diff options
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/boltdb_state.go | 158 | ||||
| -rw-r--r-- | libpod/boltdb_state_internal.go | 83 | ||||
| -rw-r--r-- | libpod/container.go | 2 | ||||
| -rw-r--r-- | libpod/container_commit.go | 2 | ||||
| -rw-r--r-- | libpod/container_inspect.go | 2 | ||||
| -rw-r--r-- | libpod/container_internal.go | 3 | ||||
| -rw-r--r-- | libpod/define/errors.go | 4 | ||||
| -rw-r--r-- | libpod/image/docker_registry_options.go | 4 | ||||
| -rw-r--r-- | libpod/image/image.go | 22 | ||||
| -rw-r--r-- | libpod/image/parts.go | 2 | ||||
| -rw-r--r-- | libpod/image/pull.go | 22 | ||||
| -rw-r--r-- | libpod/image/pull_test.go | 6 | ||||
| -rw-r--r-- | libpod/image/search.go | 4 | ||||
| -rw-r--r-- | libpod/image/utils.go | 8 | ||||
| -rw-r--r-- | libpod/in_memory_state.go | 108 | ||||
| -rw-r--r-- | libpod/options.go | 22 | ||||
| -rw-r--r-- | libpod/runtime.go | 4 | ||||
| -rw-r--r-- | libpod/runtime_cstorage.go | 6 | ||||
| -rw-r--r-- | libpod/runtime_ctr.go | 138 | ||||
| -rw-r--r-- | libpod/runtime_img.go | 6 | ||||
| -rw-r--r-- | libpod/state.go | 6 | ||||
| -rw-r--r-- | libpod/state_test.go | 70 | ||||
| -rw-r--r-- | libpod/storage.go | 4 | ||||
| -rw-r--r-- | libpod/util_linux.go | 13 | ||||
| -rw-r--r-- | libpod/util_unsupported.go | 4 |
25 files changed, 536 insertions, 167 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go index a6fd9a7d8..0bb1df7b8 100644 --- a/libpod/boltdb_state.go +++ b/libpod/boltdb_state.go @@ -2,6 +2,7 @@ package libpod import ( "bytes" + "os" "strings" "sync" @@ -407,6 +408,60 @@ func (s *BoltState) Container(id string) (*Container, error) { return ctr, nil } +// LookupContainerID retrieves a container ID from the state by full or unique +// partial ID or name +func (s *BoltState) LookupContainerID(idOrName string) (string, error) { + if idOrName == "" { + return "", define.ErrEmptyID + } + + if !s.valid { + return "", define.ErrDBClosed + } + + db, err := s.getDBCon() + if err != nil { + return "", err + } + defer s.deferredCloseDBCon(db) + + var id []byte + err = db.View(func(tx *bolt.Tx) error { + ctrBucket, err := getCtrBucket(tx) + if err != nil { + return err + } + + namesBucket, err := getNamesBucket(tx) + if err != nil { + return err + } + + nsBucket, err := getNSBucket(tx) + if err != nil { + return err + } + + fullID, err := s.lookupContainerID(idOrName, ctrBucket, namesBucket, nsBucket) + // Check if it is in our namespace + if s.namespaceBytes != nil { + ns := nsBucket.Get(fullID) + if !bytes.Equal(ns, s.namespaceBytes) { + return errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) + } + } + id = fullID + return err + }) + + if err != nil { + return "", err + } + + retID := string(id) + return retID, nil +} + // LookupContainer retrieves a container from the state by full or unique // partial ID or name func (s *BoltState) LookupContainer(idOrName string) (*Container, error) { @@ -444,67 +499,9 @@ func (s *BoltState) LookupContainer(idOrName string) (*Container, error) { return err } - // First, check if the ID given was the actual container ID - var id []byte - ctrExists := ctrBucket.Bucket([]byte(idOrName)) - if ctrExists != nil { - // A full container ID was given. - // It might not be in our namespace, but - // getContainerFromDB() will handle that case. - id = []byte(idOrName) - return s.getContainerFromDB(id, ctr, ctrBucket) - } - - // Next, check if the full name was given - isPod := false - fullID := namesBucket.Get([]byte(idOrName)) - if fullID != nil { - // The name exists and maps to an ID. - // However, we are not yet certain the ID is a - // container. - ctrExists = ctrBucket.Bucket(fullID) - if ctrExists != nil { - // A container bucket matching the full ID was - // found. - return s.getContainerFromDB(fullID, ctr, ctrBucket) - } - // Don't error if we have a name match but it's not a - // container - there's a chance we have a container with - // an ID starting with those characters. - // However, so we can return a good error, note whether - // this is a pod. - isPod = true - } - - // We were not given a full container ID or name. - // Search for partial ID matches. - exists := false - err = ctrBucket.ForEach(func(checkID, checkName []byte) error { - // If the container isn't in our namespace, we - // can't match it - if s.namespaceBytes != nil { - ns := nsBucket.Get(checkID) - if !bytes.Equal(ns, s.namespaceBytes) { - return nil - } - } - if strings.HasPrefix(string(checkID), idOrName) { - if exists { - return errors.Wrapf(define.ErrCtrExists, "more than one result for container ID %s", idOrName) - } - id = checkID - exists = true - } - - return nil - }) + id, err := s.lookupContainerID(idOrName, ctrBucket, namesBucket, nsBucket) if err != nil { return err - } else if !exists { - if isPod { - return errors.Wrapf(define.ErrNoSuchCtr, "%s is a pod, not a container", idOrName) - } - return errors.Wrapf(define.ErrNoSuchCtr, "no container with name or ID %s found", idOrName) } return s.getContainerFromDB(id, ctr, ctrBucket) @@ -662,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error { return err } - // Handle network namespace - if err := replaceNetNS(netNSPath, ctr, newState); err != nil { - return err + // Handle network namespace. + if os.Geteuid() == 0 { + // Do it only when root, either on the host or as root in the + // user namespace. + if err := replaceNetNS(netNSPath, ctr, newState); err != nil { + return err + } } // New state compiled successfully, swap it into the current state @@ -860,6 +861,39 @@ func (s *BoltState) AllContainers() ([]*Container, error) { return ctrs, nil } +// GetContainerConfig returns a container config from the database by full ID +func (s *BoltState) GetContainerConfig(id string) (*ContainerConfig, error) { + if len(id) == 0 { + return nil, define.ErrEmptyID + } + + if !s.valid { + return nil, define.ErrDBClosed + } + + config := new(ContainerConfig) + + db, err := s.getDBCon() + if err != nil { + return nil, err + } + defer s.deferredCloseDBCon(db) + + err = db.View(func(tx *bolt.Tx) error { + ctrBucket, err := getCtrBucket(tx) + if err != nil { + return err + } + + return s.getContainerConfigFromDB([]byte(id), config, ctrBucket) + }) + if err != nil { + return nil, err + } + + return config, nil +} + // RewriteContainerConfig rewrites a container's configuration. // WARNING: This function is DANGEROUS. Do not use without reading the full // comment on this function in state.go. diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index a50fce31e..ed87373e9 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -347,7 +347,7 @@ func getRuntimeConfigBucket(tx *bolt.Tx) (*bolt.Bucket, error) { return bkt, nil } -func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.Bucket) error { +func (s *BoltState) getContainerConfigFromDB(id []byte, config *ContainerConfig, ctrsBkt *bolt.Bucket) error { ctrBkt := ctrsBkt.Bucket(id) if ctrBkt == nil { return errors.Wrapf(define.ErrNoSuchCtr, "container %s not found in DB", string(id)) @@ -365,10 +365,18 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt. return errors.Wrapf(define.ErrInternal, "container %s missing config key in DB", string(id)) } - if err := json.Unmarshal(configBytes, ctr.config); err != nil { + if err := json.Unmarshal(configBytes, config); err != nil { return errors.Wrapf(err, "error unmarshalling container %s config", string(id)) } + return nil +} + +func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt.Bucket) error { + if err := s.getContainerConfigFromDB(id, ctr.config, ctrsBkt); err != nil { + return err + } + // Get the lock lock, err := s.runtime.lockManager.RetrieveLock(ctr.config.LockID) if err != nil { @@ -388,7 +396,7 @@ func (s *BoltState) getContainerFromDB(id []byte, ctr *Container, ctrsBkt *bolt. ociRuntime, ok := s.runtime.ociRuntimes[runtimeName] if !ok { - return errors.Wrapf(define.ErrInternal, "container %s was created with OCI runtime %s, but that runtime is not available in the current configuration", ctr.ID(), ctr.config.OCIRuntime) + return errors.Wrapf(define.ErrOCIRuntimeUnavailable, "cannot find OCI runtime %q for container %s", ctr.config.OCIRuntime, ctr.ID()) } ctr.ociRuntime = ociRuntime } @@ -862,3 +870,72 @@ func (s *BoltState) removeContainer(ctr *Container, pod *Pod, tx *bolt.Tx) error return nil } + +// lookupContainerID retrieves a container ID from the state by full or unique +// partial ID or name. +// NOTE: the retrieved container ID namespace may not match the state namespace. +func (s *BoltState) lookupContainerID(idOrName string, ctrBucket, namesBucket, nsBucket *bolt.Bucket) ([]byte, error) { + // First, check if the ID given was the actual container ID + ctrExists := ctrBucket.Bucket([]byte(idOrName)) + if ctrExists != nil { + // A full container ID was given. + // It might not be in our namespace, but this will be handled + // the callers. + return []byte(idOrName), nil + } + + // Next, check if the full name was given + isPod := false + fullID := namesBucket.Get([]byte(idOrName)) + if fullID != nil { + // The name exists and maps to an ID. + // However, we are not yet certain the ID is a + // container. + ctrExists = ctrBucket.Bucket(fullID) + if ctrExists != nil { + // A container bucket matching the full ID was + // found. + return fullID, nil + } + // Don't error if we have a name match but it's not a + // container - there's a chance we have a container with + // an ID starting with those characters. + // However, so we can return a good error, note whether + // this is a pod. + isPod = true + } + + var id []byte + // We were not given a full container ID or name. + // Search for partial ID matches. + exists := false + err := ctrBucket.ForEach(func(checkID, checkName []byte) error { + // If the container isn't in our namespace, we + // can't match it + if s.namespaceBytes != nil { + ns := nsBucket.Get(checkID) + if !bytes.Equal(ns, s.namespaceBytes) { + return nil + } + } + if strings.HasPrefix(string(checkID), idOrName) { + if exists { + return errors.Wrapf(define.ErrCtrExists, "more than one result for container ID %s", idOrName) + } + id = checkID + exists = true + } + + return nil + }) + + if err != nil { + return nil, err + } else if !exists { + if isPod { + return nil, errors.Wrapf(define.ErrNoSuchCtr, "%s is a pod, not a container", idOrName) + } + return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container with name or ID %s found", idOrName) + } + return id, nil +} diff --git a/libpod/container.go b/libpod/container.go index 3d8e58375..f36ddbd3f 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -10,7 +10,7 @@ import ( "github.com/containernetworking/cni/pkg/types" cnitypes "github.com/containernetworking/cni/pkg/types/current" - "github.com/containers/image/manifest" + "github.com/containers/image/v4/manifest" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/lock" "github.com/containers/libpod/pkg/namespaces" diff --git a/libpod/container_commit.go b/libpod/container_commit.go index 8dfeee9b8..570d406b7 100644 --- a/libpod/container_commit.go +++ b/libpod/container_commit.go @@ -8,7 +8,7 @@ import ( "github.com/containers/buildah" "github.com/containers/buildah/util" - is "github.com/containers/image/storage" + is "github.com/containers/image/v4/storage" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/libpod/image" diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 3c32a2f45..5a92b3e54 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -5,7 +5,7 @@ import ( "strings" "time" - "github.com/containers/image/manifest" + "github.com/containers/image/v4/manifest" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/driver" "github.com/containers/libpod/pkg/util" diff --git a/libpod/container_internal.go b/libpod/container_internal.go index a4dcd23be..ac921d737 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -939,6 +939,9 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error { // With the spec complete, do an OCI create if err := c.ociRuntime.createContainer(c, nil); err != nil { + if strings.Contains(err.Error(), "this version of runc doesn't work on cgroups v2") { + logrus.Errorf("oci runtime %q does not support CGroups V2: use system migrate to mitigate", c.ociRuntime.name) + } return err } diff --git a/libpod/define/errors.go b/libpod/define/errors.go index 004acd58f..5392fbc62 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -112,6 +112,10 @@ var ( // that was not found ErrOCIRuntimeNotFound = errors.New("OCI runtime command not found error") + // ErrOCIRuntimeUnavailable indicates that the OCI runtime associated to a container + // could not be found in the configuration + ErrOCIRuntimeUnavailable = errors.New("OCI runtime not available in the current configuration") + // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go index 60bb3c33f..d205fe4ac 100644 --- a/libpod/image/docker_registry_options.go +++ b/libpod/image/docker_registry_options.go @@ -3,8 +3,8 @@ package image import ( "fmt" - "github.com/containers/image/docker/reference" - "github.com/containers/image/types" + "github.com/containers/image/v4/docker/reference" + "github.com/containers/image/v4/types" podmanVersion "github.com/containers/libpod/version" ) diff --git a/libpod/image/image.go b/libpod/image/image.go index 855da8611..9adefb5c5 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -12,17 +12,17 @@ import ( "syscall" "time" - cp "github.com/containers/image/copy" - "github.com/containers/image/directory" - dockerarchive "github.com/containers/image/docker/archive" - "github.com/containers/image/docker/reference" - "github.com/containers/image/manifest" - ociarchive "github.com/containers/image/oci/archive" - is "github.com/containers/image/storage" - "github.com/containers/image/tarball" - "github.com/containers/image/transports" - "github.com/containers/image/transports/alltransports" - "github.com/containers/image/types" + cp "github.com/containers/image/v4/copy" + "github.com/containers/image/v4/directory" + dockerarchive "github.com/containers/image/v4/docker/archive" + "github.com/containers/image/v4/docker/reference" + "github.com/containers/image/v4/manifest" + ociarchive "github.com/containers/image/v4/oci/archive" + is "github.com/containers/image/v4/storage" + "github.com/containers/image/v4/tarball" + "github.com/containers/image/v4/transports" + "github.com/containers/image/v4/transports/alltransports" + "github.com/containers/image/v4/types" "github.com/containers/libpod/libpod/driver" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/pkg/inspect" diff --git a/libpod/image/parts.go b/libpod/image/parts.go index dfdf0b08a..69bc44cdd 100644 --- a/libpod/image/parts.go +++ b/libpod/image/parts.go @@ -3,7 +3,7 @@ package image import ( "strings" - "github.com/containers/image/docker/reference" + "github.com/containers/image/v4/docker/reference" "github.com/pkg/errors" ) diff --git a/libpod/image/pull.go b/libpod/image/pull.go index dbf3a4ef5..36950b6f3 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -7,17 +7,17 @@ import ( "path/filepath" "strings" - cp "github.com/containers/image/copy" - "github.com/containers/image/directory" - "github.com/containers/image/docker" - dockerarchive "github.com/containers/image/docker/archive" - "github.com/containers/image/docker/tarfile" - ociarchive "github.com/containers/image/oci/archive" - oci "github.com/containers/image/oci/layout" - is "github.com/containers/image/storage" - "github.com/containers/image/transports" - "github.com/containers/image/transports/alltransports" - "github.com/containers/image/types" + cp "github.com/containers/image/v4/copy" + "github.com/containers/image/v4/directory" + "github.com/containers/image/v4/docker" + dockerarchive "github.com/containers/image/v4/docker/archive" + "github.com/containers/image/v4/docker/tarfile" + ociarchive "github.com/containers/image/v4/oci/archive" + oci "github.com/containers/image/v4/oci/layout" + is "github.com/containers/image/v4/storage" + "github.com/containers/image/v4/transports" + "github.com/containers/image/v4/transports/alltransports" + "github.com/containers/image/v4/types" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/pkg/registries" "github.com/hashicorp/go-multierror" diff --git a/libpod/image/pull_test.go b/libpod/image/pull_test.go index 3890c5e6c..131b8b1f6 100644 --- a/libpod/image/pull_test.go +++ b/libpod/image/pull_test.go @@ -9,9 +9,9 @@ import ( "strings" "testing" - "github.com/containers/image/transports" - "github.com/containers/image/transports/alltransports" - "github.com/containers/image/types" + "github.com/containers/image/v4/transports" + "github.com/containers/image/v4/transports/alltransports" + "github.com/containers/image/v4/types" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" "github.com/stretchr/testify/assert" diff --git a/libpod/image/search.go b/libpod/image/search.go index 82ef4f75a..0313c2d6e 100644 --- a/libpod/image/search.go +++ b/libpod/image/search.go @@ -6,8 +6,8 @@ import ( "strings" "sync" - "github.com/containers/image/docker" - "github.com/containers/image/types" + "github.com/containers/image/v4/docker" + "github.com/containers/image/v4/types" sysreg "github.com/containers/libpod/pkg/registries" "github.com/pkg/errors" "github.com/sirupsen/logrus" diff --git a/libpod/image/utils.go b/libpod/image/utils.go index 544796a4b..e4ff1cfc4 100644 --- a/libpod/image/utils.go +++ b/libpod/image/utils.go @@ -7,10 +7,10 @@ import ( "regexp" "strings" - cp "github.com/containers/image/copy" - "github.com/containers/image/docker/reference" - "github.com/containers/image/signature" - "github.com/containers/image/types" + cp "github.com/containers/image/v4/copy" + "github.com/containers/image/v4/docker/reference" + "github.com/containers/image/v4/signature" + "github.com/containers/image/v4/types" "github.com/containers/storage" "github.com/pkg/errors" ) diff --git a/libpod/in_memory_state.go b/libpod/in_memory_state.go index a008fcb39..5ab258772 100644 --- a/libpod/in_memory_state.go +++ b/libpod/in_memory_state.go @@ -115,15 +115,16 @@ func (s *InMemoryState) Container(id string) (*Container, error) { return ctr, nil } -// LookupContainer retrieves a container by full ID, unique partial ID, or name -func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) { +// lookupID retrieves a container or pod ID by full ID, unique partial ID, or +// name +func (s *InMemoryState) lookupID(idOrName string) (string, error) { var ( nameIndex *registrar.Registrar idIndex *truncindex.TruncIndex ) if idOrName == "" { - return nil, define.ErrEmptyID + return "", define.ErrEmptyID } if s.namespace != "" { @@ -131,7 +132,7 @@ func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) { if !ok { // We have no containers in the namespace // Return false - return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) + return "", define.ErrNoSuchCtr } nameIndex = nsIndex.nameIndex idIndex = nsIndex.idIndex @@ -147,15 +148,55 @@ func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) { fullID, err = idIndex.Get(idOrName) if err != nil { if err == truncindex.ErrNotExist { - return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) + return "", define.ErrNoSuchCtr } - return nil, errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName) + return "", errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName) } } else { - return nil, errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName) + return "", errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName) } } + return fullID, nil +} + +// LookupContainerID retrieves a container ID by full ID, unique partial ID, or +// name +func (s *InMemoryState) LookupContainerID(idOrName string) (string, error) { + fullID, err := s.lookupID(idOrName) + + switch err { + case nil: + _, ok := s.containers[fullID] + if !ok { + // It's a pod, not a container + return "", errors.Wrapf(define.ErrNoSuchCtr, "name or ID %s is a pod, not a container", idOrName) + } + + case define.ErrNoSuchCtr: + return "", errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) + + default: + return "", err + } + + return fullID, nil +} + +// LookupContainer retrieves a container by full ID, unique partial ID, or name +func (s *InMemoryState) LookupContainer(idOrName string) (*Container, error) { + fullID, err := s.lookupID(idOrName) + + switch err { + case nil: + + case define.ErrNoSuchCtr: + return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) + + default: + return nil, err + } + ctr, ok := s.containers[fullID] if !ok { // It's a pod, not a container @@ -385,6 +426,16 @@ func (s *InMemoryState) AllContainers() ([]*Container, error) { return ctrs, nil } +// GetContainerConfig returns a container config from the database by full ID +func (s *InMemoryState) GetContainerConfig(id string) (*ContainerConfig, error) { + ctr, err := s.LookupContainer(id) + if err != nil { + return nil, err + } + + return ctr.Config(), nil +} + // RewriteContainerConfig rewrites a container's configuration. // This function is DANGEROUS, even with an in-memory state. // Please read the full comment on it in state.go before using it. @@ -623,49 +674,22 @@ func (s *InMemoryState) Pod(id string) (*Pod, error) { // LookupPod retrieves a pod from the state from a full or unique partial ID or // a full name func (s *InMemoryState) LookupPod(idOrName string) (*Pod, error) { - var ( - nameIndex *registrar.Registrar - idIndex *truncindex.TruncIndex - ) + fullID, err := s.lookupID(idOrName) - if idOrName == "" { - return nil, define.ErrEmptyID - } + switch err { + case nil: - if s.namespace != "" { - nsIndex, ok := s.namespaceIndexes[s.namespace] - if !ok { - // We have no containers in the namespace - // Return false - return nil, errors.Wrapf(define.ErrNoSuchCtr, "no container found with name or ID %s", idOrName) - } - nameIndex = nsIndex.nameIndex - idIndex = nsIndex.idIndex - } else { - nameIndex = s.nameIndex - idIndex = s.idIndex - } + case define.ErrNoSuchCtr, define.ErrNoSuchPod: + return nil, errors.Wrapf(define.ErrNoSuchPod, "no pod found with name or ID %s", idOrName) - fullID, err := nameIndex.Get(idOrName) - if err != nil { - if err == registrar.ErrNameNotReserved { - // What was passed is not a name, assume it's an ID - fullID, err = idIndex.Get(idOrName) - if err != nil { - if err == truncindex.ErrNotExist { - return nil, errors.Wrapf(define.ErrNoSuchPod, "no pod found with name or ID %s", idOrName) - } - return nil, errors.Wrapf(err, "error performing truncindex lookup for ID %s", idOrName) - } - } else { - return nil, errors.Wrapf(err, "error performing registry lookup for ID %s", idOrName) - } + default: + return nil, err } pod, ok := s.pods[fullID] if !ok { // It's a container not a pod - return nil, errors.Wrapf(define.ErrNoSuchPod, "id or name %s is a container not a pod", idOrName) + return nil, errors.Wrapf(define.ErrNoSuchPod, "id or name %s is a container, not a pod", idOrName) } return pod, nil diff --git a/libpod/options.go b/libpod/options.go index d28cb3d8c..ee44439ac 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -7,7 +7,7 @@ import ( "regexp" "syscall" - "github.com/containers/image/manifest" + "github.com/containers/image/v4/manifest" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/pkg/namespaces" @@ -20,8 +20,8 @@ import ( ) var ( - nameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") - regexError = errors.Wrapf(define.ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*") + NameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$") + RegexError = errors.Wrapf(define.ErrInvalidArg, "names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*") ) // Runtime Creation Options @@ -648,8 +648,8 @@ func WithName(name string) CtrCreateOption { } // Check the name against a regex - if !nameRegex.MatchString(name) { - return regexError + if !NameRegex.MatchString(name) { + return RegexError } ctr.config.Name = name @@ -1426,8 +1426,8 @@ func WithVolumeName(name string) VolumeCreateOption { } // Check the name against a regex - if !nameRegex.MatchString(name) { - return regexError + if !NameRegex.MatchString(name) { + return RegexError } volume.config.Name = name @@ -1532,8 +1532,8 @@ func WithPodName(name string) PodCreateOption { } // Check the name against a regex - if !nameRegex.MatchString(name) { - return regexError + if !NameRegex.MatchString(name) { + return RegexError } pod.config.Name = name @@ -1550,8 +1550,8 @@ func WithPodHostname(hostname string) PodCreateOption { } // Check the hostname against a regex - if !nameRegex.MatchString(hostname) { - return regexError + if !NameRegex.MatchString(hostname) { + return RegexError } pod.config.Hostname = hostname diff --git a/libpod/runtime.go b/libpod/runtime.go index 9f3549e00..cdb5670ba 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -17,8 +17,8 @@ import ( "time" "github.com/BurntSushi/toml" - is "github.com/containers/image/storage" - "github.com/containers/image/types" + is "github.com/containers/image/v4/storage" + "github.com/containers/image/v4/types" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/events" "github.com/containers/libpod/libpod/image" diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go index 1e84aef4b..47a91c881 100644 --- a/libpod/runtime_cstorage.go +++ b/libpod/runtime_cstorage.go @@ -60,6 +60,12 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error { r.lock.Lock() defer r.lock.Unlock() + return r.removeStorageContainer(idOrName, force) +} + +// Internal function to remove the container storage without +// locking the runtime. +func (r *Runtime) removeStorageContainer(idOrName string, force bool) error { targetID, err := r.store.Lookup(idOrName) if err != nil { if err == storage.ErrLayerUnknown { diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index bffce7bca..78176a400 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -550,6 +550,144 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force bool, return cleanupErr } +// EvictContainer removes the given container partial or full ID or name, and +// returns the full ID of the evicted container and any error encountered. +// It should be used to remove a container when obtaining a Container struct +// pointer has failed. +// Running container will not be stopped. +// If removeVolume is specified, named volumes used by the container will +// be removed also if and only if the container is the sole user. +func (r *Runtime) EvictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error) { + r.lock.RLock() + defer r.lock.RUnlock() + return r.evictContainer(ctx, idOrName, removeVolume) +} + +// evictContainer is the internal function to handle container eviction based +// on its partial or full ID or name. +// It returns the full ID of the evicted container and any error encountered. +// This does not lock the runtime nor the container. +// removePod is used only when removing pods. It instructs Podman to ignore +// infra container protections, and *not* remove from the database (as pod +// remove will handle that). +func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVolume bool) (string, error) { + var err error + + if !r.valid { + return "", define.ErrRuntimeStopped + } + + id, err := r.state.LookupContainerID(idOrName) + if err != nil { + return "", errors.Wrapf(err, "Failed to find container %q in state", idOrName) + } + + // Begin by trying a normal removal. Valid containers will be removed normally. + tmpCtr, err := r.state.Container(id) + if err == nil { + logrus.Infof("Container %s successfully retrieved from state, attempting normal removal", id) + // Assume force = true for the evict case + err = r.removeContainer(ctx, tmpCtr, true, removeVolume, false) + if !tmpCtr.valid { + // If the container is marked invalid, remove succeeded + // in kicking it out of the state - no need to continue. + return id, err + } + + if err == nil { + // Something has gone seriously wrong - no error but + // container was not removed. + logrus.Errorf("Container %s not removed with no error", id) + } else { + logrus.Warnf("Failed to removal container %s normally, proceeding with evict: %v", id, err) + } + } + + // Error out if the container does not exist in libpod + exists, err := r.state.HasContainer(id) + if err != nil { + return id, err + } + if !exists { + return id, errors.Wrapf(err, "Failed to find container ID %q for eviction", id) + } + + // Re-create a container struct for removal purposes + c := new(Container) + c.config, err = r.state.GetContainerConfig(id) + if err != nil { + return id, errors.Wrapf(err, "failed to retrieve config for ctr ID %q", id) + } + c.state = new(ContainerState) + + // We need to lock the pod before we lock the container. + // To avoid races around removing a container and the pod it is in. + // Don't need to do this in pod removal case - we're evicting the entire + // pod. + var pod *Pod + if c.config.Pod != "" { + pod, err = r.state.Pod(c.config.Pod) + if err != nil { + return id, errors.Wrapf(err, "container %s is in pod %s, but pod cannot be retrieved", c.ID(), pod.ID()) + } + + // Lock the pod while we're removing container + pod.lock.Lock() + defer pod.lock.Unlock() + if err := pod.updatePod(); err != nil { + return id, err + } + + infraID := pod.state.InfraContainerID + if c.ID() == infraID { + return id, errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) + } + } + + var cleanupErr error + // Remove the container from the state + if c.config.Pod != "" { + // If we're removing the pod, the container will be evicted + // from the state elsewhere + if err := r.state.RemoveContainerFromPod(pod, c); err != nil { + cleanupErr = err + } + } else { + if err := r.state.RemoveContainer(c); err != nil { + cleanupErr = err + } + } + + // Unmount container mount points + for _, mount := range c.config.Mounts { + Unmount(mount) + } + + // Remove container from c/storage + if err := r.removeStorageContainer(id, true); err != nil { + if cleanupErr == nil { + cleanupErr = err + } + } + + if !removeVolume { + return id, cleanupErr + } + + for _, v := range c.config.NamedVolumes { + if volume, err := r.state.Volume(v.Name); err == nil { + if !volume.IsCtrSpecific() { + continue + } + if err := r.removeVolume(ctx, volume, false); err != nil && err != define.ErrNoSuchVolume && err != define.ErrVolumeBeingUsed { + logrus.Errorf("cleanup volume (%s): %v", v, err) + } + } + } + + return id, cleanupErr +} + // GetContainer retrieves a container by its ID func (r *Runtime) GetContainer(id string) (*Container, error) { r.lock.RLock() diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 20dee4080..8cc501629 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -17,9 +17,9 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/containers/image/directory" - dockerarchive "github.com/containers/image/docker/archive" - ociarchive "github.com/containers/image/oci/archive" + "github.com/containers/image/v4/directory" + dockerarchive "github.com/containers/image/v4/docker/archive" + ociarchive "github.com/containers/image/v4/oci/archive" "github.com/opencontainers/image-spec/specs-go/v1" ) diff --git a/libpod/state.go b/libpod/state.go index 40080d2cc..e38f820b5 100644 --- a/libpod/state.go +++ b/libpod/state.go @@ -58,6 +58,9 @@ type State interface { // If the container is not in the set namespace, an error will be // returned. Container(id string) (*Container, error) + // Return a container ID from the database by full or partial ID or full + // name. + LookupContainerID(idOrName string) (string, error) // Return a container from the database by full or partial ID or full // name. // Containers not in the set namespace will be ignored. @@ -98,6 +101,9 @@ type State interface { // returned. AllContainers() ([]*Container, error) + // Return a container config from the database by full ID + GetContainerConfig(id string) (*ContainerConfig, error) + // PLEASE READ FULL DESCRIPTION BEFORE USING. // Rewrite a container's configuration. // This function breaks libpod's normal prohibition on a read-only diff --git a/libpod/state_test.go b/libpod/state_test.go index 26a1dee7d..5db1f301c 100644 --- a/libpod/state_test.go +++ b/libpod/state_test.go @@ -452,6 +452,9 @@ func TestLookupContainerWithEmptyIDFails(t *testing.T) { runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) { _, err := state.LookupContainer("") assert.Error(t, err) + + _, err = state.LookupContainerID("") + assert.Error(t, err) }) } @@ -459,6 +462,9 @@ func TestLookupNonexistentContainerFails(t *testing.T) { runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) { _, err := state.LookupContainer("does not exist") assert.Error(t, err) + + _, err = state.LookupContainerID("does not exist") + assert.Error(t, err) }) } @@ -472,8 +478,11 @@ func TestLookupContainerByFullID(t *testing.T) { retrievedCtr, err := state.LookupContainer(testCtr.ID()) assert.NoError(t, err) - testContainersEqual(t, retrievedCtr, testCtr, true) + + retrievedID, err := state.LookupContainerID(testCtr.ID()) + assert.NoError(t, err) + assert.Equal(t, retrievedID, testCtr.ID()) }) } @@ -487,8 +496,11 @@ func TestLookupContainerByUniquePartialID(t *testing.T) { retrievedCtr, err := state.LookupContainer(testCtr.ID()[0:8]) assert.NoError(t, err) - testContainersEqual(t, retrievedCtr, testCtr, true) + + retrievedID, err := state.LookupContainerID(testCtr.ID()[0:8]) + assert.NoError(t, err) + assert.Equal(t, retrievedID, testCtr.ID()) }) } @@ -507,6 +519,9 @@ func TestLookupContainerByNonUniquePartialIDFails(t *testing.T) { _, err = state.LookupContainer(testCtr1.ID()[0:8]) assert.Error(t, err) + + _, err = state.LookupContainerID(testCtr1.ID()[0:8]) + assert.Error(t, err) }) } @@ -520,8 +535,11 @@ func TestLookupContainerByName(t *testing.T) { retrievedCtr, err := state.LookupContainer(testCtr.Name()) assert.NoError(t, err) - testContainersEqual(t, retrievedCtr, testCtr, true) + + retrievedID, err := state.LookupContainerID(testCtr.Name()) + assert.NoError(t, err) + assert.Equal(t, retrievedID, testCtr.ID()) }) } @@ -535,6 +553,9 @@ func TestLookupCtrByPodNameFails(t *testing.T) { _, err = state.LookupContainer(testPod.Name()) assert.Error(t, err) + + _, err = state.LookupContainerID(testPod.Name()) + assert.Error(t, err) }) } @@ -548,6 +569,9 @@ func TestLookupCtrByPodIDFails(t *testing.T) { _, err = state.LookupContainer(testPod.ID()) assert.Error(t, err) + + _, err = state.LookupContainerID(testPod.ID()) + assert.Error(t, err) }) } @@ -565,8 +589,11 @@ func TestLookupCtrInSameNamespaceSucceeds(t *testing.T) { ctr, err := state.LookupContainer(testCtr.ID()) assert.NoError(t, err) - testContainersEqual(t, ctr, testCtr, true) + + ctrID, err := state.LookupContainerID(testCtr.ID()) + assert.NoError(t, err) + assert.Equal(t, ctrID, testCtr.ID()) }) } @@ -584,6 +611,9 @@ func TestLookupCtrInDifferentNamespaceFails(t *testing.T) { _, err = state.LookupContainer(testCtr.ID()) assert.Error(t, err) + + _, err = state.LookupContainerID(testCtr.ID()) + assert.Error(t, err) }) } @@ -606,8 +636,11 @@ func TestLookupContainerMatchInDifferentNamespaceSucceeds(t *testing.T) { ctr, err := state.LookupContainer("000") assert.NoError(t, err) - testContainersEqual(t, ctr, testCtr2, true) + + ctrID, err := state.LookupContainerID("000") + assert.NoError(t, err) + assert.Equal(t, ctrID, testCtr2.ID()) }) } @@ -3599,3 +3632,30 @@ func TestSaveAndUpdatePodSameNamespace(t *testing.T) { testPodsEqual(t, testPod, statePod, false) }) } + +func TestGetContainerConfigSucceeds(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) { + testCtr, err := getTestCtr1(manager) + assert.NoError(t, err) + + err = state.AddContainer(testCtr) + assert.NoError(t, err) + + ctrCfg, err := state.GetContainerConfig(testCtr.ID()) + assert.NoError(t, err) + assert.Equal(t, ctrCfg, testCtr.Config()) + }) +} + +func TestGetContainerConfigEmptyIDFails(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) { + _, err := state.GetContainerConfig("") + assert.Error(t, err) + }) +} +func TestGetContainerConfigNonExistentIDFails(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, manager lock.Manager) { + _, err := state.GetContainerConfig("does not exist") + assert.Error(t, err) + }) +} diff --git a/libpod/storage.go b/libpod/storage.go index 0814672be..9a06c96fd 100644 --- a/libpod/storage.go +++ b/libpod/storage.go @@ -4,8 +4,8 @@ import ( "context" "time" - istorage "github.com/containers/image/storage" - "github.com/containers/image/types" + istorage "github.com/containers/image/v4/storage" + "github.com/containers/image/v4/types" "github.com/containers/libpod/libpod/define" "github.com/containers/storage" "github.com/opencontainers/image-spec/specs-go/v1" diff --git a/libpod/util_linux.go b/libpod/util_linux.go index d5c113daf..631f6836c 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -5,6 +5,7 @@ package libpod import ( "fmt" "strings" + "syscall" "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/cgroups" @@ -12,6 +13,7 @@ import ( "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ) // systemdSliceFromPath makes a new systemd slice under the given parent with @@ -107,3 +109,14 @@ func LabelVolumePath(path string, shared bool) error { } return nil } + +// Unmount umounts a target directory +func Unmount(mount string) { + if err := unix.Unmount(mount, unix.MNT_DETACH); err != nil { + if err != syscall.EINVAL { + logrus.Warnf("failed to unmount %s : %v", mount, err) + } else { + logrus.Debugf("failed to unmount %s : %v", mount, err) + } + } +} diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go index 58b0dfbcd..9a9a6eeb6 100644 --- a/libpod/util_unsupported.go +++ b/libpod/util_unsupported.go @@ -28,3 +28,7 @@ func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) { func LabelVolumePath(path string, shared bool) error { return define.ErrNotImplemented } + +func Unmount(mount string) error { + return define.ErrNotImplemented +} |