aboutsummaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/generate/container_create.go7
-rw-r--r--pkg/specgen/generate/kube/kube.go9
-rw-r--r--pkg/specgen/generate/kube/volume.go14
-rw-r--r--pkg/specgen/generate/namespaces.go11
-rw-r--r--pkg/specgen/namespaces.go15
-rw-r--r--pkg/specgen/volumes.go3
6 files changed, 49 insertions, 10 deletions
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index e9cec2873..819800176 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -387,9 +387,10 @@ func createContainerOptions(rt *libpod.Runtime, s *specgen.SpecGenerator, pod *l
var vols []*libpod.ContainerNamedVolume
for _, v := range volumes {
vols = append(vols, &libpod.ContainerNamedVolume{
- Name: v.Name,
- Dest: v.Dest,
- Options: v.Options,
+ Name: v.Name,
+ Dest: v.Dest,
+ Options: v.Options,
+ IsAnonymous: v.IsAnonymous,
})
}
options = append(options, libpod.WithNamedVolumes(vols))
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index e9abf419b..375b719d3 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -406,8 +406,15 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
Name: volumeSource.Source,
Options: options,
}
-
s.Volumes = append(s.Volumes, &secretVolume)
+ case KubeVolumeTypeEmptyDir:
+ emptyDirVolume := specgen.NamedVolume{
+ Dest: volume.MountPath,
+ Name: volumeSource.Source,
+ Options: options,
+ IsAnonymous: true,
+ }
+ s.Volumes = append(s.Volumes, &emptyDirVolume)
default:
return nil, errors.New("unsupported volume source type")
}
diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go
index c12adadd8..230521ec6 100644
--- a/pkg/specgen/generate/kube/volume.go
+++ b/pkg/specgen/generate/kube/volume.go
@@ -32,6 +32,7 @@ const (
KubeVolumeTypeBlockDevice
KubeVolumeTypeCharDevice
KubeVolumeTypeSecret
+ KubeVolumeTypeEmptyDir
)
//nolint:revive
@@ -219,8 +220,13 @@ func VolumeFromConfigMap(configMapVolumeSource *v1.ConfigMapVolumeSource, config
return kv, nil
}
+// Create a kubeVolume for an emptyDir volume
+func VolumeFromEmptyDir(emptyDirVolumeSource *v1.EmptyDirVolumeSource, name string) (*KubeVolume, error) {
+ return &KubeVolume{Type: KubeVolumeTypeEmptyDir, Source: name}, nil
+}
+
// Create a KubeVolume from one of the supported VolumeSource
-func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager) (*KubeVolume, error) {
+func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager, volName string) (*KubeVolume, error) {
switch {
case volumeSource.HostPath != nil:
return VolumeFromHostPath(volumeSource.HostPath)
@@ -230,8 +236,10 @@ func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, s
return VolumeFromConfigMap(volumeSource.ConfigMap, configMaps)
case volumeSource.Secret != nil:
return VolumeFromSecret(volumeSource.Secret, secretsManager)
+ case volumeSource.EmptyDir != nil:
+ return VolumeFromEmptyDir(volumeSource.EmptyDir, volName)
default:
- return nil, errors.New("HostPath, ConfigMap, and PersistentVolumeClaim are currently the only supported VolumeSource")
+ return nil, errors.New("HostPath, ConfigMap, EmptyDir, and PersistentVolumeClaim are currently the only supported VolumeSource")
}
}
@@ -240,7 +248,7 @@ func InitializeVolumes(specVolumes []v1.Volume, configMaps []v1.ConfigMap, secre
volumes := make(map[string]*KubeVolume)
for _, specVolume := range specVolumes {
- volume, err := VolumeFromSource(specVolume.VolumeSource, configMaps, secretsManager)
+ volume, err := VolumeFromSource(specVolume.VolumeSource, configMaps, secretsManager, specVolume.Name)
if err != nil {
return nil, fmt.Errorf("failed to create volume %q: %w", specVolume.Name, err)
}
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index aee4db0e6..f57b6c23c 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/libpod/define"
+ "github.com/containers/podman/v4/pkg/namespaces"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/podman/v4/pkg/specgen"
"github.com/containers/podman/v4/pkg/util"
@@ -196,12 +197,18 @@ func namespaceOptions(s *specgen.SpecGenerator, rt *libpod.Runtime, pod *libpod.
if !rootless.IsRootless() {
return nil, errors.New("keep-id is only supported in rootless mode")
}
- toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+ opts, err := namespaces.UsernsMode(s.UserNS.String()).GetKeepIDOptions()
+ if err != nil {
+ return nil, err
+ }
+ if opts.UID == nil && opts.GID == nil {
+ toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+ }
// If user is not overridden, set user in the container
// to user running Podman.
if s.User == "" {
- _, uid, gid, err := util.GetKeepIDMapping()
+ _, uid, gid, err := util.GetKeepIDMapping(opts)
if err != nil {
return nil, err
}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 03a2049f6..8cc0fe6a9 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -11,6 +11,7 @@ import (
"github.com/containers/common/pkg/cgroups"
cutil "github.com/containers/common/pkg/util"
"github.com/containers/podman/v4/libpod/define"
+ "github.com/containers/podman/v4/pkg/namespaces"
"github.com/containers/podman/v4/pkg/util"
"github.com/containers/storage"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -308,6 +309,14 @@ func ParseUserNamespace(ns string) (Namespace, error) {
case ns == "keep-id":
toReturn.NSMode = KeepID
return toReturn, nil
+ case strings.HasPrefix(ns, "keep-id:"):
+ split := strings.SplitN(ns, ":", 2)
+ if len(split) != 2 {
+ return toReturn, errors.New("invalid setting for keep-id: mode")
+ }
+ toReturn.NSMode = KeepID
+ toReturn.Value = split[1]
+ return toReturn, nil
case ns == "nomap":
toReturn.NSMode = NoMap
return toReturn, nil
@@ -490,7 +499,11 @@ func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *gene
return user, err
}
case KeepID:
- mappings, uid, gid, err := util.GetKeepIDMapping()
+ opts, err := namespaces.UsernsMode(userns.String()).GetKeepIDOptions()
+ if err != nil {
+ return user, err
+ }
+ mappings, uid, gid, err := util.GetKeepIDMapping(opts)
if err != nil {
return user, err
}
diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go
index 84de4fdd1..e70ed5b13 100644
--- a/pkg/specgen/volumes.go
+++ b/pkg/specgen/volumes.go
@@ -23,6 +23,9 @@ type NamedVolume struct {
Dest string
// Options are options that the named volume will be mounted with.
Options []string
+ // IsAnonymous sets the named volume as anonymous even if it has a name
+ // This is used for emptyDir volumes from a kube yaml
+ IsAnonymous bool
}
// OverlayVolume holds information about a overlay volume that will be mounted into
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-29 23:21:55 +0000