summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/config_linux.go56
-rw-r--r--pkg/specgen/generate/config_linux_cgo.go4
-rw-r--r--pkg/specgen/generate/config_linux_nocgo.go4
-rw-r--r--pkg/specgen/generate/config_linux_test.go28
-rw-r--r--pkg/specgen/generate/container.go93
-rw-r--r--pkg/specgen/generate/container_create.go49
-rw-r--r--pkg/specgen/generate/kube/kube.go6
-rw-r--r--pkg/specgen/generate/namespaces.go8
-rw-r--r--pkg/specgen/generate/oci.go22
-rw-r--r--pkg/specgen/generate/ports.go14
-rw-r--r--pkg/specgen/generate/security.go4
-rw-r--r--pkg/specgen/generate/storage.go8
12 files changed, 135 insertions, 161 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go
index 5c945cff3..6b9e9c4bf 100644
--- a/pkg/specgen/generate/config_linux.go
+++ b/pkg/specgen/generate/config_linux.go
@@ -10,7 +10,6 @@ import (
"github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/pkg/rootless"
- "github.com/containers/podman/v3/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -151,30 +150,23 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, mask, unmask
"/sys/dev/block",
}
- unmaskAll := false
- if unmask != nil && unmask[0] == "ALL" {
- unmaskAll = true
- }
-
if !privileged {
- if !unmaskAll {
- for _, mp := range defaultMaskPaths {
- // check that the path to mask is not in the list of paths to unmask
- if !util.StringInSlice(mp, unmask) {
- g.AddLinuxMaskedPaths(mp)
- }
+ for _, mp := range defaultMaskPaths {
+ // check that the path to mask is not in the list of paths to unmask
+ if shouldMask(mp, unmask) {
+ g.AddLinuxMaskedPaths(mp)
}
- for _, rp := range []string{
- "/proc/asound",
- "/proc/bus",
- "/proc/fs",
- "/proc/irq",
- "/proc/sys",
- "/proc/sysrq-trigger",
- } {
- if !util.StringInSlice(rp, unmask) {
- g.AddLinuxReadonlyPaths(rp)
- }
+ }
+ for _, rp := range []string{
+ "/proc/asound",
+ "/proc/bus",
+ "/proc/fs",
+ "/proc/irq",
+ "/proc/sys",
+ "/proc/sysrq-trigger",
+ } {
+ if shouldMask(rp, unmask) {
+ g.AddLinuxReadonlyPaths(rp)
}
}
@@ -376,3 +368,21 @@ func supportAmbientCapabilities() bool {
err := unix.Prctl(unix.PR_CAP_AMBIENT, unix.PR_CAP_AMBIENT_IS_SET, 0, 0, 0)
return err == nil
}
+
+func shouldMask(mask string, unmask []string) bool {
+ for _, m := range unmask {
+ if strings.ToLower(m) == "all" {
+ return false
+ }
+ for _, m1 := range strings.Split(m, ":") {
+ match, err := filepath.Match(m1, mask)
+ if err != nil {
+ logrus.Errorf(err.Error())
+ }
+ if match {
+ return false
+ }
+ }
+ }
+ return true
+}
diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go
index 41f03d5b6..6ffbf69c1 100644
--- a/pkg/specgen/generate/config_linux_cgo.go
+++ b/pkg/specgen/generate/config_linux_cgo.go
@@ -6,8 +6,8 @@ import (
"context"
"io/ioutil"
+ "github.com/containers/common/libimage"
goSeccomp "github.com/containers/common/pkg/seccomp"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/seccomp"
"github.com/containers/podman/v3/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -15,7 +15,7 @@ import (
"github.com/sirupsen/logrus"
)
-func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) {
+func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) {
var seccompConfig *spec.LinuxSeccomp
var err error
scp, err := seccomp.LookupPolicy(s.SeccompPolicy)
diff --git a/pkg/specgen/generate/config_linux_nocgo.go b/pkg/specgen/generate/config_linux_nocgo.go
index 0867988b6..4a1880b74 100644
--- a/pkg/specgen/generate/config_linux_nocgo.go
+++ b/pkg/specgen/generate/config_linux_nocgo.go
@@ -5,11 +5,11 @@ package generate
import (
"errors"
- "github.com/containers/podman/v3/libpod/image"
+ "github.com/containers/common/libimage"
"github.com/containers/podman/v3/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
)
-func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) {
+func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) {
return nil, errors.New("not implemented")
}
diff --git a/pkg/specgen/generate/config_linux_test.go b/pkg/specgen/generate/config_linux_test.go
new file mode 100644
index 000000000..39973324b
--- /dev/null
+++ b/pkg/specgen/generate/config_linux_test.go
@@ -0,0 +1,28 @@
+package generate
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestShouldMask(t *testing.T) {
+ tests := []struct {
+ mask string
+ unmask []string
+ shouldMask bool
+ }{
+ {"/proc/foo", []string{"all"}, false},
+ {"/proc/foo", []string{"ALL"}, false},
+ {"/proc/foo", []string{"/proc/foo"}, false},
+ {"/proc/foo", []string{"/proc/*"}, false},
+ {"/proc/foo", []string{"/proc/bar", "all"}, false},
+ {"/proc/foo", []string{"/proc/f*"}, false},
+ {"/proc/foo", []string{"/proc/b*"}, true},
+ {"/proc/foo", []string{}, true},
+ }
+ for _, test := range tests {
+ val := shouldMask(test.mask, test.unmask)
+ assert.Equal(t, val, test.shouldMask)
+ }
+}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 3d20ed8ff..d00e51e82 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -5,90 +5,45 @@ import (
"os"
"strings"
- "github.com/containers/image/v5/manifest"
+ "github.com/containers/common/libimage"
"github.com/containers/podman/v3/libpod"
- "github.com/containers/podman/v3/libpod/image"
ann "github.com/containers/podman/v3/pkg/annotations"
envLib "github.com/containers/podman/v3/pkg/env"
"github.com/containers/podman/v3/pkg/signal"
"github.com/containers/podman/v3/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
- "github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
// Fill any missing parts of the spec generator (e.g. from the image).
// Returns a set of warnings or any fatal error that occurred.
func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) ([]string, error) {
- var (
- newImage *image.Image
- err error
- )
-
// Only add image configuration if we have an image
+ var newImage *libimage.Image
+ var inspectData *libimage.ImageData
+ var err error
if s.Image != "" {
- newImage, err = r.ImageRuntime().NewFromLocal(s.Image)
+ newImage, _, err = r.LibimageRuntime().LookupImage(s.Image, nil)
if err != nil {
return nil, err
}
- _, mediaType, err := newImage.Manifest(ctx)
+ inspectData, err = newImage.Inspect(ctx, false)
if err != nil {
- if errors.Cause(err) != image.ErrImageIsBareList {
- return nil, err
- }
- // if err is not runnable image
- // use the local store image with repo@digest matches with the list, if exists
- manifestByte, manifestType, err := newImage.GetManifest(ctx, nil)
- if err != nil {
- return nil, err
- }
- list, err := manifest.ListFromBlob(manifestByte, manifestType)
- if err != nil {
- return nil, err
- }
- images, err := r.ImageRuntime().GetImages()
- if err != nil {
- return nil, err
- }
- findLocal := false
- listDigest, err := list.ChooseInstance(r.SystemContext())
- if err != nil {
- return nil, err
- }
- for _, img := range images {
- for _, imageDigest := range img.Digests() {
- if imageDigest == listDigest {
- newImage = img
- s.Image = img.ID()
- mediaType = manifestType
- findLocal = true
- logrus.Debug("image contains manifest list, using image from local storage")
- break
- }
- }
- }
- if !findLocal {
- return nil, image.ErrImageIsBareList
- }
+ return nil, err
}
- if s.HealthConfig == nil && mediaType == manifest.DockerV2Schema2MediaType {
- s.HealthConfig, err = newImage.GetHealthCheck(ctx)
- if err != nil {
- return nil, err
- }
+ if s.HealthConfig == nil {
+ // NOTE: the health check is only set for Docker images
+ // but inspect will take care of it.
+ s.HealthConfig = inspectData.HealthCheck
}
// Image stop signal
if s.StopSignal == nil {
- stopSignal, err := newImage.StopSignal(ctx)
- if err != nil {
- return nil, err
- }
- if stopSignal != "" {
- sig, err := signal.ParseSignalNameOrNumber(stopSignal)
+ if inspectData.Config.StopSignal != "" {
+ sig, err := signal.ParseSignalNameOrNumber(inspectData.Config.StopSignal)
if err != nil {
return nil, err
}
@@ -113,15 +68,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
var envs map[string]string
// Image Environment defaults
- if newImage != nil {
+ if inspectData != nil {
// Image envs from the image if they don't exist
// already, overriding the default environments
- imageEnvs, err := newImage.Env(ctx)
- if err != nil {
- return nil, err
- }
-
- envs, err = envLib.ParseSlice(imageEnvs)
+ envs, err = envLib.ParseSlice(inspectData.Config.Env)
if err != nil {
return nil, errors.Wrap(err, "Env fields from image failed to parse")
}
@@ -175,11 +125,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
}
// Add annotations from the image
- imgAnnotations, err := newImage.Annotations(ctx)
- if err != nil {
- return nil, err
- }
- for k, v := range imgAnnotations {
+ for k, v := range inspectData.Annotations {
annotations[k] = v
}
}
@@ -221,11 +167,8 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
s.SeccompProfilePath = p
}
- if len(s.User) == 0 && newImage != nil {
- s.User, err = newImage.User(ctx)
- if err != nil {
- return nil, err
- }
+ if len(s.User) == 0 && inspectData != nil {
+ s.User = inspectData.Config.User
}
if err := finishThrottleDevices(s); err != nil {
return nil, err
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index dcacb3780..7682367b7 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -7,9 +7,9 @@ import (
"strings"
cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
"github.com/containers/storage/types"
@@ -86,11 +86,18 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
options = append(options, libpod.WithCreateCommand(s.ContainerCreateCommand))
}
- var newImage *image.Image
+ var newImage *libimage.Image
+ var imageData *libimage.ImageData
if s.Rootfs != "" {
options = append(options, libpod.WithRootFS(s.Rootfs))
} else {
- newImage, err = rt.ImageRuntime().NewFromLocal(s.Image)
+ var resolvedImageName string
+ newImage, resolvedImageName, err = rt.LibimageRuntime().LookupImage(s.Image, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ imageData, err = newImage.Inspect(ctx, false)
if err != nil {
return nil, err
}
@@ -98,15 +105,14 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
// image. Otherwise, it must have been an ID where we're
// defaulting to the first name or an empty one if no names are
// present.
- imgName := newImage.InputName
- if s.Image == newImage.InputName && strings.HasPrefix(newImage.ID(), s.Image) {
+ if strings.HasPrefix(newImage.ID(), resolvedImageName) {
names := newImage.Names()
if len(names) > 0 {
- imgName = names[0]
+ resolvedImageName = names[0]
}
}
- options = append(options, libpod.WithRootFSFromImage(newImage.ID(), imgName, s.RawImageName))
+ options = append(options, libpod.WithRootFSFromImage(newImage.ID(), resolvedImageName, s.RawImageName))
}
if err := s.Validate(); err != nil {
return nil, errors.Wrap(err, "invalid config provided")
@@ -117,12 +123,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
return nil, err
}
- command, err := makeCommand(ctx, s, newImage, rtc)
+ command, err := makeCommand(ctx, s, imageData, rtc)
if err != nil {
return nil, err
}
- opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, newImage, command)
+ opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, imageData, command)
if err != nil {
return nil, err
}
@@ -176,7 +182,7 @@ func extractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption {
return options
}
-func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, img *image.Image, command []string) ([]libpod.CtrCreateOption, error) {
+func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, imageData *libimage.ImageData, command []string) ([]libpod.CtrCreateOption, error) {
var options []libpod.CtrCreateOption
var err error
@@ -194,6 +200,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
if s.Umask != "" {
options = append(options, libpod.WithUmask(s.Umask))
}
+ if s.Volatile {
+ options = append(options, libpod.WithVolatile())
+ }
useSystemd := false
switch s.Systemd {
@@ -202,11 +211,8 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
case "false":
break
case "", "true":
- if len(command) == 0 {
- command, err = img.Cmd(ctx)
- if err != nil {
- return nil, err
- }
+ if len(command) == 0 && imageData != nil {
+ command = imageData.Config.Cmd
}
if len(command) > 0 {
@@ -308,13 +314,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
}
// If the user did not specify a workdir on the CLI, let's extract it
// from the image.
- if s.WorkDir == "" && img != nil {
+ if s.WorkDir == "" && imageData != nil {
options = append(options, libpod.WithCreateWorkingDir())
- wd, err := img.WorkingDir(ctx)
- if err != nil {
- return nil, err
- }
- s.WorkDir = wd
+ s.WorkDir = imageData.Config.WorkingDir
}
if s.WorkDir == "" {
s.WorkDir = "/"
@@ -325,6 +327,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
if s.StopTimeout != nil {
options = append(options, libpod.WithStopTimeout(*s.StopTimeout))
}
+ if s.Timeout != 0 {
+ options = append(options, libpod.WithTimeout(s.Timeout))
+ }
if s.LogConfiguration != nil {
if len(s.LogConfiguration.Path) > 0 {
options = append(options, libpod.WithLogPath(s.LogConfiguration.Path))
@@ -364,7 +369,7 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
options = append(options, libpod.WithPrivileged(s.Privileged))
// Get namespace related options
- namespaceOptions, err := namespaceOptions(ctx, s, rt, pod, img)
+ namespaceOptions, err := namespaceOptions(ctx, s, rt, pod, imageData)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 1347ed1e0..73c1c31ba 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -7,9 +7,9 @@ import (
"net"
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/parse"
"github.com/containers/common/pkg/secrets"
- "github.com/containers/podman/v3/libpod/image"
ann "github.com/containers/podman/v3/pkg/annotations"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
@@ -79,7 +79,7 @@ type CtrSpecGenOptions struct {
// Container as read from the pod yaml
Container v1.Container
// Image available to use (pulled or found local)
- Image *image.Image
+ Image *libimage.Image
// Volumes for all containers
Volumes map[string]*KubeVolume
// PodID of the parent pod
@@ -165,7 +165,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
// TODO: We don't understand why specgen does not take of this, but
// integration tests clearly pointed out that it was required.
- imageData, err := opts.Image.Inspect(ctx)
+ imageData, err := opts.Image.Inspect(ctx, false)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b52e8d100..278f35c22 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -6,10 +6,10 @@ import (
"os"
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
@@ -79,7 +79,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
// joining a pod.
// TODO: Consider grouping options that are not directly attached to a namespace
// elsewhere.
-func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, img *image.Image) ([]libpod.CtrCreateOption, error) {
+func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, imageData *libimage.ImageData) ([]libpod.CtrCreateOption, error) {
toReturn := []libpod.CtrCreateOption{}
// If pod is not nil, get infra container.
@@ -234,7 +234,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
}
toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr))
case specgen.Slirp:
- portMappings, err := createPortMappings(ctx, s, img)
+ portMappings, err := createPortMappings(ctx, s, imageData)
if err != nil {
return nil, err
}
@@ -246,7 +246,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.Private:
fallthrough
case specgen.Bridge:
- portMappings, err := createPortMappings(ctx, s, img)
+ portMappings, err := createPortMappings(ctx, s, imageData)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index 4eae09a5e..bf8d44ed6 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -5,10 +5,10 @@ import (
"path"
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/cgroups"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/specgen"
@@ -95,16 +95,12 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
}
// Produce the final command for the container.
-func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image, rtc *config.Config) ([]string, error) {
+func makeCommand(ctx context.Context, s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *config.Config) ([]string, error) {
finalCommand := []string{}
entrypoint := s.Entrypoint
- if entrypoint == nil && img != nil {
- newEntry, err := img.Entrypoint(ctx)
- if err != nil {
- return nil, err
- }
- entrypoint = newEntry
+ if entrypoint == nil && imageData != nil {
+ entrypoint = imageData.Config.Entrypoint
}
// Don't append the entrypoint if it is [""]
@@ -115,12 +111,8 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image
// Only use image command if the user did not manually set an
// entrypoint.
command := s.Command
- if len(command) == 0 && img != nil && len(s.Entrypoint) == 0 {
- newCmd, err := img.Cmd(ctx)
- if err != nil {
- return nil, err
- }
- command = newCmd
+ if len(command) == 0 && imageData != nil && len(s.Entrypoint) == 0 {
+ command = imageData.Config.Cmd
}
finalCommand = append(finalCommand, command...)
@@ -182,7 +174,7 @@ func getCGroupPermissons(unmask []string) string {
}
// SpecGenToOCI returns the base configuration for the container.
-func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *image.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string) (*spec.Spec, error) {
+func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string) (*spec.Spec, error) {
cgroupPerm := getCGroupPermissons(s.Unmask)
g, err := generate.New("linux")
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 678e36a70..6832664a7 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -6,9 +6,9 @@ import (
"strconv"
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/podman/v3/utils"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/pkg/errors"
@@ -253,7 +253,7 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
}
// Make final port mappings for the container
-func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *image.Image) ([]ocicni.PortMapping, error) {
+func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, imageData *libimage.ImageData) ([]ocicni.PortMapping, error) {
finalMappings, containerPortValidate, hostPortValidate, err := parsePortMapping(s.PortMappings)
if err != nil {
return nil, err
@@ -262,7 +262,7 @@ func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *imag
// If not publishing exposed ports, or if we are publishing and there is
// nothing to publish - then just return the port mappings we've made so
// far.
- if !s.PublishExposedPorts || (len(s.Expose) == 0 && img == nil) {
+ if !s.PublishExposedPorts || (len(s.Expose) == 0 && imageData == nil) {
return finalMappings, nil
}
@@ -273,12 +273,8 @@ func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *imag
for k, v := range s.Expose {
expose[k] = v
}
- if img != nil {
- inspect, err := img.InspectNoSize(ctx)
- if err != nil {
- return nil, errors.Wrapf(err, "error inspecting image to get exposed ports")
- }
- for imgExpose := range inspect.Config.ExposedPorts {
+ if imageData != nil {
+ for imgExpose := range imageData.Config.ExposedPorts {
// Expose format is portNumber[/protocol]
splitExpose := strings.SplitN(imgExpose, "/", 2)
num, err := strconv.Atoi(splitExpose[0])
diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go
index e0e4a47a4..a12cc09e2 100644
--- a/pkg/specgen/generate/security.go
+++ b/pkg/specgen/generate/security.go
@@ -3,12 +3,12 @@ package generate
import (
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/capabilities"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
"github.com/opencontainers/runtime-tools/generate"
@@ -80,7 +80,7 @@ func setupApparmor(s *specgen.SpecGenerator, rtc *config.Config, g *generate.Gen
return nil
}
-func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *image.Image, rtc *config.Config) error {
+func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
var (
caplist []string
err error
diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go
index 8066834f7..13f336594 100644
--- a/pkg/specgen/generate/storage.go
+++ b/pkg/specgen/generate/storage.go
@@ -8,10 +8,10 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
- "github.com/containers/podman/v3/libpod/image"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -24,7 +24,7 @@ var (
)
// Produce final mounts and named volumes for a container
-func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *image.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
+func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) {
// Get image volumes
baseMounts, baseVolumes, err := getImageVolumes(ctx, img, s)
if err != nil {
@@ -173,7 +173,7 @@ func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Ru
}
// Get image volumes from the given image
-func getImageVolumes(ctx context.Context, img *image.Image, s *specgen.SpecGenerator) (map[string]spec.Mount, map[string]*specgen.NamedVolume, error) {
+func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGenerator) (map[string]spec.Mount, map[string]*specgen.NamedVolume, error) {
mounts := make(map[string]spec.Mount)
volumes := make(map[string]*specgen.NamedVolume)
@@ -184,7 +184,7 @@ func getImageVolumes(ctx context.Context, img *image.Image, s *specgen.SpecGener
return mounts, volumes, nil
}
- inspect, err := img.InspectNoSize(ctx)
+ inspect, err := img.Inspect(ctx, false)
if err != nil {
return nil, nil, errors.Wrapf(err, "error inspecting image to get image volumes")
}