diff options
Diffstat (limited to 'pkg')
50 files changed, 440 insertions, 134 deletions
diff --git a/pkg/api/handlers/compat/containers_stats.go b/pkg/api/handlers/compat/containers_stats.go index 6855e369b..66743ce06 100644 --- a/pkg/api/handlers/compat/containers_stats.go +++ b/pkg/api/handlers/compat/containers_stats.go @@ -132,6 +132,12 @@ streamLabel: // A label to flatten the scope InstanceID: "", } + cfg := ctnr.Config() + memoryLimit := cgroupStat.Memory.Usage.Limit + if cfg.Spec.Linux != nil && cfg.Spec.Linux.Resources != nil && cfg.Spec.Linux.Resources.Memory != nil && *cfg.Spec.Linux.Resources.Memory.Limit > 0 { + memoryLimit = uint64(*cfg.Spec.Linux.Resources.Memory.Limit) + } + systemUsage, _ := cgroups.GetSystemCPUUsage() s := StatsJSON{ Stats: Stats{ @@ -173,7 +179,7 @@ streamLabel: // A label to flatten the scope MaxUsage: cgroupStat.Memory.Usage.Limit, Stats: nil, Failcnt: 0, - Limit: cgroupStat.Memory.Usage.Limit, + Limit: memoryLimit, Commit: 0, CommitPeak: 0, PrivateWorkingSet: 0, diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index 76a28fadf..981a38c35 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -165,7 +165,7 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusInternalServerError, errors.Wrapf(err, "CommitFailure")) return } - utils.WriteResponse(w, http.StatusCreated, entities.IDResponse{ID: commitImage.ID()}) // nolint + utils.WriteResponse(w, http.StatusCreated, entities.IDResponse{ID: commitImage.ID()}) } func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) { @@ -237,7 +237,7 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) { Status string `json:"status"` Progress string `json:"progress"` ProgressDetail map[string]string `json:"progressDetail"` - Id string `json:"id"` // nolint + Id string `json:"id"` //nolint:revive,stylecheck }{ Status: report.Id, ProgressDetail: map[string]string{}, @@ -333,7 +333,7 @@ loop: // break out of for/select infinite loop Total int64 `json:"total,omitempty"` } `json:"progressDetail,omitempty"` Error string `json:"error,omitempty"` - Id string `json:"id,omitempty"` // nolint + Id string `json:"id,omitempty"` //nolint:revive,stylecheck } select { case e := <-progress: diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index fe17aa1d4..80fc17f56 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -78,15 +78,15 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { AppArmor string `schema:"apparmor"` BuildArgs string `schema:"buildargs"` CacheFrom string `schema:"cachefrom"` - CgroupParent string `schema:"cgroupparent"` // nolint + CgroupParent string `schema:"cgroupparent"` Compression uint64 `schema:"compression"` ConfigureNetwork string `schema:"networkmode"` CPPFlags string `schema:"cppflags"` - CpuPeriod uint64 `schema:"cpuperiod"` // nolint - CpuQuota int64 `schema:"cpuquota"` // nolint - CpuSetCpus string `schema:"cpusetcpus"` // nolint - CpuSetMems string `schema:"cpusetmems"` // nolint - CpuShares uint64 `schema:"cpushares"` // nolint + CpuPeriod uint64 `schema:"cpuperiod"` //nolint:revive,stylecheck + CpuQuota int64 `schema:"cpuquota"` //nolint:revive,stylecheck + CpuSetCpus string `schema:"cpusetcpus"` //nolint:revive,stylecheck + CpuSetMems string `schema:"cpusetmems"` //nolint:revive,stylecheck + CpuShares uint64 `schema:"cpushares"` //nolint:revive,stylecheck DNSOptions string `schema:"dnsoptions"` DNSSearch string `schema:"dnssearch"` DNSServers string `schema:"dnsservers"` @@ -101,7 +101,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { IdentityLabel bool `schema:"identitylabel"` Ignore bool `schema:"ignore"` Isolation string `schema:"isolation"` - Jobs int `schema:"jobs"` // nolint + Jobs int `schema:"jobs"` LabelOpts string `schema:"labelopts"` Labels string `schema:"labels"` Layers bool `schema:"layers"` @@ -111,6 +111,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Memory int64 `schema:"memory"` NamespaceOptions string `schema:"nsoptions"` NoCache bool `schema:"nocache"` + OmitHistory bool `schema:"omithistory"` OSFeatures []string `schema:"osfeature"` OSVersion string `schema:"osversion"` OutputFormat string `schema:"outputformat"` @@ -366,7 +367,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { } } } - var additionalTags []string // nolint + var additionalTags []string for i := 1; i < len(tags); i++ { possiblyNormalizedTag, err := utils.NormalizeToDockerHub(r, tags[i]) if err != nil { @@ -595,6 +596,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { LabelOpts: labelOpts, Memory: query.Memory, MemorySwap: query.MemSwap, + OmitHistory: query.OmitHistory, SeccompProfilePath: seccomp, ShmSize: strconv.Itoa(query.ShmSize), Ulimit: ulimits, @@ -799,7 +801,7 @@ func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfiguratio } } -func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { // nolint +func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { if val, err := strconv.Atoi(isolation); err == nil { return buildah.Isolation(val), nil } diff --git a/pkg/api/handlers/compat/images_save.go b/pkg/api/handlers/compat/images_save.go index b39c719a0..6314756f6 100644 --- a/pkg/api/handlers/compat/images_save.go +++ b/pkg/api/handlers/compat/images_save.go @@ -6,7 +6,7 @@ import ( "os" ) -func SaveFromBody(f *os.File, r *http.Request) error { // nolint +func SaveFromBody(f *os.File, r *http.Request) error { if _, err := io.Copy(f, r.Body); err != nil { return err } diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go index 6b5bee403..deddcaf93 100644 --- a/pkg/api/handlers/libpod/containers.go +++ b/pkg/api/handlers/libpod/containers.go @@ -115,10 +115,6 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { utils.InternalServerError(w, err) return } - if len(pss) == 0 { - utils.WriteResponse(w, http.StatusOK, "[]") - return - } utils.WriteResponse(w, http.StatusOK, pss) } diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 60ed5feb3..a8a50ae58 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -562,7 +562,7 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusInternalServerError, errors.Wrapf(err, "CommitFailure")) return } - utils.WriteResponse(w, http.StatusOK, entities.IDResponse{ID: commitImage.ID()}) // nolint + utils.WriteResponse(w, http.StatusOK, entities.IDResponse{ID: commitImage.ID()}) } func UntagImage(w http.ResponseWriter, r *http.Request) { diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go index 433231f59..77f6dcf1d 100644 --- a/pkg/api/handlers/utils/images.go +++ b/pkg/api/handlers/utils/images.go @@ -68,7 +68,7 @@ func IsRegistryReference(name string) error { imageRef, err := alltransports.ParseImageName(name) if err != nil { // No supported transport -> assume a docker-stype reference. - return nil // nolint: nilerr + return nil //nolint: nilerr } if imageRef.Transport().Name() == docker.Transport.Name() { return nil diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go index 7a7e35e8e..5482a8ec2 100644 --- a/pkg/api/server/server.go +++ b/pkg/api/server/server.go @@ -148,7 +148,7 @@ func newServer(runtime *libpod.Runtime, listener net.Listener, opts entities.Ser if logrus.IsLevelEnabled(logrus.TraceLevel) { // If in trace mode log request and response bodies router.Use(loggingHandler()) - router.Walk(func(route *mux.Route, r *mux.Router, ancestors []*mux.Route) error { // nolint + _ = router.Walk(func(route *mux.Route, r *mux.Router, ancestors []*mux.Route) error { path, err := route.GetPathTemplate() if err != nil { path = "<N/A>" diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index 3739ec404..c21834e35 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -315,7 +315,8 @@ func unixClient(_url *url.URL) Connection { return connection } -// DoRequest assembles the http request and returns the response +// DoRequest assembles the http request and returns the response. +// The caller must close the response body. func (c *Connection) DoRequest(ctx context.Context, httpBody io.Reader, httpMethod, endpoint string, queryParams url.Values, headers http.Header, pathValues ...string) (*APIResponse, error) { var ( err error @@ -361,7 +362,7 @@ func (c *Connection) DoRequest(ctx context.Context, httpBody io.Reader, httpMeth // Give the Do three chances in the case of a comm/service hiccup for i := 1; i <= 3; i++ { - response, err = c.Client.Do(req) // nolint + response, err = c.Client.Do(req) //nolint:bodyclose // The caller has to close the body. if err == nil { break } diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go index be421cc8b..2d3422411 100644 --- a/pkg/bindings/containers/containers.go +++ b/pkg/bindings/containers/containers.go @@ -25,7 +25,7 @@ var ( // the most recent number of containers. The pod and size booleans indicate that pod information and rootfs // size information should also be included. Finally, the sync bool synchronizes the OCI runtime and // container state. -func List(ctx context.Context, options *ListOptions) ([]entities.ListContainer, error) { // nolint:typecheck +func List(ctx context.Context, options *ListOptions) ([]entities.ListContainer, error) { if options == nil { options = new(ListOptions) } @@ -339,7 +339,7 @@ func Unpause(ctx context.Context, nameOrID string, options *UnpauseOptions) erro // Wait blocks until the given container reaches a condition. If not provided, the condition will // default to stopped. If the condition is stopped, an exit code for the container will be provided. The // nameOrID can be a container name or a partial/full ID. -func Wait(ctx context.Context, nameOrID string, options *WaitOptions) (int32, error) { // nolint +func Wait(ctx context.Context, nameOrID string, options *WaitOptions) (int32, error) { if options == nil { options = new(WaitOptions) } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index fe81dc662..f14f866dd 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -170,6 +170,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } else { params.Set("rm", "0") } + if options.CommonBuildOpts.OmitHistory { + params.Set("omithistory", "1") + } else { + params.Set("omithistory", "0") + } if len(options.From) > 0 { params.Set("from", options.From) } @@ -616,7 +621,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { } name := filepath.ToSlash(strings.TrimPrefix(path, s+string(filepath.Separator))) - excluded, err := pm.Matches(name) // nolint:staticcheck + excluded, err := pm.Matches(name) //nolint:staticcheck if err != nil { return errors.Wrapf(err, "error checking if %q is excluded", name) } diff --git a/pkg/bindings/images/build_unix.go b/pkg/bindings/images/build_unix.go index 32e2ba9af..07bb8cbcd 100644 --- a/pkg/bindings/images/build_unix.go +++ b/pkg/bindings/images/build_unix.go @@ -11,7 +11,7 @@ import ( func checkHardLink(fi os.FileInfo) (devino, bool) { st := fi.Sys().(*syscall.Stat_t) return devino{ - Dev: uint64(st.Dev), // nolint: unconvert + Dev: uint64(st.Dev), //nolint: unconvert Ino: st.Ino, }, st.Nlink > 1 } diff --git a/pkg/ctime/ctime_linux.go b/pkg/ctime/ctime_linux.go index 7eb3caa6d..bf3cd5752 100644 --- a/pkg/ctime/ctime_linux.go +++ b/pkg/ctime/ctime_linux.go @@ -11,6 +11,6 @@ import ( func created(fi os.FileInfo) time.Time { st := fi.Sys().(*syscall.Stat_t) - //nolint + //nolint:unconvert // need to type cast on some cpu architectures return time.Unix(int64(st.Ctim.Sec), int64(st.Ctim.Nsec)) } diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go index 750f49590..17408f12f 100644 --- a/pkg/domain/entities/containers.go +++ b/pkg/domain/entities/containers.go @@ -56,7 +56,7 @@ type WaitOptions struct { } type WaitReport struct { - Id string //nolint + Id string //nolint:revive,stylecheck Error error ExitCode int32 } @@ -76,7 +76,7 @@ type PauseUnPauseOptions struct { type PauseUnpauseReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck } type StopOptions struct { @@ -88,7 +88,7 @@ type StopOptions struct { type StopReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck RawInput string } @@ -110,7 +110,7 @@ type KillOptions struct { type KillReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck RawInput string } @@ -123,7 +123,7 @@ type RestartOptions struct { type RestartReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck } type RmOptions struct { @@ -170,7 +170,7 @@ type CopyOptions struct { } type CommitReport struct { - Id string //nolint + Id string //nolint:revive,stylecheck } type ContainerExportOptions struct { @@ -196,7 +196,7 @@ type CheckpointOptions struct { type CheckpointReport struct { Err error `json:"-"` - Id string `json:"Id` //nolint + Id string `json:"Id"` //nolint:revive,stylecheck RuntimeDuration int64 `json:"runtime_checkpoint_duration"` CRIUStatistics *define.CRIUCheckpointRestoreStatistics `json:"criu_statistics"` } @@ -222,13 +222,13 @@ type RestoreOptions struct { type RestoreReport struct { Err error `json:"-"` - Id string `json:"Id` //nolint + Id string `json:"Id"` //nolint:revive,stylecheck RuntimeDuration int64 `json:"runtime_restore_duration"` CRIUStatistics *define.CRIUCheckpointRestoreStatistics `json:"criu_statistics"` } type ContainerCreateReport struct { - Id string //nolint + Id string //nolint:revive,stylecheck } // AttachOptions describes the cli and other values @@ -307,7 +307,7 @@ type ContainerStartOptions struct { // ContainerStartReport describes the response from starting // containers from the cli type ContainerStartReport struct { - Id string //nolint + Id string //nolint:revive,stylecheck RawInput string Err error ExitCode int @@ -351,7 +351,7 @@ type ContainerRunOptions struct { // a container type ContainerRunReport struct { ExitCode int - Id string //nolint + Id string //nolint:revive,stylecheck } // ContainerCleanupOptions are the CLI values for the @@ -368,7 +368,7 @@ type ContainerCleanupOptions struct { // container cleanup type ContainerCleanupReport struct { CleanErr error - Id string //nolint + Id string //nolint:revive,stylecheck RmErr error RmiErr error } @@ -384,7 +384,7 @@ type ContainerInitOptions struct { // container init type ContainerInitReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck } // ContainerMountOptions describes the input values for mounting containers @@ -406,7 +406,7 @@ type ContainerUnmountOptions struct { // ContainerMountReport describes the response from container mount type ContainerMountReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck Name string Path string } @@ -414,7 +414,7 @@ type ContainerMountReport struct { // ContainerUnmountReport describes the response from umounting a container type ContainerUnmountReport struct { Err error - Id string //nolint + Id string //nolint:revive,stylecheck } // ContainerPruneOptions describes the options needed @@ -433,7 +433,7 @@ type ContainerPortOptions struct { // ContainerPortReport describes the output needed for // the CLI to output ports type ContainerPortReport struct { - Id string //nolint + Id string //nolint:revive,stylecheck Ports []nettypes.PortMapping } diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index 6b70a3452..df42876f6 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -71,6 +71,7 @@ type ContainerEngine interface { PlayKube(ctx context.Context, body io.Reader, opts PlayKubeOptions) (*PlayKubeReport, error) PlayKubeDown(ctx context.Context, body io.Reader, opts PlayKubeDownOptions) (*PlayKubeReport, error) PodCreate(ctx context.Context, specg PodSpec) (*PodCreateReport, error) + PodClone(ctx context.Context, podClone PodCloneOptions) (*PodCloneReport, error) PodExists(ctx context.Context, nameOrID string) (*BoolReport, error) PodInspect(ctx context.Context, options PodInspectOptions) (*PodInspectReport, error) PodKill(ctx context.Context, namesOrIds []string, options PodKillOptions) ([]*PodKillReport, error) diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 2bb4ceb5b..11f6e8687 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -46,14 +46,14 @@ type Image struct { HealthCheck *manifest.Schema2HealthConfig `json:",omitempty"` } -func (i *Image) Id() string { // nolint +func (i *Image) Id() string { //nolint:revive,stylecheck return i.ID } // swagger:model LibpodImageSummary type ImageSummary struct { ID string `json:"Id"` - ParentId string // nolint + ParentId string //nolint:revive,stylecheck RepoTags []string RepoDigests []string Created int64 @@ -71,7 +71,7 @@ type ImageSummary struct { History []string `json:",omitempty"` } -func (i *ImageSummary) Id() string { // nolint +func (i *ImageSummary) Id() string { //nolint:revive,stylecheck return i.ID } @@ -290,7 +290,7 @@ type ImageImportOptions struct { } type ImageImportReport struct { - Id string // nolint + Id string //nolint:revive,stylecheck } // ImageSaveOptions provide options for saving images. @@ -397,7 +397,7 @@ type ImageUnmountOptions struct { // ImageMountReport describes the response from image mount type ImageMountReport struct { - Id string // nolint + Id string //nolint:revive,stylecheck Name string Repositories []string Path string @@ -406,5 +406,5 @@ type ImageMountReport struct { // ImageUnmountReport describes the response from umounting an image type ImageUnmountReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck } diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go index 0f901c7f1..d375c2e20 100644 --- a/pkg/domain/entities/network.go +++ b/pkg/domain/entities/network.go @@ -22,7 +22,7 @@ type NetworkReloadOptions struct { // NetworkReloadReport describes the results of reloading a container network. type NetworkReloadReport struct { - // nolint:stylecheck,revive + //nolint:stylecheck,revive Id string Err error } diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index 9cbbe2bf1..14ce370c1 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -20,15 +20,15 @@ type PodKillOptions struct { type PodKillReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type ListPodsReport struct { Cgroup string Containers []*ListPodContainer Created time.Time - Id string // nolint - InfraId string // nolint + Id string //nolint:revive,stylecheck + InfraId string //nolint:revive,stylecheck Name string Namespace string // Network names connected to infra container @@ -38,7 +38,7 @@ type ListPodsReport struct { } type ListPodContainer struct { - Id string // nolint + Id string //nolint:revive,stylecheck Names string Status string } @@ -50,7 +50,7 @@ type PodPauseOptions struct { type PodPauseReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodunpauseOptions struct { @@ -60,7 +60,7 @@ type PodunpauseOptions struct { type PodUnpauseReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodStopOptions struct { @@ -72,7 +72,7 @@ type PodStopOptions struct { type PodStopReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodRestartOptions struct { @@ -82,7 +82,7 @@ type PodRestartOptions struct { type PodRestartReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodStartOptions struct { @@ -92,7 +92,7 @@ type PodStartOptions struct { type PodStartReport struct { Errs []error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodRmOptions struct { @@ -105,7 +105,7 @@ type PodRmOptions struct { type PodRmReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck } // PddSpec is an abstracted version of PodSpecGen designed to eventually accept options @@ -154,6 +154,16 @@ type PodLogsOptions struct { Color bool } +// PodCloneOptions contains options for cloning an existing pod +type PodCloneOptions struct { + ID string + Destroy bool + CreateOpts PodCreateOptions + InfraOptions ContainerCreateOptions + PerContainerOptions ContainerCreateOptions + Start bool +} + type ContainerCreateOptions struct { Annotation []string Attach []string @@ -287,7 +297,11 @@ func NewInfraContainerCreateOptions() ContainerCreateOptions { } type PodCreateReport struct { - Id string // nolint + Id string //nolint:revive,stylecheck +} + +type PodCloneReport struct { + Id string //nolint:revive,stylecheck } func (p *PodCreateOptions) CPULimits() *specs.LinuxCPU { @@ -389,7 +403,7 @@ type PodPruneOptions struct { type PodPruneReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck } type PodTopOptions struct { diff --git a/pkg/domain/entities/reports/containers.go b/pkg/domain/entities/reports/containers.go index 54bcd092b..db9a66012 100644 --- a/pkg/domain/entities/reports/containers.go +++ b/pkg/domain/entities/reports/containers.go @@ -1,7 +1,7 @@ package reports type RmReport struct { - Id string `json:"Id"` //nolint + Id string `json:"Id"` //nolint:revive,stylecheck Err error `json:"Err,omitempty"` } diff --git a/pkg/domain/entities/reports/prune.go b/pkg/domain/entities/reports/prune.go index 497e5d606..ac3d8e7ce 100644 --- a/pkg/domain/entities/reports/prune.go +++ b/pkg/domain/entities/reports/prune.go @@ -1,7 +1,7 @@ package reports type PruneReport struct { - Id string `json:"Id"` //nolint + Id string `json:"Id"` //nolint:revive,stylecheck Err error `json:"Err,omitempty"` Size uint64 `json:"Size"` } diff --git a/pkg/domain/entities/system.go b/pkg/domain/entities/system.go index 21026477d..331d2bcdc 100644 --- a/pkg/domain/entities/system.go +++ b/pkg/domain/entities/system.go @@ -28,6 +28,7 @@ type SystemPruneReport struct { PodPruneReport []*PodPruneReport ContainerPruneReports []*reports.PruneReport ImagePruneReports []*reports.PruneReport + NetworkPruneReports []*reports.PruneReport VolumePruneReports []*reports.PruneReport ReclaimedSpace uint64 } diff --git a/pkg/domain/entities/types.go b/pkg/domain/entities/types.go index 3e6e54e7d..44df66498 100644 --- a/pkg/domain/entities/types.go +++ b/pkg/domain/entities/types.go @@ -21,7 +21,7 @@ type Volume struct { } type Report struct { - Id []string // nolint + Id []string //nolint:revive,stylecheck Err map[string]error } diff --git a/pkg/domain/entities/volumes.go b/pkg/domain/entities/volumes.go index 84f85b83f..556df16c1 100644 --- a/pkg/domain/entities/volumes.go +++ b/pkg/domain/entities/volumes.go @@ -33,7 +33,7 @@ type VolumeRmOptions struct { type VolumeRmReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck } type VolumeInspectReport struct { @@ -61,7 +61,7 @@ type VolumeListReport struct { // VolumeMountReport describes the response from volume mount type VolumeMountReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck Name string Path string } @@ -69,5 +69,5 @@ type VolumeMountReport struct { // VolumeUnmountReport describes the response from umounting a volume type VolumeUnmountReport struct { Err error - Id string // nolint + Id string //nolint:revive,stylecheck } diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index 8bd84a310..c7cd0cb56 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -1593,6 +1593,11 @@ func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts enti return nil, err } + conf := c.Config() + if conf.Spec != nil && conf.Spec.Process != nil && conf.Spec.Process.Terminal { // if we do not pass term, running ctrs exit + spec.Terminal = true + } + // Print warnings if len(out) > 0 { for _, w := range out { @@ -1612,8 +1617,8 @@ func (ic *ContainerEngine) ContainerClone(ctx context.Context, ctrCloneOpts enti switch { case strings.Contains(n, "-clone"): ind := strings.Index(n, "-clone") + 6 - num, _ := strconv.Atoi(n[ind:]) - if num == 0 { // clone1 is hard to get with this logic, just check for it here. + num, err := strconv.Atoi(n[ind:]) + if num == 0 && err != nil { // clone1 is hard to get with this logic, just check for it here. _, err = ic.Libpod.LookupContainer(n + "1") if err != nil { spec.Name = n + "1" diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index d469fa0ca..d63de2424 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -593,7 +593,7 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie rmErrors = libimageErrors - return //nolint + return } // Shutdown Libpod engine diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 43047c936..8b95607f4 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -172,7 +172,7 @@ func (ic *ContainerEngine) NetworkExists(ctx context.Context, networkname string }, nil } -// Network prune removes unused cni networks +// Network prune removes unused networks func (ic *ContainerEngine) NetworkPrune(ctx context.Context, options entities.NetworkPruneOptions) ([]*entities.NetworkPruneReport, error) { // get all filters filters, err := netutil.GenerateNetworkPruneFilters(options.Filters) diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go index 32deb20e0..8638f4783 100644 --- a/pkg/domain/infra/abi/pods.go +++ b/pkg/domain/infra/abi/pods.go @@ -2,12 +2,15 @@ package abi import ( "context" + "strconv" + "strings" "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" dfilters "github.com/containers/podman/v4/pkg/domain/filters" "github.com/containers/podman/v4/pkg/signal" + "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/podman/v4/pkg/specgen/generate" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -295,6 +298,88 @@ func (ic *ContainerEngine) PodCreate(ctx context.Context, specg entities.PodSpec return &entities.PodCreateReport{Id: pod.ID()}, nil } +func (ic *ContainerEngine) PodClone(ctx context.Context, podClone entities.PodCloneOptions) (*entities.PodCloneReport, error) { + spec := specgen.NewPodSpecGenerator() + p, err := generate.PodConfigToSpec(ic.Libpod, spec, &podClone.InfraOptions, podClone.ID) + if err != nil { + return nil, err + } + + if len(podClone.CreateOpts.Name) > 0 { + spec.Name = podClone.CreateOpts.Name + } else { + n := p.Name() + _, err := ic.Libpod.LookupPod(n + "-clone") + if err == nil { + n += "-clone" + } + switch { + case strings.Contains(n, "-clone"): // meaning this name is taken! + ind := strings.Index(n, "-clone") + 6 + num, err := strconv.Atoi(n[ind:]) + if num == 0 && err != nil { // meaning invalid + _, err = ic.Libpod.LookupPod(n + "1") + if err != nil { + spec.Name = n + "1" + break + } + } else { // else we already have a number + n = n[0:ind] + } + err = nil + count := num + for err == nil { // until we cannot find a pod w/ this name, increment num and try again + count++ + tempN := n + strconv.Itoa(count) + _, err = ic.Libpod.LookupPod(tempN) + } + n += strconv.Itoa(count) + spec.Name = n + default: + spec.Name = p.Name() + "-clone" + } + } + + podSpec := entities.PodSpec{PodSpecGen: *spec} + pod, err := generate.MakePod(&podSpec, ic.Libpod) + if err != nil { + return nil, err + } + + ctrs, err := p.AllContainers() + if err != nil { + return nil, err + } + for _, ctr := range ctrs { + if ctr.IsInfra() { + continue // already copied infra + } + + podClone.PerContainerOptions.Pod = pod.ID() + _, err := ic.ContainerClone(ctx, entities.ContainerCloneOptions{ID: ctr.ID(), CreateOpts: podClone.PerContainerOptions}) + if err != nil { + return nil, err + } + } + + if podClone.Destroy { + var timeout *uint + err = ic.Libpod.RemovePod(ctx, p, true, true, timeout) + if err != nil { + return &entities.PodCloneReport{Id: pod.ID()}, err + } + } + + if podClone.Start { + _, err := ic.PodStart(ctx, []string{pod.ID()}, entities.PodStartOptions{}) + if err != nil { + return &entities.PodCloneReport{Id: pod.ID()}, err + } + } + + return &entities.PodCloneReport{Id: pod.ID()}, nil +} + func (ic *ContainerEngine) PodTop(ctx context.Context, options entities.PodTopOptions) (*entities.StringSliceReport, error) { var ( pod *libpod.Pod diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 762f0d79a..6be37c87f 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -125,8 +125,14 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) paths = append(paths, ctr.Config().ConmonPidFile) } - became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) - utils.MovePauseProcessToScope(pausePidPath) + if len(paths) > 0 { + became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) + } else { + became, ret, err = rootless.BecomeRootInUserNS(pausePidPath) + if err == nil { + utils.MovePauseProcessToScope(pausePidPath) + } + } if err != nil { logrus.Error(errors.Wrapf(err, "invalid internal status, try resetting the pause process with %q", os.Args[0]+" system migrate")) os.Exit(1) @@ -137,7 +143,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) return nil } -// SystemPrune removes unused data from the system. Pruning pods, containers, volumes and images. +// SystemPrune removes unused data from the system. Pruning pods, containers, networks, volumes and images. func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.SystemPruneOptions) (*entities.SystemPruneReport, error) { var systemPruneReport = new(entities.SystemPruneReport) filters := []string{} @@ -148,6 +154,9 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys found := true for found { found = false + + // TODO: Figure out cleaner way to handle all of the different PruneOptions + // Remove all unused pods. podPruneReport, err := ic.prunePodHelper(ctx) if err != nil { return nil, err @@ -155,9 +164,10 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys if len(podPruneReport) > 0 { found = true } + systemPruneReport.PodPruneReport = append(systemPruneReport.PodPruneReport, podPruneReport...) - // TODO: Figure out cleaner way to handle all of the different PruneOptions + // Remove all unused containers. containerPruneOptions := entities.ContainerPruneOptions{} containerPruneOptions.Filters = (url.Values)(options.Filters) @@ -165,16 +175,18 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys if err != nil { return nil, err } + reclaimedSpace += reports.PruneReportsSize(containerPruneReports) systemPruneReport.ContainerPruneReports = append(systemPruneReport.ContainerPruneReports, containerPruneReports...) + + // Remove all unused images. imagePruneOptions := entities.ImagePruneOptions{ All: options.All, Filter: filters, } + imageEngine := ImageEngine{Libpod: ic.Libpod} imagePruneReports, err := imageEngine.Prune(ctx, imagePruneOptions) - reclaimedSpace += reports.PruneReportsSize(imagePruneReports) - if err != nil { return nil, err } @@ -182,10 +194,33 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys found = true } + reclaimedSpace += reports.PruneReportsSize(imagePruneReports) systemPruneReport.ImagePruneReports = append(systemPruneReport.ImagePruneReports, imagePruneReports...) + + // Remove all unused networks. + networkPruneOptions := entities.NetworkPruneOptions{} + networkPruneOptions.Filters = options.Filters + + networkPruneReport, err := ic.NetworkPrune(ctx, networkPruneOptions) + if err != nil { + return nil, err + } + if len(networkPruneReport) > 0 { + found = true + } + for _, net := range networkPruneReport { + systemPruneReport.NetworkPruneReports = append(systemPruneReport.NetworkPruneReports, &reports.PruneReport{ + Id: net.Name, + Err: net.Error, + Size: 0, + }) + } + + // Remove unused volume data. if options.Volume { volumePruneOptions := entities.VolumePruneOptions{} volumePruneOptions.Filters = (url.Values)(options.Filters) + volumePruneReport, err := ic.VolumePrune(ctx, volumePruneOptions) if err != nil { return nil, err @@ -193,6 +228,7 @@ func (ic *ContainerEngine) SystemPrune(ctx context.Context, options entities.Sys if len(volumePruneReport) > 0 { found = true } + reclaimedSpace += reports.PruneReportsSize(volumePruneReport) systemPruneReport.VolumePruneReports = append(systemPruneReport.VolumePruneReports, volumePruneReport...) } diff --git a/pkg/domain/infra/abi/terminal/sigproxy_linux.go b/pkg/domain/infra/abi/terminal/sigproxy_linux.go index fe2c268c0..e02c0532c 100644 --- a/pkg/domain/infra/abi/terminal/sigproxy_linux.go +++ b/pkg/domain/infra/abi/terminal/sigproxy_linux.go @@ -20,7 +20,7 @@ const signalBufferSize = 2048 func ProxySignals(ctr *libpod.Container) { // Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going // to the container now. - shutdown.Stop() // nolint: errcheck + shutdown.Stop() //nolint: errcheck sigBuffer := make(chan os.Signal, signalBufferSize) signal.CatchAll(sigBuffer) diff --git a/pkg/domain/infra/abi/volumes.go b/pkg/domain/infra/abi/volumes.go index f59f11e20..a9c53c140 100644 --- a/pkg/domain/infra/abi/volumes.go +++ b/pkg/domain/infra/abi/volumes.go @@ -172,7 +172,7 @@ func (ic *ContainerEngine) VolumeMounted(ctx context.Context, nameOrID string) ( mountCount, err := vol.MountCount() if err != nil { // FIXME: this error should probably be returned - return &entities.BoolReport{Value: false}, nil // nolint: nilerr + return &entities.BoolReport{Value: false}, nil //nolint: nilerr } if mountCount > 0 { return &entities.BoolReport{Value: true}, nil diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index b68bc46d4..fb0be629c 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -570,7 +570,7 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s return sessionID, nil } -func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, output, errput *os.File) error { //nolint +func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, output, errput *os.File) error { attachErr := make(chan error) attachReady := make(chan bool) options := new(containers.AttachOptions).WithStream(true) @@ -863,7 +863,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta if eventsErr != nil || lastEvent == nil { logrus.Errorf("Cannot get exit code: %v", err) report.ExitCode = define.ExecErrorCodeNotFound - return &report, nil // nolint: nilerr + return &report, nil //nolint: nilerr } report.ExitCode = lastEvent.ContainerExitCode diff --git a/pkg/domain/infra/tunnel/pods.go b/pkg/domain/infra/tunnel/pods.go index 2dbdfcf80..7b1fa231f 100644 --- a/pkg/domain/infra/tunnel/pods.go +++ b/pkg/domain/infra/tunnel/pods.go @@ -195,6 +195,10 @@ func (ic *ContainerEngine) PodCreate(ctx context.Context, specg entities.PodSpec return pods.CreatePodFromSpec(ic.ClientCtx, &specg) } +func (ic *ContainerEngine) PodClone(ctx context.Context, podClone entities.PodCloneOptions) (*entities.PodCloneReport, error) { + return nil, nil +} + func (ic *ContainerEngine) PodTop(ctx context.Context, opts entities.PodTopOptions) (*entities.StringSliceReport, error) { switch { case opts.Latest: diff --git a/pkg/errorhandling/errorhandling.go b/pkg/errorhandling/errorhandling.go index 6ee1e7e86..fc6772c08 100644 --- a/pkg/errorhandling/errorhandling.go +++ b/pkg/errorhandling/errorhandling.go @@ -86,7 +86,7 @@ func Contains(err error, sub error) bool { // PodConflictErrorModel is used in remote connections with podman type PodConflictErrorModel struct { Errs []string - Id string // nolint + Id string //nolint:revive,stylecheck } // ErrorModel is used in remote connections with podman diff --git a/pkg/hooks/exec/runtimeconfigfilter_test.go b/pkg/hooks/exec/runtimeconfigfilter_test.go index f4b6cf86a..5c13a76e1 100644 --- a/pkg/hooks/exec/runtimeconfigfilter_test.go +++ b/pkg/hooks/exec/runtimeconfigfilter_test.go @@ -13,7 +13,7 @@ import ( ) func TestRuntimeConfigFilter(t *testing.T) { - unexpectedEndOfJSONInput := json.Unmarshal([]byte("{\n"), nil) //nolint + unexpectedEndOfJSONInput := json.Unmarshal([]byte("{\n"), nil) //nolint:govet // this should force the error fileMode := os.FileMode(0600) rootUint32 := uint32(0) binUser := int(1) diff --git a/pkg/k8s.io/apimachinery/pkg/api/resource/quantity.go b/pkg/k8s.io/apimachinery/pkg/api/resource/quantity.go index dcc5df219..588a189bf 100644 --- a/pkg/k8s.io/apimachinery/pkg/api/resource/quantity.go +++ b/pkg/k8s.io/apimachinery/pkg/api/resource/quantity.go @@ -138,7 +138,6 @@ const ( var ( // Errors that could happen while parsing a string. - //nolint:revive ErrFormatWrong = errors.New("quantities must match the regular expression '" + splitREString + "'") ErrNumeric = errors.New("unable to parse numeric part of quantity") ErrSuffix = errors.New("unable to parse quantity's suffix") @@ -258,7 +257,7 @@ Suffix: // we encountered a non decimal in the Suffix loop, but the last character // was not a valid exponent err = ErrFormatWrong - // nolint:nakedret + //nolint:nakedret return } @@ -579,9 +578,9 @@ func (q Quantity) MarshalJSON() ([]byte, error) { // if CanonicalizeBytes needed more space than our slice provided, we may need to allocate again so use // append result = result[:1] - result = append(result, number...) // nolint: makezero - result = append(result, suffix...) // nolint: makezero - result = append(result, '"') // nolint: makezero + result = append(result, number...) //nolint: makezero + result = append(result, suffix...) //nolint: makezero + result = append(result, '"') //nolint: makezero return result, nil } diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go index 77427139a..59ef6d975 100644 --- a/pkg/machine/fcos.go +++ b/pkg/machine/fcos.go @@ -139,7 +139,7 @@ func getStreamURL(streamType string) url2.URL { // This should get Exported and stay put as it will apply to all fcos downloads // getFCOS parses fedoraCoreOS's stream and returns the image download URL and the release version -func GetFCOSDownload(imageStream string) (*FcosDownloadInfo, error) { //nolint:staticcheck +func GetFCOSDownload(imageStream string) (*FcosDownloadInfo, error) { var ( fcosstable stream.Stream altMeta release.Release diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go index 15c1f73d8..45d9801cc 100644 --- a/pkg/machine/keys.go +++ b/pkg/machine/keys.go @@ -59,7 +59,16 @@ func generatekeysPrefix(dir string, file string, passThru bool, prefix ...string args := append([]string{}, prefix[1:]...) args = append(args, sshCommand...) args = append(args, file) - cmd := exec.Command(prefix[0], args...) + + binary, err := exec.LookPath(prefix[0]) + if err != nil { + return err + } + binary, err = filepath.Abs(binary) + if err != nil { + return err + } + cmd := exec.Command(binary, args...) cmd.Dir = dir if passThru { cmd.Stdin = os.Stdin diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 1b0d63986..288b2eeb0 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -16,9 +16,11 @@ import ( "net/url" "os" "os/exec" + "os/signal" "path/filepath" "strconv" "strings" + "syscall" "time" "github.com/containers/common/pkg/config" @@ -484,12 +486,26 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { if err := v.writeConfig(); err != nil { return fmt.Errorf("writing JSON file: %w", err) } - defer func() { + doneStarting := func() { v.Starting = false if err := v.writeConfig(); err != nil { logrus.Errorf("Writing JSON file: %v", err) } + } + defer doneStarting() + + c := make(chan os.Signal, 1) + signal.Notify(c, os.Interrupt, syscall.SIGTERM) + go func() { + _, ok := <-c + if !ok { + return + } + doneStarting() + os.Exit(1) }() + defer close(c) + if v.isIncompatible() { logrus.Errorf("machine %q is incompatible with this release of podman and needs to be recreated, starting for recovery only", v.Name) } @@ -770,7 +786,7 @@ func (v *MachineVM) Stop(_ string, _ machine.StopOptions) error { if err := qmpMonitor.Disconnect(); err != nil { // FIXME: this error should probably be returned - return nil // nolint: nilerr + return nil //nolint: nilerr } disconnected = true diff --git a/pkg/machine/qemu/options_darwin_arm64.go b/pkg/machine/qemu/options_darwin_arm64.go index 8930041b7..d75237938 100644 --- a/pkg/machine/qemu/options_darwin_arm64.go +++ b/pkg/machine/qemu/options_darwin_arm64.go @@ -4,6 +4,8 @@ import ( "os" "os/exec" "path/filepath" + + "github.com/containers/common/pkg/config" ) var ( @@ -38,6 +40,22 @@ func getOvmfDir(imagePath, vmName string) string { } /* + * When QEmu is installed in a non-default location in the system + * we can use the qemu-system-* binary path to figure the install + * location for Qemu and use it to look for edk2-code-fd + */ +func getEdk2CodeFdPathFromQemuBinaryPath() string { + cfg, err := config.Default() + if err == nil { + execPath, err := cfg.FindHelperBinary(QemuCommand, true) + if err == nil { + return filepath.Clean(filepath.Join(filepath.Dir(execPath), "..", "share", "qemu")) + } + } + return "" +} + +/* * QEmu can be installed in multiple locations on MacOS, especially on * Apple Silicon systems. A build from source will likely install it in * /usr/local/bin, whereas Homebrew package management standard is to @@ -45,6 +63,7 @@ func getOvmfDir(imagePath, vmName string) string { */ func getEdk2CodeFd(name string) string { dirs := []string{ + getEdk2CodeFdPathFromQemuBinaryPath(), "/opt/homebrew/opt/podman/libexec/share/qemu", "/usr/local/share/qemu", "/opt/homebrew/share/qemu", diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index d7143f549..94535f45e 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -50,7 +50,7 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) { if err != nil { // It is still failing. We can safely remove it. os.Remove(pausePidPath) - return false, -1, nil // nolint: nilerr + return false, -1, nil //nolint: nilerr } return became, ret, err } diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 94bd40f86..3588313c6 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -178,7 +178,7 @@ get_cmd_line_args () char *tmp = realloc (buffer, allocated); if (tmp == NULL) return NULL; - buffer = tmp; + buffer = tmp; } } @@ -243,7 +243,7 @@ can_use_shortcut () } if (argv[argc+1] != NULL && (strcmp (argv[argc], "container") == 0 || - strcmp (argv[argc], "image") == 0) && + strcmp (argv[argc], "image") == 0) && (strcmp (argv[argc+1], "mount") == 0 || strcmp (argv[argc+1], "scp") == 0)) { ret = false; @@ -512,7 +512,9 @@ create_pause_process (const char *pause_pid_file_path, char **argv) r = TEMP_FAILURE_RETRY (read (p[0], &b, 1)); close (p[0]); - reexec_in_user_namespace_wait (pid, 0); + r = reexec_in_user_namespace_wait (pid, 0); + if (r != 0) + return -1; return r == 1 && b == '0' ? 0 : -1; } @@ -757,6 +759,7 @@ reexec_userns_join (int pid_to_join, char *pause_pid_file_path) } execvp (argv[0], argv); + fprintf (stderr, "failed to execvp %s: %m\n", argv[0]); _exit (EXIT_FAILURE); } @@ -788,7 +791,10 @@ copy_file_to_fd (const char *file_to_read, int outfd) fd = open (file_to_read, O_RDONLY); if (fd < 0) - return fd; + { + fprintf (stderr, "open `%s`: %m\n", file_to_read); + return fd; + } for (;;) { @@ -796,7 +802,10 @@ copy_file_to_fd (const char *file_to_read, int outfd) r = TEMP_FAILURE_RETRY (read (fd, buf, sizeof buf)); if (r < 0) - return r; + { + fprintf (stderr, "read from `%s`: %m\n", file_to_read); + return r; + } if (r == 0) break; @@ -805,7 +814,10 @@ copy_file_to_fd (const char *file_to_read, int outfd) { w = TEMP_FAILURE_RETRY (write (outfd, &buf[t], r - t)); if (w < 0) - return w; + { + fprintf (stderr, "write file to output fd `%s`: %m\n", file_to_read); + return w; + } t += w; } } diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 5af9a978b..d0bdf0ffe 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -182,7 +182,7 @@ func joinUserAndMountNS(pid uint, pausePid string) (bool, int, error) { pidC := C.reexec_userns_join(C.int(pid), cPausePid) if int(pidC) < 0 { - return false, -1, errors.Errorf("cannot re-exec process") + return false, -1, errors.Errorf("cannot re-exec process to join the existing user namespace") } ret := C.reexec_in_user_namespace_wait(pidC, 0) @@ -461,13 +461,8 @@ func BecomeRootInUserNS(pausePid string) (bool, int, error) { // different uidmap and the unprivileged user has no way to read the // file owned by the root in the container. func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error) { - if len(paths) == 0 { - return BecomeRootInUserNS(pausePidPath) - } - var lastErr error var pausePid int - foundProcess := false for _, path := range paths { if !needNewNamespace { @@ -479,12 +474,9 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st pausePid, err = strconv.Atoi(string(data)) if err != nil { - lastErr = errors.Wrapf(err, "cannot parse file %s", path) + lastErr = errors.Wrapf(err, "cannot parse file %q", path) continue } - - lastErr = nil - break } else { r, w, err := os.Pipe() if err != nil { @@ -511,26 +503,29 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st n, err := r.Read(b) if err != nil { - lastErr = errors.Wrapf(err, "cannot read %s\n", path) + lastErr = errors.Wrapf(err, "cannot read %q", path) continue } pausePid, err = strconv.Atoi(string(b[:n])) - if err == nil && unix.Kill(pausePid, 0) == nil { - foundProcess = true - lastErr = nil - break + if err != nil { + lastErr = err + continue } } - } - if !foundProcess && pausePidPath != "" { - return BecomeRootInUserNS(pausePidPath) + + if pausePid > 0 && unix.Kill(pausePid, 0) == nil { + joined, pid, err := joinUserAndMountNS(uint(pausePid), pausePidPath) + if err == nil { + return joined, pid, nil + } + lastErr = err + } } if lastErr != nil { return false, 0, lastErr } - - return joinUserAndMountNS(uint(pausePid), pausePidPath) + return false, 0, errors.Wrapf(unix.ESRCH, "could not find any running process") } // ReadMappingsProc parses and returns the ID mappings at the specified path. diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index 4c3748e67..60d87a8fd 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -164,7 +164,7 @@ func addDevice(g *generate.Generator, device string) error { } // ParseDevice parses device mapping string to a src, dest & permissions string -func ParseDevice(device string) (string, string, string, error) { //nolint +func ParseDevice(device string) (string, string, string, error) { var src string var dst string permissions := "rwm" diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index cc376125f..30c759495 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -303,8 +303,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { if err := unix.Stat(k, &statT); err != nil { return err } - v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert - v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert + v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert + v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert if s.ResourceLimits.BlockIO == nil { s.ResourceLimits.BlockIO = new(spec.LinuxBlockIO) } @@ -317,8 +317,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { if err := unix.Stat(k, &statT); err != nil { return err } - v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert - v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert + v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert + v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteBpsDevice, v) } } @@ -328,8 +328,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { if err := unix.Stat(k, &statT); err != nil { return err } - v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert - v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert + v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert + v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleReadIOPSDevice, v) } } @@ -339,8 +339,8 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { if err := unix.Stat(k, &statT); err != nil { return err } - v.Major = (int64(unix.Major(uint64(statT.Rdev)))) // nolint: unconvert - v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) // nolint: unconvert + v.Major = (int64(unix.Major(uint64(statT.Rdev)))) //nolint: unconvert + v.Minor = (int64(unix.Minor(uint64(statT.Rdev)))) //nolint: unconvert s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice = append(s.ResourceLimits.BlockIO.ThrottleWriteIOPSDevice, v) } } @@ -450,7 +450,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s specg.IpcNS = specgen.Namespace{NSMode: specgen.Default} // default } case "uts": - specg.UtsNS = specgen.Namespace{NSMode: specgen.Default} // default + specg.UtsNS = specgen.Namespace{NSMode: specgen.Private} // default case "user": if conf.AddCurrentUserPasswdEntry { specg.UserNS = specgen.Namespace{NSMode: specgen.KeepID} @@ -506,6 +506,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s specg.Mounts = mounts specg.HostDeviceList = conf.DeviceHostSrc specg.Networks = conf.Networks + specg.ShmSize = &conf.ShmSize mapSecurityConfig(conf, specg) diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 7faf13465..0dec943d1 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -564,5 +564,10 @@ func Inherit(infra libpod.Container, s *specgen.SpecGenerator, rt *libpod.Runtim if err != nil { return nil, nil, nil, err } + + // this causes errors when shmSize is the default value, it will still get passed down unless we manually override. + if s.IpcNS.NSMode == specgen.Host && (compatibleOptions.ShmSize != nil && compatibleOptions.IsDefaultShmSize()) { + s.ShmSize = nil + } return options, infraSpec, compatibleOptions, nil } diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 716960024..19f55c9d8 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -371,7 +371,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt if err := unix.Stat(k, &statT); err != nil { return nil, errors.Wrapf(err, "failed to inspect '%s' in --blkio-weight-device", k) } - g.AddLinuxResourcesBlockIOWeightDevice((int64(unix.Major(uint64(statT.Rdev)))), (int64(unix.Minor(uint64(statT.Rdev)))), *v.Weight) // nolint: unconvert + g.AddLinuxResourcesBlockIOWeightDevice((int64(unix.Major(uint64(statT.Rdev)))), (int64(unix.Minor(uint64(statT.Rdev)))), *v.Weight) //nolint: unconvert } BlockAccessToKernelFilesystems(s.Privileged, s.PidNS.IsHost(), s.Mask, s.Unmask, &g) diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index d4f281a11..4ac8a0aa2 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -2,12 +2,17 @@ package generate import ( "context" + "fmt" "net" + "os" + "strconv" + "strings" "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/specgen" + "github.com/containers/podman/v4/pkg/specgenutil" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -210,3 +215,88 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) { p.InfraContainerSpec.Image = p.InfraImage return p.InfraContainerSpec, nil } + +func PodConfigToSpec(rt *libpod.Runtime, spec *specgen.PodSpecGenerator, infraOptions *entities.ContainerCreateOptions, id string) (p *libpod.Pod, err error) { + pod, err := rt.LookupPod(id) + if err != nil { + return nil, err + } + + infraSpec := &specgen.SpecGenerator{} + if pod.HasInfraContainer() { + infraID, err := pod.InfraContainerID() + if err != nil { + return nil, err + } + _, _, err = ConfigToSpec(rt, infraSpec, infraID) + if err != nil { + return nil, err + } + + infraSpec.Hostname = "" + infraSpec.CgroupParent = "" + infraSpec.Pod = "" // remove old pod... + infraOptions.IsClone = true + infraOptions.IsInfra = true + + n := infraSpec.Name + _, err = rt.LookupContainer(n + "-clone") + if err == nil { // if we found a ctr with this name, set it so the below switch can tell + n += "-clone" + } + + switch { + case strings.Contains(n, "-clone"): + ind := strings.Index(n, "-clone") + 6 + num, err := strconv.Atoi(n[ind:]) + if num == 0 && err != nil { // clone1 is hard to get with this logic, just check for it here. + _, err = rt.LookupContainer(n + "1") + if err != nil { + infraSpec.Name = n + "1" + break + } + } else { + n = n[0:ind] + } + err = nil + count := num + for err == nil { + count++ + tempN := n + strconv.Itoa(count) + _, err = rt.LookupContainer(tempN) + } + n += strconv.Itoa(count) + infraSpec.Name = n + default: + infraSpec.Name = n + "-clone" + } + + err = specgenutil.FillOutSpecGen(infraSpec, infraOptions, []string{}) + if err != nil { + return nil, err + } + + out, err := CompleteSpec(context.Background(), rt, infraSpec) + if err != nil { + return nil, err + } + + // Print warnings + if len(out) > 0 { + for _, w := range out { + fmt.Println("Could not properly complete the spec as expected:") + fmt.Fprintf(os.Stderr, "%s\n", w) + } + } + + spec.InfraContainerSpec = infraSpec + } + + // need to reset hostname, name etc of both pod and infra + spec.Hostname = "" + + if len(spec.InfraContainerSpec.Image) > 0 { + spec.InfraImage = spec.InfraContainerSpec.Image + } + return pod, nil +} diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go index 777097ac5..02ba06be1 100644 --- a/pkg/specgen/podspecgen.go +++ b/pkg/specgen/podspecgen.go @@ -183,6 +183,10 @@ type PodStorageConfig struct { // comma-separated options. Valid options are 'ro', 'rw', and 'z'. // Options will be used for all volumes sourced from the container. VolumesFrom []string `json:"volumes_from,omitempty"` + // ShmSize is the size of the tmpfs to mount in at /dev/shm, in bytes. + // Conflicts with ShmSize if IpcNS is not private. + // Optional. + ShmSize *int64 `json:"shm_size,omitempty"` } // PodCgroupConfig contains configuration options about a pod's cgroups. diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index 6d70af106..ab45a8d47 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -312,7 +312,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions s.PublishExposedPorts = c.PublishAll } - if len(s.Pod) == 0 { + if len(s.Pod) == 0 || len(c.Pod) > 0 { s.Pod = c.Pod } diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go index 871303f64..bc522361f 100644 --- a/pkg/util/utils_linux.go +++ b/pkg/util/utils_linux.go @@ -176,7 +176,7 @@ func DeviceFromPath(path string) (*spec.LinuxDevice, error) { var ( devType string mode = stat.Mode - devNumber = uint64(stat.Rdev) // nolint: unconvert + devNumber = uint64(stat.Rdev) //nolint: unconvert m = os.FileMode(mode) ) |