diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/container.go | 40 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 33 | ||||
| -rw-r--r-- | libpod/container_internal.go | 36 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 12 |
4 files changed, 76 insertions, 45 deletions
diff --git a/libpod/container.go b/libpod/container.go index 4b9bea5fc..f3f4b27b7 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1173,6 +1173,46 @@ func (c *Container) Networks() ([]string, bool, error) { return c.networks() } +// NetworkMode gets the configured network mode for the container. +// Get actual value from the database +func (c *Container) NetworkMode() string { + networkMode := "" + ctrSpec := c.config.Spec + + switch { + case c.config.CreateNetNS: + // We actually store the network + // mode for Slirp and Bridge, so + // we can just use that + networkMode = string(c.config.NetMode) + case c.config.NetNsCtr != "": + networkMode = fmt.Sprintf("container:%s", c.config.NetNsCtr) + default: + // Find the spec's network namespace. + // If there is none, it's host networking. + // If there is one and it has a path, it's "ns:". + foundNetNS := false + for _, ns := range ctrSpec.Linux.Namespaces { + if ns.Type == spec.NetworkNamespace { + foundNetNS = true + if ns.Path != "" { + networkMode = fmt.Sprintf("ns:%s", ns.Path) + } else { + // We're making a network ns, but not + // configuring with Slirp or CNI. That + // means it's --net=none + networkMode = "none" + } + break + } + } + if !foundNetNS { + networkMode = "host" + } + } + return networkMode +} + // Unlocked accessor for networks func (c *Container) networks() ([]string, bool, error) { networks, err := c.runtime.state.GetNetworks(c) diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 638e0b756..8c662c488 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -618,38 +618,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named hostConfig.Tmpfs = tmpfs // Network mode parsing. - networkMode := "" - switch { - case c.config.CreateNetNS: - // We actually store the network - // mode for Slirp and Bridge, so - // we can just use that - networkMode = string(c.config.NetMode) - case c.config.NetNsCtr != "": - networkMode = fmt.Sprintf("container:%s", c.config.NetNsCtr) - default: - // Find the spec's network namespace. - // If there is none, it's host networking. - // If there is one and it has a path, it's "ns:". - foundNetNS := false - for _, ns := range ctrSpec.Linux.Namespaces { - if ns.Type == spec.NetworkNamespace { - foundNetNS = true - if ns.Path != "" { - networkMode = fmt.Sprintf("ns:%s", ns.Path) - } else { - // We're making a network ns, but not - // configuring with Slirp or CNI. That - // means it's --net=none - networkMode = "none" - } - break - } - } - if !foundNetNS { - networkMode = "host" - } - } + networkMode := c.NetworkMode() hostConfig.NetworkMode = networkMode // Port bindings. diff --git a/libpod/container_internal.go b/libpod/container_internal.go index e7694227a..8ffcccf4c 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -472,20 +472,10 @@ func (c *Container) setupStorage(ctx context.Context) error { c.config.IDMappings.UIDMap = containerInfo.UIDMap c.config.IDMappings.GIDMap = containerInfo.GIDMap - processLabel := containerInfo.ProcessLabel - switch { - case c.ociRuntime.SupportsKVM(): - processLabel, err = selinux.KVMLabel(processLabel) - if err != nil { - return err - } - case c.config.Systemd: - processLabel, err = selinux.InitLabel(processLabel) - if err != nil { - return err - } + processLabel, err := c.processLabel(containerInfo.ProcessLabel) + if err != nil { + return err } - c.config.ProcessLabel = processLabel c.config.MountLabel = containerInfo.MountLabel c.config.StaticDir = containerInfo.Dir @@ -520,6 +510,26 @@ func (c *Container) setupStorage(ctx context.Context) error { return nil } +func (c *Container) processLabel(processLabel string) (string, error) { + if !c.config.Systemd && !c.ociRuntime.SupportsKVM() { + return processLabel, nil + } + ctrSpec, err := c.specFromState() + if err != nil { + return "", err + } + label, ok := ctrSpec.Annotations[define.InspectAnnotationLabel] + if !ok || !strings.Contains(label, "type:") { + switch { + case c.ociRuntime.SupportsKVM(): + return selinux.KVMLabel(processLabel) + case c.config.Systemd: + return selinux.InitLabel(processLabel) + } + } + return processLabel, nil +} + // Tear down a container's storage prior to removal func (c *Container) teardownStorage() error { if c.ensureState(define.ContainerStateRunning, define.ContainerStatePaused) { diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index ce4c5d758..31e2d09ce 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -894,6 +894,18 @@ func (r *Runtime) LookupContainer(idOrName string) (*Container, error) { return r.state.LookupContainer(idOrName) } +// LookupContainerId looks up a container id by its name or a partial ID +// If a partial ID is not unique, an error will be returned +func (r *Runtime) LookupContainerID(idOrName string) (string, error) { + r.lock.RLock() + defer r.lock.RUnlock() + + if !r.valid { + return "", define.ErrRuntimeStopped + } + return r.state.LookupContainerID(idOrName) +} + // GetContainers retrieves all containers from the state // Filters can be provided which will determine what containers are included in // the output. Multiple filters are handled by ANDing their output, so only |