diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container.go | 14 | ||||
| -rw-r--r-- | libpod/container_internal.go | 18 | ||||
| -rw-r--r-- | libpod/container_log.go (renamed from libpod/container.log.go) | 3 | ||||
| -rw-r--r-- | libpod/define/config.go | 9 | ||||
| -rw-r--r-- | libpod/oci.go | 3 | ||||
| -rw-r--r-- | libpod/oci_conmon_linux.go | 38 | ||||
| -rw-r--r-- | libpod/oci_conmon_unsupported.go | 2 | ||||
| -rw-r--r-- | libpod/oci_missing.go | 6 | ||||
| -rw-r--r-- | libpod/options.go | 2 | ||||
| -rw-r--r-- | libpod/pod_api.go | 49 | ||||
| -rw-r--r-- | libpod/runtime.go | 19 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 2 |
12 files changed, 99 insertions, 66 deletions
diff --git a/libpod/container.go b/libpod/container.go index c1deb95f9..5cd719ab6 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -34,15 +34,6 @@ const SystemdDefaultCgroupParent = "machine.slice" // manager in libpod when running as rootless const SystemdDefaultRootlessCgroupParent = "user.slice" -// JournaldLogging is the string conmon expects to specify journald logging -const JournaldLogging = "journald" - -// KubernetesLogging is the string conmon expects when specifying to use the kubernetes logging format -const KubernetesLogging = "k8s-file" - -// JSONLogging is the string conmon expects when specifying to use the json logging format -const JSONLogging = "json-file" - // DefaultWaitInterval is the default interval between container status checks // while waiting. const DefaultWaitInterval = 250 * time.Millisecond @@ -564,6 +555,11 @@ func (c *Container) MountLabel() string { return c.config.MountLabel } +// Systemd returns whether the container will be running in systemd mode +func (c *Container) Systemd() bool { + return c.config.Systemd +} + // User returns the user who the container is run as func (c *Container) User() string { return c.config.User diff --git a/libpod/container_internal.go b/libpod/container_internal.go index c930017a4..50bd9bc25 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -19,6 +19,7 @@ import ( "github.com/containers/libpod/pkg/hooks" "github.com/containers/libpod/pkg/hooks/exec" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/util" "github.com/containers/storage" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/mount" @@ -430,7 +431,22 @@ func (c *Container) setupStorage(ctx context.Context) error { c.config.IDMappings.UIDMap = containerInfo.UIDMap c.config.IDMappings.GIDMap = containerInfo.GIDMap - c.config.ProcessLabel = containerInfo.ProcessLabel + + processLabel := containerInfo.ProcessLabel + switch { + case c.ociRuntime.SupportsKVM(): + processLabel, err = util.SELinuxKVMLabel(processLabel) + if err != nil { + return err + } + case c.config.Systemd: + processLabel, err = util.SELinuxInitLabel(processLabel) + if err != nil { + return err + } + } + + c.config.ProcessLabel = processLabel c.config.MountLabel = containerInfo.MountLabel c.config.StaticDir = containerInfo.Dir c.state.RunDir = containerInfo.RunDir diff --git a/libpod/container.log.go b/libpod/container_log.go index 514edb8c8..bfa303e84 100644 --- a/libpod/container.log.go +++ b/libpod/container_log.go @@ -3,6 +3,7 @@ package libpod import ( "os" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/logs" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -22,7 +23,7 @@ func (r *Runtime) Log(containers []*Container, options *logs.LogOptions, logChan func (c *Container) ReadLog(options *logs.LogOptions, logChannel chan *logs.LogLine) error { // TODO Skip sending logs until journald logs can be read // TODO make this not a magic string - if c.LogDriver() == JournaldLogging { + if c.LogDriver() == define.JournaldLogging { return c.readFromJournal(options, logChannel) } return c.readFromLogFile(options, logChannel) diff --git a/libpod/define/config.go b/libpod/define/config.go index 10e00062a..17d764c65 100644 --- a/libpod/define/config.go +++ b/libpod/define/config.go @@ -57,3 +57,12 @@ type AttachStreams struct { // If false, stdout will not be attached AttachInput bool } + +// JournaldLogging is the string conmon expects to specify journald logging +const JournaldLogging = "journald" + +// KubernetesLogging is the string conmon expects when specifying to use the kubernetes logging format +const KubernetesLogging = "k8s-file" + +// JSONLogging is the string conmon expects when specifying to use the json logging format +const JSONLogging = "json-file" diff --git a/libpod/oci.go b/libpod/oci.go index 6adf42497..9991c5625 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -103,6 +103,9 @@ type OCIRuntime interface { // SupportsNoCgroups is whether the runtime supports running containers // without cgroups. SupportsNoCgroups() bool + // SupportsKVM os whether the OCI runtime supports running containers + // without KVM separation + SupportsKVM() bool // AttachSocketPath is the path to the socket to attach to a given // container. diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 18b438792..da4b85067 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -60,6 +60,7 @@ type ConmonOCIRuntime struct { noPivot bool reservePorts bool supportsJSON bool + supportsKVM bool supportsNoCgroups bool sdNotify bool } @@ -70,11 +71,25 @@ type ConmonOCIRuntime struct { // The first path that points to a valid executable will be used. // Deliberately private. Someone should not be able to construct this outside of // libpod. -func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *config.Config, supportsJSON, supportsNoCgroups bool) (OCIRuntime, error) { +func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *config.Config) (OCIRuntime, error) { if name == "" { return nil, errors.Wrapf(define.ErrInvalidArg, "the OCI runtime must be provided a non-empty name") } + // Make lookup tables for runtime support + supportsJSON := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsJSON)) + supportsNoCgroups := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsNoCgroups)) + supportsKVM := make(map[string]bool, len(runtimeCfg.Engine.RuntimeSupportsKVM)) + for _, r := range runtimeCfg.Engine.RuntimeSupportsJSON { + supportsJSON[r] = true + } + for _, r := range runtimeCfg.Engine.RuntimeSupportsNoCgroups { + supportsNoCgroups[r] = true + } + for _, r := range runtimeCfg.Engine.RuntimeSupportsKVM { + supportsKVM[r] = true + } + runtime := new(ConmonOCIRuntime) runtime.name = name runtime.conmonPath = conmonPath @@ -89,8 +104,9 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime // TODO: probe OCI runtime for feature and enable automatically if // available. - runtime.supportsJSON = supportsJSON - runtime.supportsNoCgroups = supportsNoCgroups + runtime.supportsJSON = supportsJSON[name] + runtime.supportsNoCgroups = supportsNoCgroups[name] + runtime.supportsKVM = supportsKVM[name] foundPath := false for _, path := range paths { @@ -971,6 +987,12 @@ func (r *ConmonOCIRuntime) SupportsNoCgroups() bool { return r.supportsNoCgroups } +// SupportsKVM checks if the OCI runtime supports running containers +// without KVM separation +func (r *ConmonOCIRuntime) SupportsKVM() bool { + return r.supportsKVM +} + // AttachSocketPath is the path to a single container's attach socket. func (r *ConmonOCIRuntime) AttachSocketPath(ctr *Container) (string, error) { if ctr == nil { @@ -1405,9 +1427,9 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p var logDriver string switch ctr.LogDriver() { - case JournaldLogging: - logDriver = JournaldLogging - case JSONLogging: + case define.JournaldLogging: + logDriver = define.JournaldLogging + case define.JSONLogging: fallthrough default: //nolint-stylecheck // No case here should happen except JSONLogging, but keep this here in case the options are extended @@ -1417,8 +1439,8 @@ func (r *ConmonOCIRuntime) sharedConmonArgs(ctr *Container, cuuid, bundlePath, p // to get here, either a user would specify `--log-driver ""`, or this came from another place in libpod // since the former case is obscure, and the latter case isn't an error, let's silently fallthrough fallthrough - case KubernetesLogging: - logDriver = fmt.Sprintf("%s:%s", KubernetesLogging, logPath) + case define.KubernetesLogging: + logDriver = fmt.Sprintf("%s:%s", define.KubernetesLogging, logPath) } args = append(args, "-l", logDriver) diff --git a/libpod/oci_conmon_unsupported.go b/libpod/oci_conmon_unsupported.go index 1f9d89ff6..309e0d417 100644 --- a/libpod/oci_conmon_unsupported.go +++ b/libpod/oci_conmon_unsupported.go @@ -17,7 +17,7 @@ type ConmonOCIRuntime struct { } // newConmonOCIRuntime is not supported on this OS. -func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *config.Config, supportsJSON, supportsNoCgroups bool) (OCIRuntime, error) { +func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtimeCfg *config.Config) (OCIRuntime, error) { return nil, define.ErrNotImplemented } diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go index 5284fb4b7..172805b0d 100644 --- a/libpod/oci_missing.go +++ b/libpod/oci_missing.go @@ -168,6 +168,12 @@ func (r *MissingRuntime) SupportsNoCgroups() bool { return false } +// SupportsKVM checks if the OCI runtime supports running containers +// without KVM separation +func (r *MissingRuntime) SupportsKVM() bool { + return false +} + // AttachSocketPath does not work as there is no runtime to attach to. // (Theoretically we could follow ExitFilePath but there is no guarantee the // container is running and thus has an attach socket...) diff --git a/libpod/options.go b/libpod/options.go index 65a089131..b4e436b63 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -985,7 +985,7 @@ func WithLogDriver(driver string) CtrCreateOption { switch driver { case "": return errors.Wrapf(define.ErrInvalidArg, "log driver must be set") - case JournaldLogging, KubernetesLogging, JSONLogging: + case define.JournaldLogging, define.KubernetesLogging, define.JSONLogging: break default: return errors.Wrapf(define.ErrInvalidArg, "invalid log driver") diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 200732652..ed4dc0727 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -431,9 +431,9 @@ func containerStatusFromContainers(allCtrs []*Container) (map[string]define.Cont } // Inspect returns a PodInspect struct to describe the pod -func (p *Pod) Inspect() (*PodInspect, error) { +func (p *Pod) Inspect() (*define.InspectPodData, error) { var ( - podContainers []PodContainerInfo + ctrs []define.InspectPodContainerInfo ) p.lock.Lock() @@ -444,14 +444,6 @@ func (p *Pod) Inspect() (*PodInspect, error) { containers, err := p.runtime.state.PodContainers(p) if err != nil { - return &PodInspect{}, err - } - ctrStatuses, err := containerStatusFromContainers(containers) - if err != nil { - return nil, err - } - status, err := CreatePodStatusResults(ctrStatuses) - if err != nil { return nil, err } for _, c := range containers { @@ -462,26 +454,29 @@ func (p *Pod) Inspect() (*PodInspect, error) { if err == nil { containerStatus = containerState.String() } - pc := PodContainerInfo{ + ctrs = append(ctrs, define.InspectPodContainerInfo{ ID: c.ID(), + Name: c.Name(), State: containerStatus, - } - podContainers = append(podContainers, pc) + }) + } + inspectData := define.InspectPodData{ + ID: p.ID(), + Name: p.Name(), + Namespace: p.Namespace(), + Created: p.CreatedTime(), + Hostname: "", + Labels: p.Labels(), + CreateCgroup: false, + CgroupParent: p.CgroupParent(), + CgroupPath: p.state.CgroupPath, + CreateInfra: false, + InfraContainerID: p.state.InfraContainerID, + InfraConfig: nil, + SharedNamespaces: nil, + NumContainers: uint(len(containers)), + Containers: ctrs, } - infraContainerID := p.state.InfraContainerID - config := new(PodConfig) - if err := JSONDeepCopy(p.config, config); err != nil { - return nil, err - } - inspectData := PodInspect{ - Config: config, - State: &PodInspectState{ - CgroupPath: p.state.CgroupPath, - InfraContainerID: infraContainerID, - Status: status, - }, - Containers: podContainers, - } return &inspectData, nil } diff --git a/libpod/runtime.go b/libpod/runtime.go index 637f3b43f..3b8f9e057 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -359,25 +359,13 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { } } - // Make lookup tables for runtime support - supportsJSON := make(map[string]bool) - supportsNoCgroups := make(map[string]bool) - for _, r := range runtime.config.Engine.RuntimeSupportsJSON { - supportsJSON[r] = true - } - for _, r := range runtime.config.Engine.RuntimeSupportsNoCgroups { - supportsNoCgroups[r] = true - } - // Get us at least one working OCI runtime. runtime.ociRuntimes = make(map[string]OCIRuntime) // Initialize remaining OCI runtimes for name, paths := range runtime.config.Engine.OCIRuntimes { - json := supportsJSON[name] - nocgroups := supportsNoCgroups[name] - ociRuntime, err := newConmonOCIRuntime(name, paths, runtime.conmonPath, runtime.config, json, nocgroups) + ociRuntime, err := newConmonOCIRuntime(name, paths, runtime.conmonPath, runtime.config) if err != nil { // Don't fatally error. // This will allow us to ship configs including optional @@ -397,10 +385,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { if strings.HasPrefix(runtime.config.Engine.OCIRuntime, "/") { name := filepath.Base(runtime.config.Engine.OCIRuntime) - json := supportsJSON[name] - nocgroups := supportsNoCgroups[name] - - ociRuntime, err := newConmonOCIRuntime(name, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.config, json, nocgroups) + ociRuntime, err := newConmonOCIRuntime(name, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.config) if err != nil { return err } diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 9d3e69d56..3dc8d3d0f 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -321,7 +321,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctrNamedVolumes = append(ctrNamedVolumes, newVol) } - if ctr.config.LogPath == "" && ctr.config.LogDriver != JournaldLogging { + if ctr.config.LogPath == "" && ctr.config.LogDriver != define.JournaldLogging { ctr.config.LogPath = filepath.Join(ctr.config.StaticDir, "ctr.log") } |