diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/api/handlers/compat/networks.go | 7 | ||||
-rw-r--r-- | pkg/api/handlers/libpod/images.go | 10 | ||||
-rw-r--r-- | pkg/api/handlers/libpod/networks.go | 6 | ||||
-rw-r--r-- | pkg/api/handlers/utils/errors.go | 9 | ||||
-rw-r--r-- | pkg/api/server/register_images.go | 4 | ||||
-rw-r--r-- | pkg/api/server/register_ping.go | 9 | ||||
-rw-r--r-- | pkg/api/server/register_volumes.go | 2 | ||||
-rw-r--r-- | pkg/bindings/images/images.go | 1 | ||||
-rw-r--r-- | pkg/domain/entities/volumes.go | 56 | ||||
-rw-r--r-- | pkg/network/config.go | 5 | ||||
-rw-r--r-- | pkg/network/files.go | 3 | ||||
-rw-r--r-- | pkg/network/network.go | 3 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.c | 2 | ||||
-rw-r--r-- | pkg/rootless/rootless_linux.go | 35 | ||||
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 4 |
15 files changed, 119 insertions, 37 deletions
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go index 1e80cc91d..80b7505df 100644 --- a/pkg/api/handlers/compat/networks.go +++ b/pkg/api/handlers/compat/networks.go @@ -10,6 +10,7 @@ import ( "github.com/containernetworking/cni/libcni" "github.com/containers/podman/v2/libpod" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/api/handlers/utils" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/domain/infra/abi" @@ -44,9 +45,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) { name := utils.GetName(r) _, err = network.InspectNetwork(config, name) if err != nil { - // TODO our network package does not distinguish between not finding a - // specific network vs not being able to read it - utils.InternalServerError(w, err) + utils.NetworkNotFound(w, name, err) return } report, err := getNetworkResourceByName(name, runtime) @@ -285,7 +284,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) { return } if !exists { - utils.Error(w, "network not found", http.StatusNotFound, network.ErrNetworkNotFound) + utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork) return } if err := network.RemoveNetwork(config, name); err != nil { diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 3421f0836..51013acf1 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -594,11 +594,9 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) { return } - // I know mitr hates this ... but doing for now - if len(query.Repo) > 1 { + if len(query.Repo) > 0 { destImage = fmt.Sprintf("%s:%s", query.Repo, tag) } - commitImage, err := ctr.Commit(r.Context(), destImage, options) if err != nil && !strings.Contains(err.Error(), "is not running") { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "CommitFailure")) @@ -638,6 +636,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) { query := struct { Term string `json:"term"` Limit int `json:"limit"` + NoTrunc bool `json:"noTrunc"` Filters []string `json:"filters"` TLSVerify bool `json:"tlsVerify"` }{ @@ -650,7 +649,8 @@ func SearchImages(w http.ResponseWriter, r *http.Request) { } options := image.SearchOptions{ - Limit: query.Limit, + Limit: query.Limit, + NoTrunc: query.NoTrunc, } if _, found := r.URL.Query()["tlsVerify"]; found { options.InsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) @@ -677,7 +677,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) { for i := range searchResults { reports[i].Index = searchResults[i].Index reports[i].Name = searchResults[i].Name - reports[i].Description = searchResults[i].Index + reports[i].Description = searchResults[i].Description reports[i].Stars = searchResults[i].Stars reports[i].Official = searchResults[i].Official reports[i].Automated = searchResults[i].Automated diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go index 9237a41ce..475522664 100644 --- a/pkg/api/handlers/libpod/networks.go +++ b/pkg/api/handlers/libpod/networks.go @@ -5,10 +5,10 @@ import ( "net/http" "github.com/containers/podman/v2/libpod" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/api/handlers/utils" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/domain/infra/abi" - "github.com/containers/podman/v2/pkg/network" "github.com/gorilla/schema" "github.com/pkg/errors" ) @@ -78,7 +78,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) { } if reports[0].Err != nil { // If the network cannot be found, we return a 404. - if errors.Cause(err) == network.ErrNetworkNotFound { + if errors.Cause(err) == define.ErrNoSuchNetwork { utils.Error(w, "Something went wrong", http.StatusNotFound, err) return } @@ -104,7 +104,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) { reports, err := ic.NetworkInspect(r.Context(), []string{name}, options) if err != nil { // If the network cannot be found, we return a 404. - if errors.Cause(err) == network.ErrNetworkNotFound { + if errors.Cause(err) == define.ErrNoSuchNetwork { utils.Error(w, "Something went wrong", http.StatusNotFound, err) return } diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go index 5a99529c6..bf9b18960 100644 --- a/pkg/api/handlers/utils/errors.go +++ b/pkg/api/handlers/utils/errors.go @@ -39,6 +39,7 @@ func VolumeNotFound(w http.ResponseWriter, name string, err error) { msg := fmt.Sprintf("No such volume: %s", name) Error(w, msg, http.StatusNotFound, err) } + func ContainerNotFound(w http.ResponseWriter, name string, err error) { if errors.Cause(err) != define.ErrNoSuchCtr { InternalServerError(w, err) @@ -55,6 +56,14 @@ func ImageNotFound(w http.ResponseWriter, name string, err error) { Error(w, msg, http.StatusNotFound, err) } +func NetworkNotFound(w http.ResponseWriter, name string, err error) { + if errors.Cause(err) != define.ErrNoSuchNetwork { + InternalServerError(w, err) + } + msg := fmt.Sprintf("No such network: %s", name) + Error(w, msg, http.StatusNotFound, err) +} + func PodNotFound(w http.ResponseWriter, name string, err error) { if errors.Cause(err) != define.ErrNoSuchPod { InternalServerError(w, err) diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index 7f060d098..cb4ce4fe7 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -972,6 +972,10 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // type: integer // description: maximum number of results // - in: query + // name: noTrunc + // type: boolean + // description: do not truncate any of the result strings + // - in: query // name: filters // type: string // description: | diff --git a/pkg/api/server/register_ping.go b/pkg/api/server/register_ping.go index 4a8d2c768..4e299008c 100644 --- a/pkg/api/server/register_ping.go +++ b/pkg/api/server/register_ping.go @@ -9,9 +9,8 @@ import ( func (s *APIServer) registerPingHandlers(r *mux.Router) error { - r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet) - r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead) - + r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead) + r.Handle(VersionedPath("/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead) // swagger:operation GET /libpod/_ping libpod libpodPingGet // --- // summary: Ping service @@ -62,7 +61,7 @@ func (s *APIServer) registerPingHandlers(r *mux.Router) error { // determine if talking to Podman engine or another engine // 500: // $ref: "#/responses/InternalError" - r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet) - r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead) + r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead) + r.Handle(VersionedPath("/libpod/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead) return nil } diff --git a/pkg/api/server/register_volumes.go b/pkg/api/server/register_volumes.go index b509a332a..8f7848ed4 100644 --- a/pkg/api/server/register_volumes.go +++ b/pkg/api/server/register_volumes.go @@ -128,7 +128,7 @@ func (s *APIServer) registerVolumeHandlers(r *mux.Router) error { // The boolean `dangling` filter is not yet implemented for this endpoint. // responses: // '200': - // "$ref": "#/responses/DockerVolumeList" + // "$ref": "#/responses/VolumeListResponse" // '500': // "$ref": "#/responses/InternalError" r.Handle(VersionedPath("/volumes"), s.APIHandler(compat.ListVolumes)).Methods(http.MethodGet) diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go index fc8c9996e..12d1a9ce9 100644 --- a/pkg/bindings/images/images.go +++ b/pkg/bindings/images/images.go @@ -439,6 +439,7 @@ func Search(ctx context.Context, term string, opts entities.ImageSearchOptions) params := url.Values{} params.Set("term", term) params.Set("limit", strconv.Itoa(opts.Limit)) + params.Set("noTrunc", strconv.FormatBool(opts.NoTrunc)) for _, f := range opts.Filters { params.Set("filters", f) } diff --git a/pkg/domain/entities/volumes.go b/pkg/domain/entities/volumes.go index 2311d1f25..53d30ffdf 100644 --- a/pkg/domain/entities/volumes.go +++ b/pkg/domain/entities/volumes.go @@ -59,6 +59,42 @@ type VolumeConfigResponse struct { Anonymous bool `json:"Anonymous"` } +// VolumeInfo Volume list response +// swagger:model VolumeInfo +type VolumeInfo struct { + + // Date/Time the volume was created. + CreatedAt string `json:"CreatedAt,omitempty"` + + // Name of the volume driver used by the volume. Only supports local driver + // Required: true + Driver string `json:"Driver"` + + // User-defined key/value metadata. + // Always included + Labels map[string]string `json:"Labels"` + + // Mount path of the volume on the host. + // Required: true + Mountpoint string `json:"Mountpoint"` + + // Name of the volume. + // Required: true + Name string `json:"Name"` + + // The driver specific options used when creating the volume. + // Required: true + Options map[string]string `json:"Options"` + + // The level at which the volume exists. + // Libpod does not implement volume scoping, and this is provided solely for + // Docker compatibility. The value is only "local". + // Required: true + Scope string `json:"Scope"` + + // TODO: We don't include the volume `Status` for now +} + type VolumeRmOptions struct { All bool Force bool @@ -94,17 +130,25 @@ type VolumeListReport struct { VolumeConfigResponse } -/* - * Docker API compatibility types - */ -// swagger:response DockerVolumeList -type SwagDockerVolumeListResponse struct { +// VolumeListBody Volume list response +// swagger:model VolumeListBody +type VolumeListBody struct { + Volumes []*VolumeInfo +} + +// Volume list response +// swagger:response VolumeListResponse +type SwagVolumeListResponse struct { // in:body Body struct { - docker_api_types_volume.VolumeListOKBody + VolumeListBody } } +/* + * Docker API compatibility types + */ + // swagger:model DockerVolumeCreate type DockerVolumeCreate docker_api_types_volume.VolumeCreateBody diff --git a/pkg/network/config.go b/pkg/network/config.go index a504e0ad0..0115433e1 100644 --- a/pkg/network/config.go +++ b/pkg/network/config.go @@ -2,7 +2,6 @@ package network import ( "encoding/json" - "errors" "net" ) @@ -20,10 +19,6 @@ const ( DefaultPodmanDomainName = "dns.podman" ) -var ( - ErrNetworkNotFound = errors.New("network not found") -) - // GetDefaultPodmanNetwork outputs the default network for podman func GetDefaultPodmanNetwork() (*net.IPNet, error) { _, n, err := net.ParseCIDR("10.88.1.0/24") diff --git a/pkg/network/files.go b/pkg/network/files.go index beb3289f3..38ce38b97 100644 --- a/pkg/network/files.go +++ b/pkg/network/files.go @@ -10,6 +10,7 @@ import ( "github.com/containernetworking/cni/libcni" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" "github.com/containers/common/pkg/config" + "github.com/containers/podman/v2/libpod/define" "github.com/pkg/errors" ) @@ -55,7 +56,7 @@ func GetCNIConfigPathByName(config *config.Config, name string) (string, error) return confFile, nil } } - return "", errors.Wrap(ErrNetworkNotFound, fmt.Sprintf("unable to find network configuration for %s", name)) + return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name)) } // ReadRawCNIConfByName reads the raw CNI configuration for a CNI diff --git a/pkg/network/network.go b/pkg/network/network.go index 6c84c8a8a..b24c72f5f 100644 --- a/pkg/network/network.go +++ b/pkg/network/network.go @@ -8,6 +8,7 @@ import ( "github.com/containernetworking/cni/pkg/types" "github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator" "github.com/containers/common/pkg/config" + "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -200,7 +201,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{}, func Exists(config *config.Config, name string) (bool, error) { _, err := ReadRawCNIConfByName(config, name) if err != nil { - if errors.Cause(err) == ErrNetworkNotFound { + if errors.Cause(err) == define.ErrNoSuchNetwork { return false, nil } return false, err diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index d3e43e44d..eaf2d4551 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -860,7 +860,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re fprintf (stderr, "cannot read from sync pipe: %s\n", strerror (errno)); _exit (EXIT_FAILURE); } - if (b != '0') + if (ret != 1 || b != '0') _exit (EXIT_FAILURE); if (syscall_setresgid (0, 0, 0) < 0) diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index b1f200cc2..ccc8a1d94 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -97,7 +97,11 @@ func GetRootlessGID() int { return os.Getegid() } -func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error { +func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) error { + var tool = "newuidmap" + if !uid { + tool = "newgidmap" + } path, err := exec.LookPath(tool) if err != nil { return errors.Wrapf(err, "cannot find %s", tool) @@ -110,6 +114,15 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) args := []string{path, fmt.Sprintf("%d", pid)} args = appendTriplet(args, 0, hostID, 1) for _, i := range mappings { + if hostID >= i.HostID && hostID < i.HostID+i.Size { + what := "UID" + where := "/etc/subuid" + if !uid { + what = "GID" + where = "/etc/subgid" + } + return errors.Errorf("invalid configuration: the specified mapping %d:%d in %q includes the user %s", i.HostID, i.Size, where, what) + } args = appendTriplet(args, i.ContainerID+1, i.HostID, i.Size) } cmd := exec.Cmd{ @@ -175,7 +188,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { return uids, gids, nil } -func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, int, error) { +func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ bool, _ int, retErr error) { if os.Geteuid() == 0 || os.Getenv("_CONTAINERS_USERNS_CONFIGURED") != "" { if os.Getenv("_CONTAINERS_USERNS_CONFIGURED") == "init" { return false, 0, runInUser() @@ -205,7 +218,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, defer errorhandling.CloseQuiet(r) defer errorhandling.CloseQuiet(w) defer func() { - if _, err := w.Write([]byte("0")); err != nil { + toWrite := []byte("0") + if retErr != nil { + toWrite = []byte("1") + } + if _, err := w.Write(toWrite); err != nil { logrus.Errorf("failed to write byte 0: %q", err) } }() @@ -223,7 +240,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, uidsMapped := false if uids != nil { - err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids) + err := tryMappingTool(true, pid, os.Geteuid(), uids) + // If some mappings were specified, do not ignore the error + if err != nil && len(uids) > 0 { + return false, -1, err + } uidsMapped = err == nil } if !uidsMapped { @@ -245,7 +266,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, gidsMapped := false if gids != nil { - err := tryMappingTool("newgidmap", pid, os.Getegid(), gids) + err := tryMappingTool(false, pid, os.Getegid(), gids) + // If some mappings were specified, do not ignore the error + if err != nil && len(gids) > 0 { + return false, -1, err + } gidsMapped = err == nil } if !gidsMapped { diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index b8ab1399e..7adb8be6a 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -462,6 +462,10 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) { var options []libpod.PodCreateOption var erroredOptions []libpod.PodCreateOption + if ns == nil { + //set the default namespaces + ns = strings.Split(specgen.DefaultKernelNamespaces, ",") + } for _, toShare := range ns { switch toShare { case "cgroup": |