summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/boltdb_state.go2
-rw-r--r--libpod/boltdb_state_internal.go2
-rw-r--r--libpod/container_internal.go19
-rw-r--r--libpod/container_internal_linux.go12
-rw-r--r--libpod/container_top_linux.go5
-rw-r--r--libpod/kube.go7
-rw-r--r--libpod/oci.go23
-rw-r--r--libpod/pod_top_linux.go4
-rw-r--r--libpod/runtime.go23
-rw-r--r--libpod/runtime_migrate.go44
-rw-r--r--libpod/runtime_migrate_unsupported.go11
11 files changed, 84 insertions, 68 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index d8cfa2bda..63e40a98f 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -5,7 +5,7 @@ import (
"strings"
"sync"
- "github.com/boltdb/bolt"
+ bolt "github.com/etcd-io/bbolt"
jsoniter "github.com/json-iterator/go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index a6900a6d3..313e5f4d7 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -5,9 +5,9 @@ import (
"runtime"
"strings"
- "github.com/boltdb/bolt"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
+ bolt "github.com/etcd-io/bbolt"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index fc33a1bbc..5f8dd1c72 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -25,7 +25,6 @@ import (
opentracing "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- kwait "k8s.io/apimachinery/pkg/util/wait"
)
const (
@@ -146,20 +145,10 @@ func (c *Container) exitFilePath() string {
func (c *Container) waitForExitFileAndSync() error {
exitFile := c.exitFilePath()
- err := kwait.ExponentialBackoff(
- kwait.Backoff{
- Duration: 500 * time.Millisecond,
- Factor: 1.2,
- Steps: 6,
- },
- func() (bool, error) {
- _, err := os.Stat(exitFile)
- if err != nil {
- // wait longer
- return false, nil
- }
- return true, nil
- })
+ chWait := make(chan error)
+ defer close(chWait)
+
+ _, err := WaitForFile(exitFile, chWait, time.Second*5)
if err != nil {
// Exit file did not appear
// Reset our state
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index c5e404155..f25f76092 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -25,7 +25,7 @@ import (
"github.com/containers/libpod/pkg/lookup"
"github.com/containers/libpod/pkg/resolvconf"
"github.com/containers/libpod/pkg/rootless"
- "github.com/cyphar/filepath-securejoin"
+ securejoin "github.com/cyphar/filepath-securejoin"
"github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
@@ -188,11 +188,13 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
// Apply AppArmor checks and load the default profile if needed.
- updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile)
- if err != nil {
- return nil, err
+ if !c.config.Privileged {
+ updatedProfile, err := apparmor.CheckProfileAndLoadDefault(c.config.Spec.Process.ApparmorProfile)
+ if err != nil {
+ return nil, err
+ }
+ g.SetProcessApparmorProfile(updatedProfile)
}
- g.SetProcessApparmorProfile(updatedProfile)
if err := c.makeBindMounts(); err != nil {
return nil, err
diff --git a/libpod/container_top_linux.go b/libpod/container_top_linux.go
index 392a7029e..2e0e83c05 100644
--- a/libpod/container_top_linux.go
+++ b/libpod/container_top_linux.go
@@ -6,6 +6,7 @@ import (
"strconv"
"strings"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/psgo"
"github.com/pkg/errors"
)
@@ -47,7 +48,9 @@ func (c *Container) GetContainerPidInformation(descriptors []string) ([]string,
// filters on the data. We need to change the API here and the
// varlink API to return a [][]string if we want to make use of
// filtering.
- psgoOutput, err := psgo.JoinNamespaceAndProcessInfo(pid, descriptors)
+ opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()}
+
+ psgoOutput, err := psgo.JoinNamespaceAndProcessInfoWithOptions(pid, descriptors, &opts)
if err != nil {
return nil, err
}
diff --git a/libpod/kube.go b/libpod/kube.go
index 260269b2e..c5fd9d75c 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -220,12 +220,11 @@ func containerToV1Container(c *Container) (v1.Container, error) {
return kubeContainer, err
}
kubeContainer.VolumeMounts = volumes
- return kubeContainer, errors.Wrapf(ErrNotImplemented, "volume names")
}
envVariables, err := libpodEnvVarsToKubeEnvVars(c.config.Spec.Process.Env)
if err != nil {
- return kubeContainer, nil
+ return kubeContainer, err
}
portmappings, err := c.PortMappings()
@@ -234,7 +233,7 @@ func containerToV1Container(c *Container) (v1.Container, error) {
}
ports, err := ocicniPortMappingToContainerPort(portmappings)
if err != nil {
- return kubeContainer, nil
+ return kubeContainer, err
}
containerCommands := c.Command()
@@ -345,7 +344,7 @@ func libpodMountsToKubeVolumeMounts(c *Container) ([]v1.VolumeMount, error) {
for _, hostSourcePath := range c.config.UserVolumes {
vm, err := generateKubeVolumeMount(hostSourcePath, c.config.Spec.Mounts)
if err != nil {
- return vms, err
+ continue
}
vms = append(vms, vm)
}
diff --git a/libpod/oci.go b/libpod/oci.go
index 3dfde4f24..abc6214b9 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -17,7 +17,6 @@ import (
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- kwait "k8s.io/apimachinery/pkg/util/wait"
// TODO import these functions into libpod and remove the import
// Trying to keep libpod from depending on CRI-O code
@@ -261,21 +260,13 @@ func (r *OCIRuntime) updateContainerStatus(ctr *Container, useRuntime bool) erro
// If we were, it should already be in the database
if ctr.state.State == ContainerStateStopped && oldState != ContainerStateStopped {
var fi os.FileInfo
- err = kwait.ExponentialBackoff(
- kwait.Backoff{
- Duration: 500 * time.Millisecond,
- Factor: 1.2,
- Steps: 6,
- },
- func() (bool, error) {
- var err error
- fi, err = os.Stat(exitFile)
- if err != nil {
- // wait longer
- return false, nil
- }
- return true, nil
- })
+ chWait := make(chan error)
+ defer close(chWait)
+
+ _, err := WaitForFile(exitFile, chWait, time.Second*5)
+ if err == nil {
+ fi, err = os.Stat(exitFile)
+ }
if err != nil {
ctr.state.ExitCode = -1
ctr.state.FinishedTime = time.Now()
diff --git a/libpod/pod_top_linux.go b/libpod/pod_top_linux.go
index f49e28c9d..e08e5e83a 100644
--- a/libpod/pod_top_linux.go
+++ b/libpod/pod_top_linux.go
@@ -6,6 +6,7 @@ import (
"strconv"
"strings"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/psgo"
)
@@ -43,7 +44,8 @@ func (p *Pod) GetPodPidInformation(descriptors []string) ([]string, error) {
// filters on the data. We need to change the API here and the
// varlink API to return a [][]string if we want to make use of
// filtering.
- output, err := psgo.JoinNamespaceAndProcessInfoByPids(pids, descriptors)
+ opts := psgo.JoinNamespaceOpts{FillMappings: rootless.IsRootless()}
+ output, err := psgo.JoinNamespaceAndProcessInfoByPidsWithOptions(pids, descriptors, &opts)
if err != nil {
return nil, err
}
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 18e9dfeb3..1f8dd98b4 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -877,10 +877,9 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// TODO: we can't close the FD in this lock, so we should keep it around
// and use it to lock important operations
aliveLock.Lock()
- locked := true
doRefresh := false
defer func() {
- if locked {
+ if aliveLock.Locked() {
aliveLock.Unlock()
}
}()
@@ -891,8 +890,12 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// no containers running. Create immediately a namespace, as
// we will need to access the storage.
if os.Geteuid() != 0 {
- aliveLock.Unlock()
- became, ret, err := rootless.BecomeRootInUserNS()
+ aliveLock.Unlock() // Unlock to avoid deadlock as BecomeRootInUserNS will reexec.
+ pausePid, err := util.GetRootlessPauseProcessPidPath()
+ if err != nil {
+ return errors.Wrapf(err, "could not get pause process pid file path")
+ }
+ became, ret, err := rootless.BecomeRootInUserNS(pausePid)
if err != nil {
return err
}
@@ -966,18 +969,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
runtime.valid = true
if runtime.doMigrate {
- if os.Geteuid() != 0 {
- aliveLock.Unlock()
- locked = false
-
- became, ret, err := rootless.BecomeRootInUserNS()
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
- }
- }
if err := runtime.migrate(ctx); err != nil {
return err
}
diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go
index 0bb8e952f..e32e6edf6 100644
--- a/libpod/runtime_migrate.go
+++ b/libpod/runtime_migrate.go
@@ -1,13 +1,47 @@
+// +build linux
+
package libpod
import (
"context"
+ "fmt"
+ "io/ioutil"
+ "os"
"path/filepath"
+ "strconv"
+ "syscall"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
+func stopPauseProcess() error {
+ if rootless.IsRootless() {
+ pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+ if err != nil {
+ return errors.Wrapf(err, "could not get pause process pid file path")
+ }
+ data, err := ioutil.ReadFile(pausePidPath)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return nil
+ }
+ return errors.Wrapf(err, "cannot read pause process pid file %s", pausePidPath)
+ }
+ pausePid, err := strconv.Atoi(string(data))
+ if err != nil {
+ return errors.Wrapf(err, "cannot parse pause pid file %s", pausePidPath)
+ }
+ if err := os.Remove(pausePidPath); err != nil {
+ return errors.Wrapf(err, "cannot delete pause pid file %s", pausePidPath)
+ }
+ syscall.Kill(pausePid, syscall.SIGKILL)
+ }
+ return nil
+}
+
func (r *Runtime) migrate(ctx context.Context) error {
runningContainers, err := r.GetRunningContainers()
if err != nil {
@@ -21,7 +55,7 @@ func (r *Runtime) migrate(ctx context.Context) error {
logrus.Infof("stopping all containers")
for _, ctr := range runningContainers {
- logrus.Infof("stopping %s", ctr.ID())
+ fmt.Printf("stopped %s\n", ctr.ID())
if err := ctr.Stop(); err != nil {
return errors.Wrapf(err, "cannot stop container %s", ctr.ID())
}
@@ -38,11 +72,5 @@ func (r *Runtime) migrate(ctx context.Context) error {
}
}
- for _, ctr := range runningContainers {
- if err := ctr.Start(ctx, true); err != nil {
- logrus.Errorf("error restarting container %s", ctr.ID())
- }
- }
-
- return nil
+ return stopPauseProcess()
}
diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go
new file mode 100644
index 000000000..1a9e46fdc
--- /dev/null
+++ b/libpod/runtime_migrate_unsupported.go
@@ -0,0 +1,11 @@
+// +build !linux
+
+package libpod
+
+import (
+ "context"
+)
+
+func (r *Runtime) migrate(ctx context.Context) error {
+ return nil
+}