diff options
Diffstat (limited to 'pkg')
26 files changed, 323 insertions, 67 deletions
diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index ad662f32c..b823a56b6 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -162,13 +162,35 @@ func ManifestAdd(w http.ResponseWriter, r *http.Request) { // Wrapper to support 3.x with 4.x libpod query := struct { entities.ManifestAddOptions - Images []string + Images []string + TLSVerify bool `schema:"tlsVerify"` }{} if err := json.NewDecoder(r.Body).Decode(&query); err != nil { utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "Decode()")) return } + authconf, authfile, err := auth.GetCredentials(r) + if err != nil { + utils.Error(w, http.StatusBadRequest, err) + return + } + defer auth.RemoveAuthfile(authfile) + var username, password string + if authconf != nil { + username = authconf.Username + password = authconf.Password + } + query.ManifestAddOptions.Authfile = authfile + query.ManifestAddOptions.Username = username + query.ManifestAddOptions.Password = password + if sys := runtime.SystemContext(); sys != nil { + query.ManifestAddOptions.CertDir = sys.DockerCertPath + } + if _, found := r.URL.Query()["tlsVerify"]; found { + query.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) + } + name := utils.GetName(r) if _, err := runtime.LibimageRuntime().LookupManifestList(name); err != nil { utils.Error(w, http.StatusNotFound, err) @@ -271,7 +293,7 @@ func ManifestPushV3(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "error pushing image %q", query.Destination)) return } - utils.WriteResponse(w, http.StatusOK, digest) + utils.WriteResponse(w, http.StatusOK, handlers.IDResponse{ID: digest}) } // ManifestPush push image to registry @@ -350,6 +372,24 @@ func ManifestModify(w http.ResponseWriter, r *http.Request) { return } + authconf, authfile, err := auth.GetCredentials(r) + if err != nil { + utils.Error(w, http.StatusBadRequest, err) + return + } + defer auth.RemoveAuthfile(authfile) + var username, password string + if authconf != nil { + username = authconf.Username + password = authconf.Password + } + body.ManifestAddOptions.Authfile = authfile + body.ManifestAddOptions.Username = username + body.ManifestAddOptions.Password = password + if sys := runtime.SystemContext(); sys != nil { + body.ManifestAddOptions.CertDir = sys.DockerCertPath + } + var report entities.ManifestModifyReport switch { case strings.EqualFold("update", body.Operation): diff --git a/pkg/bindings/containers/attach.go b/pkg/bindings/containers/attach.go index 0c6ebdd2f..80702ea98 100644 --- a/pkg/bindings/containers/attach.go +++ b/pkg/bindings/containers/attach.go @@ -242,7 +242,7 @@ func Attach(ctx context.Context, nameOrID string, stdin io.Reader, stdout io.Wri } } case fd == 3: - return fmt.Errorf("error from service from stream: %s", frame) + return fmt.Errorf("from service from stream: %s", frame) default: return fmt.Errorf("unrecognized channel '%d' in header, 0-3 supported", fd) } @@ -562,7 +562,7 @@ func ExecStartAndAttach(ctx context.Context, sessionID string, options *ExecStar } } case fd == 3: - return fmt.Errorf("error from service from stream: %s", frame) + return fmt.Errorf("from service from stream: %s", frame) default: return fmt.Errorf("unrecognized channel '%d' in header, 0-3 supported", fd) } diff --git a/pkg/bindings/containers/logs.go b/pkg/bindings/containers/logs.go index 7f7f07395..8ea8ed7fa 100644 --- a/pkg/bindings/containers/logs.go +++ b/pkg/bindings/containers/logs.go @@ -57,7 +57,7 @@ func Logs(ctx context.Context, nameOrID string, options *LogOptions, stdoutChan, case 2: stderrChan <- string(frame) case 3: - return errors.New("error from service in stream: " + string(frame)) + return errors.New("from service in stream: " + string(frame)) default: return fmt.Errorf("unrecognized input header: %d", fd) } diff --git a/pkg/bindings/errors.go b/pkg/bindings/errors.go index 44973eb41..eb95764ba 100644 --- a/pkg/bindings/errors.go +++ b/pkg/bindings/errors.go @@ -54,6 +54,6 @@ func CheckResponseCode(inError error) (int, error) { case *errorhandling.PodConflictErrorModel: return e.Code(), nil default: - return -1, errors.New("error is not type ErrorModel") + return -1, errors.New("is not type ErrorModel") } } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 1ed3f19de..e1b427742 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -575,7 +575,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { if err != io.EOF { return nil // non empty root dir, need to return } else if err != nil { - logrus.Errorf("Error while reading directory %v: %v", path, err) + logrus.Errorf("While reading directory %v: %v", path, err) } } name := filepath.ToSlash(strings.TrimPrefix(path, s+string(filepath.Separator))) diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go index f7cd0d262..70b3819f5 100644 --- a/pkg/bindings/manifests/manifests.go +++ b/pkg/bindings/manifests/manifests.go @@ -10,7 +10,9 @@ import ( "github.com/blang/semver" "github.com/containers/image/v5/manifest" + imageTypes "github.com/containers/image/v5/types" "github.com/containers/podman/v4/pkg/api/handlers" + "github.com/containers/podman/v4/pkg/auth" "github.com/containers/podman/v4/pkg/bindings" "github.com/containers/podman/v4/pkg/bindings/images" "github.com/containers/podman/v4/pkg/domain/entities" @@ -95,15 +97,19 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error) if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) { optionsv4 := ModifyOptions{ - All: options.All, - Annotations: options.Annotation, - Arch: options.Arch, - Features: options.Features, - Images: options.Images, - OS: options.OS, - OSFeatures: nil, - OSVersion: options.OSVersion, - Variant: options.Variant, + All: options.All, + Annotations: options.Annotation, + Arch: options.Arch, + Features: options.Features, + Images: options.Images, + OS: options.OS, + OSFeatures: nil, + OSVersion: options.OSVersion, + Variant: options.Variant, + Username: options.Username, + Password: options.Password, + Authfile: options.Authfile, + SkipTLSVerify: options.SkipTLSVerify, } optionsv4.WithOperation("update") return Modify(ctx, name, options.Images, &optionsv4) @@ -120,11 +126,27 @@ func Add(ctx context.Context, name string, options *AddOptions) (string, error) } reader := strings.NewReader(opts) - headers := make(http.Header) + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + + params, err := options.ToParams() + if err != nil { + return "", err + } + // SkipTLSVerify is special. We need to delete the param added by + // ToParams() and change the key and flip the bool + if options.SkipTLSVerify != nil { + params.Del("SkipTLSVerify") + params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify())) + } + v := version.APIVersion[version.Libpod][version.MinimalAPI] - headers.Add("API-Version", + header.Add("API-Version", fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch)) - response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", nil, headers, name) + + response, err := conn.DoRequest(ctx, reader, http.MethodPost, "/manifests/%s/add", params, header, name) if err != nil { return "", err } @@ -159,6 +181,14 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt return "", err } + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + v := version.APIVersion[version.Libpod][version.MinimalAPI] + header.Add("API-Version", + fmt.Sprintf("%d.%d.%d", v.Major, v.Minor, v.Patch)) + params, err := options.ToParams() if err != nil { return "", err @@ -172,18 +202,18 @@ func Push(ctx context.Context, name, destination string, options *images.PushOpt var response *bindings.APIResponse if bindings.ServiceVersion(ctx).GTE(semver.MustParse("4.0.0")) { - response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, nil, name, destination) + response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/registry/%s", params, header, name, destination) } else { params.Set("image", name) params.Set("destination", destination) - response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, nil, name) + response, err = conn.DoRequest(ctx, nil, http.MethodPost, "/manifests/%s/push", params, header, name) } if err != nil { return "", err } defer response.Body.Close() - return idr.ID, err + return idr.ID, response.Process(&idr) } // Modify modifies the given manifest list using options and the optional list of images @@ -203,7 +233,23 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp } reader := strings.NewReader(opts) - response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", nil, nil, name) + header, err := auth.MakeXRegistryAuthHeader(&imageTypes.SystemContext{AuthFilePath: options.GetAuthfile()}, options.GetUsername(), options.GetPassword()) + if err != nil { + return "", err + } + + params, err := options.ToParams() + if err != nil { + return "", err + } + // SkipTLSVerify is special. We need to delete the param added by + // ToParams() and change the key and flip the bool + if options.SkipTLSVerify != nil { + params.Del("SkipTLSVerify") + params.Set("tlsVerify", strconv.FormatBool(!options.GetSkipTLSVerify())) + } + + response, err := conn.DoRequest(ctx, reader, http.MethodPut, "/manifests/%s", params, header, name) if err != nil { return "", err } diff --git a/pkg/bindings/manifests/types.go b/pkg/bindings/manifests/types.go index 5ff28ee30..d0b0b2e71 100644 --- a/pkg/bindings/manifests/types.go +++ b/pkg/bindings/manifests/types.go @@ -20,14 +20,18 @@ type ExistsOptions struct { //go:generate go run ../generator/generator.go AddOptions // AddOptions are optional options for adding manifest lists type AddOptions struct { - All *bool - Annotation map[string]string - Arch *string - Features []string - Images []string - OS *string - OSVersion *string - Variant *string + All *bool + Annotation map[string]string + Arch *string + Features []string + Images []string + OS *string + OSVersion *string + Variant *string + Authfile *string + Password *string + Username *string + SkipTLSVerify *bool } //go:generate go run ../generator/generator.go RemoveOptions @@ -40,15 +44,18 @@ type RemoveOptions struct { type ModifyOptions struct { // Operation values are "update", "remove" and "annotate". This allows the service to // efficiently perform each update on a manifest list. - Operation *string - All *bool // All when true, operate on all images in a manifest list that may be included in Images - Annotations map[string]string // Annotations to add to manifest list - Arch *string // Arch overrides the architecture for the image - Features []string // Feature list for the image - Images []string // Images is an optional list of images to add/remove to/from manifest list depending on operation - OS *string // OS overrides the operating system for the image - OSFeatures []string // OS features for the image - OSVersion *string // OSVersion overrides the operating system for the image - Variant *string // Variant overrides the operating system variant for the image - + Operation *string + All *bool // All when true, operate on all images in a manifest list that may be included in Images + Annotations map[string]string // Annotations to add to manifest list + Arch *string // Arch overrides the architecture for the image + Features []string // Feature list for the image + Images []string // Images is an optional list of images to add/remove to/from manifest list depending on operation + OS *string // OS overrides the operating system for the image + OSFeatures []string // OS features for the image + OSVersion *string // OSVersion overrides the operating system for the image + Variant *string // Variant overrides the operating system variant for the image + Authfile *string + Password *string + Username *string + SkipTLSVerify *bool } diff --git a/pkg/bindings/manifests/types_add_options.go b/pkg/bindings/manifests/types_add_options.go index 0696a69b6..5ba1cc5fa 100644 --- a/pkg/bindings/manifests/types_add_options.go +++ b/pkg/bindings/manifests/types_add_options.go @@ -136,3 +136,63 @@ func (o *AddOptions) GetVariant() string { } return *o.Variant } + +// WithAuthfile set field Authfile to given value +func (o *AddOptions) WithAuthfile(value string) *AddOptions { + o.Authfile = &value + return o +} + +// GetAuthfile returns value of field Authfile +func (o *AddOptions) GetAuthfile() string { + if o.Authfile == nil { + var z string + return z + } + return *o.Authfile +} + +// WithPassword set field Password to given value +func (o *AddOptions) WithPassword(value string) *AddOptions { + o.Password = &value + return o +} + +// GetPassword returns value of field Password +func (o *AddOptions) GetPassword() string { + if o.Password == nil { + var z string + return z + } + return *o.Password +} + +// WithUsername set field Username to given value +func (o *AddOptions) WithUsername(value string) *AddOptions { + o.Username = &value + return o +} + +// GetUsername returns value of field Username +func (o *AddOptions) GetUsername() string { + if o.Username == nil { + var z string + return z + } + return *o.Username +} + +// WithSkipTLSVerify set field SkipTLSVerify to given value +func (o *AddOptions) WithSkipTLSVerify(value bool) *AddOptions { + o.SkipTLSVerify = &value + return o +} + +// GetSkipTLSVerify returns value of field SkipTLSVerify +func (o *AddOptions) GetSkipTLSVerify() bool { + if o.SkipTLSVerify == nil { + var z bool + return z + } + return *o.SkipTLSVerify +} diff --git a/pkg/bindings/manifests/types_modify_options.go b/pkg/bindings/manifests/types_modify_options.go index 6d75c1e5f..9d2ed2613 100644 --- a/pkg/bindings/manifests/types_modify_options.go +++ b/pkg/bindings/manifests/types_modify_options.go @@ -166,3 +166,63 @@ func (o *ModifyOptions) GetVariant() string { } return *o.Variant } + +// WithAuthfile set field Authfile to given value +func (o *ModifyOptions) WithAuthfile(value string) *ModifyOptions { + o.Authfile = &value + return o +} + +// GetAuthfile returns value of field Authfile +func (o *ModifyOptions) GetAuthfile() string { + if o.Authfile == nil { + var z string + return z + } + return *o.Authfile +} + +// WithPassword set field Password to given value +func (o *ModifyOptions) WithPassword(value string) *ModifyOptions { + o.Password = &value + return o +} + +// GetPassword returns value of field Password +func (o *ModifyOptions) GetPassword() string { + if o.Password == nil { + var z string + return z + } + return *o.Password +} + +// WithUsername set field Username to given value +func (o *ModifyOptions) WithUsername(value string) *ModifyOptions { + o.Username = &value + return o +} + +// GetUsername returns value of field Username +func (o *ModifyOptions) GetUsername() string { + if o.Username == nil { + var z string + return z + } + return *o.Username +} + +// WithSkipTLSVerify set field SkipTLSVerify to given value +func (o *ModifyOptions) WithSkipTLSVerify(value bool) *ModifyOptions { + o.SkipTLSVerify = &value + return o +} + +// GetSkipTLSVerify returns value of field SkipTLSVerify +func (o *ModifyOptions) GetSkipTLSVerify() bool { + if o.SkipTLSVerify == nil { + var z bool + return z + } + return *o.SkipTLSVerify +} diff --git a/pkg/domain/infra/abi/images_test.go b/pkg/domain/infra/abi/images_test.go index e38b9390d..311ab3ed7 100644 --- a/pkg/domain/infra/abi/images_test.go +++ b/pkg/domain/infra/abi/images_test.go @@ -48,7 +48,7 @@ func TestToDomainHistoryLayer(t *testing.T) { // r := DirectImageRuntime{m} // err := r.Delete(context.TODO(), actual, "fedora") // if err != nil { -// t.Errorf("error should be nil, got: %v", err) +// t.Errorf("should be nil, got: %v", err) // } // m.AssertExpectations(t) // } diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go index d2efed8d3..9ac3fdb83 100644 --- a/pkg/domain/infra/tunnel/manifest.go +++ b/pkg/domain/infra/tunnel/manifest.go @@ -50,6 +50,7 @@ func (ir *ImageEngine) ManifestInspect(_ context.Context, name string) ([]byte, func (ir *ImageEngine) ManifestAdd(_ context.Context, name string, imageNames []string, opts entities.ManifestAddOptions) (string, error) { options := new(manifests.AddOptions).WithAll(opts.All).WithArch(opts.Arch).WithVariant(opts.Variant) options.WithFeatures(opts.Features).WithImages(imageNames).WithOS(opts.OS).WithOSVersion(opts.OSVersion) + options.WithUsername(opts.Username).WithPassword(opts.Password).WithAuthfile(opts.Authfile) if len(opts.Annotation) != 0 { annotations := make(map[string]string) for _, annotationSpec := range opts.Annotation { @@ -61,6 +62,13 @@ func (ir *ImageEngine) ManifestAdd(_ context.Context, name string, imageNames [] } options.WithAnnotation(annotations) } + if s := opts.SkipTLSVerify; s != types.OptionalBoolUndefined { + if s == types.OptionalBoolTrue { + options.WithSkipTLSVerify(true) + } else { + options.WithSkipTLSVerify(false) + } + } id, err := manifests.Add(ir.ClientCtx, name, options) if err != nil { diff --git a/pkg/k8s.io/api/core/v1/types.go b/pkg/k8s.io/api/core/v1/types.go index 833814bc6..a488e5f28 100644 --- a/pkg/k8s.io/api/core/v1/types.go +++ b/pkg/k8s.io/api/core/v1/types.go @@ -2024,7 +2024,7 @@ type TopologySpreadConstraint struct { // but giving higher precedence to topologies that would help reduce the // skew. // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assigment for that pod would violate + // if and only if every possible node assignment for that pod would violate // "MaxSkew" on some topology. // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same // labelSelector spread as 3/1/1: diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go index 26abedfcd..7e6f01bad 100644 --- a/pkg/machine/pull.go +++ b/pkg/machine/pull.go @@ -129,7 +129,7 @@ func DownloadVMImage(downloadURL *url2.URL, localImagePath string) error { }() if resp.StatusCode != http.StatusOK { - return fmt.Errorf("error downloading VM image %s: %s", downloadURL, resp.Status) + return fmt.Errorf("downloading VM image %s: %s", downloadURL, resp.Status) } size := resp.ContentLength urlSplit := strings.Split(downloadURL.Path, "/") diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 287b93612..ffc90b2a0 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -317,7 +317,7 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) { resize.Stdout = os.Stdout resize.Stderr = os.Stderr if err := resize.Run(); err != nil { - return false, errors.Errorf("error resizing image: %q", err) + return false, errors.Errorf("resizing image: %q", err) } } // If the user provides an ignition file, we need to @@ -1078,7 +1078,7 @@ func (v *MachineVM) isIncompatible() bool { func (v *MachineVM) getForwardSocketPath() (string, error) { path, err := machine.GetDataDir(v.Name) if err != nil { - logrus.Errorf("Error resolving data dir: %s", err.Error()) + logrus.Errorf("Resolving data dir: %s", err.Error()) return "", nil } return filepath.Join(path, "podman.sock"), nil diff --git a/pkg/namespaces/namespaces.go b/pkg/namespaces/namespaces.go index a7736aee0..a264a5a0f 100644 --- a/pkg/namespaces/namespaces.go +++ b/pkg/namespaces/namespaces.go @@ -254,7 +254,7 @@ func (n IpcMode) IsHost() bool { return n == hostType } -// IsShareable indicates whether the container's ipc namespace can be shared with another container. +// IsShareable indicates whether the container uses its own shareable ipc namespace which can be shared. func (n IpcMode) IsShareable() bool { return n == shareableType } diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index 13f8078e2..d7143f549 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -35,7 +35,7 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) { if os.IsNotExist(err) { return false, -1, nil } - return false, -1, fmt.Errorf("error acquiring lock on %s: %w", pausePidPath, err) + return false, -1, fmt.Errorf("acquiring lock on %s: %w", pausePidPath, err) } pidFileLock.Lock() diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 786e28093..cff6de5a3 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -146,7 +146,7 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err } if output, err := cmd.CombinedOutput(); err != nil { - logrus.Errorf("error running `%s`: %s", strings.Join(args, " "), output) + logrus.Errorf("running `%s`: %s", strings.Join(args, " "), output) return errors.Wrapf(err, "cannot setup namespace using %q", path) } return nil @@ -174,7 +174,7 @@ func joinUserAndMountNS(pid uint, pausePid string) (bool, int, error) { ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, int(ret), nil @@ -374,7 +374,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo if fileOutput != nil { ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, 0, nil @@ -391,11 +391,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo return joinUserAndMountNS(uint(pid), "") } } - return false, -1, errors.New("error setting up the process") + return false, -1, errors.New("setting up the process") } if b[0] != '0' { - return false, -1, errors.New("error setting up the process") + return false, -1, errors.New("setting up the process") } signals := []os.Signal{} @@ -425,7 +425,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo ret := C.reexec_in_user_namespace_wait(pidC, 0) if ret < 0 { - return false, -1, errors.New("error waiting for the re-exec process") + return false, -1, errors.New("waiting for the re-exec process") } return true, int(ret), nil diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index a279b8a62..e71eafb75 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -76,8 +76,8 @@ func (s *SpecGenerator) Validate() error { s.ContainerStorageConfig.ImageVolumeMode, strings.Join(ImageVolumeModeValues, ",")) } // shmsize conflicts with IPC namespace - if s.ContainerStorageConfig.ShmSize != nil && !s.ContainerStorageConfig.IpcNS.IsPrivate() { - return errors.New("cannot set shmsize when running in the host IPC Namespace") + if s.ContainerStorageConfig.ShmSize != nil && (s.ContainerStorageConfig.IpcNS.IsHost() || s.ContainerStorageConfig.IpcNS.IsNone()) { + return errors.Errorf("cannot set shmsize when running in the %s IPC Namespace", s.ContainerStorageConfig.IpcNS) } // @@ -166,7 +166,7 @@ func (s *SpecGenerator) Validate() error { if err := s.UtsNS.validate(); err != nil { return err } - if err := s.IpcNS.validate(); err != nil { + if err := validateIPCNS(&s.IpcNS); err != nil { return err } if err := s.PidNS.validate(); err != nil { diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 0e9d33dd8..118d80e2c 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -337,7 +337,7 @@ func FinishThrottleDevices(s *specgen.SpecGenerator) error { return nil } -// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an exisiting container +// ConfigToSpec takes a completed container config and converts it back into a specgenerator for purposes of cloning an existing container func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, containerID string) (*libpod.Container, error) { c, err := rt.LookupContainer(containerID) if err != nil { diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go index d57cb5685..987f11569 100644 --- a/pkg/specgen/generate/kube/volume.go +++ b/pkg/specgen/generate/kube/volume.go @@ -76,7 +76,7 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error) return nil, errors.Wrap(err, "error checking HostPathSocket") } if st.Mode()&os.ModeSocket != os.ModeSocket { - return nil, errors.Errorf("error checking HostPathSocket: path %s is not a socket", hostPath.Path) + return nil, errors.Errorf("checking HostPathSocket: path %s is not a socket", hostPath.Path) } case v1.HostPathDirectory: diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 3f77cbe76..9ce45aaf0 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -59,7 +59,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod) case "pid": return specgen.ParseNamespace(cfg.Containers.PidNS) case "ipc": - return specgen.ParseNamespace(cfg.Containers.IPCNS) + return specgen.ParseIPCNamespace(cfg.Containers.IPCNS) case "uts": return specgen.ParseNamespace(cfg.Containers.UTSNS) case "user": diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index 6dcc1b7bf..f30fc4671 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -292,7 +292,7 @@ func getVolumesFrom(volumesFrom []string, runtime *libpod.Runtime) (map[string]s // and append them in if we can find them. spec := ctr.Spec() if spec == nil { - return nil, nil, errors.Errorf("error retrieving container %s spec for volumes-from", ctr.ID()) + return nil, nil, errors.Errorf("retrieving container %s spec for volumes-from", ctr.ID()) } for _, mnt := range spec.Mounts { if mnt.Type != define.TypeBind { diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index e672bc65f..4412eff29 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -35,6 +35,10 @@ const ( FromPod NamespaceMode = "pod" // Private indicates the namespace is private Private NamespaceMode = "private" + // Shareable indicates the namespace is shareable + Shareable NamespaceMode = "shareable" + // None indicates the IPC namespace is created without mounting /dev/shm + None NamespaceMode = "none" // NoNetwork indicates no network namespace should // be joined. loopback should still exists. // Only used with the network namespace, invalid otherwise. @@ -77,6 +81,11 @@ func (n *Namespace) IsHost() bool { return n.NSMode == Host } +// IsNone returns a bool if the namespace is set to none +func (n *Namespace) IsNone() bool { + return n.NSMode == None +} + // IsBridge returns a bool if the namespace is a Bridge func (n *Namespace) IsBridge() bool { return n.NSMode == Bridge @@ -158,6 +167,17 @@ func validateNetNS(n *Namespace) error { return nil } +func validateIPCNS(n *Namespace) error { + if n == nil { + return nil + } + switch n.NSMode { + case Shareable, None: + return nil + } + return n.validate() +} + // Validate perform simple validation on the namespace to make sure it is not // invalid from the get-go func (n *Namespace) validate() error { @@ -237,7 +257,7 @@ func ParseCgroupNamespace(ns string) (Namespace, error) { case "private", "": toReturn.NSMode = Private default: - return toReturn, errors.Errorf("unrecognized namespace mode %s passed", ns) + return toReturn, errors.Errorf("unrecognized cgroup namespace mode %s passed", ns) } } else { toReturn.NSMode = Host @@ -245,6 +265,21 @@ func ParseCgroupNamespace(ns string) (Namespace, error) { return toReturn, nil } +// ParseIPCNamespace parses a ipc namespace specification in string +// form. +func ParseIPCNamespace(ns string) (Namespace, error) { + toReturn := Namespace{} + switch { + case ns == "shareable", ns == "": + toReturn.NSMode = Shareable + return toReturn, nil + case ns == "none": + toReturn.NSMode = None + return toReturn, nil + } + return ParseNamespace(ns) +} + // ParseUserNamespace parses a user namespace specification in string // form. func ParseUserNamespace(ns string) (Namespace, error) { diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index 688cc2337..186d3862b 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -976,7 +976,7 @@ func parseThrottleIOPsDevices(iopsDevices []string) (map[string]specs.LinuxThrot } func parseSecrets(secrets []string) ([]specgen.Secret, map[string]string, error) { - secretParseError := errors.New("error parsing secret") + secretParseError := errors.New("parsing secret") var mount []specgen.Secret envs := make(map[string]string) for _, val := range secrets { diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index 15b598ae8..cd1486a82 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -141,7 +141,7 @@ func PodUnits(pod *libpod.Pod, options entities.GenerateSystemdOptions) (map[str // Error out if the pod has no infra container, which we require to be the // main service. if !pod.HasInfraContainer() { - return nil, errors.Errorf("error generating systemd unit files: Pod %q has no infra container", pod.Name()) + return nil, errors.Errorf("generating systemd unit files: Pod %q has no infra container", pod.Name()) } podInfo, err := generatePodInfo(pod, options) @@ -160,7 +160,7 @@ func PodUnits(pod *libpod.Pod, options entities.GenerateSystemdOptions) (map[str return nil, err } if len(containers) == 0 { - return nil, errors.Errorf("error generating systemd unit files: Pod %q has no containers", pod.Name()) + return nil, errors.Errorf("generating systemd unit files: Pod %q has no containers", pod.Name()) } graph, err := libpod.BuildContainerGraph(containers) if err != nil { diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 1beb3b28e..334a44a88 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -656,7 +656,7 @@ func CreateCidFile(cidfile string, id string) error { if os.IsExist(err) { return errors.Errorf("container id file exists. Ensure another container is not using it or delete %s", cidfile) } - return errors.Errorf("error opening cidfile %s", cidfile) + return errors.Errorf("opening cidfile %s", cidfile) } if _, err = cidFile.WriteString(id); err != nil { logrus.Error(err) |