summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/adapter/containers.go45
-rw-r--r--pkg/adapter/pods.go14
-rw-r--r--pkg/spec/createconfig.go3
-rw-r--r--pkg/spec/spec.go16
-rw-r--r--pkg/spec/storage.go106
-rw-r--r--pkg/util/utils_supported.go4
-rw-r--r--pkg/varlinkapi/containers.go6
-rw-r--r--pkg/varlinkapi/images.go2
8 files changed, 57 insertions, 139 deletions
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index faaef3e60..155454e21 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -9,7 +9,6 @@ import (
"io"
"io/ioutil"
"os"
- "path/filepath"
"strconv"
"strings"
"sync"
@@ -23,6 +22,7 @@ import (
"github.com/containers/libpod/cmd/podman/shared/parse"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
+ "github.com/containers/libpod/libpod/events"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/libpod/logs"
"github.com/containers/libpod/pkg/adapter/shortcuts"
@@ -418,14 +418,13 @@ func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode
if ecode, err := ctr.Wait(); err != nil {
if errors.Cause(err) == define.ErrNoSuchCtr {
- // The container may have been removed
- // Go looking for an exit file
- ctrExitCode, err := ReadExitFile(config.TmpDir, ctr.ID())
+ // Check events
+ event, err := r.Runtime.GetLastContainerEvent(ctr.ID(), events.Exited)
if err != nil {
logrus.Errorf("Cannot get exit code: %v", err)
exitCode = 127
} else {
- exitCode = ctrExitCode
+ exitCode = event.ContainerExitCode
}
}
} else {
@@ -441,31 +440,6 @@ func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode
return exitCode, nil
}
-// ReadExitFile reads a container's exit file
-func ReadExitFile(runtimeTmp, ctrID string) (int, error) {
- exitFile := filepath.Join(runtimeTmp, "exits", fmt.Sprintf("%s-old", ctrID))
-
- logrus.Debugf("Attempting to read container %s exit code from file %s", ctrID, exitFile)
-
- // Check if it exists
- if _, err := os.Stat(exitFile); err != nil {
- return 0, errors.Wrapf(err, "error getting exit file for container %s", ctrID)
- }
-
- // File exists, read it in and convert to int
- statusStr, err := ioutil.ReadFile(exitFile)
- if err != nil {
- return 0, errors.Wrapf(err, "error reading exit file for container %s", ctrID)
- }
-
- exitCode, err := strconv.Atoi(string(statusStr))
- if err != nil {
- return 0, errors.Wrapf(err, "error parsing exit code for container %s", ctrID)
- }
-
- return exitCode, nil
-}
-
// Ps ...
func (r *LocalRuntime) Ps(c *cliconfig.PsValues, opts shared.PsOptions) ([]shared.PsContainerOutput, error) {
maxWorkers := shared.Parallelize("ps")
@@ -655,18 +629,13 @@ func (r *LocalRuntime) Start(ctx context.Context, c *cliconfig.StartValues, sigP
if ecode, err := ctr.Wait(); err != nil {
if errors.Cause(err) == define.ErrNoSuchCtr {
- // The container may have been removed
- // Go looking for an exit file
- rtc, err := r.GetConfig()
- if err != nil {
- return 0, err
- }
- ctrExitCode, err := ReadExitFile(rtc.TmpDir, ctr.ID())
+ // Check events
+ event, err := r.Runtime.GetLastContainerEvent(ctr.ID(), events.Exited)
if err != nil {
logrus.Errorf("Cannot get exit code: %v", err)
exitCode = 127
} else {
- exitCode = ctrExitCode
+ exitCode = event.ContainerExitCode
}
}
} else {
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index b9d7fcd9b..e25238956 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -10,6 +10,7 @@ import (
"os"
"strings"
+ "github.com/containers/buildah/pkg/parse"
"github.com/containers/image/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/shared"
@@ -570,7 +571,7 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa
}
}
- if err := createconfig.ValidateVolumeHostDir(hostPath.Path); err != nil {
+ if err := parse.ValidateVolumeHostDir(hostPath.Path); err != nil {
return nil, errors.Wrapf(err, "Error in parsing HostPath in YAML")
}
volumes[volume.Name] = hostPath.Path
@@ -682,6 +683,15 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
if containerYAML.SecurityContext.AllowPrivilegeEscalation != nil {
containerConfig.NoNewPrivs = !*containerYAML.SecurityContext.AllowPrivilegeEscalation
}
+
+ }
+ if caps := containerYAML.SecurityContext.Capabilities; caps != nil {
+ for _, capability := range caps.Add {
+ containerConfig.CapAdd = append(containerConfig.CapAdd, string(capability))
+ }
+ for _, capability := range caps.Drop {
+ containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
+ }
}
containerConfig.Command = []string{}
@@ -728,7 +738,7 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
if !exists {
return nil, errors.Errorf("Volume mount %s specified for container but not configured in volumes", volume.Name)
}
- if err := createconfig.ValidateVolumeCtrDir(volume.MountPath); err != nil {
+ if err := parse.ValidateVolumeCtrDir(volume.MountPath); err != nil {
return nil, errors.Wrapf(err, "error in parsing MountPath")
}
containerConfig.Volumes = append(containerConfig.Volumes, fmt.Sprintf("%s:%s", hostPath, volume.MountPath))
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index b03bcd0dd..289634a0d 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -168,6 +168,9 @@ func (c *CreateConfig) createExitCommand(runtime *libpod.Runtime) ([]string, err
for _, opt := range config.StorageConfig.GraphDriverOptions {
command = append(command, []string{"--storage-opt", opt}...)
}
+ if config.EventsLogger != "" {
+ command = append(command, []string{"--events-backend", config.EventsLogger}...)
+ }
if c.Syslog {
command = append(command, "--syslog", "true")
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 15c8c77fa..c94746767 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -552,7 +552,7 @@ func addPidNS(config *CreateConfig, g *generate.Generator) error {
func addUserNS(config *CreateConfig, g *generate.Generator) error {
if IsNS(string(config.UsernsMode)) {
- if err := g.AddOrReplaceLinuxNamespace(spec.UserNamespace, NS(string(config.UsernsMode))); err != nil {
+ if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), NS(string(config.UsernsMode))); err != nil {
return err
}
// runc complains if no mapping is specified, even if we join another ns. So provide a dummy mapping
@@ -561,7 +561,7 @@ func addUserNS(config *CreateConfig, g *generate.Generator) error {
}
if (len(config.IDMappings.UIDMap) > 0 || len(config.IDMappings.GIDMap) > 0) && !config.UsernsMode.IsHost() {
- if err := g.AddOrReplaceLinuxNamespace(spec.UserNamespace, ""); err != nil {
+ if err := g.AddOrReplaceLinuxNamespace(string(spec.UserNamespace), ""); err != nil {
return err
}
}
@@ -572,7 +572,7 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error {
netMode := config.NetMode
if netMode.IsHost() {
logrus.Debug("Using host netmode")
- return g.RemoveLinuxNamespace(spec.NetworkNamespace)
+ return g.RemoveLinuxNamespace(string(spec.NetworkNamespace))
} else if netMode.IsNone() {
logrus.Debug("Using none netmode")
return nil
@@ -584,7 +584,7 @@ func addNetNS(config *CreateConfig, g *generate.Generator) error {
return nil
} else if IsNS(string(netMode)) {
logrus.Debug("Using ns netmode")
- return g.AddOrReplaceLinuxNamespace(spec.NetworkNamespace, NS(string(netMode)))
+ return g.AddOrReplaceLinuxNamespace(string(spec.NetworkNamespace), NS(string(netMode)))
} else if IsPod(string(netMode)) {
logrus.Debug("Using pod netmode, unless pod is not sharing")
return nil
@@ -604,7 +604,7 @@ func addUTSNS(config *CreateConfig, g *generate.Generator) error {
return g.AddOrReplaceLinuxNamespace(string(spec.UTSNamespace), NS(string(utsMode)))
}
if utsMode.IsHost() {
- return g.RemoveLinuxNamespace(spec.UTSNamespace)
+ return g.RemoveLinuxNamespace(string(spec.UTSNamespace))
}
return nil
}
@@ -615,7 +615,7 @@ func addIpcNS(config *CreateConfig, g *generate.Generator) error {
return g.AddOrReplaceLinuxNamespace(string(spec.IPCNamespace), NS(string(ipcMode)))
}
if ipcMode.IsHost() {
- return g.RemoveLinuxNamespace(spec.IPCNamespace)
+ return g.RemoveLinuxNamespace(string(spec.IPCNamespace))
}
if ipcMode.IsContainer() {
logrus.Debug("Using container ipcmode")
@@ -630,10 +630,10 @@ func addCgroupNS(config *CreateConfig, g *generate.Generator) error {
return g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), NS(string(cgroupMode)))
}
if cgroupMode.IsHost() {
- return g.RemoveLinuxNamespace(spec.CgroupNamespace)
+ return g.RemoveLinuxNamespace(string(spec.CgroupNamespace))
}
if cgroupMode.IsPrivate() {
- return g.AddOrReplaceLinuxNamespace(spec.CgroupNamespace, "")
+ return g.AddOrReplaceLinuxNamespace(string(spec.CgroupNamespace), "")
}
if cgroupMode.IsContainer() {
logrus.Debug("Using container cgroup mode")
diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go
index 88f1f6dc1..ac7a2c30f 100644
--- a/pkg/spec/storage.go
+++ b/pkg/spec/storage.go
@@ -7,6 +7,7 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/buildah/pkg/parse"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/util"
"github.com/containers/storage/pkg/stringid"
@@ -248,8 +249,11 @@ func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string]
finalNamedVolumes := make(map[string]*libpod.ContainerNamedVolume)
for _, vol := range config.VolumesFrom {
- options := []string{}
- splitVol := strings.SplitN(vol, ":", 2)
+ var (
+ options = []string{}
+ err error
+ splitVol = strings.SplitN(vol, ":", 2)
+ )
if len(splitVol) == 2 {
if strings.Contains(splitVol[1], "Z") ||
strings.Contains(splitVol[1], "private") ||
@@ -257,12 +261,10 @@ func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string]
strings.Contains(splitVol[1], "shared") {
return nil, nil, errors.Errorf("invalid options %q, can only specify 'ro', 'rw', and 'z", splitVol[1])
}
- options = strings.Split(splitVol[1], ",")
- opts, err := ValidateVolumeOpts(options)
- if err != nil {
+
+ if options, err = parse.ValidateVolumeOpts(strings.Split(splitVol[1], ",")); err != nil {
return nil, nil, err
}
- options = opts
}
ctr, err := runtime.LookupContainer(splitVol[0])
if err != nil {
@@ -429,7 +431,7 @@ func getBindMount(args []string) (spec.Mount, error) {
if len(kv) == 1 {
return newMount, errors.Wrapf(optionArgError, kv[0])
}
- if err := ValidateVolumeHostDir(kv[1]); err != nil {
+ if err := parse.ValidateVolumeHostDir(kv[1]); err != nil {
return newMount, err
}
newMount.Source = kv[1]
@@ -438,7 +440,7 @@ func getBindMount(args []string) (spec.Mount, error) {
if len(kv) == 1 {
return newMount, errors.Wrapf(optionArgError, kv[0])
}
- if err := ValidateVolumeCtrDir(kv[1]); err != nil {
+ if err := parse.ValidateVolumeCtrDir(kv[1]); err != nil {
return newMount, err
}
newMount.Destination = kv[1]
@@ -456,12 +458,11 @@ func getBindMount(args []string) (spec.Mount, error) {
newMount.Source = newMount.Destination
}
- opts, err := ValidateVolumeOpts(newMount.Options)
+ options, err := parse.ValidateVolumeOpts(newMount.Options)
if err != nil {
return newMount, err
}
- newMount.Options = opts
-
+ newMount.Options = options
return newMount, nil
}
@@ -495,7 +496,7 @@ func getTmpfsMount(args []string) (spec.Mount, error) {
if len(kv) == 1 {
return newMount, errors.Wrapf(optionArgError, kv[0])
}
- if err := ValidateVolumeCtrDir(kv[1]); err != nil {
+ if err := parse.ValidateVolumeCtrDir(kv[1]); err != nil {
return newMount, err
}
newMount.Destination = kv[1]
@@ -539,7 +540,7 @@ func getNamedVolume(args []string) (*libpod.ContainerNamedVolume, error) {
if len(kv) == 1 {
return nil, errors.Wrapf(optionArgError, kv[0])
}
- if err := ValidateVolumeCtrDir(kv[1]); err != nil {
+ if err := parse.ValidateVolumeCtrDir(kv[1]); err != nil {
return nil, err
}
newVolume.Dest = kv[1]
@@ -559,75 +560,6 @@ func getNamedVolume(args []string) (*libpod.ContainerNamedVolume, error) {
return newVolume, nil
}
-// ValidateVolumeHostDir validates a volume mount's source directory
-func ValidateVolumeHostDir(hostDir string) error {
- if len(hostDir) == 0 {
- return errors.Errorf("host directory cannot be empty")
- }
- if filepath.IsAbs(hostDir) {
- if _, err := os.Stat(hostDir); err != nil {
- return errors.Wrapf(err, "error checking path %q", hostDir)
- }
- }
- // If hostDir is not an absolute path, that means the user wants to create a
- // named volume. This will be done later on in the code.
- return nil
-}
-
-// ValidateVolumeCtrDir validates a volume mount's destination directory.
-func ValidateVolumeCtrDir(ctrDir string) error {
- if len(ctrDir) == 0 {
- return errors.Errorf("container directory cannot be empty")
- }
- if !filepath.IsAbs(ctrDir) {
- return errors.Errorf("invalid container path %q, must be an absolute path", ctrDir)
- }
- return nil
-}
-
-// ValidateVolumeOpts validates a volume's options
-func ValidateVolumeOpts(options []string) ([]string, error) {
- var foundRootPropagation, foundRWRO, foundLabelChange, bindType int
- finalOpts := make([]string, 0, len(options))
- for _, opt := range options {
- switch opt {
- case "rw", "ro":
- foundRWRO++
- if foundRWRO > 1 {
- return nil, errors.Errorf("invalid options %q, can only specify 1 'rw' or 'ro' option", strings.Join(options, ", "))
- }
- case "z", "Z":
- foundLabelChange++
- if foundLabelChange > 1 {
- return nil, errors.Errorf("invalid options %q, can only specify 1 'z' or 'Z' option", strings.Join(options, ", "))
- }
- case "private", "rprivate", "shared", "rshared", "slave", "rslave":
- foundRootPropagation++
- if foundRootPropagation > 1 {
- return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]shared', '[r]private' or '[r]slave' option", strings.Join(options, ", "))
- }
- case "bind", "rbind":
- bindType++
- if bindType > 1 {
- return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]bind' option", strings.Join(options, ", "))
- }
- case "cached", "delegated":
- // The discarded ops are OS X specific volume options
- // introduced in a recent Docker version.
- // They have no meaning on Linux, so here we silently
- // drop them. This matches Docker's behavior (the options
- // are intended to be always safe to use, even not on OS
- // X).
- continue
- default:
- return nil, errors.Errorf("invalid mount option %q", opt)
- }
- finalOpts = append(finalOpts, opt)
- }
- return finalOpts, nil
-}
-
-// GetVolumeMounts takes user provided input for bind mounts and creates Mount structs
func (config *CreateConfig) getVolumeMounts() (map[string]spec.Mount, map[string]*libpod.ContainerNamedVolume, error) {
mounts := make(map[string]spec.Mount)
volumes := make(map[string]*libpod.ContainerNamedVolume)
@@ -639,6 +571,7 @@ func (config *CreateConfig) getVolumeMounts() (map[string]spec.Mount, map[string
options []string
src string
dest string
+ err error
)
splitVol := strings.Split(vol, ":")
@@ -653,18 +586,15 @@ func (config *CreateConfig) getVolumeMounts() (map[string]spec.Mount, map[string
dest = splitVol[1]
}
if len(splitVol) > 2 {
- options = strings.Split(splitVol[2], ",")
- opts, err := ValidateVolumeOpts(options)
- if err != nil {
+ if options, err = parse.ValidateVolumeOpts(strings.Split(splitVol[2], ",")); err != nil {
return nil, nil, err
}
- options = opts
}
- if err := ValidateVolumeHostDir(src); err != nil {
+ if err := parse.ValidateVolumeHostDir(src); err != nil {
return nil, nil, err
}
- if err := ValidateVolumeCtrDir(dest); err != nil {
+ if err := parse.ValidateVolumeCtrDir(dest); err != nil {
return nil, nil, err
}
diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go
index af55689a6..6449c6f85 100644
--- a/pkg/util/utils_supported.go
+++ b/pkg/util/utils_supported.go
@@ -26,7 +26,7 @@ func GetRootlessRuntimeDir() (string, error) {
if runtimeDir == "" {
tmpDir := filepath.Join("/run", "user", uid)
if err := os.MkdirAll(tmpDir, 0700); err != nil {
- logrus.Errorf("unable to make temp dir %s", tmpDir)
+ logrus.Debugf("unable to make temp dir %s", tmpDir)
}
st, err := os.Stat(tmpDir)
if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
@@ -36,7 +36,7 @@ func GetRootlessRuntimeDir() (string, error) {
if runtimeDir == "" {
tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("run-%s", uid))
if err := os.MkdirAll(tmpDir, 0700); err != nil {
- logrus.Errorf("unable to make temp dir %s", tmpDir)
+ logrus.Debugf("unable to make temp dir %s", tmpDir)
}
st, err := os.Stat(tmpDir)
if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && st.Mode().Perm() == 0700 {
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index cd5f305c9..bb66ff962 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -488,6 +488,12 @@ func (i *LibpodAPI) RemoveContainer(call iopodman.VarlinkCall, name string, forc
return call.ReplyContainerNotFound(name, err.Error())
}
if err := i.Runtime.RemoveContainer(ctx, ctr, force, removeVolumes); err != nil {
+ if errors.Cause(err) == define.ErrNoSuchCtr {
+ return call.ReplyContainerExists(1)
+ }
+ if errors.Cause(err) == define.ErrCtrStateInvalid {
+ return call.ReplyInvalidState(ctr.ID(), err.Error())
+ }
return call.ReplyErrorOccurred(err.Error())
}
return call.ReplyRemoveContainer(ctr.ID())
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 739a3e582..338499bd4 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -161,7 +161,7 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI
}
hostNetwork := buildah.NamespaceOption{
- Name: specs.NetworkNamespace,
+ Name: string(specs.NetworkNamespace),
Host: true,
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-04 06:42:35 +0000