diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/selinux/selinux.go | 8 | ||||
-rw-r--r-- | pkg/specgen/container_validate.go | 2 | ||||
-rw-r--r-- | pkg/specgen/generate/config_linux_cgo.go | 3 | ||||
-rw-r--r-- | pkg/specgen/generate/container.go | 6 | ||||
-rw-r--r-- | pkg/specgen/generate/container_create.go | 21 | ||||
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 2 | ||||
-rw-r--r-- | pkg/specgen/specgen.go | 9 |
7 files changed, 34 insertions, 17 deletions
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go index 975519cce..6b6d065f7 100644 --- a/pkg/selinux/selinux.go +++ b/pkg/selinux/selinux.go @@ -4,8 +4,8 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) -// SELinuxKVMLabel returns labels for running kvm isolated containers -func SELinuxKVMLabel(cLabel string) (string, error) { +// KVMLabel returns labels for running kvm isolated containers +func KVMLabel(cLabel string) (string, error) { if cLabel == "" { // selinux is disabled return "", nil @@ -15,8 +15,8 @@ func SELinuxKVMLabel(cLabel string) (string, error) { return swapSELinuxLabel(cLabel, processLabel) } -// SELinuxInitLabel returns labels for running systemd based containers -func SELinuxInitLabel(cLabel string) (string, error) { +// InitLabel returns labels for running systemd based containers +func InitLabel(cLabel string) (string, error) { if cLabel == "" { // selinux is disabled return "", nil diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 56c1a7ea9..87fc59dfe 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -34,7 +34,7 @@ func (s *SpecGenerator) Validate() error { } // Cannot set hostname and utsns if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() { - return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when creating an UTS namespace") + return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace") } // systemd values must be true, false, or always if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) { diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go index b06ef5c9a..5d629a6e6 100644 --- a/pkg/specgen/generate/config_linux_cgo.go +++ b/pkg/specgen/generate/config_linux_cgo.go @@ -24,6 +24,9 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *imag } if scp == seccomp.PolicyImage { + if img == nil { + return nil, errors.New("cannot read seccomp profile without a valid image") + } labels, err := img.Labels(context.Background()) if err != nil { return nil, err diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index de3239fda..9797ad572 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -15,7 +15,11 @@ import ( func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error { var appendEntryPoint bool - // TODO add support for raw rootfs + // If a rootfs is used, then there is no image data + if s.ContainerStorageConfig.Rootfs != "" { + return nil + } + newImage, err := r.ImageRuntime().NewFromLocal(s.Image) if err != nil { return err diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 1be77d315..49a717c5d 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -7,6 +7,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/specgen" "github.com/containers/storage" "github.com/pkg/errors" @@ -15,9 +16,6 @@ import ( // MakeContainer creates a container based on the SpecGenerator func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Container, error) { - if err := s.Validate(); err != nil { - return nil, errors.Wrap(err, "invalid config provided") - } rtc, err := rt.GetConfig() if err != nil { return nil, err @@ -87,12 +85,19 @@ func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Contai return nil, err } options = append(options, createExitCommandOption(s, rt.StorageConfig(), rtc, podmanPath)) - newImage, err := rt.ImageRuntime().NewFromLocal(s.Image) - if err != nil { - return nil, err + var newImage *image.Image + if s.Rootfs != "" { + options = append(options, libpod.WithRootFS(s.Rootfs)) + } else { + newImage, err = rt.ImageRuntime().NewFromLocal(s.Image) + if err != nil { + return nil, err + } + options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName)) + } + if err := s.Validate(); err != nil { + return nil, errors.Wrap(err, "invalid config provided") } - - options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName)) runtimeSpec, err := SpecGenToOCI(s, rt, newImage) if err != nil { diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 2aaeb9513..2e0e088bf 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -26,7 +26,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) nsType = strings.ToLower(nsType) // If the pod is not nil - check shared namespaces - if pod != nil { + if pod != nil && pod.HasInfraContainer() { podMode := false switch { case nsType == "pid" && pod.SharesPID(): diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 37f2b3190..275af1f49 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -402,8 +402,13 @@ type NamedVolume struct { } // NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs -func NewSpecGenerator(image string) *SpecGenerator { - csc := ContainerStorageConfig{Image: image} +func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator { + csc := ContainerStorageConfig{} + if rootfs { + csc.Rootfs = arg + } else { + csc.Image = arg + } return &SpecGenerator{ ContainerStorageConfig: csc, } |