diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/boltdb_state.go | 2 | ||||
-rw-r--r-- | libpod/boltdb_state_internal.go | 2 | ||||
-rw-r--r-- | libpod/container_internal.go | 19 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 12 | ||||
-rw-r--r-- | libpod/container_top_linux.go | 5 | ||||
-rw-r--r-- | libpod/kube.go | 7 | ||||
-rw-r--r-- | libpod/oci.go | 23 | ||||
-rw-r--r-- | libpod/pod_top_linux.go | 4 | ||||
-rw-r--r-- | libpod/runtime.go | 23 | ||||
-rw-r--r-- | libpod/runtime_migrate.go | 44 | ||||
-rw-r--r-- | libpod/runtime_migrate_unsupported.go | 11 |
11 files changed, 84 insertions, 68 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go index d8cfa2bda..63e40a98f 100644 --- a/libpod/boltdb_state.go +++ b/libpod/boltdb_state.go @@ -5,7 +5,7 @@ import ( "strings" "sync" - "github.com/boltdb/bolt" + bolt "github.com/etcd-io/bbolt" jsoniter "github.com/json-iterator/go" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index a6900a6d3..313e5f4d7 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -5,9 +5,9 @@ import ( "runtime" "strings" - "github.com/boltdb/bolt" "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" + bolt "github.com/etcd-io/bbolt" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index fc33a1bbc..5f8dd1c72 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -25,7 +25,6 @@ import ( opentracing "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - kwait "k8s.io/apimachinery/pkg/util/wait" ) const ( @@ -146,20 +145,10 @@ func (c *Container) exitFilePath() string { func (c *Container) waitForExitFileAndSync() error { exitFile := c.exitFilePath() - err := kwait.ExponentialBackoff( - kwait.Backoff{ - Duration: 500 * time.Millisecond, - Factor: 1.2, - Steps: 6, - }, - func() (bool, error) { - _, err := os.Stat(exitFile) - if err != nil { - // wait longer - return false, nil - } - return true, nil - }) + chWait := make(chan error) + defer close(chWait) + + _, err := WaitForFile(exitFile, chWait, time.Second*5) if err != nil { // Exit file did not appear // Reset our state diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index c5e404155..f25f76092 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -25,7 +25,7 @@ import ( "github.com/containers/libpod/pkg/lookup" "github.com/containers/libpod/pkg/resolvconf" "github.com/containers/libpod/pkg/rootless" - "github.com/cyphar/filepath-securejoin" + securejoin "github.com/cyphar/filepath-securejoin" "github.com/opencontainers/runc/libcontainer/user" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" @@ -188,11 +188,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } // Apply AppArmor checks and load the default profile if needed. - updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) - if err != nil { - return nil, err + if !c.config.Privileged { + updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile) + if err != nil { + return nil, err + } + g.SetProcessApparmorProfile(updatedProfile) } - g.SetProcessApparmorProfile(updatedProfile) if err := c.makeBindMounts(); err != nil { return nil, err diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go index 392a7029e..2e0e83c05 100644 --- a/libpod/container_top_linux.go +++ b/libpod/container_top_linux.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/psgo" "github.com/pkg/errors" ) @@ -47,7 +48,9 @@ func (c *Container) GetContainerPidInformation(descriptors []string) ([]string, // filters on the data. We need to change the API here and the // varlink API to return a [][]string if we want to make use of // filtering. - psgoOutput, err := psgo.JoinNamespaceAndProcessInfo(pid, descriptors) + opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()} + + psgoOutput, err := psgo.JoinNamespaceAndProcessInfoWithOptions(pid, descriptors, &opts) if err != nil { return nil, err } diff --git a/libpod/kube.go b/libpod/kube.go index 260269b2e..c5fd9d75c 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -220,12 +220,11 @@ func containerToV1Container(c *Container) (v1.Container, error) { return kubeContainer, err } kubeContainer.VolumeMounts = volumes - return kubeContainer, errors.Wrapf(ErrNotImplemented, "volume names") } envVariables, err := libpodEnvVarsToKubeEnvVars(c.config.Spec.Process.Env) if err != nil { - return kubeContainer, nil + return kubeContainer, err } portmappings, err := c.PortMappings() @@ -234,7 +233,7 @@ func containerToV1Container(c *Container) (v1.Container, error) { } ports, err := ocicniPortMappingToContainerPort(portmappings) if err != nil { - return kubeContainer, nil + return kubeContainer, err } containerCommands := c.Command() @@ -345,7 +344,7 @@ func libpodMountsToKubeVolumeMounts(c *Container) ([]v1.VolumeMount, error) { for _, hostSourcePath := range c.config.UserVolumes { vm, err := generateKubeVolumeMount(hostSourcePath, c.config.Spec.Mounts) if err != nil { - return vms, err + continue } vms = append(vms, vm) } diff --git a/libpod/oci.go b/libpod/oci.go index 3dfde4f24..abc6214b9 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -17,7 +17,6 @@ import ( "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" - kwait "k8s.io/apimachinery/pkg/util/wait" // TODO import these functions into libpod and remove the import // Trying to keep libpod from depending on CRI-O code @@ -261,21 +260,13 @@ func (r *OCIRuntime) updateContainerStatus(ctr *Container, useRuntime bool) erro // If we were, it should already be in the database if ctr.state.State == ContainerStateStopped && oldState != ContainerStateStopped { var fi os.FileInfo - err = kwait.ExponentialBackoff( - kwait.Backoff{ - Duration: 500 * time.Millisecond, - Factor: 1.2, - Steps: 6, - }, - func() (bool, error) { - var err error - fi, err = os.Stat(exitFile) - if err != nil { - // wait longer - return false, nil - } - return true, nil - }) + chWait := make(chan error) + defer close(chWait) + + _, err := WaitForFile(exitFile, chWait, time.Second*5) + if err == nil { + fi, err = os.Stat(exitFile) + } if err != nil { ctr.state.ExitCode = -1 ctr.state.FinishedTime = time.Now() diff --git a/libpod/pod_top_linux.go b/libpod/pod_top_linux.go index f49e28c9d..e08e5e83a 100644 --- a/libpod/pod_top_linux.go +++ b/libpod/pod_top_linux.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/psgo" ) @@ -43,7 +44,8 @@ func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) { // filters on the data. We need to change the API here and the // varlink API to return a [][]string if we want to make use of // filtering. - output, err := psgo.JoinNamespaceAndProcessInfoByPids(pids, descriptors) + opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()} + output, err := psgo.JoinNamespaceAndProcessInfoByPidsWithOptions(pids, descriptors, &opts) if err != nil { return nil, err } diff --git a/libpod/runtime.go b/libpod/runtime.go index 18e9dfeb3..1f8dd98b4 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -877,10 +877,9 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { // TODO: we can't close the FD in this lock, so we should keep it around // and use it to lock important operations aliveLock.Lock() - locked := true doRefresh := false defer func() { - if locked { + if aliveLock.Locked() { aliveLock.Unlock() } }() @@ -891,8 +890,12 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { // no containers running. Create immediately a namespace, as // we will need to access the storage. if os.Geteuid() != 0 { - aliveLock.Unlock() - became, ret, err := rootless.BecomeRootInUserNS() + aliveLock.Unlock() // Unlock to avoid deadlock as BecomeRootInUserNS will reexec. + pausePid, err := util.GetRootlessPauseProcessPidPath() + if err != nil { + return errors.Wrapf(err, "could not get pause process pid file path") + } + became, ret, err := rootless.BecomeRootInUserNS(pausePid) if err != nil { return err } @@ -966,18 +969,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { runtime.valid = true if runtime.doMigrate { - if os.Geteuid() != 0 { - aliveLock.Unlock() - locked = false - - became, ret, err := rootless.BecomeRootInUserNS() - if err != nil { - return err - } - if became { - os.Exit(ret) - } - } if err := runtime.migrate(ctx); err != nil { return err } diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go index 0bb8e952f..e32e6edf6 100644 --- a/libpod/runtime_migrate.go +++ b/libpod/runtime_migrate.go @@ -1,13 +1,47 @@ +// +build linux + package libpod import ( "context" + "fmt" + "io/ioutil" + "os" "path/filepath" + "strconv" + "syscall" + "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) +func stopPauseProcess() error { + if rootless.IsRootless() { + pausePidPath, err := util.GetRootlessPauseProcessPidPath() + if err != nil { + return errors.Wrapf(err, "could not get pause process pid file path") + } + data, err := ioutil.ReadFile(pausePidPath) + if err != nil { + if os.IsNotExist(err) { + return nil + } + return errors.Wrapf(err, "cannot read pause process pid file %s", pausePidPath) + } + pausePid, err := strconv.Atoi(string(data)) + if err != nil { + return errors.Wrapf(err, "cannot parse pause pid file %s", pausePidPath) + } + if err := os.Remove(pausePidPath); err != nil { + return errors.Wrapf(err, "cannot delete pause pid file %s", pausePidPath) + } + syscall.Kill(pausePid, syscall.SIGKILL) + } + return nil +} + func (r *Runtime) migrate(ctx context.Context) error { runningContainers, err := r.GetRunningContainers() if err != nil { @@ -21,7 +55,7 @@ func (r *Runtime) migrate(ctx context.Context) error { logrus.Infof("stopping all containers") for _, ctr := range runningContainers { - logrus.Infof("stopping %s", ctr.ID()) + fmt.Printf("stopped %s\n", ctr.ID()) if err := ctr.Stop(); err != nil { return errors.Wrapf(err, "cannot stop container %s", ctr.ID()) } @@ -38,11 +72,5 @@ func (r *Runtime) migrate(ctx context.Context) error { } } - for _, ctr := range runningContainers { - if err := ctr.Start(ctx, true); err != nil { - logrus.Errorf("error restarting container %s", ctr.ID()) - } - } - - return nil + return stopPauseProcess() } diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go new file mode 100644 index 000000000..1a9e46fdc --- /dev/null +++ b/libpod/runtime_migrate_unsupported.go @@ -0,0 +1,11 @@ +// +build !linux + +package libpod + +import ( + "context" +) + +func (r *Runtime) migrate(ctx context.Context) error { + return nil +} |