diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/registries/registries.go | 17 | ||||
| -rw-r--r-- | pkg/secrets/secrets.go | 18 |
2 files changed, 31 insertions, 4 deletions
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go index 844d2c415..c84bb21f6 100644 --- a/pkg/registries/registries.go +++ b/pkg/registries/registries.go @@ -2,15 +2,27 @@ package registries import ( "os" + "path/filepath" "github.com/containers/image/pkg/sysregistries" "github.com/containers/image/types" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" ) +// userRegistriesFile is the path to the per user registry configuration file. +var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf") + // GetRegistries obtains the list of registries defined in the global registries file. func GetRegistries() ([]string, error) { registryConfigPath := "" + + if rootless.IsRootless() { + if _, err := os.Stat(userRegistriesFile); err == nil { + registryConfigPath = userRegistriesFile + } + } + envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride @@ -25,6 +37,11 @@ func GetRegistries() ([]string, error) { // GetInsecureRegistries obtains the list of insecure registries from the global registration file. func GetInsecureRegistries() ([]string, error) { registryConfigPath := "" + + if _, err := os.Stat(userRegistriesFile); err == nil { + registryConfigPath = userRegistriesFile + } + envOverride := os.Getenv("REGISTRIES_CONFIG_PATH") if len(envOverride) > 0 { registryConfigPath = envOverride diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index ba0f3b925..bc63ece00 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -10,6 +10,7 @@ import ( rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" + "github.com/projectatomic/libpod/pkg/rootless" "github.com/sirupsen/logrus" ) @@ -20,6 +21,9 @@ var ( // OverrideMountsFile holds the default mount paths in the form // "host_path:container_path" overridden by the user OverrideMountsFile = "/etc/containers/mounts.conf" + // UserOverrideMountsFile holds the default mount paths in the form + // "host_path:container_path" overridden by the rootless user + UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) // secretData stores the name of the file and the content read from it @@ -143,15 +147,21 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre // Note for testing purposes only if mountFile == "" { mountFiles = append(mountFiles, []string{OverrideMountsFile, DefaultMountsFile}...) + if rootless.IsRootless() { + mountFiles = append([]string{UserOverrideMountsFile}, mountFiles...) + } } else { mountFiles = append(mountFiles, mountFile) } for _, file := range mountFiles { - mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) - if err != nil { - logrus.Warnf("error mounting secrets, skipping: %v", err) + if _, err := os.Stat(file); err == nil { + mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) + if err != nil { + logrus.Warnf("error mounting secrets, skipping: %v", err) + } + secretMounts = mounts + break } - secretMounts = append(secretMounts, mounts...) } // Add FIPS mode secret if /etc/system-fips exists on the host |