diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/domain/infra/abi/system.go | 7 | ||||
| -rw-r--r-- | pkg/env/env.go | 14 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 4 | ||||
| -rw-r--r-- | pkg/specgen/container_validate.go | 3 | ||||
| -rw-r--r-- | pkg/systemd/generate/common.go | 13 | ||||
| -rw-r--r-- | pkg/systemd/generate/common_test.go | 25 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers.go | 1 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers_test.go | 4 | ||||
| -rw-r--r-- | pkg/systemd/generate/pods.go | 1 | ||||
| -rw-r--r-- | pkg/systemd/generate/pods_test.go | 4 |
10 files changed, 63 insertions, 13 deletions
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 71fe478fd..478fac1d5 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -70,8 +70,13 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) if err != nil { return err } + + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsUnderSystemd := err != nil || string(initCommand) == "systemd" + unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) - if conf.Engine.CgroupManager == config.SystemdCgroupsManager { + if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager { if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) } diff --git a/pkg/env/env.go b/pkg/env/env.go index a16007a50..0d55e5560 100644 --- a/pkg/env/env.go +++ b/pkg/env/env.go @@ -12,14 +12,16 @@ import ( "github.com/pkg/errors" ) -// DefaultEnvVariables sets $PATH and $TERM. -var DefaultEnvVariables = map[string]string{ - "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM": "xterm", -} - const whiteSpaces = " \t" +// DefaultEnvVariables returns a default environment, with $PATH and $TERM set. +func DefaultEnvVariables() map[string]string { + return map[string]string{ + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM": "xterm", + } +} + // Slice transforms the specified map of environment variables into a // slice. If a value is non-empty, the key and value are joined with '='. func Slice(m map[string]string) []string { diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c7a838d4c..893ae3cab 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -321,13 +321,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // config. var defaultEnv map[string]string if runtimeConfig == nil { - defaultEnv = env.DefaultEnvVariables + defaultEnv = env.DefaultEnvVariables() } else { defaultEnv, err = env.ParseSlice(runtimeConfig.Containers.Env) if err != nil { return nil, errors.Wrap(err, "Env fields in containers.conf failed ot parse") } - defaultEnv = env.Join(env.DefaultEnvVariables, defaultEnv) + defaultEnv = env.Join(env.DefaultEnvVariables(), defaultEnv) } if err := addRlimits(config, &g); err != nil { diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 8289e2089..76961fa80 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -46,6 +46,9 @@ func (s *SpecGenerator) Validate() error { } // Cannot set hostname and utsns if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() { + if s.ContainerBasicConfig.UtsNS.IsPod() { + return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when joining the pod UTS namespace") + } return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace") } // systemd values must be true, false, or always diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go index d6d18a810..1fc4479ff 100644 --- a/pkg/systemd/generate/common.go +++ b/pkg/systemd/generate/common.go @@ -1,6 +1,7 @@ package generate import ( + "strconv" "strings" "github.com/pkg/errors" @@ -53,3 +54,15 @@ func filterPodFlags(command []string) []string { } return processed } + +// quoteArguments makes sure that all arguments with at least one whitespace +// are quoted to make sure those are interpreted as one argument instead of +// multiple ones. +func quoteArguments(command []string) []string { + for i := range command { + if strings.ContainsAny(command[i], " \t") { + command[i] = strconv.Quote(command[i]) + } + } + return command +} diff --git a/pkg/systemd/generate/common_test.go b/pkg/systemd/generate/common_test.go index 389c30f59..d0ec5637c 100644 --- a/pkg/systemd/generate/common_test.go +++ b/pkg/systemd/generate/common_test.go @@ -28,3 +28,28 @@ func TestFilterPodFlags(t *testing.T) { } } } + +func TestQuoteArguments(t *testing.T) { + tests := []struct { + input []string + output []string + }{ + { + []string{"foo", "bar=\"arg\""}, + []string{"foo", "bar=\"arg\""}, + }, + { + []string{"foo", "bar=\"arg with space\""}, + []string{"foo", "\"bar=\\\"arg with space\\\"\""}, + }, + { + []string{"foo", "bar=\"arg with\ttab\""}, + []string{"foo", "\"bar=\\\"arg with\\ttab\\\"\""}, + }, + } + + for _, test := range tests { + quoted := quoteArguments(test.input) + assert.Equal(t, test.output, quoted) + } +} diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 3d266a7a1..5f6376977 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -241,6 +241,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst startCommand = append(startCommand, "--replace") } startCommand = append(startCommand, info.CreateCommand[index:]...) + startCommand = quoteArguments(startCommand) info.ExecStartPre = "/bin/rm -f {{.PIDFile}} {{.ContainerIDFile}}" info.ExecStart = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 41817c03c..b5c736c5a 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -117,7 +117,7 @@ After=network-online.target Environment=PODMAN_SYSTEMD_UNIT=%n Restart=always ExecStartPre=/bin/rm -f %t/jadda-jadda.pid %t/jadda-jadda.ctr-id -ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" ExecStop=/usr/bin/podman stop --ignore --cidfile %t/jadda-jadda.ctr-id -t 42 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/jadda-jadda.ctr-id PIDFile=%t/jadda-jadda.pid @@ -296,7 +296,7 @@ WantedBy=multi-user.target default.target` PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", - CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN"}, + CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"}, EnvVariable: EnvVariable, }, goodWithNameAndGeneric, diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index ec28dfe84..dec9587d9 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -292,6 +292,7 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) } startCommand = append(startCommand, podCreateArgs...) + startCommand = quoteArguments(startCommand) info.ExecStartPre1 = "/bin/rm -f {{.PIDFile}} {{.PodIDFile}}" info.ExecStartPre2 = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 32c760956..8bf4705a7 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -75,7 +75,7 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -118,7 +118,7 @@ WantedBy=multi-user.target default.target` StopTimeout: 10, PodmanVersion: "CI", RequiredServices: []string{"container-1", "container-2"}, - CreateCommand: []string{"podman", "pod", "create", "--name", "foo"}, + CreateCommand: []string{"podman", "pod", "create", "--name", "foo", "bar=arg with space"}, }, podGoodNamedNew, true, |