summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/selinux/selinux.go8
-rw-r--r--pkg/specgen/container_validate.go2
-rw-r--r--pkg/specgen/generate/config_linux_cgo.go3
-rw-r--r--pkg/specgen/generate/container.go6
-rw-r--r--pkg/specgen/generate/container_create.go21
-rw-r--r--pkg/specgen/generate/namespaces.go2
-rw-r--r--pkg/specgen/specgen.go9
7 files changed, 34 insertions, 17 deletions
diff --git a/pkg/selinux/selinux.go b/pkg/selinux/selinux.go
index 975519cce..6b6d065f7 100644
--- a/pkg/selinux/selinux.go
+++ b/pkg/selinux/selinux.go
@@ -4,8 +4,8 @@ import (
"github.com/opencontainers/selinux/go-selinux"
)
-// SELinuxKVMLabel returns labels for running kvm isolated containers
-func SELinuxKVMLabel(cLabel string) (string, error) {
+// KVMLabel returns labels for running kvm isolated containers
+func KVMLabel(cLabel string) (string, error) {
if cLabel == "" {
// selinux is disabled
return "", nil
@@ -15,8 +15,8 @@ func SELinuxKVMLabel(cLabel string) (string, error) {
return swapSELinuxLabel(cLabel, processLabel)
}
-// SELinuxInitLabel returns labels for running systemd based containers
-func SELinuxInitLabel(cLabel string) (string, error) {
+// InitLabel returns labels for running systemd based containers
+func InitLabel(cLabel string) (string, error) {
if cLabel == "" {
// selinux is disabled
return "", nil
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 56c1a7ea9..87fc59dfe 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -34,7 +34,7 @@ func (s *SpecGenerator) Validate() error {
}
// Cannot set hostname and utsns
if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() {
- return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when creating an UTS namespace")
+ return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace")
}
// systemd values must be true, false, or always
if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) {
diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go
index b06ef5c9a..5d629a6e6 100644
--- a/pkg/specgen/generate/config_linux_cgo.go
+++ b/pkg/specgen/generate/config_linux_cgo.go
@@ -24,6 +24,9 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *imag
}
if scp == seccomp.PolicyImage {
+ if img == nil {
+ return nil, errors.New("cannot read seccomp profile without a valid image")
+ }
labels, err := img.Labels(context.Background())
if err != nil {
return nil, err
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index de3239fda..9797ad572 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -15,7 +15,11 @@ import (
func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error {
var appendEntryPoint bool
- // TODO add support for raw rootfs
+ // If a rootfs is used, then there is no image data
+ if s.ContainerStorageConfig.Rootfs != "" {
+ return nil
+ }
+
newImage, err := r.ImageRuntime().NewFromLocal(s.Image)
if err != nil {
return err
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 1be77d315..49a717c5d 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/common/pkg/config"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
+ "github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/specgen"
"github.com/containers/storage"
"github.com/pkg/errors"
@@ -15,9 +16,6 @@ import (
// MakeContainer creates a container based on the SpecGenerator
func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Container, error) {
- if err := s.Validate(); err != nil {
- return nil, errors.Wrap(err, "invalid config provided")
- }
rtc, err := rt.GetConfig()
if err != nil {
return nil, err
@@ -87,12 +85,19 @@ func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Contai
return nil, err
}
options = append(options, createExitCommandOption(s, rt.StorageConfig(), rtc, podmanPath))
- newImage, err := rt.ImageRuntime().NewFromLocal(s.Image)
- if err != nil {
- return nil, err
+ var newImage *image.Image
+ if s.Rootfs != "" {
+ options = append(options, libpod.WithRootFS(s.Rootfs))
+ } else {
+ newImage, err = rt.ImageRuntime().NewFromLocal(s.Image)
+ if err != nil {
+ return nil, err
+ }
+ options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName))
+ }
+ if err := s.Validate(); err != nil {
+ return nil, errors.Wrap(err, "invalid config provided")
}
-
- options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName))
runtimeSpec, err := SpecGenToOCI(s, rt, newImage)
if err != nil {
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 2aaeb9513..2e0e088bf 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -26,7 +26,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
nsType = strings.ToLower(nsType)
// If the pod is not nil - check shared namespaces
- if pod != nil {
+ if pod != nil && pod.HasInfraContainer() {
podMode := false
switch {
case nsType == "pid" && pod.SharesPID():
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 37f2b3190..275af1f49 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -402,8 +402,13 @@ type NamedVolume struct {
}
// NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs
-func NewSpecGenerator(image string) *SpecGenerator {
- csc := ContainerStorageConfig{Image: image}
+func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator {
+ csc := ContainerStorageConfig{}
+ if rootfs {
+ csc.Rootfs = arg
+ } else {
+ csc.Image = arg
+ }
return &SpecGenerator{
ContainerStorageConfig: csc,
}