diff options
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r-- | pkg/specgen/generate/config_linux.go | 56 | ||||
-rw-r--r-- | pkg/specgen/generate/config_linux_cgo.go | 4 | ||||
-rw-r--r-- | pkg/specgen/generate/config_linux_nocgo.go | 4 | ||||
-rw-r--r-- | pkg/specgen/generate/config_linux_test.go | 28 | ||||
-rw-r--r-- | pkg/specgen/generate/container.go | 93 | ||||
-rw-r--r-- | pkg/specgen/generate/container_create.go | 49 | ||||
-rw-r--r-- | pkg/specgen/generate/kube/kube.go | 6 | ||||
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 8 | ||||
-rw-r--r-- | pkg/specgen/generate/oci.go | 22 | ||||
-rw-r--r-- | pkg/specgen/generate/ports.go | 14 | ||||
-rw-r--r-- | pkg/specgen/generate/security.go | 4 | ||||
-rw-r--r-- | pkg/specgen/generate/storage.go | 8 |
12 files changed, 135 insertions, 161 deletions
diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index 5c945cff3..6b9e9c4bf 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -10,7 +10,6 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/rootless" - "github.com/containers/podman/v3/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" @@ -151,30 +150,23 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, mask, unmask "/sys/dev/block", } - unmaskAll := false - if unmask != nil && unmask[0] == "ALL" { - unmaskAll = true - } - if !privileged { - if !unmaskAll { - for _, mp := range defaultMaskPaths { - // check that the path to mask is not in the list of paths to unmask - if !util.StringInSlice(mp, unmask) { - g.AddLinuxMaskedPaths(mp) - } + for _, mp := range defaultMaskPaths { + // check that the path to mask is not in the list of paths to unmask + if shouldMask(mp, unmask) { + g.AddLinuxMaskedPaths(mp) } - for _, rp := range []string{ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger", - } { - if !util.StringInSlice(rp, unmask) { - g.AddLinuxReadonlyPaths(rp) - } + } + for _, rp := range []string{ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger", + } { + if shouldMask(rp, unmask) { + g.AddLinuxReadonlyPaths(rp) } } @@ -376,3 +368,21 @@ func supportAmbientCapabilities() bool { err := unix.Prctl(unix.PR_CAP_AMBIENT, unix.PR_CAP_AMBIENT_IS_SET, 0, 0, 0) return err == nil } + +func shouldMask(mask string, unmask []string) bool { + for _, m := range unmask { + if strings.ToLower(m) == "all" { + return false + } + for _, m1 := range strings.Split(m, ":") { + match, err := filepath.Match(m1, mask) + if err != nil { + logrus.Errorf(err.Error()) + } + if match { + return false + } + } + } + return true +} diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go index 41f03d5b6..6ffbf69c1 100644 --- a/pkg/specgen/generate/config_linux_cgo.go +++ b/pkg/specgen/generate/config_linux_cgo.go @@ -6,8 +6,8 @@ import ( "context" "io/ioutil" + "github.com/containers/common/libimage" goSeccomp "github.com/containers/common/pkg/seccomp" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/seccomp" "github.com/containers/podman/v3/pkg/specgen" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -15,7 +15,7 @@ import ( "github.com/sirupsen/logrus" ) -func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) { +func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) { var seccompConfig *spec.LinuxSeccomp var err error scp, err := seccomp.LookupPolicy(s.SeccompPolicy) diff --git a/pkg/specgen/generate/config_linux_nocgo.go b/pkg/specgen/generate/config_linux_nocgo.go index 0867988b6..4a1880b74 100644 --- a/pkg/specgen/generate/config_linux_nocgo.go +++ b/pkg/specgen/generate/config_linux_nocgo.go @@ -5,11 +5,11 @@ package generate import ( "errors" - "github.com/containers/podman/v3/libpod/image" + "github.com/containers/common/libimage" "github.com/containers/podman/v3/pkg/specgen" spec "github.com/opencontainers/runtime-spec/specs-go" ) -func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *image.Image) (*spec.LinuxSeccomp, error) { +func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) { return nil, errors.New("not implemented") } diff --git a/pkg/specgen/generate/config_linux_test.go b/pkg/specgen/generate/config_linux_test.go new file mode 100644 index 000000000..39973324b --- /dev/null +++ b/pkg/specgen/generate/config_linux_test.go @@ -0,0 +1,28 @@ +package generate + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestShouldMask(t *testing.T) { + tests := []struct { + mask string + unmask []string + shouldMask bool + }{ + {"/proc/foo", []string{"all"}, false}, + {"/proc/foo", []string{"ALL"}, false}, + {"/proc/foo", []string{"/proc/foo"}, false}, + {"/proc/foo", []string{"/proc/*"}, false}, + {"/proc/foo", []string{"/proc/bar", "all"}, false}, + {"/proc/foo", []string{"/proc/f*"}, false}, + {"/proc/foo", []string{"/proc/b*"}, true}, + {"/proc/foo", []string{}, true}, + } + for _, test := range tests { + val := shouldMask(test.mask, test.unmask) + assert.Equal(t, val, test.shouldMask) + } +} diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 3d20ed8ff..d00e51e82 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -5,90 +5,45 @@ import ( "os" "strings" - "github.com/containers/image/v5/manifest" + "github.com/containers/common/libimage" "github.com/containers/podman/v3/libpod" - "github.com/containers/podman/v3/libpod/image" ann "github.com/containers/podman/v3/pkg/annotations" envLib "github.com/containers/podman/v3/pkg/env" "github.com/containers/podman/v3/pkg/signal" "github.com/containers/podman/v3/pkg/specgen" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) // Fill any missing parts of the spec generator (e.g. from the image). // Returns a set of warnings or any fatal error that occurred. func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) ([]string, error) { - var ( - newImage *image.Image - err error - ) - // Only add image configuration if we have an image + var newImage *libimage.Image + var inspectData *libimage.ImageData + var err error if s.Image != "" { - newImage, err = r.ImageRuntime().NewFromLocal(s.Image) + newImage, _, err = r.LibimageRuntime().LookupImage(s.Image, nil) if err != nil { return nil, err } - _, mediaType, err := newImage.Manifest(ctx) + inspectData, err = newImage.Inspect(ctx, false) if err != nil { - if errors.Cause(err) != image.ErrImageIsBareList { - return nil, err - } - // if err is not runnable image - // use the local store image with repo@digest matches with the list, if exists - manifestByte, manifestType, err := newImage.GetManifest(ctx, nil) - if err != nil { - return nil, err - } - list, err := manifest.ListFromBlob(manifestByte, manifestType) - if err != nil { - return nil, err - } - images, err := r.ImageRuntime().GetImages() - if err != nil { - return nil, err - } - findLocal := false - listDigest, err := list.ChooseInstance(r.SystemContext()) - if err != nil { - return nil, err - } - for _, img := range images { - for _, imageDigest := range img.Digests() { - if imageDigest == listDigest { - newImage = img - s.Image = img.ID() - mediaType = manifestType - findLocal = true - logrus.Debug("image contains manifest list, using image from local storage") - break - } - } - } - if !findLocal { - return nil, image.ErrImageIsBareList - } + return nil, err } - if s.HealthConfig == nil && mediaType == manifest.DockerV2Schema2MediaType { - s.HealthConfig, err = newImage.GetHealthCheck(ctx) - if err != nil { - return nil, err - } + if s.HealthConfig == nil { + // NOTE: the health check is only set for Docker images + // but inspect will take care of it. + s.HealthConfig = inspectData.HealthCheck } // Image stop signal if s.StopSignal == nil { - stopSignal, err := newImage.StopSignal(ctx) - if err != nil { - return nil, err - } - if stopSignal != "" { - sig, err := signal.ParseSignalNameOrNumber(stopSignal) + if inspectData.Config.StopSignal != "" { + sig, err := signal.ParseSignalNameOrNumber(inspectData.Config.StopSignal) if err != nil { return nil, err } @@ -113,15 +68,10 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat var envs map[string]string // Image Environment defaults - if newImage != nil { + if inspectData != nil { // Image envs from the image if they don't exist // already, overriding the default environments - imageEnvs, err := newImage.Env(ctx) - if err != nil { - return nil, err - } - - envs, err = envLib.ParseSlice(imageEnvs) + envs, err = envLib.ParseSlice(inspectData.Config.Env) if err != nil { return nil, errors.Wrap(err, "Env fields from image failed to parse") } @@ -175,11 +125,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat } // Add annotations from the image - imgAnnotations, err := newImage.Annotations(ctx) - if err != nil { - return nil, err - } - for k, v := range imgAnnotations { + for k, v := range inspectData.Annotations { annotations[k] = v } } @@ -221,11 +167,8 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat s.SeccompProfilePath = p } - if len(s.User) == 0 && newImage != nil { - s.User, err = newImage.User(ctx) - if err != nil { - return nil, err - } + if len(s.User) == 0 && inspectData != nil { + s.User = inspectData.Config.User } if err := finishThrottleDevices(s); err != nil { return nil, err diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index dcacb3780..7682367b7 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -7,9 +7,9 @@ import ( "strings" cdi "github.com/container-orchestrated-devices/container-device-interface/pkg" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" "github.com/containers/storage/types" @@ -86,11 +86,18 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener options = append(options, libpod.WithCreateCommand(s.ContainerCreateCommand)) } - var newImage *image.Image + var newImage *libimage.Image + var imageData *libimage.ImageData if s.Rootfs != "" { options = append(options, libpod.WithRootFS(s.Rootfs)) } else { - newImage, err = rt.ImageRuntime().NewFromLocal(s.Image) + var resolvedImageName string + newImage, resolvedImageName, err = rt.LibimageRuntime().LookupImage(s.Image, nil) + if err != nil { + return nil, err + } + + imageData, err = newImage.Inspect(ctx, false) if err != nil { return nil, err } @@ -98,15 +105,14 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener // image. Otherwise, it must have been an ID where we're // defaulting to the first name or an empty one if no names are // present. - imgName := newImage.InputName - if s.Image == newImage.InputName && strings.HasPrefix(newImage.ID(), s.Image) { + if strings.HasPrefix(newImage.ID(), resolvedImageName) { names := newImage.Names() if len(names) > 0 { - imgName = names[0] + resolvedImageName = names[0] } } - options = append(options, libpod.WithRootFSFromImage(newImage.ID(), imgName, s.RawImageName)) + options = append(options, libpod.WithRootFSFromImage(newImage.ID(), resolvedImageName, s.RawImageName)) } if err := s.Validate(); err != nil { return nil, errors.Wrap(err, "invalid config provided") @@ -117,12 +123,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener return nil, err } - command, err := makeCommand(ctx, s, newImage, rtc) + command, err := makeCommand(ctx, s, imageData, rtc) if err != nil { return nil, err } - opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, newImage, command) + opts, err := createContainerOptions(ctx, rt, s, pod, finalVolumes, finalOverlays, imageData, command) if err != nil { return nil, err } @@ -176,7 +182,7 @@ func extractCDIDevices(s *specgen.SpecGenerator) []libpod.CtrCreateOption { return options } -func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, img *image.Image, command []string) ([]libpod.CtrCreateOption, error) { +func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGenerator, pod *libpod.Pod, volumes []*specgen.NamedVolume, overlays []*specgen.OverlayVolume, imageData *libimage.ImageData, command []string) ([]libpod.CtrCreateOption, error) { var options []libpod.CtrCreateOption var err error @@ -194,6 +200,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. if s.Umask != "" { options = append(options, libpod.WithUmask(s.Umask)) } + if s.Volatile { + options = append(options, libpod.WithVolatile()) + } useSystemd := false switch s.Systemd { @@ -202,11 +211,8 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. case "false": break case "", "true": - if len(command) == 0 { - command, err = img.Cmd(ctx) - if err != nil { - return nil, err - } + if len(command) == 0 && imageData != nil { + command = imageData.Config.Cmd } if len(command) > 0 { @@ -308,13 +314,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. } // If the user did not specify a workdir on the CLI, let's extract it // from the image. - if s.WorkDir == "" && img != nil { + if s.WorkDir == "" && imageData != nil { options = append(options, libpod.WithCreateWorkingDir()) - wd, err := img.WorkingDir(ctx) - if err != nil { - return nil, err - } - s.WorkDir = wd + s.WorkDir = imageData.Config.WorkingDir } if s.WorkDir == "" { s.WorkDir = "/" @@ -325,6 +327,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. if s.StopTimeout != nil { options = append(options, libpod.WithStopTimeout(*s.StopTimeout)) } + if s.Timeout != 0 { + options = append(options, libpod.WithTimeout(s.Timeout)) + } if s.LogConfiguration != nil { if len(s.LogConfiguration.Path) > 0 { options = append(options, libpod.WithLogPath(s.LogConfiguration.Path)) @@ -364,7 +369,7 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. options = append(options, libpod.WithPrivileged(s.Privileged)) // Get namespace related options - namespaceOptions, err := namespaceOptions(ctx, s, rt, pod, img) + namespaceOptions, err := namespaceOptions(ctx, s, rt, pod, imageData) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 1347ed1e0..73c1c31ba 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -7,9 +7,9 @@ import ( "net" "strings" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" - "github.com/containers/podman/v3/libpod/image" ann "github.com/containers/podman/v3/pkg/annotations" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" @@ -79,7 +79,7 @@ type CtrSpecGenOptions struct { // Container as read from the pod yaml Container v1.Container // Image available to use (pulled or found local) - Image *image.Image + Image *libimage.Image // Volumes for all containers Volumes map[string]*KubeVolume // PodID of the parent pod @@ -165,7 +165,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener // TODO: We don't understand why specgen does not take of this, but // integration tests clearly pointed out that it was required. - imageData, err := opts.Image.Inspect(ctx) + imageData, err := opts.Image.Inspect(ctx, false) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index b52e8d100..278f35c22 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -6,10 +6,10 @@ import ( "os" "strings" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" @@ -79,7 +79,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) // joining a pod. // TODO: Consider grouping options that are not directly attached to a namespace // elsewhere. -func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, img *image.Image) ([]libpod.CtrCreateOption, error) { +func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.Pod, imageData *libimage.ImageData) ([]libpod.CtrCreateOption, error) { toReturn := []libpod.CtrCreateOption{} // If pod is not nil, get infra container. @@ -234,7 +234,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. } toReturn = append(toReturn, libpod.WithNetNSFrom(netCtr)) case specgen.Slirp: - portMappings, err := createPortMappings(ctx, s, img) + portMappings, err := createPortMappings(ctx, s, imageData) if err != nil { return nil, err } @@ -246,7 +246,7 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. case specgen.Private: fallthrough case specgen.Bridge: - portMappings, err := createPortMappings(ctx, s, img) + portMappings, err := createPortMappings(ctx, s, imageData) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 4eae09a5e..bf8d44ed6 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -5,10 +5,10 @@ import ( "path" "strings" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/cgroups" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/specgen" @@ -95,16 +95,12 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error { } // Produce the final command for the container. -func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image, rtc *config.Config) ([]string, error) { +func makeCommand(ctx context.Context, s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *config.Config) ([]string, error) { finalCommand := []string{} entrypoint := s.Entrypoint - if entrypoint == nil && img != nil { - newEntry, err := img.Entrypoint(ctx) - if err != nil { - return nil, err - } - entrypoint = newEntry + if entrypoint == nil && imageData != nil { + entrypoint = imageData.Config.Entrypoint } // Don't append the entrypoint if it is [""] @@ -115,12 +111,8 @@ func makeCommand(ctx context.Context, s *specgen.SpecGenerator, img *image.Image // Only use image command if the user did not manually set an // entrypoint. command := s.Command - if len(command) == 0 && img != nil && len(s.Entrypoint) == 0 { - newCmd, err := img.Cmd(ctx) - if err != nil { - return nil, err - } - command = newCmd + if len(command) == 0 && imageData != nil && len(s.Entrypoint) == 0 { + command = imageData.Config.Cmd } finalCommand = append(finalCommand, command...) @@ -182,7 +174,7 @@ func getCGroupPermissons(unmask []string) string { } // SpecGenToOCI returns the base configuration for the container. -func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *image.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string) (*spec.Spec, error) { +func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string) (*spec.Spec, error) { cgroupPerm := getCGroupPermissons(s.Unmask) g, err := generate.New("linux") diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go index 678e36a70..6832664a7 100644 --- a/pkg/specgen/generate/ports.go +++ b/pkg/specgen/generate/ports.go @@ -6,9 +6,9 @@ import ( "strconv" "strings" + "github.com/containers/common/libimage" "github.com/containers/podman/v3/utils" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/specgen" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/pkg/errors" @@ -253,7 +253,7 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping, } // Make final port mappings for the container -func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *image.Image) ([]ocicni.PortMapping, error) { +func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, imageData *libimage.ImageData) ([]ocicni.PortMapping, error) { finalMappings, containerPortValidate, hostPortValidate, err := parsePortMapping(s.PortMappings) if err != nil { return nil, err @@ -262,7 +262,7 @@ func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *imag // If not publishing exposed ports, or if we are publishing and there is // nothing to publish - then just return the port mappings we've made so // far. - if !s.PublishExposedPorts || (len(s.Expose) == 0 && img == nil) { + if !s.PublishExposedPorts || (len(s.Expose) == 0 && imageData == nil) { return finalMappings, nil } @@ -273,12 +273,8 @@ func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, img *imag for k, v := range s.Expose { expose[k] = v } - if img != nil { - inspect, err := img.InspectNoSize(ctx) - if err != nil { - return nil, errors.Wrapf(err, "error inspecting image to get exposed ports") - } - for imgExpose := range inspect.Config.ExposedPorts { + if imageData != nil { + for imgExpose := range imageData.Config.ExposedPorts { // Expose format is portNumber[/protocol] splitExpose := strings.SplitN(imgExpose, "/", 2) num, err := strconv.Atoi(splitExpose[0]) diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go index e0e4a47a4..a12cc09e2 100644 --- a/pkg/specgen/generate/security.go +++ b/pkg/specgen/generate/security.go @@ -3,12 +3,12 @@ package generate import ( "strings" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/capabilities" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" "github.com/opencontainers/runtime-tools/generate" @@ -80,7 +80,7 @@ func setupApparmor(s *specgen.SpecGenerator, rtc *config.Config, g *generate.Gen return nil } -func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *image.Image, rtc *config.Config) error { +func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error { var ( caplist []string err error diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index 8066834f7..13f336594 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -8,10 +8,10 @@ import ( "path/filepath" "strings" + "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" - "github.com/containers/podman/v3/libpod/image" "github.com/containers/podman/v3/pkg/specgen" "github.com/containers/podman/v3/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -24,7 +24,7 @@ var ( ) // Produce final mounts and named volumes for a container -func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *image.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) { +func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, img *libimage.Image) ([]spec.Mount, []*specgen.NamedVolume, []*specgen.OverlayVolume, error) { // Get image volumes baseMounts, baseVolumes, err := getImageVolumes(ctx, img, s) if err != nil { @@ -173,7 +173,7 @@ func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Ru } // Get image volumes from the given image -func getImageVolumes(ctx context.Context, img *image.Image, s *specgen.SpecGenerator) (map[string]spec.Mount, map[string]*specgen.NamedVolume, error) { +func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGenerator) (map[string]spec.Mount, map[string]*specgen.NamedVolume, error) { mounts := make(map[string]spec.Mount) volumes := make(map[string]*specgen.NamedVolume) @@ -184,7 +184,7 @@ func getImageVolumes(ctx context.Context, img *image.Image, s *specgen.SpecGener return mounts, volumes, nil } - inspect, err := img.InspectNoSize(ctx) + inspect, err := img.Inspect(ctx, false) if err != nil { return nil, nil, errors.Wrapf(err, "error inspecting image to get image volumes") } |