diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/adapter/checkpoint_restore.go | 6 | ||||
-rw-r--r-- | pkg/adapter/containers.go | 12 | ||||
-rw-r--r-- | pkg/adapter/pods.go | 4 | ||||
-rw-r--r-- | pkg/adapter/runtime.go | 18 | ||||
-rw-r--r-- | pkg/adapter/runtime_remote.go | 19 | ||||
-rw-r--r-- | pkg/adapter/sigproxy_linux.go | 2 | ||||
-rw-r--r-- | pkg/adapter/terminal_linux.go | 2 | ||||
-rw-r--r-- | pkg/apparmor/apparmor_linux.go | 16 | ||||
-rw-r--r-- | pkg/cgroups/cgroups.go | 10 | ||||
-rw-r--r-- | pkg/ctime/ctime_linux.go | 2 | ||||
-rw-r--r-- | pkg/firewall/iptables.go | 1 | ||||
-rw-r--r-- | pkg/hooks/exec/runtimeconfigfilter.go | 12 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.go | 8 | ||||
-rw-r--r-- | pkg/spec/config_linux.go | 2 | ||||
-rw-r--r-- | pkg/spec/parse.go | 6 | ||||
-rw-r--r-- | pkg/sysinfo/sysinfo_linux.go | 2 | ||||
-rw-r--r-- | pkg/varlinkapi/images.go | 2 | ||||
-rw-r--r-- | pkg/varlinkapi/virtwriter/virtwriter.go | 6 |
18 files changed, 75 insertions, 55 deletions
diff --git a/pkg/adapter/checkpoint_restore.go b/pkg/adapter/checkpoint_restore.go index 533e9e3a2..1cac86d12 100644 --- a/pkg/adapter/checkpoint_restore.go +++ b/pkg/adapter/checkpoint_restore.go @@ -4,7 +4,6 @@ package adapter import ( "context" - "io" "io/ioutil" "os" "path/filepath" @@ -35,7 +34,7 @@ func crImportFromJSON(filePath string, v interface{}) error { return errors.Wrapf(err, "Failed to read container definition %s for restore", filePath) } json := jsoniter.ConfigCompatibleWithStandardLibrary - if err = json.Unmarshal([]byte(content), v); err != nil { + if err = json.Unmarshal(content, v); err != nil { return errors.Wrapf(err, "Failed to unmarshal container definition %s for restore", filePath) } @@ -106,9 +105,8 @@ func crImportCheckpoint(ctx context.Context, runtime *libpod.Runtime, input stri ctrName := config.Name // The code to load the images is copied from create.go - var writer io.Writer // In create.go this only set if '--quiet' does not exist. - writer = os.Stderr + writer := os.Stderr rtc, err := runtime.GetConfig() if err != nil { return nil, err diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go index 7e2384e18..9726b237f 100644 --- a/pkg/adapter/containers.go +++ b/pkg/adapter/containers.go @@ -69,7 +69,7 @@ func (r *LocalRuntime) LookupContainer(idOrName string) (*Container, error) { func (r *LocalRuntime) StopContainers(ctx context.Context, cli *cliconfig.StopValues) ([]string, map[string]error, error) { var timeout *uint if cli.Flags().Changed("timeout") || cli.Flags().Changed("time") { - t := uint(cli.Timeout) + t := cli.Timeout timeout = &t } @@ -342,7 +342,7 @@ func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode if err := ctr.Start(ctx, c.IsSet("pod")); err != nil { // This means the command did not exist exitCode = 127 - if strings.Index(err.Error(), "permission denied") > -1 { + if strings.Contains(err.Error(), "permission denied") { exitCode = 126 } return exitCode, err @@ -405,7 +405,7 @@ func (r *LocalRuntime) Run(ctx context.Context, c *cliconfig.RunValues, exitCode } // This means the command did not exist exitCode = 127 - if strings.Index(err.Error(), "permission denied") > -1 { + if strings.Contains(err.Error(), "permission denied") { exitCode = 126 } if c.IsSet("rm") { @@ -1057,7 +1057,7 @@ func (r *LocalRuntime) GenerateSystemd(c *cliconfig.GenerateSystemdValues) (stri } timeout := int(ctr.StopTimeout()) if c.StopTimeout >= 0 { - timeout = int(c.StopTimeout) + timeout = c.StopTimeout } name := ctr.ID() if c.Name { @@ -1153,9 +1153,7 @@ func (r *LocalRuntime) Exec(c *cliconfig.ExecValues, cmd []string) error { for _, e := range entries { i, err := strconv.Atoi(e.Name()) if err != nil { - if err != nil { - return errors.Wrapf(err, "cannot parse %s in /proc/self/fd", e.Name()) - } + return errors.Wrapf(err, "cannot parse %s in /proc/self/fd", e.Name()) } m[i] = true } diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index 2ca4f228f..5960fac60 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -155,7 +155,7 @@ func (r *LocalRuntime) StopPods(ctx context.Context, cli *cliconfig.PodStopValue for _, p := range pods { stopped := true - conErrs, stopErr := p.StopWithTimeout(ctx, true, int(timeout)) + conErrs, stopErr := p.StopWithTimeout(ctx, true, timeout) if stopErr != nil { errs = append(errs, stopErr) stopped = false @@ -532,7 +532,6 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa if err := libpod.LabelVolumePath(hostPath.Path, false); err != nil { return nil, errors.Wrapf(err, "Error giving %s a label", hostPath.Path) } - break case v1.HostPathFileOrCreate: if _, err := os.Stat(hostPath.Path); os.IsNotExist(err) { f, err := os.OpenFile(hostPath.Path, os.O_RDONLY|os.O_CREATE, createFilePermission) @@ -547,7 +546,6 @@ func (r *LocalRuntime) PlayKubeYAML(ctx context.Context, c *cliconfig.KubePlayVa if err := libpod.LabelVolumePath(hostPath.Path, false); err != nil { return nil, errors.Wrapf(err, "Error giving %s a label", hostPath.Path) } - break case v1.HostPathDirectory: case v1.HostPathFile: case v1.HostPathUnset: diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go index e65f07898..ee6913cc0 100644 --- a/pkg/adapter/runtime.go +++ b/pkg/adapter/runtime.go @@ -85,16 +85,27 @@ func getRuntime(runtime *libpod.Runtime) (*LocalRuntime, error) { // GetImages returns a slice of images in containerimages func (r *LocalRuntime) GetImages() ([]*ContainerImage, error) { + return r.getImages(false) +} + +// GetRWImages returns a slice of read/write images in containerimages +func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) { + return r.getImages(true) +} + +func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) { var containerImages []*ContainerImage images, err := r.Runtime.ImageRuntime().GetImages() if err != nil { return nil, err } for _, i := range images { + if rwOnly && i.IsReadOnly() { + continue + } containerImages = append(containerImages, &ContainerImage{i}) } return containerImages, nil - } // NewImageFromLocal returns a containerimage representation of a image from local storage @@ -321,10 +332,7 @@ func (r *LocalRuntime) LoadImage(ctx context.Context, name string, cli *cliconfi // IsImageNotFound checks if the error indicates that no image was found. func IsImageNotFound(err error) bool { - if errors.Cause(err) == image.ErrNoSuchImage { - return true - } - return false + return errors.Cause(err) == image.ErrNoSuchImage } // HealthCheck is a wrapper to same named function in libpod diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go index db3f23629..9fae39df0 100644 --- a/pkg/adapter/runtime_remote.go +++ b/pkg/adapter/runtime_remote.go @@ -129,6 +129,7 @@ type remoteImage struct { isParent bool Runtime *LocalRuntime TopLayer string + ReadOnly bool } // Container ... @@ -169,12 +170,24 @@ type remoteVolume struct { // GetImages returns a slice of containerimages over a varlink connection func (r *LocalRuntime) GetImages() ([]*ContainerImage, error) { + return r.getImages(false) +} + +// GetRWImages returns a slice of read/write containerimages over a varlink connection +func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) { + return r.getImages(true) +} + +func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) { var newImages []*ContainerImage images, err := iopodman.ListImages().Call(r.Conn) if err != nil { return nil, err } for _, i := range images { + if rwOnly && i.ReadOnly { + continue + } name := i.Id if len(i.RepoTags) > 1 { name = i.RepoTags[0] @@ -207,6 +220,7 @@ func imageInListToContainerImage(i iopodman.Image, name string, runtime *LocalRu isParent: i.IsParent, Runtime: runtime, TopLayer: i.TopLayer, + ReadOnly: i.ReadOnly, } return &ContainerImage{ri}, nil } @@ -302,6 +316,11 @@ func (ci *ContainerImage) Created() time.Time { return ci.remoteImage.Created } +// IsReadOnly returns whether the image is ReadOnly +func (ci *ContainerImage) IsReadOnly() bool { + return ci.remoteImage.ReadOnly +} + // Size returns the size of the image func (ci *ContainerImage) Size(ctx context.Context) (*uint64, error) { usize := uint64(ci.remoteImage.Size) diff --git a/pkg/adapter/sigproxy_linux.go b/pkg/adapter/sigproxy_linux.go index efa6afa7b..ebfeab725 100644 --- a/pkg/adapter/sigproxy_linux.go +++ b/pkg/adapter/sigproxy_linux.go @@ -33,6 +33,4 @@ func ProxySignals(ctr *libpod.Container) { } } }() - - return } diff --git a/pkg/adapter/terminal_linux.go b/pkg/adapter/terminal_linux.go index e3255ecb6..9f6ddc2e6 100644 --- a/pkg/adapter/terminal_linux.go +++ b/pkg/adapter/terminal_linux.go @@ -14,6 +14,8 @@ import ( ) // StartAttachCtr starts and (if required) attaches to a container +// if you change the signature of this function from os.File to io.Writer, it will trigger a downstream +// error. we may need to just lint disable this one. func StartAttachCtr(ctx context.Context, ctr *libpod.Container, stdout, stderr, stdin *os.File, detachKeys string, sigProxy bool, startContainer bool, recursive bool) error { resize := make(chan remotecommand.TerminalSize) diff --git a/pkg/apparmor/apparmor_linux.go b/pkg/apparmor/apparmor_linux.go index 479600408..33710ff56 100644 --- a/pkg/apparmor/apparmor_linux.go +++ b/pkg/apparmor/apparmor_linux.go @@ -92,16 +92,24 @@ func InstallDefault(name string) error { return err } if err := cmd.Start(); err != nil { - pipe.Close() + if pipeErr := pipe.Close(); pipeErr != nil { + logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + } return err } if err := p.generateDefault(pipe); err != nil { - pipe.Close() - cmd.Wait() + if pipeErr := pipe.Close(); pipeErr != nil { + logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + } + if cmdErr := cmd.Wait(); cmdErr != nil { + logrus.Errorf("unable to wait for apparmor command: %q", cmdErr) + } return err } - pipe.Close() + if pipeErr := pipe.Close(); pipeErr != nil { + logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + } return cmd.Wait() } diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index fda19bff8..f2c6b548e 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -155,7 +155,7 @@ func createCgroupv2Path(path string) (Err error) { if err != nil { return errors.Wrapf(err, "read /sys/fs/cgroup/cgroup.controllers") } - if !filepath.HasPrefix(path, "/sys/fs/cgroup") { + if !strings.HasPrefix(path, "/sys/fs/cgroup/") { return fmt.Errorf("invalid cgroup path %s", path) } @@ -274,12 +274,6 @@ func readFileAsUint64(path string) (uint64, error) { return ret, nil } -func (c *CgroupControl) writePidToTasks(pid int, name string) error { - path := filepath.Join(c.getCgroupv1Path(name), "tasks") - payload := []byte(fmt.Sprintf("%d", pid)) - return ioutil.WriteFile(path, payload, 0644) -} - // New creates a new cgroup control func New(path string, resources *spec.LinuxResources) (*CgroupControl, error) { cgroup2, err := IsCgroup2UnifiedMode() @@ -384,7 +378,7 @@ func rmDirRecursively(path string) error { } } } - if os.Remove(path); err != nil { + if err := os.Remove(path); err != nil { if !os.IsNotExist(err) { return errors.Wrapf(err, "remove %s", path) } diff --git a/pkg/ctime/ctime_linux.go b/pkg/ctime/ctime_linux.go index e83269d49..28ad959cf 100644 --- a/pkg/ctime/ctime_linux.go +++ b/pkg/ctime/ctime_linux.go @@ -10,5 +10,5 @@ import ( func created(fi os.FileInfo) time.Time { st := fi.Sys().(*syscall.Stat_t) - return time.Unix(int64(st.Ctim.Sec), int64(st.Ctim.Nsec)) + return time.Unix(st.Ctim.Sec, st.Ctim.Nsec) } diff --git a/pkg/firewall/iptables.go b/pkg/firewall/iptables.go index 92d249f7b..169ddc1d7 100644 --- a/pkg/firewall/iptables.go +++ b/pkg/firewall/iptables.go @@ -151,7 +151,6 @@ type iptablesBackend struct { protos map[iptables.Protocol]*iptables.IPTables privChainName string adminChainName string - ifName string } // iptablesBackend implements the FirewallBackend interface diff --git a/pkg/hooks/exec/runtimeconfigfilter.go b/pkg/hooks/exec/runtimeconfigfilter.go index c6971f680..10b8fedc2 100644 --- a/pkg/hooks/exec/runtimeconfigfilter.go +++ b/pkg/hooks/exec/runtimeconfigfilter.go @@ -27,7 +27,11 @@ var spewConfig = spew.ConfigState{ // reads back a possibly-altered form from their standard output). func RuntimeConfigFilter(ctx context.Context, hooks []spec.Hook, config *spec.Spec, postKillTimeout time.Duration) (hookErr, err error) { data, err := json.Marshal(config) + if err != nil { + return nil, err + } for i, hook := range hooks { + hook := hook var stdout bytes.Buffer hookErr, err = Run(ctx, &hook, data, &stdout, nil, postKillTimeout) if err != nil { @@ -43,11 +47,11 @@ func RuntimeConfigFilter(ctx context.Context, hooks []spec.Hook, config *spec.Sp } if !reflect.DeepEqual(config, &newConfig) { - old := spewConfig.Sdump(config) - new := spewConfig.Sdump(&newConfig) + oldConfig := spewConfig.Sdump(config) + newConfig := spewConfig.Sdump(&newConfig) diff, err := difflib.GetUnifiedDiffString(difflib.UnifiedDiff{ - A: difflib.SplitLines(old), - B: difflib.SplitLines(new), + A: difflib.SplitLines(oldConfig), + B: difflib.SplitLines(newConfig), FromFile: "Old", FromDate: "", ToFile: "New", diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 99a0eb729..6e48988c5 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -111,10 +111,8 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) args := []string{path, fmt.Sprintf("%d", pid)} args = appendTriplet(args, 0, hostID, 1) - if mappings != nil { - for _, i := range mappings { - args = appendTriplet(args, i.ContainerID+1, i.HostID, i.Size) - } + for _, i := range mappings { + args = appendTriplet(args, i.ContainerID+1, i.HostID, i.Size) } cmd := exec.Cmd{ Path: path, @@ -442,7 +440,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, return false, -1, errors.Wrapf(err, "write to sync pipe") } - b := make([]byte, 1, 1) + b := make([]byte, 1) _, err = w.Read(b) if err != nil { return false, -1, errors.Wrapf(err, "read from sync pipe") diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index a84e9a72f..60d31d78e 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -160,7 +160,7 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { } // Add resources device - need to clear the existing one first. - g.Spec().Linux.Resources.Devices = nil + g.Config.Linux.Resources.Devices = nil g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") return nil } diff --git a/pkg/spec/parse.go b/pkg/spec/parse.go index d688b8d1b..c2572a033 100644 --- a/pkg/spec/parse.go +++ b/pkg/spec/parse.go @@ -126,13 +126,9 @@ func validateIOpsDevice(val string) (*throttleDevice, error) { //nolint if err != nil { return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val) } - if rate < 0 { - return nil, fmt.Errorf("invalid rate for device: %s. The correct format is <device-path>:<number>. Number must be a positive integer", val) - } - return &throttleDevice{ path: split[0], - rate: uint64(rate), + rate: rate, }, nil } diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go index f4047b63c..9e675c655 100644 --- a/pkg/sysinfo/sysinfo_linux.go +++ b/pkg/sysinfo/sysinfo_linux.go @@ -15,7 +15,7 @@ import ( func findCgroupMountpoints() (map[string]string, error) { cgMounts, err := cgroups.GetCgroupMounts(false) if err != nil { - return nil, fmt.Errorf("Failed to parse cgroup information: %v", err) + return nil, fmt.Errorf("failed to parse cgroup information: %v", err) } mps := make(map[string]string) for _, m := range cgMounts { diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index 2bebfd406..739a3e582 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -69,6 +69,7 @@ func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error { Containers: int64(len(containers)), Labels: labels, IsParent: isParent, + ReadOnly: image.IsReadOnly(), } imageList = append(imageList, i) } @@ -109,6 +110,7 @@ func (i *LibpodAPI) GetImage(call iopodman.VarlinkCall, id string) error { Containers: int64(len(containers)), Labels: labels, TopLayer: newImage.TopLayer(), + ReadOnly: newImage.IsReadOnly(), } return call.ReplyGetImage(il) } diff --git a/pkg/varlinkapi/virtwriter/virtwriter.go b/pkg/varlinkapi/virtwriter/virtwriter.go index e747984c7..5e88914b2 100644 --- a/pkg/varlinkapi/virtwriter/virtwriter.go +++ b/pkg/varlinkapi/virtwriter/virtwriter.go @@ -6,8 +6,6 @@ import ( "encoding/json" "errors" "io" - "os" - "k8s.io/client-go/tools/remotecommand" ) @@ -90,7 +88,7 @@ func (v VirtWriteCloser) Write(input []byte) (int, error) { } // Reader decodes the content that comes over the wire and directs it to the proper destination. -func Reader(r *bufio.Reader, output, errput *os.File, input *io.PipeWriter, resize chan remotecommand.TerminalSize) error { +func Reader(r *bufio.Reader, output io.Writer, errput io.Writer, input io.Writer, resize chan remotecommand.TerminalSize) error { var messageSize int64 headerBytes := make([]byte, 8) @@ -149,7 +147,7 @@ func Reader(r *bufio.Reader, output, errput *os.File, input *io.PipeWriter, resi default: // Something really went wrong - return errors.New("Unknown multiplex destination") + return errors.New("unknown multiplex destination") } } } |