summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/domain/infra/runtime_libpod.go4
-rw-r--r--pkg/machine/config.go27
-rw-r--r--pkg/machine/e2e/config.go8
-rw-r--r--pkg/machine/e2e/inspect_test.go2
-rw-r--r--pkg/machine/e2e/ssh_test.go7
-rw-r--r--pkg/machine/fcos.go7
-rw-r--r--pkg/machine/qemu/machine.go27
-rw-r--r--pkg/specgenutil/specgen.go15
8 files changed, 67 insertions, 30 deletions
diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go
index ac557e9de..daa6f0cbf 100644
--- a/pkg/domain/infra/runtime_libpod.go
+++ b/pkg/domain/infra/runtime_libpod.go
@@ -9,9 +9,9 @@ import (
"os"
"os/signal"
"sync"
+ "syscall"
"github.com/containers/common/pkg/cgroups"
- "github.com/containers/podman/v4/cmd/podman/utils"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/namespaces"
@@ -375,7 +375,7 @@ func ParseIDMapping(mode namespaces.UsernsMode, uidMapSlice, gidMapSlice []strin
func StartWatcher(rt *libpod.Runtime) {
// Setup the signal notifier
ch := make(chan os.Signal, 1)
- signal.Notify(ch, utils.SIGHUP)
+ signal.Notify(ch, syscall.SIGHUP)
go func() {
for {
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index d34776714..abbebc9f9 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -138,14 +138,15 @@ type DistributionDownload interface {
Get() *Download
}
type InspectInfo struct {
- ConfigPath VMFile
- Created time.Time
- Image ImageConfig
- LastUp time.Time
- Name string
- Resources ResourceConfig
- SSHConfig SSHConfig
- State Status
+ ConfigPath VMFile
+ ConnectionInfo ConnectionConfig
+ Created time.Time
+ Image ImageConfig
+ LastUp time.Time
+ Name string
+ Resources ResourceConfig
+ SSHConfig SSHConfig
+ State Status
}
func (rc RemoteConnectionType) MakeSSHURL(host, path, port, userName string) url.URL {
@@ -286,11 +287,11 @@ func NewMachineFile(path string, symlink *string) (*VMFile, error) {
// makeSymlink for macOS creates a symlink in $HOME/.podman/
// for a machinefile like a socket
func (m *VMFile) makeSymlink(symlink *string) error {
- homedir, err := os.UserHomeDir()
+ homeDir, err := os.UserHomeDir()
if err != nil {
return err
}
- sl := filepath.Join(homedir, ".podman", *symlink)
+ sl := filepath.Join(homeDir, ".podman", *symlink)
// make the symlink dir and throw away if it already exists
if err := os.MkdirAll(filepath.Dir(sl), 0700); err != nil && !errors2.Is(err, os.ErrNotExist) {
return err
@@ -335,3 +336,9 @@ type SSHConfig struct {
// RemoteUsername of the vm user
RemoteUsername string
}
+
+// ConnectionConfig contains connections like sockets, etc.
+type ConnectionConfig struct {
+ // PodmanSocket is the exported podman service socket
+ PodmanSocket *VMFile `json:"PodmanSocket"`
+}
diff --git a/pkg/machine/e2e/config.go b/pkg/machine/e2e/config.go
index c17b840d3..248a2f0ad 100644
--- a/pkg/machine/e2e/config.go
+++ b/pkg/machine/e2e/config.go
@@ -85,6 +85,14 @@ func (ms *machineSession) outputToString() string {
return strings.Join(fields, " ")
}
+// errorToString returns the error output from a session in string form
+func (ms *machineSession) errorToString() string {
+ if ms == nil || ms.Err == nil || ms.Err.Contents() == nil {
+ return ""
+ }
+ return string(ms.Err.Contents())
+}
+
// newMB constructor for machine test builders
func newMB() (*machineTestBuilder, error) {
mb := machineTestBuilder{
diff --git a/pkg/machine/e2e/inspect_test.go b/pkg/machine/e2e/inspect_test.go
index 2c9de5664..cdf13bb1a 100644
--- a/pkg/machine/e2e/inspect_test.go
+++ b/pkg/machine/e2e/inspect_test.go
@@ -2,6 +2,7 @@ package e2e
import (
"encoding/json"
+ "strings"
"github.com/containers/podman/v4/pkg/machine"
"github.com/containers/podman/v4/pkg/machine/qemu"
@@ -86,6 +87,7 @@ var _ = Describe("podman machine stop", func() {
var inspectInfo []machine.InspectInfo
err = jsoniter.Unmarshal(inspectSession.Bytes(), &inspectInfo)
Expect(err).To(BeNil())
+ Expect(strings.HasSuffix(inspectInfo[0].ConnectionInfo.PodmanSocket.GetPath(), "podman.sock"))
inspect := new(inspectMachine)
inspect = inspect.withFormat("{{.Name}}")
diff --git a/pkg/machine/e2e/ssh_test.go b/pkg/machine/e2e/ssh_test.go
index 155d39a64..9ee31ac26 100644
--- a/pkg/machine/e2e/ssh_test.go
+++ b/pkg/machine/e2e/ssh_test.go
@@ -56,5 +56,12 @@ var _ = Describe("podman machine ssh", func() {
Expect(err).To(BeNil())
Expect(sshSession).To(Exit(0))
Expect(sshSession.outputToString()).To(ContainSubstring("Fedora CoreOS"))
+
+ // keep exit code
+ sshSession, err = mb.setName(name).setCmd(ssh.withSSHComand([]string{"false"})).run()
+ Expect(err).To(BeNil())
+ Expect(sshSession).To(Exit(1))
+ Expect(sshSession.outputToString()).To(Equal(""))
+ Expect(sshSession.errorToString()).To(Equal(""))
})
})
diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go
index df58b8a1e..77427139a 100644
--- a/pkg/machine/fcos.go
+++ b/pkg/machine/fcos.go
@@ -146,13 +146,6 @@ func GetFCOSDownload(imageStream string) (*FcosDownloadInfo, error) { //nolint:s
streamType string
)
- // This is being hard set to testing. Once podman4 is in the
- // fcos trees, we should remove it and re-release at least on
- // macs.
- // TODO: remove when podman4.0 is in coreos
-
- imageStream = "podman-testing" //nolint:staticcheck
-
switch imageStream {
case "podman-testing":
streamType = "podman-testing"
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index e3fb3b970..b9f23662e 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -952,7 +952,8 @@ func (v *MachineVM) SSH(_ string, opts machine.SSHOptions) error {
sshDestination := username + "@localhost"
port := strconv.Itoa(v.Port)
- args := []string{"-i", v.IdentityPath, "-p", port, sshDestination, "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"}
+ args := []string{"-i", v.IdentityPath, "-p", port, sshDestination, "-o", "UserKnownHostsFile=/dev/null",
+ "-o", "StrictHostKeyChecking=no", "-o", "LogLevel=ERROR"}
if len(opts.Args) > 0 {
args = append(args, opts.Args...)
} else {
@@ -1471,16 +1472,22 @@ func (v *MachineVM) Inspect() (*machine.InspectInfo, error) {
if err != nil {
return nil, err
}
-
+ connInfo := new(machine.ConnectionConfig)
+ podmanSocket, err := v.forwardSocketPath()
+ if err != nil {
+ return nil, err
+ }
+ connInfo.PodmanSocket = podmanSocket
return &machine.InspectInfo{
- ConfigPath: v.ConfigPath,
- Created: v.Created,
- Image: v.ImageConfig,
- LastUp: v.LastUp,
- Name: v.Name,
- Resources: v.ResourceConfig,
- SSHConfig: v.SSHConfig,
- State: state,
+ ConfigPath: v.ConfigPath,
+ ConnectionInfo: *connInfo,
+ Created: v.Created,
+ Image: v.ImageConfig,
+ LastUp: v.LastUp,
+ Name: v.Name,
+ Resources: v.ResourceConfig,
+ SSHConfig: v.SSHConfig,
+ State: state,
}, nil
}
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 9cb2f200b..efaade9cd 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -622,7 +622,14 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if opt == "no-new-privileges" {
s.ContainerSecurityConfig.NoNewPrivileges = true
} else {
- con := strings.SplitN(opt, "=", 2)
+ // Docker deprecated the ":" syntax but still supports it,
+ // so we need to as well
+ var con []string
+ if strings.Contains(opt, "=") {
+ con = strings.SplitN(opt, "=", 2)
+ } else {
+ con = strings.SplitN(opt, ":", 2)
+ }
if len(con) != 2 {
return fmt.Errorf("invalid --security-opt 1: %q", opt)
}
@@ -650,6 +657,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
}
case "unmask":
s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, con[1:]...)
+ case "no-new-privileges":
+ noNewPrivileges, err := strconv.ParseBool(con[1])
+ if err != nil {
+ return fmt.Errorf("invalid --security-opt 2: %q", opt)
+ }
+ s.ContainerSecurityConfig.NoNewPrivileges = noNewPrivileges
default:
return fmt.Errorf("invalid --security-opt 2: %q", opt)
}