summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/adapter/client.go2
-rw-r--r--pkg/adapter/client_unix.go11
-rw-r--r--pkg/adapter/client_windows.go15
-rw-r--r--pkg/adapter/containers.go19
-rw-r--r--pkg/adapter/containers_remote.go25
-rw-r--r--pkg/adapter/pods.go2
-rw-r--r--pkg/adapter/runtime.go4
-rw-r--r--pkg/adapter/runtime_remote.go4
-rw-r--r--pkg/registries/registries.go4
-rw-r--r--pkg/rootless/rootless.go45
-rw-r--r--pkg/rootless/rootless_linux.go3
-rw-r--r--pkg/spec/createconfig.go2
-rw-r--r--pkg/spec/spec.go23
-rw-r--r--pkg/sysinfo/sysinfo.go9
-rw-r--r--pkg/sysinfo/sysinfo_linux.go15
-rw-r--r--pkg/trust/trust.go2
-rw-r--r--pkg/util/utils.go2
-rw-r--r--pkg/varlinkapi/containers.go9
-rw-r--r--pkg/varlinkapi/images.go8
19 files changed, 169 insertions, 35 deletions
diff --git a/pkg/adapter/client.go b/pkg/adapter/client.go
index 1805c758d..da4670892 100644
--- a/pkg/adapter/client.go
+++ b/pkg/adapter/client.go
@@ -35,7 +35,7 @@ func (r RemoteRuntime) RemoteEndpoint() (remoteEndpoint *Endpoint, err error) {
if len(r.cmd.RemoteUserName) < 1 {
return nil, errors.New("you must provide a username when providing a remote host name")
}
- rc := remoteclientconfig.RemoteConnection{r.cmd.RemoteHost, r.cmd.RemoteUserName, false, r.cmd.Port}
+ rc := remoteclientconfig.RemoteConnection{r.cmd.RemoteHost, r.cmd.RemoteUserName, false, r.cmd.Port, r.cmd.IdentityFile, r.cmd.IgnoreHosts}
remoteEndpoint, err = newBridgeConnection("", &rc, r.cmd.LogLevel)
// if the user has a config file with connections in it
} else if len(remoteConfigConnections.Connections) > 0 {
diff --git a/pkg/adapter/client_unix.go b/pkg/adapter/client_unix.go
index a7bc7c1c0..7af8b24c6 100644
--- a/pkg/adapter/client_unix.go
+++ b/pkg/adapter/client_unix.go
@@ -14,7 +14,14 @@ func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLev
if port == 0 {
port = 22
}
+ options := ""
+ if remoteConn.IdentityFile != "" {
+ options += " -i " + remoteConn.IdentityFile
+ }
+ if remoteConn.IgnoreHosts {
+ options += " -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+ }
return fmt.Sprintf(
- `ssh -p %d -T %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`,
- port, remoteConn.Username, remoteConn.Destination, logLevel)
+ `ssh -p %d -T%s %s@%s -- varlink -A \'podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`,
+ port, options, remoteConn.Username, remoteConn.Destination, logLevel)
}
diff --git a/pkg/adapter/client_windows.go b/pkg/adapter/client_windows.go
index 31e5d9830..32302a600 100644
--- a/pkg/adapter/client_windows.go
+++ b/pkg/adapter/client_windows.go
@@ -9,7 +9,18 @@ import (
)
func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLevel string) string {
+ port := remoteConn.Port
+ if port == 0 {
+ port = 22
+ }
+ options := ""
+ if remoteConn.IdentityFile != "" {
+ options += " -i " + remoteConn.IdentityFile
+ }
+ if remoteConn.IgnoreHosts {
+ options += " -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+ }
return fmt.Sprintf(
- `ssh -T %s@%s -- /usr/bin/varlink -A '/usr/bin/podman --log-level=%s varlink $VARLINK_ADDRESS' bridge`,
- remoteConn.Username, remoteConn.Destination, logLevel)
+ `ssh -p %d -T%s %s@%s -- varlink -A 'podman --log-level=%s varlink $VARLINK_ADDRESS' bridge`,
+ port, options, remoteConn.Username, remoteConn.Destination, logLevel)
}
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 47db5c0dc..51efdccc7 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -16,7 +16,7 @@ import (
"time"
"github.com/containers/buildah"
- "github.com/containers/image/manifest"
+ "github.com/containers/image/v4/manifest"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/cmd/podman/shared/parse"
@@ -205,7 +205,22 @@ func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmVa
ctrs, err := shortcuts.GetContainersByContext(cli.All, cli.Latest, cli.InputArgs, r.Runtime)
if err != nil {
- return ok, failures, err
+ // Failed to get containers. If force is specified, get the containers ID
+ // and evict them
+ if !cli.Force {
+ return ok, failures, err
+ }
+
+ for _, ctr := range cli.InputArgs {
+ logrus.Debugf("Evicting container %q", ctr)
+ id, err := r.EvictContainer(ctx, ctr, cli.Volumes)
+ if err != nil {
+ failures[ctr] = errors.Wrapf(err, "Failed to evict container: %q", id)
+ continue
+ }
+ ok = append(ok, id)
+ }
+ return ok, failures, nil
}
pool := shared.NewPool("rm", maxWorkers, len(ctrs))
diff --git a/pkg/adapter/containers_remote.go b/pkg/adapter/containers_remote.go
index 6cecb92da..f7cb28b0c 100644
--- a/pkg/adapter/containers_remote.go
+++ b/pkg/adapter/containers_remote.go
@@ -321,16 +321,31 @@ func (r *LocalRuntime) KillContainers(ctx context.Context, cli *cliconfig.KillVa
// RemoveContainer removes container(s) based on varlink inputs.
func (r *LocalRuntime) RemoveContainers(ctx context.Context, cli *cliconfig.RmValues) ([]string, map[string]error, error) {
- ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
- if err != nil {
- return nil, nil, TranslateError(err)
- }
-
var (
ok = []string{}
failures = map[string]error{}
)
+ ids, err := iopodman.GetContainersByContext().Call(r.Conn, cli.All, cli.Latest, cli.InputArgs)
+ if err != nil {
+ // Failed to get containers. If force is specified, get the containers ID
+ // and evict them
+ if !cli.Force {
+ return nil, nil, TranslateError(err)
+ }
+
+ for _, ctr := range cli.InputArgs {
+ logrus.Debugf("Evicting container %q", ctr)
+ id, err := iopodman.EvictContainer().Call(r.Conn, ctr, cli.Volumes)
+ if err != nil {
+ failures[ctr] = errors.Wrapf(err, "Failed to evict container: %q", id)
+ continue
+ }
+ ok = append(ok, string(id))
+ }
+ return ok, failures, nil
+ }
+
for _, id := range ids {
_, err := iopodman.RemoveContainer().Call(r.Conn, id, cli.Force, cli.Volumes)
if err != nil {
diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go
index c8d57e2a2..ebaaf37ae 100644
--- a/pkg/adapter/pods.go
+++ b/pkg/adapter/pods.go
@@ -11,7 +11,7 @@ import (
"strings"
"github.com/containers/buildah/pkg/parse"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index fd6587505..0706d4b6a 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -14,8 +14,8 @@ import (
"github.com/containers/buildah/imagebuildah"
"github.com/containers/buildah/pkg/formats"
"github.com/containers/buildah/pkg/parse"
- "github.com/containers/image/docker/reference"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/docker/reference"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index f079b914a..3b808a2ee 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -17,8 +17,8 @@ import (
"github.com/containers/buildah/imagebuildah"
"github.com/containers/buildah/pkg/formats"
- "github.com/containers/image/docker/reference"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/docker/reference"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/remoteclientconfig"
iopodman "github.com/containers/libpod/cmd/podman/varlink"
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index de63dcbf1..b4facef42 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -5,8 +5,8 @@ import (
"path/filepath"
"strings"
- "github.com/containers/image/pkg/sysregistriesv2"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/pkg/sysregistriesv2"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/pkg/rootless"
"github.com/docker/distribution/reference"
"github.com/pkg/errors"
diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go
new file mode 100644
index 000000000..7e9fe9db6
--- /dev/null
+++ b/pkg/rootless/rootless.go
@@ -0,0 +1,45 @@
+package rootless
+
+import (
+ "os"
+
+ "github.com/containers/storage"
+ "github.com/pkg/errors"
+)
+
+func TryJoinPauseProcess(pausePidPath string) (bool, int, error) {
+ if _, err := os.Stat(pausePidPath); err != nil {
+ return false, -1, nil
+ }
+
+ became, ret, err := TryJoinFromFilePaths("", false, []string{pausePidPath})
+ if err == nil {
+ return became, ret, err
+ }
+
+ // It could not join the pause process, let's lock the file before trying to delete it.
+ pidFileLock, err := storage.GetLockfile(pausePidPath)
+ if err != nil {
+ // The file was deleted by another process.
+ if os.IsNotExist(err) {
+ return false, -1, nil
+ }
+ return false, -1, errors.Wrapf(err, "error acquiring lock on %s", pausePidPath)
+ }
+
+ pidFileLock.Lock()
+ defer func() {
+ if pidFileLock.Locked() {
+ pidFileLock.Unlock()
+ }
+ }()
+
+ // Now the pause PID file is locked. Try to join once again in case it changed while it was not locked.
+ became, ret, err = TryJoinFromFilePaths("", false, []string{pausePidPath})
+ if err != nil {
+ // It is still failing. We can safely remove it.
+ os.Remove(pausePidPath)
+ return false, -1, nil
+ }
+ return became, ret, err
+}
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index 6f6239e5f..05d641383 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -566,10 +566,10 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
r, w := os.NewFile(uintptr(fds[0]), "read file"), os.NewFile(uintptr(fds[1]), "write file")
- defer errorhandling.CloseQuiet(w)
defer errorhandling.CloseQuiet(r)
if _, _, err := becomeRootInUserNS("", path, w); err != nil {
+ w.Close()
lastErr = err
continue
}
@@ -578,7 +578,6 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
return false, 0, err
}
defer func() {
- errorhandling.CloseQuiet(r)
C.reexec_in_user_namespace_wait(-1, 0)
}()
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 7c3195be4..a65263b7d 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -7,7 +7,7 @@ import (
"strings"
"syscall"
- "github.com/containers/image/manifest"
+ "github.com/containers/image/v4/manifest"
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/namespaces"
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index c7aa003e8..57c6e8da7 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -7,6 +7,7 @@ import (
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/sysinfo"
"github.com/docker/docker/oci/caps"
"github.com/docker/go-units"
"github.com/opencontainers/runc/libcontainer/user"
@@ -300,9 +301,25 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM
blockAccessToKernelFilesystems(config, &g)
// RESOURCES - PIDS
- if config.Resources.PidsLimit != 0 {
- g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit)
- addedResources = true
+ if config.Resources.PidsLimit > 0 {
+ // if running on rootless on a cgroupv1 machine, pids limit is
+ // not supported. If the value is still the default
+ // then ignore the settings. If the caller asked for a
+ // non-default, then try to use it.
+ setPidLimit := true
+ if rootless.IsRootless() {
+ cgroup2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return nil, err
+ }
+ if !cgroup2 && config.Resources.PidsLimit == sysinfo.GetDefaultPidsLimit() {
+ setPidLimit = false
+ }
+ }
+ if setPidLimit {
+ g.SetLinuxResourcesPidsLimit(config.Resources.PidsLimit)
+ addedResources = true
+ }
}
for name, val := range config.Env {
diff --git a/pkg/sysinfo/sysinfo.go b/pkg/sysinfo/sysinfo.go
index f046de4b1..686f66ce5 100644
--- a/pkg/sysinfo/sysinfo.go
+++ b/pkg/sysinfo/sysinfo.go
@@ -142,3 +142,12 @@ func popcnt(x uint64) (n byte) {
x *= 0x0101010101010101
return byte(x >> 56)
}
+
+// GetDefaultPidsLimit returns the default pids limit to run containers with
+func GetDefaultPidsLimit() int64 {
+ sysInfo := New(true)
+ if !sysInfo.PidsLimit {
+ return 0
+ }
+ return 4096
+}
diff --git a/pkg/sysinfo/sysinfo_linux.go b/pkg/sysinfo/sysinfo_linux.go
index 9e675c655..76bda23c6 100644
--- a/pkg/sysinfo/sysinfo_linux.go
+++ b/pkg/sysinfo/sysinfo_linux.go
@@ -7,6 +7,7 @@ import (
"path"
"strings"
+ cg "github.com/containers/libpod/pkg/cgroups"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -227,12 +228,18 @@ func checkCgroupCpusetInfo(cgMounts map[string]string, quiet bool) cgroupCpusetI
// checkCgroupPids reads the pids information from the pids cgroup mount point.
func checkCgroupPids(quiet bool) cgroupPids {
- _, err := cgroups.FindCgroupMountpoint("", "pids")
+ cgroup2, err := cg.IsCgroup2UnifiedMode()
if err != nil {
- if !quiet {
- logrus.Warn(err)
+ logrus.Errorf("Failed to check cgroups version: %v", err)
+ }
+ if !cgroup2 {
+ _, err := cgroups.FindCgroupMountpoint("", "pids")
+ if err != nil {
+ if !quiet {
+ logrus.Warn(err)
+ }
+ return cgroupPids{}
}
- return cgroupPids{}
}
return cgroupPids{
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 3bfe4bda1..afa89a6e8 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -11,7 +11,7 @@ import (
"path/filepath"
"strings"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/types"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"gopkg.in/yaml.v2"
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index edcad1d1b..0190b106d 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -10,7 +10,7 @@ import (
"time"
"github.com/BurntSushi/toml"
- "github.com/containers/image/types"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/errorhandling"
"github.com/containers/libpod/pkg/namespaces"
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index 93f9d4fe3..79fcef11a 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -508,7 +508,16 @@ func (i *LibpodAPI) RemoveContainer(call iopodman.VarlinkCall, name string, forc
return call.ReplyErrorOccurred(err.Error())
}
return call.ReplyRemoveContainer(ctr.ID())
+}
+// EvictContainer ...
+func (i *LibpodAPI) EvictContainer(call iopodman.VarlinkCall, name string, removeVolumes bool) error {
+ ctx := getContext()
+ id, err := i.Runtime.EvictContainer(ctx, name, removeVolumes)
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ return call.ReplyEvictContainer(id)
}
// DeleteStoppedContainers ...
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 0bdbec177..f83b93dff 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -16,10 +16,10 @@ import (
"github.com/containers/buildah"
"github.com/containers/buildah/imagebuildah"
- dockerarchive "github.com/containers/image/docker/archive"
- "github.com/containers/image/manifest"
- "github.com/containers/image/transports/alltransports"
- "github.com/containers/image/types"
+ dockerarchive "github.com/containers/image/v4/docker/archive"
+ "github.com/containers/image/v4/manifest"
+ "github.com/containers/image/v4/transports/alltransports"
+ "github.com/containers/image/v4/types"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/cmd/podman/varlink"
"github.com/containers/libpod/libpod"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-22 04:54:54 +0000