summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/boltdb_state.go17
-rw-r--r--libpod/container.go19
-rw-r--r--libpod/container_copy_linux.go2
-rw-r--r--libpod/container_exec.go2
-rw-r--r--libpod/container_internal.go11
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--libpod/container_path_resolution.go8
-rw-r--r--libpod/kube.go8
-rw-r--r--libpod/network/cni/config.go6
-rw-r--r--libpod/network/cni/config_test.go21
-rw-r--r--libpod/network/cni/run.go3
-rw-r--r--libpod/network/cni/run_test.go41
-rw-r--r--libpod/network/types/network.go4
-rw-r--r--libpod/networking_linux.go55
-rw-r--r--libpod/networking_slirp4netns.go2
-rw-r--r--libpod/oci_conmon_linux.go2
-rw-r--r--libpod/pod.go6
-rw-r--r--libpod/pod_api.go46
-rw-r--r--libpod/runtime.go19
-rw-r--r--libpod/runtime_ctr.go27
-rw-r--r--libpod/runtime_img.go21
21 files changed, 230 insertions, 92 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index 612908ac2..1242a8d6b 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -1756,6 +1756,23 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
if err := allCtrsBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
return errors.Wrapf(err, "error renaming container %s in all containers bucket in DB", ctr.ID())
}
+ if ctr.config.Pod != "" {
+ podsBkt, err := getPodBucket(tx)
+ if err != nil {
+ return err
+ }
+ podBkt := podsBkt.Bucket([]byte(ctr.config.Pod))
+ if podBkt == nil {
+ return errors.Wrapf(define.ErrInternal, "bucket for pod %s does not exist", ctr.config.Pod)
+ }
+ podCtrBkt := podBkt.Bucket(containersBkt)
+ if podCtrBkt == nil {
+ return errors.Wrapf(define.ErrInternal, "pod %s does not have a containers bucket", ctr.config.Pod)
+ }
+ if err := podCtrBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
+ return errors.Wrapf(err, "error renaming container %s in pod %s members bucket", ctr.ID(), ctr.config.Pod)
+ }
+ }
}
}
diff --git a/libpod/container.go b/libpod/container.go
index 5c56ff036..4d15c04c5 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -774,9 +774,9 @@ func (c *Container) ExecSessions() ([]string, error) {
return ids, nil
}
-// ExecSession retrieves detailed information on a single active exec session in
-// a container
-func (c *Container) ExecSession(id string) (*ExecSession, error) {
+// execSessionNoCopy returns the associated exec session to id.
+// Note that the session is not a deep copy.
+func (c *Container) execSessionNoCopy(id string) (*ExecSession, error) {
if !c.batched {
c.lock.Lock()
defer c.lock.Unlock()
@@ -791,6 +791,17 @@ func (c *Container) ExecSession(id string) (*ExecSession, error) {
return nil, errors.Wrapf(define.ErrNoSuchExecSession, "no exec session with ID %s found in container %s", id, c.ID())
}
+ return session, nil
+}
+
+// ExecSession retrieves detailed information on a single active exec session in
+// a container
+func (c *Container) ExecSession(id string) (*ExecSession, error) {
+ session, err := c.execSessionNoCopy(id)
+ if err != nil {
+ return nil, err
+ }
+
returnSession := new(ExecSession)
if err := JSONDeepCopy(session, returnSession); err != nil {
return nil, errors.Wrapf(err, "error copying contents of container %s exec session %s", c.ID(), session.ID())
@@ -1095,7 +1106,7 @@ func (c *Container) AutoRemove() bool {
if spec.Annotations == nil {
return false
}
- return c.Spec().Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue
+ return spec.Annotations[define.InspectAnnotationAutoremove] == define.InspectResponseTrue
}
// Timezone returns the timezone configured inside the container.
diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go
index a35824289..7d4dd0d46 100644
--- a/libpod/container_copy_linux.go
+++ b/libpod/container_copy_linux.go
@@ -174,7 +174,7 @@ func (c *Container) copyToArchive(ctx context.Context, path string, writer io.Wr
// getContainerUser returns the specs.User and ID mappings of the container.
func getContainerUser(container *Container, mountPoint string) (specs.User, error) {
- userspec := container.Config().User
+ userspec := container.config.User
uid, gid, _, err := chrootuser.GetUser(mountPoint, userspec)
u := specs.User{
diff --git a/libpod/container_exec.go b/libpod/container_exec.go
index 1cb45a118..f99fb7d3f 100644
--- a/libpod/container_exec.go
+++ b/libpod/container_exec.go
@@ -747,7 +747,7 @@ func (c *Container) Exec(config *ExecConfig, streams *define.AttachStreams, resi
return -1, err
}
- session, err := c.ExecSession(sessionID)
+ session, err := c.execSessionNoCopy(sessionID)
if err != nil {
if errors.Cause(err) == define.ErrNoSuchExecSession {
// TODO: If a proper Context is ever plumbed in here, we
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index cb691dfd8..3f9738411 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -923,12 +923,11 @@ func (c *Container) checkDependenciesRunning() ([]string, error) {
}
// Check the status
- conf := depCtr.Config()
state, err := depCtr.State()
if err != nil {
return nil, errors.Wrapf(err, "error retrieving state of dependency %s of container %s", dep, c.ID())
}
- if state != define.ContainerStateRunning && !conf.IsInfra {
+ if state != define.ContainerStateRunning && !depCtr.config.IsInfra {
notRunning = append(notRunning, dep)
}
depCtrs[dep] = depCtr
@@ -1003,7 +1002,7 @@ func (c *Container) cniHosts() string {
for _, status := range c.getNetworkStatus() {
for _, netInt := range status.Interfaces {
for _, netAddress := range netInt.Networks {
- hosts += fmt.Sprintf("%s\t%s %s\n", netAddress.Subnet.IP.String(), c.Hostname(), c.Config().Name)
+ hosts += fmt.Sprintf("%s\t%s %s\n", netAddress.Subnet.IP.String(), c.Hostname(), c.config.Name)
}
}
}
@@ -2005,7 +2004,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s
}
return nil, err
}
- ociHooks, err := manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0)
+ ociHooks, err := manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0)
if err != nil {
return nil, err
}
@@ -2022,7 +2021,7 @@ func (c *Container) setupOCIHooks(ctx context.Context, config *spec.Spec) (map[s
return nil, err
}
- allHooks, err = manager.Hooks(config, c.Spec().Annotations, len(c.config.UserVolumes) > 0)
+ allHooks, err = manager.Hooks(config, c.config.Spec.Annotations, len(c.config.UserVolumes) > 0)
if err != nil {
return nil, err
}
@@ -2106,7 +2105,7 @@ func (c *Container) canWithPrevious() error {
// JSON files for later export
func (c *Container) prepareCheckpointExport() error {
// save live config
- if _, err := metadata.WriteJSONFile(c.Config(), c.bundlePath(), metadata.ConfigDumpFile); err != nil {
+ if _, err := metadata.WriteJSONFile(c.config, c.bundlePath(), metadata.ConfigDumpFile); err != nil {
return err
}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index dd6f3878a..867ecc2ad 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1310,7 +1310,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
if err == nil && options.Name == "" && (!options.IgnoreStaticIP || !options.IgnoreStaticMAC) {
// The file with the network.status does exist. Let's restore the
// container with the same networks settings as during checkpointing.
- aliases, err := c.runtime.state.GetAllNetworkAliases(c)
+ aliases, err := c.GetAllNetworkAliases()
if err != nil {
return err
}
diff --git a/libpod/container_path_resolution.go b/libpod/container_path_resolution.go
index ec7306ca1..bb2ef1a73 100644
--- a/libpod/container_path_resolution.go
+++ b/libpod/container_path_resolution.go
@@ -112,7 +112,7 @@ func (c *Container) resolvePath(mountPoint string, containerPath string) (string
func findVolume(c *Container, containerPath string) (*Volume, error) {
runtime := c.Runtime()
cleanedContainerPath := filepath.Clean(containerPath)
- for _, vol := range c.Config().NamedVolumes {
+ for _, vol := range c.config.NamedVolumes {
if cleanedContainerPath == filepath.Clean(vol.Dest) {
return runtime.GetVolume(vol.Name)
}
@@ -124,7 +124,7 @@ func findVolume(c *Container, containerPath string) (*Volume, error) {
// Volume's destination.
func isPathOnVolume(c *Container, containerPath string) bool {
cleanedContainerPath := filepath.Clean(containerPath)
- for _, vol := range c.Config().NamedVolumes {
+ for _, vol := range c.config.NamedVolumes {
if cleanedContainerPath == filepath.Clean(vol.Dest) {
return true
}
@@ -141,7 +141,7 @@ func isPathOnVolume(c *Container, containerPath string) bool {
// path of a Mount. Returns a matching Mount or nil.
func findBindMount(c *Container, containerPath string) *specs.Mount {
cleanedPath := filepath.Clean(containerPath)
- for _, m := range c.Config().Spec.Mounts {
+ for _, m := range c.config.Spec.Mounts {
if m.Type != "bind" {
continue
}
@@ -157,7 +157,7 @@ func findBindMount(c *Container, containerPath string) *specs.Mount {
// Mount's destination.
func isPathOnBindMount(c *Container, containerPath string) bool {
cleanedContainerPath := filepath.Clean(containerPath)
- for _, m := range c.Config().Spec.Mounts {
+ for _, m := range c.config.Spec.Mounts {
if cleanedContainerPath == filepath.Clean(m.Destination) {
return true
}
diff --git a/libpod/kube.go b/libpod/kube.go
index d94108cf2..57d99f3ef 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -90,7 +90,7 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e
// so set it at here
for _, ctr := range allContainers {
if !ctr.IsInfra() {
- switch ctr.Config().RestartPolicy {
+ switch ctr.config.RestartPolicy {
case define.RestartPolicyAlways:
pod.Spec.RestartPolicy = v1.RestartPolicyAlways
case define.RestartPolicyOnFailure:
@@ -253,7 +253,9 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po
// We add the original port declarations from the libpod infra container
// to the first kubernetes container description because otherwise we loose
// the original container/port bindings.
- if first && len(ports) > 0 {
+ // Add the port configuration to the first regular container or the first
+ // init container if only init containers have been created in the pod.
+ if first && len(ports) > 0 && (!isInit || len(containers) == 2) {
ctr.Ports = ports
first = false
}
@@ -424,7 +426,7 @@ func containerToV1Container(ctx context.Context, c *Container) (v1.Container, []
// NOTE: a privileged container mounts all of /dev/*.
if !c.Privileged() && len(c.config.Spec.Linux.Devices) > 0 {
// TODO Enable when we can support devices and their names
- kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.Spec().Linux.Devices)
+ kubeContainer.VolumeDevices = generateKubeVolumeDeviceFromLinuxDevice(c.config.Spec.Linux.Devices)
return kubeContainer, kubeVolumes, nil, errors.Wrapf(define.ErrNotImplemented, "linux devices")
}
diff --git a/libpod/network/cni/config.go b/libpod/network/cni/config.go
index 670ee0c65..3df155637 100644
--- a/libpod/network/cni/config.go
+++ b/libpod/network/cni/config.go
@@ -170,7 +170,11 @@ func (n *cniNetwork) NetworkRemove(nameOrID string) error {
file := network.filename
delete(n.networks, network.libpodNet.Name)
- return os.Remove(file)
+ // make sure to not error for ErrNotExist
+ if err := os.Remove(file); err != nil && !errors.Is(err, os.ErrNotExist) {
+ return err
+ }
+ return nil
}
// NetworkList will return all known Networks. Optionally you can
diff --git a/libpod/network/cni/config_test.go b/libpod/network/cni/config_test.go
index a0a0ea1af..288cf4626 100644
--- a/libpod/network/cni/config_test.go
+++ b/libpod/network/cni/config_test.go
@@ -1021,6 +1021,27 @@ var _ = Describe("Config", func() {
Expect(err.Error()).To(ContainSubstring("subnet 10.10.0.0/24 is already used on the host or by another config"))
})
+ It("remove network should not error when config file does not exists on disk", func() {
+ name := "mynet"
+ network := types.Network{Name: name}
+ _, err := libpodNet.NetworkCreate(network)
+ Expect(err).To(BeNil())
+
+ path := filepath.Join(cniConfDir, name+".conflist")
+ Expect(path).To(BeARegularFile())
+
+ err = os.Remove(path)
+ Expect(err).To(BeNil())
+ Expect(path).ToNot(BeARegularFile())
+
+ err = libpodNet.NetworkRemove(name)
+ Expect(err).To(BeNil())
+
+ nets, err := libpodNet.NetworkList()
+ Expect(err).To(BeNil())
+ Expect(nets).To(HaveLen(1))
+ Expect(nets).ToNot(ContainElement(HaveNetworkName(name)))
+ })
})
Context("network load valid existing ones", func() {
diff --git a/libpod/network/cni/run.go b/libpod/network/cni/run.go
index 0f91a407c..bd873f89b 100644
--- a/libpod/network/cni/run.go
+++ b/libpod/network/cni/run.go
@@ -186,9 +186,6 @@ outer:
}
return errors.Errorf("requested static ip %s not in any subnet on network %s", ip.String(), network.libpodNet.Name)
}
- if len(netOpts.Aliases) > 0 && !network.libpodNet.DNSEnabled {
- return errors.New("cannot set aliases on a network without dns enabled")
- }
return nil
}
diff --git a/libpod/network/cni/run_test.go b/libpod/network/cni/run_test.go
index 0a2c090e1..965203c2a 100644
--- a/libpod/network/cni/run_test.go
+++ b/libpod/network/cni/run_test.go
@@ -966,6 +966,26 @@ var _ = Describe("run CNI", func() {
})
})
+ It("setup with aliases but dns disabled should work", func() {
+ runTest(func() {
+ defNet := types.DefaultNetworkName
+ intName := "eth0"
+ setupOpts := types.SetupOptions{
+ NetworkOptions: types.NetworkOptions{
+ ContainerID: stringid.GenerateNonCryptoID(),
+ Networks: map[string]types.PerNetworkOptions{
+ defNet: {
+ InterfaceName: intName,
+ Aliases: []string{"somealias"},
+ },
+ },
+ },
+ }
+ _, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
+ Expect(err).ToNot(HaveOccurred())
+ })
+ })
+
})
Context("invalid network setup test", func() {
@@ -1052,27 +1072,6 @@ var _ = Describe("run CNI", func() {
})
})
- It("setup with aliases but dns disabled", func() {
- runTest(func() {
- defNet := types.DefaultNetworkName
- intName := "eth0"
- setupOpts := types.SetupOptions{
- NetworkOptions: types.NetworkOptions{
- ContainerID: stringid.GenerateNonCryptoID(),
- Networks: map[string]types.PerNetworkOptions{
- defNet: {
- InterfaceName: intName,
- Aliases: []string{"somealias"},
- },
- },
- },
- }
- _, err := libpodNet.Setup(netNSContainer.Path(), setupOpts)
- Expect(err).To(HaveOccurred())
- Expect(err.Error()).To(ContainSubstring("cannot set aliases on a network without dns enabled"))
- })
- })
-
It("setup without networks", func() {
runTest(func() {
setupOpts := types.SetupOptions{
diff --git a/libpod/network/types/network.go b/libpod/network/types/network.go
index 68a32d499..2fe4f3da2 100644
--- a/libpod/network/types/network.go
+++ b/libpod/network/types/network.go
@@ -151,7 +151,9 @@ type PerNetworkOptions struct {
// StaticIPv4 for this container. Optional.
StaticIPs []net.IP `json:"static_ips,omitempty"`
// Aliases contains a list of names which the dns server should resolve
- // to this container. Can only be set when DNSEnabled is true on the Network.
+ // to this container. Should only be set when DNSEnabled is true on the Network.
+ // If aliases are set but there is no dns support for this network the
+ // network interface implementation should ignore this and NOT error.
// Optional.
Aliases []string `json:"aliases,omitempty"`
// StaticMac for this container. Optional.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index ec9d98b56..e792a410c 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -48,6 +48,41 @@ const (
persistentCNIDir = "/var/lib/cni"
)
+// GetAllNetworkAliases returns all configured aliases for this container.
+// It also adds the container short ID as alias to match docker.
+func (c *Container) GetAllNetworkAliases() (map[string][]string, error) {
+ allAliases, err := c.runtime.state.GetAllNetworkAliases(c)
+ if err != nil {
+ return nil, err
+ }
+
+ // get the all attached networks, we cannot use GetAllNetworkAliases()
+ // since it returns nil if there are no aliases
+ nets, _, err := c.networks()
+ if err != nil {
+ return nil, err
+ }
+
+ // add container short ID as alias to match docker
+ for _, net := range nets {
+ allAliases[net] = append(allAliases[net], c.config.ID[:12])
+ }
+ return allAliases, nil
+}
+
+// GetNetworkAliases returns configured aliases for this network.
+// It also adds the container short ID as alias to match docker.
+func (c *Container) GetNetworkAliases(netName string) ([]string, error) {
+ aliases, err := c.runtime.state.GetNetworkAliases(c, netName)
+ if err != nil {
+ return nil, err
+ }
+
+ // add container short ID as alias to match docker
+ aliases = append(aliases, c.config.ID[:12])
+ return aliases, nil
+}
+
func (c *Container) getNetworkOptions() (types.NetworkOptions, error) {
opts := types.NetworkOptions{
ContainerID: c.config.ID,
@@ -61,7 +96,7 @@ func (c *Container) getNetworkOptions() (types.NetworkOptions, error) {
if err != nil {
return opts, err
}
- aliases, err := c.runtime.state.GetAllNetworkAliases(c)
+ aliases, err := c.GetAllNetworkAliases()
if err != nil {
return opts, err
}
@@ -872,7 +907,7 @@ func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.Statu
}
}
- aliases, err := ctr.runtime.state.GetAllNetworkAliases(ctr)
+ aliases, err := ctr.GetAllNetworkAliases()
if err != nil {
return nil, err
}
@@ -975,6 +1010,11 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e
for _, net := range networks {
cniNet := new(define.InspectAdditionalNetwork)
cniNet.NetworkID = net
+ aliases, err := c.GetNetworkAliases(net)
+ if err != nil {
+ return nil, err
+ }
+ cniNet.Aliases = aliases
settings.Networks[net] = cniNet
}
}
@@ -1009,7 +1049,7 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e
return nil, err
}
- aliases, err := c.runtime.state.GetNetworkAliases(c, name)
+ aliases, err := c.GetNetworkAliases(name)
if err != nil {
return nil, err
}
@@ -1222,6 +1262,14 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e
// get network status before we connect
networkStatus := c.getNetworkStatus()
+ network, err := c.runtime.network.NetworkInspect(netName)
+ if err != nil {
+ return err
+ }
+ if !network.DNSEnabled && len(aliases) > 0 {
+ return errors.Wrapf(define.ErrInvalidArg, "cannot set network aliases for network %q because dns is disabled", netName)
+ }
+
if err := c.runtime.state.NetworkConnect(c, netName, aliases); err != nil {
return err
}
@@ -1253,6 +1301,7 @@ func (c *Container) NetworkConnect(nameOrID, netName string, aliases []string) e
if !exists {
return errors.Errorf("no network interface name for container %s on network %s", c.config.ID, netName)
}
+ aliases = append(aliases, c.config.ID[:12])
opts.Networks = map[string]types.PerNetworkOptions{
netName: {
Aliases: aliases,
diff --git a/libpod/networking_slirp4netns.go b/libpod/networking_slirp4netns.go
index cca55cb9b..46cda89a9 100644
--- a/libpod/networking_slirp4netns.go
+++ b/libpod/networking_slirp4netns.go
@@ -222,7 +222,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
defer errorhandling.CloseQuiet(syncR)
defer errorhandling.CloseQuiet(syncW)
- havePortMapping := len(ctr.Config().PortMappings) > 0
+ havePortMapping := len(ctr.config.PortMappings) > 0
logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
ctrNetworkSlipOpts := []string{}
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index b7b5d09cd..71a7b29fa 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1150,7 +1150,7 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
if ctr.config.NetMode.IsSlirp4netns() || rootless.IsRootless() {
if ctr.config.PostConfigureNetNS {
- havePortMapping := len(ctr.Config().PortMappings) > 0
+ havePortMapping := len(ctr.config.PortMappings) > 0
if havePortMapping {
ctr.rootlessPortSyncR, ctr.rootlessPortSyncW, err = os.Pipe()
if err != nil {
diff --git a/libpod/pod.go b/libpod/pod.go
index e4516b354..c0b0a974b 100644
--- a/libpod/pod.go
+++ b/libpod/pod.go
@@ -164,8 +164,7 @@ func (p *Pod) PidMode() string {
if err != nil {
return ""
}
- conf := infra.Config()
- ctrSpec := conf.Spec
+ ctrSpec := infra.config.Spec
if ctrSpec != nil && ctrSpec.Linux != nil {
for _, ns := range ctrSpec.Linux.Namespaces {
if ns.Type == specs.PIDNamespace {
@@ -186,8 +185,7 @@ func (p *Pod) UserNSMode() string {
if err != nil {
return ""
}
- conf := infra.Config()
- ctrSpec := conf.Spec
+ ctrSpec := infra.config.Spec
if ctrSpec != nil && ctrSpec.Linux != nil {
for _, ns := range ctrSpec.Linux.Namespaces {
if ns.Type == specs.UserNamespace {
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index 3ee4cd839..971309f77 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -34,7 +34,7 @@ func (p *Pod) startInitContainers(ctx context.Context) error {
}
// If the container is a once init container, we need to remove it
// after it runs
- if initCon.Config().InitContainerType == define.OneShotInitContainer {
+ if initCon.config.InitContainerType == define.OneShotInitContainer {
icLock := initCon.lock
icLock.Lock()
if err := p.runtime.removeContainer(ctx, initCon, false, false, true); err != nil {
@@ -590,16 +590,16 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
return nil, err
}
infraConfig = new(define.InspectPodInfraConfig)
- infraConfig.HostNetwork = !infra.Config().ContainerNetworkConfig.UseImageHosts
- infraConfig.StaticIP = infra.Config().ContainerNetworkConfig.StaticIP
- infraConfig.NoManageResolvConf = infra.Config().UseImageResolvConf
- infraConfig.NoManageHosts = infra.Config().UseImageHosts
+ infraConfig.HostNetwork = !infra.config.ContainerNetworkConfig.UseImageHosts
+ infraConfig.StaticIP = infra.config.ContainerNetworkConfig.StaticIP
+ infraConfig.NoManageResolvConf = infra.config.UseImageResolvConf
+ infraConfig.NoManageHosts = infra.config.UseImageHosts
infraConfig.CPUPeriod = p.CPUPeriod()
infraConfig.CPUQuota = p.CPUQuota()
infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus
infraConfig.PidNS = p.PidMode()
infraConfig.UserNS = p.UserNSMode()
- namedVolumes, mounts := infra.sortUserVolumes(infra.Config().Spec)
+ namedVolumes, mounts := infra.sortUserVolumes(infra.config.Spec)
inspectMounts, err = infra.GetInspectMounts(namedVolumes, infra.config.ImageVolumes, mounts)
if err != nil {
return nil, err
@@ -611,30 +611,30 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
return nil, err
}
- if len(infra.Config().ContainerNetworkConfig.DNSServer) > 0 {
- infraConfig.DNSServer = make([]string, 0, len(infra.Config().ContainerNetworkConfig.DNSServer))
- for _, entry := range infra.Config().ContainerNetworkConfig.DNSServer {
+ if len(infra.config.ContainerNetworkConfig.DNSServer) > 0 {
+ infraConfig.DNSServer = make([]string, 0, len(infra.config.ContainerNetworkConfig.DNSServer))
+ for _, entry := range infra.config.ContainerNetworkConfig.DNSServer {
infraConfig.DNSServer = append(infraConfig.DNSServer, entry.String())
}
}
- if len(infra.Config().ContainerNetworkConfig.DNSSearch) > 0 {
- infraConfig.DNSSearch = make([]string, 0, len(infra.Config().ContainerNetworkConfig.DNSSearch))
- infraConfig.DNSSearch = append(infraConfig.DNSSearch, infra.Config().ContainerNetworkConfig.DNSSearch...)
+ if len(infra.config.ContainerNetworkConfig.DNSSearch) > 0 {
+ infraConfig.DNSSearch = make([]string, 0, len(infra.config.ContainerNetworkConfig.DNSSearch))
+ infraConfig.DNSSearch = append(infraConfig.DNSSearch, infra.config.ContainerNetworkConfig.DNSSearch...)
}
- if len(infra.Config().ContainerNetworkConfig.DNSOption) > 0 {
- infraConfig.DNSOption = make([]string, 0, len(infra.Config().ContainerNetworkConfig.DNSOption))
- infraConfig.DNSOption = append(infraConfig.DNSOption, infra.Config().ContainerNetworkConfig.DNSOption...)
+ if len(infra.config.ContainerNetworkConfig.DNSOption) > 0 {
+ infraConfig.DNSOption = make([]string, 0, len(infra.config.ContainerNetworkConfig.DNSOption))
+ infraConfig.DNSOption = append(infraConfig.DNSOption, infra.config.ContainerNetworkConfig.DNSOption...)
}
- if len(infra.Config().HostAdd) > 0 {
- infraConfig.HostAdd = make([]string, 0, len(infra.Config().HostAdd))
- infraConfig.HostAdd = append(infraConfig.HostAdd, infra.Config().HostAdd...)
+ if len(infra.config.HostAdd) > 0 {
+ infraConfig.HostAdd = make([]string, 0, len(infra.config.HostAdd))
+ infraConfig.HostAdd = append(infraConfig.HostAdd, infra.config.HostAdd...)
}
- if len(infra.Config().ContainerNetworkConfig.Networks) > 0 {
- infraConfig.Networks = make([]string, 0, len(infra.Config().ContainerNetworkConfig.Networks))
- infraConfig.Networks = append(infraConfig.Networks, infra.Config().ContainerNetworkConfig.Networks...)
+ if len(infra.config.ContainerNetworkConfig.Networks) > 0 {
+ infraConfig.Networks = make([]string, 0, len(infra.config.ContainerNetworkConfig.Networks))
+ infraConfig.Networks = append(infraConfig.Networks, infra.config.ContainerNetworkConfig.Networks...)
}
- infraConfig.NetworkOptions = infra.Config().ContainerNetworkConfig.NetworkOptions
- infraConfig.PortBindings = makeInspectPortBindings(infra.Config().ContainerNetworkConfig.PortMappings, nil)
+ infraConfig.NetworkOptions = infra.config.ContainerNetworkConfig.NetworkOptions
+ infraConfig.PortBindings = makeInspectPortBindings(infra.config.ContainerNetworkConfig.PortMappings, nil)
}
inspectData := define.InspectPodData{
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 161d5a533..27885bf5c 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -706,19 +706,32 @@ func (r *Runtime) TmpDir() (string, error) {
return r.config.Engine.TmpDir, nil
}
-// GetConfig returns a copy of the configuration used by the runtime
-func (r *Runtime) GetConfig() (*config.Config, error) {
+// GetConfig returns the configuration used by the runtime.
+// Note that the returned value is not a copy and must hence
+// only be used in a reading fashion.
+func (r *Runtime) GetConfigNoCopy() (*config.Config, error) {
r.lock.RLock()
defer r.lock.RUnlock()
if !r.valid {
return nil, define.ErrRuntimeStopped
}
+ return r.config, nil
+}
+
+// GetConfig returns a copy of the configuration used by the runtime.
+// Please use GetConfigNoCopy() in case you only want to read from
+// but not write to the returned config.
+func (r *Runtime) GetConfig() (*config.Config, error) {
+ rtConfig, err := r.GetConfigNoCopy()
+ if err != nil {
+ return nil, err
+ }
config := new(config.Config)
// Copy so the caller won't be able to modify the actual config
- if err := JSONDeepCopy(r.config, config); err != nil {
+ if err := JSONDeepCopy(rtConfig, config); err != nil {
return nil, errors.Wrapf(err, "error copying config")
}
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 3494fa8f2..00979a500 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -193,10 +193,7 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf
ctr.config.LogPath = ""
}
- ctr.config.Spec = new(spec.Spec)
- if err := JSONDeepCopy(rSpec, ctr.config.Spec); err != nil {
- return nil, errors.Wrapf(err, "error copying runtime spec while creating container")
- }
+ ctr.config.Spec = rSpec
ctr.config.CreatedTime = time.Now()
ctr.state.BindMounts = make(map[string]string)
@@ -234,13 +231,6 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
}
func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Container, retErr error) {
- // Validate the container
- if err := ctr.validate(); err != nil {
- return nil, err
- }
- if ctr.config.IsInfra {
- ctr.config.StopTimeout = 10
- }
// normalize the networks to names
// ocicni only knows about cni names so we have to make
// sure we do not use ids internally
@@ -265,11 +255,26 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
if err != nil {
return nil, err
}
+ network, err := r.network.NetworkInspect(netName)
+ if err != nil {
+ return nil, err
+ }
+ if !network.DNSEnabled {
+ return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set network aliases for network %q because dns is disabled", netName)
+ }
netAliases[netName] = aliases
}
ctr.config.NetworkAliases = netAliases
}
+ // Validate the container
+ if err := ctr.validate(); err != nil {
+ return nil, err
+ }
+ if ctr.config.IsInfra {
+ ctr.config.StopTimeout = 10
+ }
+
// Inhibit shutdown until creation succeeds
shutdown.Inhibit()
defer shutdown.Uninhibit()
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 66cf7a4d5..1915a5c4d 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -48,6 +48,27 @@ func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage
}
}
+// IsExternalContainerCallback returns a callback that be used in `libimage` to
+// figure out whether a given container is an external one. A container is
+// considered external if it is not present in libpod's database.
+func (r *Runtime) IsExternalContainerCallback(_ context.Context) libimage.IsExternalContainerFunc {
+ // NOTE: pruning external containers is subject to race conditions
+ // (e.g., when a container gets removed). To address this and similar
+ // races, pruning had to happen inside c/storage. Containers has to be
+ // labelled with "podman/libpod" along with callbacks similar to
+ // libimage.
+ return func(idOrName string) (bool, error) {
+ _, err := r.LookupContainer(idOrName)
+ if err == nil {
+ return false, nil
+ }
+ if errors.Is(err, define.ErrNoSuchCtr) {
+ return true, nil
+ }
+ return false, nil
+ }
+}
+
// newBuildEvent creates a new event based on completion of a built image
func (r *Runtime) newImageBuildCompleteEvent(idOrName string) {
e := events.NewEvent(events.Build)