diff options
Diffstat (limited to 'pkg')
23 files changed, 311 insertions, 58 deletions
diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go index 515d0e5cf..aed889298 100644 --- a/pkg/api/handlers/libpod/play.go +++ b/pkg/api/handlers/libpod/play.go @@ -23,14 +23,15 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) query := struct { - Network []string `schema:"network"` - TLSVerify bool `schema:"tlsVerify"` - LogDriver string `schema:"logDriver"` - LogOptions []string `schema:"logOptions"` - Start bool `schema:"start"` - StaticIPs []string `schema:"staticIPs"` - StaticMACs []string `schema:"staticMACs"` - NoHosts bool `schema:"noHosts"` + Annotations map[string]string `schema:"annotations"` + Network []string `schema:"network"` + TLSVerify bool `schema:"tlsVerify"` + LogDriver string `schema:"logDriver"` + LogOptions []string `schema:"logOptions"` + Start bool `schema:"start"` + StaticIPs []string `schema:"staticIPs"` + StaticMACs []string `schema:"staticMACs"` + NoHosts bool `schema:"noHosts"` }{ TLSVerify: true, Start: true, @@ -97,16 +98,17 @@ func PlayKube(w http.ResponseWriter, r *http.Request) { containerEngine := abi.ContainerEngine{Libpod: runtime} options := entities.PlayKubeOptions{ - Authfile: authfile, - Username: username, - Password: password, - Networks: query.Network, - NoHosts: query.NoHosts, - Quiet: true, - LogDriver: query.LogDriver, - LogOptions: query.LogOptions, - StaticIPs: staticIPs, - StaticMACs: staticMACs, + Annotations: query.Annotations, + Authfile: authfile, + Username: username, + Password: password, + Networks: query.Network, + NoHosts: query.NoHosts, + Quiet: true, + LogDriver: query.LogDriver, + LogOptions: query.LogOptions, + StaticIPs: staticIPs, + StaticMACs: staticMACs, } if _, found := r.URL.Query()["tlsVerify"]; found { options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) diff --git a/pkg/bindings/containers/attach.go b/pkg/bindings/containers/attach.go index c6d434c87..f410606e4 100644 --- a/pkg/bindings/containers/attach.go +++ b/pkg/bindings/containers/attach.go @@ -10,14 +10,12 @@ import ( "net/http" "net/url" "os" - "os/signal" "reflect" "strconv" "time" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/bindings" - sig "github.com/containers/podman/v4/pkg/signal" "github.com/containers/podman/v4/utils" "github.com/moby/term" "github.com/pkg/errors" @@ -94,7 +92,8 @@ func Attach(ctx context.Context, nameOrID string, stdin io.Reader, stdout io.Wri // Unless all requirements are met, don't use "stdin" is a terminal file, ok := stdin.(*os.File) - needTTY := ok && terminal.IsTerminal(int(file.Fd())) && ctnr.Config.Tty + outFile, outOk := stdout.(*os.File) + needTTY := ok && outOk && terminal.IsTerminal(int(file.Fd())) && ctnr.Config.Tty if needTTY { state, err := setRawTerminal(file) if err != nil { @@ -142,11 +141,10 @@ func Attach(ctx context.Context, nameOrID string, stdin io.Reader, stdout io.Wri if needTTY { winChange := make(chan os.Signal, 1) - signal.Notify(winChange, sig.SIGWINCH) winCtx, winCancel := context.WithCancel(ctx) defer winCancel() - - attachHandleResize(ctx, winCtx, winChange, false, nameOrID, file) + notifyWinChange(winCtx, winChange, file, outFile) + attachHandleResize(ctx, winCtx, winChange, false, nameOrID, file, outFile) } // If we are attaching around a start, we need to "signal" @@ -345,9 +343,9 @@ func (f *rawFormatter) Format(entry *logrus.Entry) ([]byte, error) { // This is intended to not be run as a goroutine, handling resizing for a container // or exec session. It will call resize once and then starts a goroutine which calls resize on winChange -func attachHandleResize(ctx, winCtx context.Context, winChange chan os.Signal, isExec bool, id string, file *os.File) { +func attachHandleResize(ctx, winCtx context.Context, winChange chan os.Signal, isExec bool, id string, file *os.File, outFile *os.File) { resize := func() { - w, h, err := terminal.GetSize(int(file.Fd())) + w, h, err := getTermSize(file, outFile) if err != nil { logrus.Warnf("Failed to obtain TTY size: %v", err) } @@ -379,7 +377,7 @@ func attachHandleResize(ctx, winCtx context.Context, winChange chan os.Signal, i // Configure the given terminal for raw mode func setRawTerminal(file *os.File) (*terminal.State, error) { - state, err := terminal.MakeRaw(int(file.Fd())) + state, err := makeRawTerm(file) if err != nil { return nil, err } @@ -402,6 +400,7 @@ func ExecStartAndAttach(ctx context.Context, sessionID string, options *ExecStar // TODO: Make this configurable (can't use streams' InputStream as it's // buffered) terminalFile := os.Stdin + terminalOutFile := os.Stdout logrus.Debugf("Starting & Attaching to exec session ID %q", sessionID) @@ -447,7 +446,7 @@ func ExecStartAndAttach(ctx context.Context, sessionID string, options *ExecStar } logrus.SetFormatter(&logrus.TextFormatter{}) }() - w, h, err := terminal.GetSize(int(terminalFile.Fd())) + w, h, err := getTermSize(terminalFile, terminalOutFile) if err != nil { logrus.Warnf("Failed to obtain TTY size: %v", err) } @@ -490,11 +489,11 @@ func ExecStartAndAttach(ctx context.Context, sessionID string, options *ExecStar if needTTY { winChange := make(chan os.Signal, 1) - signal.Notify(winChange, sig.SIGWINCH) winCtx, winCancel := context.WithCancel(ctx) defer winCancel() - attachHandleResize(ctx, winCtx, winChange, true, sessionID, terminalFile) + notifyWinChange(winCtx, winChange, terminalFile, terminalOutFile) + attachHandleResize(ctx, winCtx, winChange, true, sessionID, terminalFile, terminalOutFile) } if options.GetAttachInput() { diff --git a/pkg/bindings/containers/checkpoint.go b/pkg/bindings/containers/checkpoint.go index 1d8c34b33..84590d052 100644 --- a/pkg/bindings/containers/checkpoint.go +++ b/pkg/bindings/containers/checkpoint.go @@ -79,7 +79,7 @@ func Restore(ctx context.Context, nameOrID string, options *RestoreOptions) (*en // Open the to-be-imported archive if needed. var r io.Reader - if i := options.GetImportAchive(); i != "" { + if i := options.GetImportArchive(); i != "" { params.Set("import", "true") r, err = os.Open(i) if err != nil { diff --git a/pkg/bindings/containers/term_unix.go b/pkg/bindings/containers/term_unix.go new file mode 100644 index 000000000..2c976393f --- /dev/null +++ b/pkg/bindings/containers/term_unix.go @@ -0,0 +1,25 @@ +//go:build !windows +// +build !windows + +package containers + +import ( + "context" + "os" + "os/signal" + + sig "github.com/containers/podman/v4/pkg/signal" + "golang.org/x/crypto/ssh/terminal" +) + +func makeRawTerm(stdin *os.File) (*terminal.State, error) { + return terminal.MakeRaw(int(stdin.Fd())) +} + +func notifyWinChange(ctx context.Context, winChange chan os.Signal, stdin *os.File, stdout *os.File) { + signal.Notify(winChange, sig.SIGWINCH) +} + +func getTermSize(stdin *os.File, stdout *os.File) (width, height int, err error) { + return terminal.GetSize(int(stdin.Fd())) +} diff --git a/pkg/bindings/containers/term_windows.go b/pkg/bindings/containers/term_windows.go new file mode 100644 index 000000000..11d4bd50d --- /dev/null +++ b/pkg/bindings/containers/term_windows.go @@ -0,0 +1,69 @@ +package containers + +import ( + "context" + "os" + "time" + + sig "github.com/containers/podman/v4/pkg/signal" + "golang.org/x/crypto/ssh/terminal" + "golang.org/x/sys/windows" +) + +func makeRawTerm(stdin *os.File) (*terminal.State, error) { + state, err := terminal.MakeRaw(int(stdin.Fd())) + if err != nil { + return nil, err + } + + // Attempt VT if supported (recent versions of Windows 10+) + var raw uint32 + handle := windows.Handle(stdin.Fd()) + if err := windows.GetConsoleMode(handle, &raw); err != nil { + return nil, err + } + + tryVT := raw | windows.ENABLE_VIRTUAL_TERMINAL_INPUT + + if err := windows.SetConsoleMode(handle, tryVT); err != nil { + if err := windows.SetConsoleMode(handle, raw); err != nil { + return nil, err + } + } + + return state, nil +} + +func notifyWinChange(ctx context.Context, winChange chan os.Signal, stdin *os.File, stdout *os.File) { + // Simulate WINCH with polling + go func() { + var lastW int + var lastH int + + d := time.Millisecond * 250 + timer := time.NewTimer(d) + defer timer.Stop() + for ; ; timer.Reset(d) { + select { + case <-ctx.Done(): + return + case <-timer.C: + break + } + + w, h, err := terminal.GetSize(int(stdout.Fd())) + if err != nil { + continue + } + if w != lastW || h != lastH { + winChange <- sig.SIGWINCH + lastW, lastH = w, h + } + } + }() + +} + +func getTermSize(stdin *os.File, stdout *os.File) (width, height int, err error) { + return terminal.GetSize(int(stdout.Fd())) +} diff --git a/pkg/bindings/containers/types.go b/pkg/bindings/containers/types.go index 66b90af9b..3c8b1eefa 100644 --- a/pkg/bindings/containers/types.go +++ b/pkg/bindings/containers/types.go @@ -64,7 +64,7 @@ type RestoreOptions struct { IgnoreVolumes *bool IgnoreStaticIP *bool IgnoreStaticMAC *bool - ImportAchive *string + ImportArchive *string Keep *bool Name *string TCPEstablished *bool diff --git a/pkg/bindings/containers/types_restore_options.go b/pkg/bindings/containers/types_restore_options.go index d2778396a..e8a0e236c 100644 --- a/pkg/bindings/containers/types_restore_options.go +++ b/pkg/bindings/containers/types_restore_options.go @@ -77,19 +77,19 @@ func (o *RestoreOptions) GetIgnoreStaticMAC() bool { return *o.IgnoreStaticMAC } -// WithImportAchive set field ImportAchive to given value -func (o *RestoreOptions) WithImportAchive(value string) *RestoreOptions { - o.ImportAchive = &value +// WithImportArchive set field ImportArchive to given value +func (o *RestoreOptions) WithImportArchive(value string) *RestoreOptions { + o.ImportArchive = &value return o } -// GetImportAchive returns value of field ImportAchive -func (o *RestoreOptions) GetImportAchive() string { - if o.ImportAchive == nil { +// GetImportArchive returns value of field ImportArchive +func (o *RestoreOptions) GetImportArchive() string { + if o.ImportArchive == nil { var z string return z } - return *o.ImportAchive + return *o.ImportArchive } // WithKeep set field Keep to given value diff --git a/pkg/bindings/play/types.go b/pkg/bindings/play/types.go index ca639e46b..dbff4304b 100644 --- a/pkg/bindings/play/types.go +++ b/pkg/bindings/play/types.go @@ -7,6 +7,8 @@ import ( //go:generate go run ../generator/generator.go KubeOptions // KubeOptions are optional options for replaying kube YAML files type KubeOptions struct { + // Annotations - Annotations to add to Pods + Annotations map[string]string // Authfile - path to an authentication file. Authfile *string // CertDir - to a directory containing TLS certifications and keys. diff --git a/pkg/bindings/play/types_kube_options.go b/pkg/bindings/play/types_kube_options.go index 83a6f1566..d7a452ea2 100644 --- a/pkg/bindings/play/types_kube_options.go +++ b/pkg/bindings/play/types_kube_options.go @@ -18,6 +18,21 @@ func (o *KubeOptions) ToParams() (url.Values, error) { return util.ToParams(o) } +// WithAnnotations set field Annotations to given value +func (o *KubeOptions) WithAnnotations(value map[string]string) *KubeOptions { + o.Annotations = value + return o +} + +// GetAnnotations returns value of field Annotations +func (o *KubeOptions) GetAnnotations() map[string]string { + if o.Annotations == nil { + var z map[string]string + return z + } + return o.Annotations +} + // WithAuthfile set field Authfile to given value func (o *KubeOptions) WithAuthfile(value string) *KubeOptions { o.Authfile = &value diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go index 43fa3a712..c9dc3f08c 100644 --- a/pkg/domain/entities/play.go +++ b/pkg/domain/entities/play.go @@ -8,12 +8,16 @@ import ( // PlayKubeOptions controls playing kube YAML files. type PlayKubeOptions struct { + // Annotations - Annotations to add to Pods + Annotations map[string]string // Authfile - path to an authentication file. Authfile string // Indicator to build all images with Containerfile or Dockerfile Build types.OptionalBool // CertDir - to a directory containing TLS certifications and keys. CertDir string + // ContextDir - directory containing image contexts used for Build + ContextDir string // Down indicates whether to bring contents of a yaml file "down" // as in stop Down bool diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index 6fb3db1b5..da93d3f8b 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -263,6 +263,7 @@ type ContainerCreateOptions struct { Workdir string SeccompPolicy string PidFile string + ChrootDirs []string IsInfra bool IsClone bool diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 4d8112c47..3242e64a2 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -28,7 +28,7 @@ import ( "github.com/ghodss/yaml" "github.com/pkg/errors" "github.com/sirupsen/logrus" - yamlv3 "gopkg.in/yaml.v3" + yamlv2 "gopkg.in/yaml.v2" v1apps "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" ) @@ -79,6 +79,13 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, options en podTemplateSpec.ObjectMeta = podYAML.ObjectMeta podTemplateSpec.Spec = podYAML.Spec + for name, val := range options.Annotations { + if podYAML.Annotations == nil { + podYAML.Annotations = make(map[string]string) + } + podYAML.Annotations[name] = val + } + r, err := ic.playKubePod(ctx, podTemplateSpec.ObjectMeta.Name, &podTemplateSpec, options, &ipIndex, podYAML.Annotations, configMaps) if err != nil { return nil, err @@ -354,9 +361,15 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY containers := make([]*libpod.Container, 0, len(podYAML.Spec.Containers)) initContainers := make([]*libpod.Container, 0, len(podYAML.Spec.InitContainers)) - cwd, err := os.Getwd() - if err != nil { - return nil, err + + var cwd string + if options.ContextDir != "" { + cwd = options.ContextDir + } else { + cwd, err = os.Getwd() + if err != nil { + return nil, err + } } ctrNames := make(map[string]string) @@ -655,7 +668,7 @@ func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) { func splitMultiDocYAML(yamlContent []byte) ([][]byte, error) { var documentList [][]byte - d := yamlv3.NewDecoder(bytes.NewReader(yamlContent)) + d := yamlv2.NewDecoder(bytes.NewReader(yamlContent)) for { var o interface{} // read individual document @@ -669,7 +682,7 @@ func splitMultiDocYAML(yamlContent []byte) ([][]byte, error) { if o != nil { // back to bytes - document, err := yamlv3.Marshal(o) + document, err := yamlv2.Marshal(o) if err != nil { return nil, errors.Wrapf(err, "individual doc yaml could not be marshalled") } diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index fe986361b..046c2509d 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -390,7 +390,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st options.WithPublishPorts(opts.PublishPorts) if opts.Import != "" { - options.WithImportAchive(opts.Import) + options.WithImportArchive(opts.Import) report, err := containers.Restore(ic.ClientCtx, "", options) return []*entities.RestoreReport{report}, err } diff --git a/pkg/domain/infra/tunnel/play.go b/pkg/domain/infra/tunnel/play.go index 55844730b..cd51262d0 100644 --- a/pkg/domain/infra/tunnel/play.go +++ b/pkg/domain/infra/tunnel/play.go @@ -16,6 +16,9 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, path string, opts entit if len(opts.LogOptions) > 0 { options.WithLogOptions(opts.LogOptions) } + if opts.Annotations != nil { + options.WithAnnotations(opts.Annotations) + } options.WithNoHosts(opts.NoHosts) if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { options.WithSkipTLSVerify(s == types.OptionalBoolTrue) diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go index 280b47f96..cf1e708b1 100644 --- a/pkg/machine/pull.go +++ b/pkg/machine/pull.go @@ -19,8 +19,8 @@ import ( "github.com/containers/storage/pkg/archive" "github.com/sirupsen/logrus" "github.com/ulikunitz/xz" - "github.com/vbauerster/mpb/v6" - "github.com/vbauerster/mpb/v6/decor" + "github.com/vbauerster/mpb/v7" + "github.com/vbauerster/mpb/v7/decor" ) // GenericDownload is used when a user provides a URL diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 43a79dae8..3b4548c17 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -679,7 +679,7 @@ func (v *MachineVM) Remove(name string, opts machine.RemoveOptions) (string, fun if err != nil { return "", nil, err } - if running { + if running && !opts.Force { return "", nil, errors.Errorf("running vm %q cannot be destroyed", v.Name) } @@ -1104,16 +1104,15 @@ func waitAndPingAPI(sock string) { func waitAPIAndPrintInfo(forwardState apiForwardingState, forwardSock string, rootFul bool, name string) { if forwardState != noForwarding { + suffix := "" + if name != machine.DefaultMachineName { + suffix = " " + name + } waitAndPingAPI(forwardSock) if !rootFul { fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n") fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n") fmt.Printf("issues with non-podman clients, you can switch using the following command: \n") - - suffix := "" - if name != machine.DefaultMachineName { - suffix = " " + name - } fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix) } @@ -1127,8 +1126,9 @@ func waitAPIAndPrintInfo(forwardState apiForwardingState, forwardSock string, ro fmt.Printf("\nThe system helper service is not installed; the default Docker API socket\n") fmt.Printf("address can't be used by podman. ") if helper := findClaimHelper(); len(helper) > 0 { - fmt.Printf("If you would like to install it run the\nfollowing command:\n") - fmt.Printf("\n\tsudo %s install\n\n", helper) + fmt.Printf("If you would like to install it run the\nfollowing commands:\n") + fmt.Printf("\n\tsudo %s install\n", helper) + fmt.Printf("\tpodman machine stop%s; podman machine start%s\n\n", suffix, suffix) } case machineLocal: fmt.Printf("\nAnother process was listening on the default Docker API socket address.\n") diff --git a/pkg/signal/signal_unix.go b/pkg/signal/signal_unix.go new file mode 100644 index 000000000..f35abddc1 --- /dev/null +++ b/pkg/signal/signal_unix.go @@ -0,0 +1,99 @@ +// +build aix darwin dragonfly freebsd netbsd openbsd solaris zos + +// Signal handling for Linux only. +package signal + +import ( + "os" + "syscall" +) + +const ( + sigrtmin = 34 + sigrtmax = 64 + + SIGWINCH = syscall.SIGWINCH +) + +// signalMap is a map of Linux signals. +// These constants are sourced from the Linux version of golang.org/x/sys/unix +// (I don't see much risk of this changing). +// This should work as long as Podman only runs containers on Linux, which seems +// a safe assumption for now. +var signalMap = map[string]syscall.Signal{ + "ABRT": syscall.Signal(0x6), + "ALRM": syscall.Signal(0xe), + "BUS": syscall.Signal(0x7), + "CHLD": syscall.Signal(0x11), + "CLD": syscall.Signal(0x11), + "CONT": syscall.Signal(0x12), + "FPE": syscall.Signal(0x8), + "HUP": syscall.Signal(0x1), + "ILL": syscall.Signal(0x4), + "INT": syscall.Signal(0x2), + "IO": syscall.Signal(0x1d), + "IOT": syscall.Signal(0x6), + "KILL": syscall.Signal(0x9), + "PIPE": syscall.Signal(0xd), + "POLL": syscall.Signal(0x1d), + "PROF": syscall.Signal(0x1b), + "PWR": syscall.Signal(0x1e), + "QUIT": syscall.Signal(0x3), + "SEGV": syscall.Signal(0xb), + "STKFLT": syscall.Signal(0x10), + "STOP": syscall.Signal(0x13), + "SYS": syscall.Signal(0x1f), + "TERM": syscall.Signal(0xf), + "TRAP": syscall.Signal(0x5), + "TSTP": syscall.Signal(0x14), + "TTIN": syscall.Signal(0x15), + "TTOU": syscall.Signal(0x16), + "URG": syscall.Signal(0x17), + "USR1": syscall.Signal(0xa), + "USR2": syscall.Signal(0xc), + "VTALRM": syscall.Signal(0x1a), + "WINCH": syscall.Signal(0x1c), + "XCPU": syscall.Signal(0x18), + "XFSZ": syscall.Signal(0x19), + "RTMIN": sigrtmin, + "RTMIN+1": sigrtmin + 1, + "RTMIN+2": sigrtmin + 2, + "RTMIN+3": sigrtmin + 3, + "RTMIN+4": sigrtmin + 4, + "RTMIN+5": sigrtmin + 5, + "RTMIN+6": sigrtmin + 6, + "RTMIN+7": sigrtmin + 7, + "RTMIN+8": sigrtmin + 8, + "RTMIN+9": sigrtmin + 9, + "RTMIN+10": sigrtmin + 10, + "RTMIN+11": sigrtmin + 11, + "RTMIN+12": sigrtmin + 12, + "RTMIN+13": sigrtmin + 13, + "RTMIN+14": sigrtmin + 14, + "RTMIN+15": sigrtmin + 15, + "RTMAX-14": sigrtmax - 14, + "RTMAX-13": sigrtmax - 13, + "RTMAX-12": sigrtmax - 12, + "RTMAX-11": sigrtmax - 11, + "RTMAX-10": sigrtmax - 10, + "RTMAX-9": sigrtmax - 9, + "RTMAX-8": sigrtmax - 8, + "RTMAX-7": sigrtmax - 7, + "RTMAX-6": sigrtmax - 6, + "RTMAX-5": sigrtmax - 5, + "RTMAX-4": sigrtmax - 4, + "RTMAX-3": sigrtmax - 3, + "RTMAX-2": sigrtmax - 2, + "RTMAX-1": sigrtmax - 1, + "RTMAX": sigrtmax, +} + +// CatchAll catches all signals and relays them to the specified channel. +func CatchAll(sigc chan os.Signal) { + panic("Unsupported on non-linux platforms") +} + +// StopCatch stops catching the signals and closes the specified channel. +func StopCatch(sigc chan os.Signal) { + panic("Unsupported on non-linux platforms") +} diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go index 9d1733c02..45946f142 100644 --- a/pkg/signal/signal_unsupported.go +++ b/pkg/signal/signal_unsupported.go @@ -1,4 +1,4 @@ -// +build !linux +// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!solaris,!zos // Signal handling for Linux only. package signal diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index c0b23953f..8ab0eae5a 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -526,6 +526,10 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. options = append(options, libpod.WithPidFile(s.PidFile)) } + if len(s.ChrootDirs) != 0 { + options = append(options, libpod.WithChrootDirs(s.ChrootDirs)) + } + options = append(options, libpod.WithSelectedPasswordManagement(s.Passwd)) return options, nil diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 5e6671231..e0331b0a6 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -277,7 +277,13 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener } annotations := make(map[string]string) + if opts.Annotations != nil { + annotations = opts.Annotations + } if opts.PodInfraID != "" { + if annotations == nil { + + } annotations[ann.SandboxID] = opts.PodInfraID annotations[ann.ContainerType] = ann.ContainerTypeContainer } diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 8b3550e36..1cc3a463f 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -332,6 +332,11 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt } // Devices + // set the default rule at the beginning of device configuration + if !inUserNS && !s.Privileged { + g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm") + } + var userDevices []spec.LinuxDevice if s.Privileged { // If privileged, we need to add all the host devices to the @@ -363,7 +368,6 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt // set the devices cgroup when not running in a user namespace if !inUserNS && !s.Privileged { - g.AddLinuxResourcesDevice(false, "", nil, nil, "rwm") for _, dev := range s.DeviceCgroupRule { g.AddLinuxResourcesDevice(true, dev.Type, dev.Major, dev.Minor, dev.Access) } diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 7f6f79b87..27d77af9f 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -301,6 +301,10 @@ type ContainerStorageConfig struct { // Volatile specifies whether the container storage can be optimized // at the cost of not syncing all the dirty files in memory. Volatile bool `json:"volatile,omitempty"` + // ChrootDirs is an additional set of directories that need to be + // treated as root directories. Standard bind mounts will be mounted + // into paths relative to these directories. + ChrootDirs []string `json:"chroot_directories,omitempty"` } // ContainerSecurityConfig is a container's security features, including diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index b037e14cc..b87da61fb 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -819,6 +819,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions if !s.UnsetEnvAll { s.UnsetEnvAll = c.UnsetEnvAll } + if len(s.ChrootDirs) == 0 || len(c.ChrootDirs) != 0 { + s.ChrootDirs = c.ChrootDirs + } // Initcontainers if len(s.InitContainerType) == 0 || len(c.InitContainerType) != 0 { |