerRootFSConfig{ + StaticDir: dir, // not the bundle, but good enough for this test + }, }, state: &ContainerState{ ExtensionStageHooks: map[string][]rspec.Hook{ diff --git a/libpod/container_internal_unsupported.go b/libpod/container_internal_unsupported.go index e6d94104c..c22e9a4a4 100644 --- a/libpod/container_internal_unsupported.go +++ b/libpod/container_internal_unsupported.go @@ -5,8 +5,8 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/lookup" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/lookup" spec "github.com/opencontainers/runtime-spec/specs-go" ) @@ -46,6 +46,10 @@ func (c *Container) getOCICgroupPath() (string, error) { return "", define.ErrNotImplemented } +func (c *Container) cleanupOverlayMounts() error { + return nil +} + func (c *Container) getUserOverrides() *lookup.Overrides { return nil } diff --git a/libpod/container_log.go b/libpod/container_log.go index 80f8e6e50..03cb09052 100644 --- a/libpod/container_log.go +++ b/libpod/container_log.go @@ -6,8 +6,8 @@ import ( "os" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/logs" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/logs" "github.com/hpcloud/tail/watch" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go index 00b2039a9..73c2df76e 100644 --- a/libpod/container_log_linux.go +++ b/libpod/container_log_linux.go @@ -11,7 +11,7 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/logs" + "github.com/containers/podman/v2/libpod/logs" journal "github.com/coreos/go-systemd/v22/sdjournal" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/container_log_unsupported.go b/libpod/container_log_unsupported.go index f3b36619e..4106b36e5 100644 --- a/libpod/container_log_unsupported.go +++ b/libpod/container_log_unsupported.go @@ -5,8 +5,8 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/logs" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/logs" "github.com/pkg/errors" ) diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go index 9a522e014..d6d4c6084 100644 --- a/libpod/container_top_linux.go +++ b/libpod/container_top_linux.go @@ -8,8 +8,8 @@ import ( "strconv" "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/psgo" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/container_top_unsupported.go b/libpod/container_top_unsupported.go index 9c0cf0c1c..f911837d2 100644 --- a/libpod/container_top_unsupported.go +++ b/libpod/container_top_unsupported.go @@ -2,7 +2,7 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" // Top gathers statistics about the running processes in a container. It returns a // []string for output diff --git a/libpod/container_validate.go b/libpod/container_validate.go index c02833359..d657e3549 100644 --- a/libpod/container_validate.go +++ b/libpod/container_validate.go @@ -1,8 +1,8 @@ package libpod import ( - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" ) @@ -99,5 +99,24 @@ func (c *Container) validate() error { return errors.Wrapf(define.ErrInvalidArg, "cannot add to /etc/hosts if using image's /etc/hosts") } + // Check named volume and overlay volumes destination conflits + destinations := make(map[string]bool) + for _, vol := range c.config.NamedVolumes { + // Don't check if they already exist. + // If they don't we will automatically create them. + if _, ok := destinations[vol.Dest]; ok { + return errors.Wrapf(define.ErrInvalidArg, "two volumes found with destination %s", vol.Dest) + } + destinations[vol.Dest] = true + } + for _, vol := range c.config.OverlayVolumes { + // Don't check if they already exist. + // If they don't we will automatically create them. + if _, ok := destinations[vol.Dest]; ok { + return errors.Wrapf(define.ErrInvalidArg, "two volumes found with destination %s", vol.Dest) + } + destinations[vol.Dest] = true + } + return nil } diff --git a/libpod/define/config.go b/libpod/define/config.go index c43601554..6c426f2ec 100644 --- a/libpod/define/config.go +++ b/libpod/define/config.go @@ -20,6 +20,8 @@ var ( NameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") // RegexError is thrown in presence of an invalid container/pod name. RegexError = errors.Wrapf(ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*") + // UmaskRegex is a regular expression to validate Umask. + UmaskRegex = regexp.MustCompile(`^[0-7]{1,4}$`) ) const ( @@ -82,3 +84,6 @@ const ( SdNotifyModeConmon = "conmon" SdNotifyModeIgnore = "ignore" ) + +// DefaultRlimitValue is the value set by default for nofile and nproc +const RLimitDefaultValue = uint64(1048576) diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index fbd9da3e7..8adf3c077 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -4,7 +4,7 @@ import ( "time" "github.com/containers/image/v5/manifest" - "github.com/containers/libpod/v2/libpod/driver" + "github.com/containers/podman/v2/libpod/driver" ) // InspectContainerConfig holds further data about how a container was initially @@ -61,6 +61,8 @@ type InspectContainerConfig struct { // systemd mode, the container configuration is customized to optimize // running systemd in the container. SystemdMode bool `json:"SystemdMode,omitempty"` + // Umask is the umask inside the container. + Umask string `json:"Umask,omitempty"` } // InspectRestartPolicy holds information about the container's restart policy. diff --git a/libpod/define/errors.go b/libpod/define/errors.go index 1e9179353..23d10f527 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -3,8 +3,8 @@ package define import ( "errors" - "github.com/containers/libpod/v2/libpod/image" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/image" + "github.com/containers/podman/v2/utils" ) var ( diff --git a/libpod/define/version.go b/libpod/define/version.go index da8f88bc1..daa5cf7b2 100644 --- a/libpod/define/version.go +++ b/libpod/define/version.go @@ -5,7 +5,7 @@ import ( "strconv" "time" - podmanVersion "github.com/containers/libpod/v2/version" + podmanVersion "github.com/containers/podman/v2/version" ) // Overwritten at build time diff --git a/libpod/diff.go b/libpod/diff.go index 25d29866b..5335d701c 100644 --- a/libpod/diff.go +++ b/libpod/diff.go @@ -3,7 +3,7 @@ package libpod import ( "io" - "github.com/containers/libpod/v2/libpod/layers" + "github.com/containers/podman/v2/libpod/layers" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" ) diff --git a/libpod/events.go b/libpod/events.go index 3cbde8c5e..b519fe324 100644 --- a/libpod/events.go +++ b/libpod/events.go @@ -5,7 +5,7 @@ import ( "fmt" "sync" - "github.com/containers/libpod/v2/libpod/events" + "github.com/containers/podman/v2/libpod/events" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/events/filters.go b/libpod/events/filters.go index 99feab79c..c50474007 100644 --- a/libpod/events/filters.go +++ b/libpod/events/filters.go @@ -4,7 +4,7 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" ) diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go index d341ca7b5..7c2a3e0f2 100644 --- a/libpod/events/journal_linux.go +++ b/libpod/events/journal_linux.go @@ -90,6 +90,13 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error { return err } for { + select { + case <-ctx.Done(): + // the consumer has cancelled + return nil + default: + // fallthrough + } if _, err := j.Next(); err != nil { return err } diff --git a/libpod/events/logfile.go b/libpod/events/logfile.go index 28d0dc07e..b70102450 100644 --- a/libpod/events/logfile.go +++ b/libpod/events/logfile.go @@ -63,6 +63,14 @@ func (e EventLogFile) Read(ctx context.Context, options ReadOptions) error { } }() for line := range t.Lines { + select { + case <-ctx.Done(): + // the consumer has cancelled + return nil + default: + // fallthrough + } + event, err := newEventFromJSONString(line.Text) if err != nil { return err diff --git a/libpod/filters/containers.go b/libpod/filters/containers.go index b13adb4f5..e38e024d2 100644 --- a/libpod/filters/containers.go +++ b/libpod/filters/containers.go @@ -6,10 +6,10 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/timetype" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/timetype" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" ) diff --git a/libpod/filters/pods.go b/libpod/filters/pods.go index 5fd67dc77..adce9784c 100644 --- a/libpod/filters/pods.go +++ b/libpod/filters/pods.go @@ -4,9 +4,9 @@ import ( "strconv" "strings" - "github.com/containers/libpod/v2/libpod" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" ) diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go index b04742974..bd55b852e 100644 --- a/libpod/healthcheck.go +++ b/libpod/healthcheck.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -92,7 +92,7 @@ func (c *Container) runHealthCheck() (define.HealthCheckStatus, error) { hcResult := define.HealthCheckSuccess config := new(ExecConfig) config.Command = newCommand - _, hcErr := c.Exec(config, streams, nil) + exitCode, hcErr := c.Exec(config, streams, nil) if hcErr != nil { errCause := errors.Cause(hcErr) hcResult = define.HealthCheckFailure @@ -104,6 +104,9 @@ func (c *Container) runHealthCheck() (define.HealthCheckStatus, error) { } else { returnCode = 125 } + } else if exitCode != 0 { + hcResult = define.HealthCheckFailure + returnCode = 1 } timeEnd := time.Now() if c.HealthCheckConfig().StartPeriod > 0 { diff --git a/libpod/healthcheck_linux.go b/libpod/healthcheck_linux.go index a671414c2..08f37d412 100644 --- a/libpod/healthcheck_linux.go +++ b/libpod/healthcheck_linux.go @@ -6,8 +6,8 @@ import ( "os/exec" "strings" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/systemd" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/systemd" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/healthcheck_unsupported.go b/libpod/healthcheck_unsupported.go index 28b1bc7da..67c952b40 100644 --- a/libpod/healthcheck_unsupported.go +++ b/libpod/healthcheck_unsupported.go @@ -2,7 +2,7 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" // createTimer systemd timers for healthchecks of a container func (c *Container) createTimer() error { diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go index a43a94896..c434f0259 100644 --- a/libpod/image/docker_registry_options.go +++ b/libpod/image/docker_registry_options.go @@ -6,7 +6,7 @@ import ( "github.com/containers/buildah/pkg/parse" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/types" - podmanVersion "github.com/containers/libpod/v2/version" + podmanVersion "github.com/containers/podman/v2/version" ) // DockerRegistryOptions encapsulates settings that affect how we connect or diff --git a/libpod/image/filters.go b/libpod/image/filters.go index 11d081ec3..9738a7d5e 100644 --- a/libpod/image/filters.go +++ b/libpod/image/filters.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/pkg/inspect" + "github.com/containers/podman/v2/pkg/inspect" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/image/image.go b/libpod/image/image.go index e2bd1ad5d..8b2aa318f 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -27,11 +27,11 @@ import ( "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/driver" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/inspect" - "github.com/containers/libpod/v2/pkg/registries" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/driver" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/inspect" + "github.com/containers/podman/v2/pkg/registries" + "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" digest "github.com/opencontainers/go-digest" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -1593,6 +1593,63 @@ func (i *Image) newImageEvent(status events.Status) { } } +// Mount mounts a image's filesystem on the host +// The path where the image has been mounted is returned +func (i *Image) Mount(options []string, mountLabel string) (string, error) { + defer i.newImageEvent(events.Mount) + return i.mount(options, mountLabel) +} + +// Unmount unmounts a image's filesystem on the host +func (i *Image) Unmount(force bool) error { + defer i.newImageEvent(events.Unmount) + return i.unmount(force) +} + +// Mounted returns whether the image is mounted and the path it is mounted +// at (if it is mounted). +// If the image is not mounted, no error is returned, and the mountpoint +// will be set to "". +func (i *Image) Mounted() (bool, string, error) { + mountedTimes, err := i.imageruntime.store.Mounted(i.TopLayer()) + if err != nil { + return false, "", err + } + + if mountedTimes > 0 { + layer, err := i.imageruntime.store.Layer(i.TopLayer()) + if err != nil { + return false, "", err + } + return true, layer.MountPoint, nil + } + + return false, "", nil +} + +// mount mounts the container's root filesystem +func (i *Image) mount(options []string, mountLabel string) (string, error) { + mountPoint, err := i.imageruntime.store.MountImage(i.ID(), options, mountLabel) + if err != nil { + return "", errors.Wrapf(err, "error mounting storage for image %s", i.ID()) + } + mountPoint, err = filepath.EvalSymlinks(mountPoint) + if err != nil { + return "", errors.Wrapf(err, "error resolving storage path for image %s", i.ID()) + } + return mountPoint, nil +} + +// unmount unmounts the image's root filesystem +func (i *Image) unmount(force bool) error { + // Also unmount storage + if _, err := i.imageruntime.store.UnmountImage(i.ID(), force); err != nil { + return errors.Wrapf(err, "error unmounting image %s root filesystem", i.ID()) + } + + return nil +} + // LayerInfo keeps information of single layer type LayerInfo struct { // Layer ID diff --git a/libpod/image/image_test.go b/libpod/image/image_test.go index 645f8d3f3..2704b8baf 100644 --- a/libpod/image/image_test.go +++ b/libpod/image/image_test.go @@ -7,8 +7,8 @@ import ( "os" "testing" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/reexec" "github.com/opencontainers/go-digest" diff --git a/libpod/image/prune.go b/libpod/image/prune.go index 5ad7a9a5e..8c9267650 100644 --- a/libpod/image/prune.go +++ b/libpod/image/prune.go @@ -5,8 +5,8 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/timetype" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/timetype" "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/image/pull.go b/libpod/image/pull.go index f0cde2012..d31f0dbdc 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -18,8 +18,8 @@ import ( "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/registries" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/registries" "github.com/hashicorp/go-multierror" "github.com/opentracing/opentracing-go" "github.com/pkg/errors" diff --git a/libpod/image/search.go b/libpod/image/search.go index ee1ff0312..6bcc6d3f8 100644 --- a/libpod/image/search.go +++ b/libpod/image/search.go @@ -8,7 +8,7 @@ import ( "github.com/containers/image/v5/docker" "github.com/containers/image/v5/types" - sysreg "github.com/containers/libpod/v2/pkg/registries" + sysreg "github.com/containers/podman/v2/pkg/registries" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sync/semaphore" diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index 794212bf0..2ac05e88d 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -3,8 +3,8 @@ package libpod import ( "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/registrar" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/registrar" "github.com/containers/storage/pkg/truncindex" "github.com/pkg/errors" ) diff --git a/libpod/info.go b/libpod/info.go index 68811b199..050d792bc 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -13,11 +13,11 @@ import ( "time" "github.com/containers/buildah" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/linkmode" - "github.com/containers/libpod/v2/pkg/cgroups" - registries2 "github.com/containers/libpod/v2/pkg/registries" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/linkmode" + "github.com/containers/podman/v2/pkg/cgroups" + registries2 "github.com/containers/podman/v2/pkg/registries" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/system" "github.com/pkg/errors" diff --git a/libpod/kube.go b/libpod/kube.go index 641faf4da..0068427a5 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -7,9 +7,9 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/lookup" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/lookup" + "github.com/containers/podman/v2/pkg/util" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" diff --git a/libpod/lock/file_lock_manager.go b/libpod/lock/file_lock_manager.go index adcc42d4e..68ec3986c 100644 --- a/libpod/lock/file_lock_manager.go +++ b/libpod/lock/file_lock_manager.go @@ -1,7 +1,7 @@ package lock import ( - "github.com/containers/libpod/v2/libpod/lock/file" + "github.com/containers/podman/v2/libpod/lock/file" ) // FileLockManager manages shared memory locks. diff --git a/libpod/lock/shm_lock_manager_linux.go b/libpod/lock/shm_lock_manager_linux.go index 38972effd..9581607b6 100644 --- a/libpod/lock/shm_lock_manager_linux.go +++ b/libpod/lock/shm_lock_manager_linux.go @@ -5,7 +5,7 @@ package lock import ( "syscall" - "github.com/containers/libpod/v2/libpod/lock/shm" + "github.com/containers/podman/v2/libpod/lock/shm" "github.com/pkg/errors" ) diff --git a/libpod/logs/log.go b/libpod/logs/log.go index 03acadb18..c2545e188 100644 --- a/libpod/logs/log.go +++ b/libpod/logs/log.go @@ -8,7 +8,7 @@ import ( "sync" "time" - "github.com/containers/libpod/v2/libpod/logs/reversereader" + "github.com/containers/podman/v2/libpod/logs/reversereader" "github.com/hpcloud/tail" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 1e79e8732..844748970 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -18,11 +18,11 @@ import ( cnitypes "github.com/containernetworking/cni/pkg/types/current" "github.com/containernetworking/plugins/pkg/ns" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/errorhandling" - "github.com/containers/libpod/v2/pkg/netns" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/rootlessport" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/errorhandling" + "github.com/containers/podman/v2/pkg/netns" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/rootlessport" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -173,6 +173,19 @@ type slirpFeatures struct { HasEnableSeccomp bool } +type slirp4netnsCmdArg struct { + Proto string `json:"proto,omitempty"` + HostAddr string `json:"host_addr"` + HostPort int32 `json:"host_port"` + GuestAddr string `json:"guest_addr"` + GuestPort int32 `json:"guest_port"` +} + +type slirp4netnsCmd struct { + Execute string `json:"execute"` + Args slirp4netnsCmdArg `json:"arguments"` +} + func checkSlirpFlags(path string) (*slirpFeatures, error) { cmd := exec.Command(path, "--help") out, err := cmd.CombinedOutput() @@ -210,12 +223,33 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { havePortMapping := len(ctr.Config().PortMappings) > 0 logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID)) + isSlirpHostForward := false + disableHostLoopback := true + if ctr.config.NetworkOptions != nil { + slirpOptions := ctr.config.NetworkOptions["slirp4netns"] + for _, o := range slirpOptions { + switch o { + case "port_handler=slirp4netns": + isSlirpHostForward = true + case "port_handler=rootlesskit": + isSlirpHostForward = false + case "allow_host_loopback=true": + disableHostLoopback = false + case "allow_host_loopback=false": + disableHostLoopback = true + default: + return errors.Errorf("unknown option for slirp4netns: %q", o) + + } + } + } + cmdArgs := []string{} slirpFeatures, err := checkSlirpFlags(path) if err != nil { return errors.Wrapf(err, "error checking slirp4netns binary %s: %q", path, err) } - if slirpFeatures.HasDisableHostLoopback { + if disableHostLoopback && slirpFeatures.HasDisableHostLoopback { cmdArgs = append(cmdArgs, "--disable-host-loopback") } if slirpFeatures.HasMTU { @@ -228,6 +262,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { cmdArgs = append(cmdArgs, "--enable-seccomp") } + var apiSocket string + if havePortMapping && isSlirpHostForward { + apiSocket = filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("%s.net", ctr.config.ID)) + cmdArgs = append(cmdArgs, "--api-socket", apiSocket) + } + // the slirp4netns arguments being passed are describes as follows: // from the slirp4netns documentation: https://github.com/rootless-containers/slirp4netns // -c, --configure Brings up the tap interface @@ -291,7 +331,11 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { } if havePortMapping { - return r.setupRootlessPortMapping(ctr, netnsPath) + if isSlirpHostForward { + return r.setupRootlessPortMappingViaSlirp(ctr, cmd, apiSocket) + } else { + return r.setupRootlessPortMappingViaRLK(ctr, netnsPath) + } } return nil } @@ -342,7 +386,7 @@ func waitForSync(syncR *os.File, cmd *exec.Cmd, logFile io.ReadSeeker, timeout t return nil } -func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) error { +func (r *Runtime) setupRootlessPortMappingViaRLK(ctr *Container, netnsPath string) error { syncR, syncW, err := os.Pipe() if err != nil { return errors.Wrapf(err, "failed to open pipe") @@ -419,6 +463,90 @@ func (r *Runtime) setupRootlessPortMapping(ctr *Container, netnsPath string) err return nil } +func (r *Runtime) setupRootlessPortMappingViaSlirp(ctr *Container, cmd *exec.Cmd, apiSocket string) (err error) { + const pidWaitTimeout = 60 * time.Second + chWait := make(chan error) + go func() { + interval := 25 * time.Millisecond + for i := time.Duration(0); i < pidWaitTimeout; i += interval { + // Check if the process is still running. + var status syscall.WaitStatus + pid, err := syscall.Wait4(cmd.Process.Pid, &status, syscall.WNOHANG, nil) + if err != nil { + break + } + if pid != cmd.Process.Pid { + continue + } + if status.Exited() || status.Signaled() { + chWait <- fmt.Errorf("slirp4netns exited with status %d", status.ExitStatus()) + } + time.Sleep(interval) + } + }() + defer close(chWait) + + // wait that API socket file appears before trying to use it. + if _, err := WaitForFile(apiSocket, chWait, pidWaitTimeout); err != nil { + return errors.Wrapf(err, "waiting for slirp4nets to create the api socket file %s", apiSocket) + } + + // for each port we want to add we need to open a connection to the slirp4netns control socket + // and send the add_hostfwd command. + for _, i := range ctr.config.PortMappings { + conn, err := net.Dial("unix", apiSocket) + if err != nil { + return errors.Wrapf(err, "cannot open connection to %s", apiSocket) + } + defer func() { + if err := conn.Close(); err != nil { + logrus.Errorf("unable to close connection: %q", err) + } + }() + hostIP := i.HostIP + if hostIP == "" { + hostIP = "0.0.0.0" + } + apiCmd := slirp4netnsCmd{ + Execute: "add_hostfwd", + Args: slirp4netnsCmdArg{ + Proto: i.Protocol, + HostAddr: hostIP, + HostPort: i.HostPort, + GuestPort: i.ContainerPort, + }, + } + // create the JSON payload and send it. Mark the end of request shutting down writes + // to the socket, as requested by slirp4netns. + data, err := json.Marshal(&apiCmd) + if err != nil { + return errors.Wrapf(err, "cannot marshal JSON for slirp4netns") + } + if _, err := conn.Write([]byte(fmt.Sprintf("%s\n", data))); err != nil { + return errors.Wrapf(err, "cannot write to control socket %s", apiSocket) + } + if err := conn.(*net.UnixConn).CloseWrite(); err != nil { + return errors.Wrapf(err, "cannot shutdown the socket %s", apiSocket) + } + buf := make([]byte, 2048) + readLength, err := conn.Read(buf) + if err != nil { + return errors.Wrapf(err, "cannot read from control socket %s", apiSocket) + } + // if there is no 'error' key in the received JSON data, then the operation was + // successful. + var y map[string]interface{} + if err := json.Unmarshal(buf[0:readLength], &y); err != nil { + return errors.Wrapf(err, "error parsing error status from slirp4netns") + } + if e, found := y["error"]; found { + return errors.Errorf("error from slirp4netns while setting up port redirection: %v", e) + } + } + logrus.Debug("slirp4netns port-forwarding setup via add_hostfwd is ready") + return nil +} + // Configure the network namespace using the container process func (r *Runtime) setupNetNS(ctr *Container) error { nsProcess := fmt.Sprintf("/proc/%d/ns/net", ctr.state.PID) diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go index 69f470ff7..dd72a3fd8 100644 --- a/libpod/networking_unsupported.go +++ b/libpod/networking_unsupported.go @@ -2,7 +2,7 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" func (r *Runtime) setupRootlessNetNS(ctr *Container) error { return define.ErrNotImplemented diff --git a/libpod/oci.go b/libpod/oci.go index c3bf74bba..89850affc 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -4,7 +4,7 @@ import ( "bufio" "net" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "k8s.io/client-go/tools/remotecommand" ) diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go index cfcb3f208..622c613d9 100644 --- a/libpod/oci_attach_linux.go +++ b/libpod/oci_attach_linux.go @@ -10,10 +10,10 @@ import ( "path/filepath" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/errorhandling" - "github.com/containers/libpod/v2/pkg/kubeutils" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/errorhandling" + "github.com/containers/podman/v2/pkg/kubeutils" + "github.com/containers/podman/v2/utils" "github.com/docker/docker/pkg/term" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/oci_attach_unsupported.go b/libpod/oci_attach_unsupported.go index 6d753296c..cd7c674b2 100644 --- a/libpod/oci_attach_unsupported.go +++ b/libpod/oci_attach_unsupported.go @@ -5,7 +5,7 @@ package libpod import ( "os" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "k8s.io/client-go/tools/remotecommand" ) diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index 4196bdcaf..f8d87759a 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -11,10 +11,10 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/errorhandling" - "github.com/containers/libpod/v2/pkg/util" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/errorhandling" + "github.com/containers/podman/v2/pkg/util" + "github.com/containers/podman/v2/utils" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index bd6af5281..e677ece31 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -21,13 +21,13 @@ import ( "github.com/containers/common/pkg/config" conmonConfig "github.com/containers/conmon/runner/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/errorhandling" - "github.com/containers/libpod/v2/pkg/lookup" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/errorhandling" + "github.com/containers/podman/v2/pkg/lookup" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" + "github.com/containers/podman/v2/utils" pmount "github.com/containers/storage/pkg/mount" "github.com/coreos/go-systemd/v22/activation" "github.com/coreos/go-systemd/v22/daemon" diff --git a/libpod/oci_conmon_unsupported.go b/libpod/oci_conmon_unsupported.go index cd6f0b92c..28d6ef12f 100644 --- a/libpod/oci_conmon_unsupported.go +++ b/libpod/oci_conmon_unsupported.go @@ -5,7 +5,7 @@ package libpod import ( "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" ) const ( diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go index 1b71bb154..83a6aaf90 100644 --- a/libpod/oci_missing.go +++ b/libpod/oci_missing.go @@ -7,7 +7,7 @@ import ( "path/filepath" "sync" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" "k8s.io/client-go/tools/remotecommand" diff --git a/libpod/oci_util.go b/libpod/oci_util.go index c9165d04b..2ba85c4b3 100644 --- a/libpod/oci_util.go +++ b/libpod/oci_util.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/options.go b/libpod/options.go index b3c11ebc1..b98ef2221 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -10,11 +10,11 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/namespaces" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/namespaces" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" "github.com/cri-o/ocicni/pkg/ocicni" @@ -1003,6 +1003,19 @@ func WithStaticIP(ip net.IP) CtrCreateOption { } } +// WithNetworkOptions sets additional options for the networks. +func WithNetworkOptions(options map[string][]string) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + + ctr.config.NetworkOptions = options + + return nil + } +} + // WithStaticMAC indicates that the container should request a static MAC from // the CNI plugins. // It cannot be set unless WithNetNS has already been passed. @@ -1367,17 +1380,7 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption { return define.ErrCtrFinalized } - destinations := make(map[string]bool) - for _, vol := range volumes { - // Don't check if they already exist. - // If they don't we will automatically create them. - - if _, ok := destinations[vol.Dest]; ok { - return errors.Wrapf(define.ErrInvalidArg, "two volumes found with destination %s", vol.Dest) - } - destinations[vol.Dest] = true - mountOpts, err := util.ProcessOptions(vol.Options, false, "") if err != nil { return errors.Wrapf(err, "error processing options for named volume %q mounted at %q", vol.Name, vol.Dest) @@ -1394,6 +1397,25 @@ func WithNamedVolumes(volumes []*ContainerNamedVolume) CtrCreateOption { } } +// WithOverlayVolumes adds the given overlay volumes to the container. +func WithOverlayVolumes(volumes []*ContainerOverlayVolume) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + + for _, vol := range volumes { + + ctr.config.OverlayVolumes = append(ctr.config.OverlayVolumes, &ContainerOverlayVolume{ + Dest: vol.Dest, + Source: vol.Source, + }) + } + + return nil + } +} + // WithHealthCheck adds the healthcheck to the container config func WithHealthCheck(healthCheck *manifest.Schema2HealthConfig) CtrCreateOption { return func(ctr *Container) error { @@ -1585,6 +1607,20 @@ func WithTimezone(path string) CtrCreateOption { } } +// WithUmask sets the umask in the container +func WithUmask(umask string) CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + if !define.UmaskRegex.MatchString(umask) { + return errors.Wrapf(define.ErrInvalidArg, "Invalid umask string %s", umask) + } + ctr.config.Umask = umask + return nil + } +} + // Pod Creation Options // WithPodName sets the name of the pod. diff --git a/libpod/pod.go b/libpod/pod.go index 00ba5d53c..76d50db4e 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -4,8 +4,8 @@ import ( "net" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/lock" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" ) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index f2ef81bec..4cb604683 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -3,10 +3,10 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/pod_internal.go b/libpod/pod_internal.go index 417cdfd86..b039ce83f 100644 --- a/libpod/pod_internal.go +++ b/libpod/pod_internal.go @@ -6,7 +6,7 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/pod_status.go b/libpod/pod_status.go index d6bd5f211..f4ccf308a 100644 --- a/libpod/pod_status.go +++ b/libpod/pod_status.go @@ -1,6 +1,6 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" // GetPodStatus determines the status of the pod based on the // statuses of the containers in the pod. diff --git a/libpod/pod_top_linux.go b/libpod/pod_top_linux.go index f8f7ea015..15ba02389 100644 --- a/libpod/pod_top_linux.go +++ b/libpod/pod_top_linux.go @@ -6,8 +6,8 @@ import ( "strconv" "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/psgo" ) diff --git a/libpod/pod_top_unsupported.go b/libpod/pod_top_unsupported.go index fb24ae865..fbe6f7331 100644 --- a/libpod/pod_top_unsupported.go +++ b/libpod/pod_top_unsupported.go @@ -2,7 +2,7 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" // GetPodPidInformation is exclusive to linux func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) { diff --git a/libpod/reset.go b/libpod/reset.go index 2f18cebee..cae4d3a04 100644 --- a/libpod/reset.go +++ b/libpod/reset.go @@ -5,9 +5,9 @@ import ( "os" "path/filepath" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/runtime.go b/libpod/runtime.go index 0075c0e13..3021ef3f4 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -12,13 +12,13 @@ import ( "github.com/containers/common/pkg/config" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/libpod/image" - "github.com/containers/libpod/v2/libpod/lock" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/libpod/image" + "github.com/containers/podman/v2/libpod/lock" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/pkg/namesgenerator" @@ -84,7 +84,7 @@ type Runtime struct { // SetXdgDirs ensures the XDG_RUNTIME_DIR env and XDG_CONFIG_HOME variables are set. // containers/image uses XDG_RUNTIME_DIR to locate the auth file, XDG_CONFIG_HOME is -// use for the libpod.conf configuration file. +// use for the containers.conf configuration file. func SetXdgDirs() error { if !rootless.IsRootless() { return nil @@ -577,7 +577,7 @@ func (r *Runtime) Shutdown(force bool) error { } var lastError error - // If no store was requested, it can bew nil and there is no need to + // If no store was requested, it can be nil and there is no need to // attempt to shut it down if r.store != nil { if _, err := r.store.Shutdown(force); err != nil { diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go index 99b0406fb..03eebeefc 100644 --- a/libpod/runtime_cstorage.go +++ b/libpod/runtime_cstorage.go @@ -3,7 +3,7 @@ package libpod import ( "time" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index d4508bf37..fa91fe002 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -9,10 +9,10 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/storage/pkg/stringid" "github.com/docker/go-units" spec "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 370c9d610..72cd26a4e 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -16,10 +16,9 @@ import ( ociarchive "github.com/containers/image/v5/oci/archive" "github.com/containers/image/v5/oci/layout" "github.com/containers/image/v5/types" - - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/image" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/image" + "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/runtime_img_test.go b/libpod/runtime_img_test.go index a8cc2c941..6ca4d900b 100644 --- a/libpod/runtime_img_test.go +++ b/libpod/runtime_img_test.go @@ -6,7 +6,7 @@ import ( "reflect" "testing" - sysreg "github.com/containers/libpod/v2/pkg/registries" + sysreg "github.com/containers/podman/v2/pkg/registries" "github.com/stretchr/testify/assert" ) diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go index b70ca982d..3dc38f442 100644 --- a/libpod/runtime_migrate.go +++ b/libpod/runtime_migrate.go @@ -11,9 +11,9 @@ import ( "strconv" "syscall" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/runtime_pod.go b/libpod/runtime_pod.go index ace15a878..6f9135764 100644 --- a/libpod/runtime_pod.go +++ b/libpod/runtime_pod.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" ) diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 24802f89e..4d149a6eb 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -6,10 +6,10 @@ import ( "context" "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/image" - "github.com/containers/libpod/v2/pkg/rootless" - "github.com/containers/libpod/v2/pkg/util" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/image" + "github.com/containers/podman/v2/pkg/rootless" + "github.com/containers/podman/v2/pkg/util" v1 "github.com/opencontainers/image-spec/specs-go/v1" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 4306140bb..25598ce4d 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -10,10 +10,10 @@ import ( "strings" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/rootless" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/runtime_pod_unsupported.go b/libpod/runtime_pod_unsupported.go index 6161dd4eb..6976d37c6 100644 --- a/libpod/runtime_pod_unsupported.go +++ b/libpod/runtime_pod_unsupported.go @@ -5,7 +5,7 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" ) // NewPod makes a new, empty pod diff --git a/libpod/runtime_renumber.go b/libpod/runtime_renumber.go index f63d35c22..4c121be12 100644 --- a/libpod/runtime_renumber.go +++ b/libpod/runtime_renumber.go @@ -1,7 +1,7 @@ package libpod import ( - "github.com/containers/libpod/v2/libpod/events" + "github.com/containers/podman/v2/libpod/events" "github.com/pkg/errors" ) diff --git a/libpod/runtime_volume.go b/libpod/runtime_volume.go index 4c57da09b..e4e6d87e6 100644 --- a/libpod/runtime_volume.go +++ b/libpod/runtime_volume.go @@ -3,8 +3,8 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" "github.com/pkg/errors" ) diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go index 84649ef36..32fb1ef44 100644 --- a/libpod/runtime_volume_linux.go +++ b/libpod/runtime_volume_linux.go @@ -9,8 +9,8 @@ import ( "strings" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/events" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/events" "github.com/containers/storage/pkg/stringid" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/runtime_volume_unsupported.go b/libpod/runtime_volume_unsupported.go index b339819e5..3cdb73aed 100644 --- a/libpod/runtime_volume_unsupported.go +++ b/libpod/runtime_volume_unsupported.go @@ -5,7 +5,7 @@ package libpod import ( "context" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" ) func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool) error { diff --git a/libpod/state_test.go b/libpod/state_test.go index ef4f6f2be..373feb6e0 100644 --- a/libpod/state_test.go +++ b/libpod/state_test.go @@ -9,8 +9,8 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/lock" "github.com/containers/storage" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/libpod/stats.go b/libpod/stats.go index b3dffbdb7..e34739626 100644 --- a/libpod/stats.go +++ b/libpod/stats.go @@ -7,8 +7,8 @@ import ( "syscall" "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/cgroups" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/cgroups" "github.com/pkg/errors" ) diff --git a/libpod/stats_unsupported.go b/libpod/stats_unsupported.go index 940be156c..749a8bf49 100644 --- a/libpod/stats_unsupported.go +++ b/libpod/stats_unsupported.go @@ -2,7 +2,7 @@ package libpod -import "github.com/containers/libpod/v2/libpod/define" +import "github.com/containers/podman/v2/libpod/define" // GetContainerStats gets the running stats for a given container func (c *Container) GetContainerStats(previousStats *define.ContainerStats) (*define.ContainerStats, error) { diff --git a/libpod/storage.go b/libpod/storage.go index e497d0daf..d7862b322 100644 --- a/libpod/storage.go +++ b/libpod/storage.go @@ -6,7 +6,7 @@ import ( istorage "github.com/containers/image/v5/storage" "github.com/containers/image/v5/types" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" v1 "github.com/opencontainers/image-spec/specs-go/v1" diff --git a/libpod/util.go b/libpod/util.go index a8d405b5f..c93ba7919 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -13,8 +13,8 @@ import ( "time" "github.com/containers/common/pkg/config" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/utils" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/fsnotify/fsnotify" spec "github.com/opencontainers/runtime-spec/specs-go" diff --git a/libpod/util_linux.go b/libpod/util_linux.go index aac206f53..03c3ab061 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -7,9 +7,9 @@ import ( "strings" "syscall" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/cgroups" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/rootless" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/util_test.go b/libpod/util_test.go index 313854f5a..5b1702592 100644 --- a/libpod/util_test.go +++ b/libpod/util_test.go @@ -3,7 +3,7 @@ package libpod import ( "testing" - "github.com/containers/libpod/v2/utils" + "github.com/containers/podman/v2/utils" "github.com/stretchr/testify/assert" ) diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go index 36b70c4c9..4c7a90940 100644 --- a/libpod/util_unsupported.go +++ b/libpod/util_unsupported.go @@ -3,7 +3,7 @@ package libpod import ( - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" ) diff --git a/libpod/volume.go b/libpod/volume.go index 03299e9d3..0535bf4db 100644 --- a/libpod/volume.go +++ b/libpod/volume.go @@ -3,8 +3,8 @@ package libpod import ( "time" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/libpod/lock" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/libpod/lock" ) // Volume is a libpod named volume. diff --git a/libpod/volume_inspect.go b/libpod/volume_inspect.go index 85848f84f..c8b20b8f1 100644 --- a/libpod/volume_inspect.go +++ b/libpod/volume_inspect.go @@ -3,7 +3,7 @@ package libpod import ( "time" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" ) // InspectVolumeData is the output of Inspect() on a volume. It is matched to diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go index 1aa548521..95cb752e0 100644 --- a/libpod/volume_internal.go +++ b/libpod/volume_internal.go @@ -4,7 +4,7 @@ import ( "os" "path/filepath" - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" ) diff --git a/libpod/volume_internal_linux.go b/libpod/volume_internal_linux.go index 75333d0b4..bbf47f124 100644 --- a/libpod/volume_internal_linux.go +++ b/libpod/volume_internal_linux.go @@ -6,8 +6,8 @@ import ( "os/exec" "strings" - "github.com/containers/libpod/v2/libpod/define" - "github.com/containers/libpod/v2/pkg/rootless" + "github.com/containers/podman/v2/libpod/define" + "github.com/containers/podman/v2/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" diff --git a/libpod/volume_internal_unsupported.go b/libpod/volume_internal_unsupported.go index 40b199c75..ddbdbd8b6 100644 --- a/libpod/volume_internal_unsupported.go +++ b/libpod/volume_internal_unsupported.go @@ -3,7 +3,7 @@ package libpod import ( - "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/podman/v2/libpod/define" ) func (v *Volume) mount() error { |