aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/api/handlers/compat/images.go21
-rw-r--r--pkg/bindings/containers/containers.go5
-rw-r--r--pkg/bindings/test/containers_test.go6
-rw-r--r--pkg/channel/writer.go13
-rw-r--r--pkg/domain/infra/tunnel/containers.go2
-rw-r--r--pkg/domain/infra/tunnel/helpers.go2
-rw-r--r--pkg/ps/ps.go9
-rw-r--r--pkg/rootless/rootless.go25
-rw-r--r--pkg/specgen/generate/container_create.go16
-rw-r--r--pkg/specgen/generate/oci.go15
10 files changed, 84 insertions, 30 deletions
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 940b57343..cc67ebcd1 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -20,9 +20,25 @@ import (
"github.com/containers/podman/v2/pkg/domain/entities"
"github.com/docker/docker/api/types"
"github.com/gorilla/schema"
+ "github.com/opencontainers/go-digest"
"github.com/pkg/errors"
)
+// mergeNameAndTagOrDigest creates an image reference as string from the
+// provided image name and tagOrDigest which can be a tag, a digest or empty.
+func mergeNameAndTagOrDigest(name, tagOrDigest string) string {
+ if len(tagOrDigest) == 0 {
+ return name
+ }
+
+ separator := ":" // default to tag
+ if _, err := digest.Parse(tagOrDigest); err == nil {
+ // We have a digest, so let's change the separator.
+ separator = "@"
+ }
+ return fmt.Sprintf("%s%s%s", name, separator, tagOrDigest)
+}
+
func ExportImage(w http.ResponseWriter, r *http.Request) {
// 200 ok
// 500 server
@@ -252,10 +268,7 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) {
return
}
- fromImage := query.FromImage
- if len(query.Tag) >= 1 {
- fromImage = fmt.Sprintf("%s:%s", fromImage, query.Tag)
- }
+ fromImage := mergeNameAndTagOrDigest(query.FromImage, query.Tag)
authConf, authfile, key, err := auth.GetCredentials(r)
if err != nil {
diff --git a/pkg/bindings/containers/containers.go b/pkg/bindings/containers/containers.go
index 46e4df1d2..708ad06cb 100644
--- a/pkg/bindings/containers/containers.go
+++ b/pkg/bindings/containers/containers.go
@@ -25,7 +25,7 @@ var (
// the most recent number of containers. The pod and size booleans indicate that pod information and rootfs
// size information should also be included. Finally, the sync bool synchronizes the OCI runtime and
// container state.
-func List(ctx context.Context, filters map[string][]string, all *bool, last *int, size, sync *bool) ([]entities.ListContainer, error) { // nolint:typecheck
+func List(ctx context.Context, filters map[string][]string, all *bool, last *int, namespace, size, sync *bool) ([]entities.ListContainer, error) { // nolint:typecheck
conn, err := bindings.GetClient(ctx)
if err != nil {
return nil, err
@@ -44,6 +44,9 @@ func List(ctx context.Context, filters map[string][]string, all *bool, last *int
if sync != nil {
params.Set("sync", strconv.FormatBool(*sync))
}
+ if namespace != nil {
+ params.Set("namespace", strconv.FormatBool(*namespace))
+ }
if filters != nil {
filterString, err := bindings.FiltersToString(filters)
if err != nil {
diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go
index bf2ceab2a..408b4769d 100644
--- a/pkg/bindings/test/containers_test.go
+++ b/pkg/bindings/test/containers_test.go
@@ -499,7 +499,7 @@ var _ = Describe("Podman containers ", func() {
Expect(err).To(BeNil())
_, err = bt.RunTopContainer(&name2, bindings.PFalse, nil)
Expect(err).To(BeNil())
- containerLatestList, err := containers.List(bt.conn, nil, nil, &latestContainers, nil, nil)
+ containerLatestList, err := containers.List(bt.conn, nil, nil, &latestContainers, nil, nil, nil)
Expect(err).To(BeNil())
err = containers.Kill(bt.conn, containerLatestList[0].Names[0], "SIGTERM")
Expect(err).To(BeNil())
@@ -744,7 +744,7 @@ var _ = Describe("Podman containers ", func() {
// Validate list container with id filter
filters := make(map[string][]string)
filters["id"] = []string{cid}
- c, err := containers.List(bt.conn, filters, bindings.PTrue, nil, nil, nil)
+ c, err := containers.List(bt.conn, filters, bindings.PTrue, nil, nil, nil, nil)
Expect(err).To(BeNil())
Expect(len(c)).To(Equal(1))
})
@@ -758,7 +758,7 @@ var _ = Describe("Podman containers ", func() {
lastNum := 1
- c, err := containers.List(bt.conn, nil, bindings.PTrue, &lastNum, nil, nil)
+ c, err := containers.List(bt.conn, nil, bindings.PTrue, &lastNum, nil, nil, nil)
Expect(err).To(BeNil())
Expect(len(c)).To(Equal(1))
Expect(c[0].PodName).To(Equal(podName))
diff --git a/pkg/channel/writer.go b/pkg/channel/writer.go
index dbb38e416..28c9d7de5 100644
--- a/pkg/channel/writer.go
+++ b/pkg/channel/writer.go
@@ -1,6 +1,7 @@
package channel
import (
+ "fmt"
"io"
"sync"
@@ -32,16 +33,24 @@ func (w *writeCloser) Chan() <-chan []byte {
}
// Write method for WriteCloser
-func (w *writeCloser) Write(b []byte) (int, error) {
+func (w *writeCloser) Write(b []byte) (bLen int, err error) {
+ // https://github.com/containers/podman/issues/7896
+ // when podman-remote pull image, if it was killed, the server will panic: send on closed channel
+ // so handle it
+ defer func() {
+ if rErr := recover(); rErr != nil {
+ err = fmt.Errorf("%s", rErr)
+ }
+ }()
if w == nil || w.ch == nil {
return 0, errors.New("use channel.NewWriter() to initialize a WriteCloser")
}
w.mux.Lock()
+ defer w.mux.Unlock()
buf := make([]byte, len(b))
copy(buf, b)
w.ch <- buf
- w.mux.Unlock()
return len(b), nil
}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 9b03503c6..194bb4b48 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -548,7 +548,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri
}
func (ic *ContainerEngine) ContainerList(ctx context.Context, options entities.ContainerListOptions) ([]entities.ListContainer, error) {
- return containers.List(ic.ClientCxt, options.Filters, &options.All, &options.Last, &options.Size, &options.Sync)
+ return containers.List(ic.ClientCxt, options.Filters, &options.All, &options.Last, &options.Namespace, &options.Size, &options.Sync)
}
func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.ContainerRunOptions) (*entities.ContainerRunReport, error) {
diff --git a/pkg/domain/infra/tunnel/helpers.go b/pkg/domain/infra/tunnel/helpers.go
index 7d28f1bd3..63f9546be 100644
--- a/pkg/domain/infra/tunnel/helpers.go
+++ b/pkg/domain/infra/tunnel/helpers.go
@@ -19,7 +19,7 @@ func getContainersByContext(contextWithConnection context.Context, all, ignore b
return nil, errors.New("cannot lookup containers and all")
}
- allContainers, err := containers.List(contextWithConnection, nil, bindings.PTrue, nil, nil, bindings.PTrue)
+ allContainers, err := containers.List(contextWithConnection, nil, bindings.PTrue, nil, nil, nil, bindings.PTrue)
if err != nil {
return nil, err
}
diff --git a/pkg/ps/ps.go b/pkg/ps/ps.go
index 8087507e2..96b2d754f 100644
--- a/pkg/ps/ps.go
+++ b/pkg/ps/ps.go
@@ -134,15 +134,16 @@ func ListContainerBatch(rt *libpod.Runtime, ctr *libpod.Container, opts entities
logrus.Errorf("error getting exited time for %q: %v", c.ID(), err)
}
+ pid, err = c.PID()
+ if err != nil {
+ return errors.Wrapf(err, "unable to obtain container pid")
+ }
+
if !opts.Size && !opts.Namespace {
return nil
}
if opts.Namespace {
- pid, err = c.PID()
- if err != nil {
- return errors.Wrapf(err, "unable to obtain container pid")
- }
ctrPID := strconv.Itoa(pid)
cgroup, _ = getNamespaceInfo(filepath.Join("/proc", ctrPID, "ns", "cgroup"))
ipc, _ = getNamespaceInfo(filepath.Join("/proc", ctrPID, "ns", "ipc"))
diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go
index d02721ea9..799c793d8 100644
--- a/pkg/rootless/rootless.go
+++ b/pkg/rootless/rootless.go
@@ -2,8 +2,10 @@ package rootless
import (
"os"
+ "sync"
"github.com/containers/storage"
+ "github.com/opencontainers/runc/libcontainer/user"
"github.com/pkg/errors"
)
@@ -46,3 +48,26 @@ func TryJoinPauseProcess(pausePidPath string) (bool, int, error) {
}
return became, ret, err
}
+
+var (
+ availableGids int64
+ availableGidsErr error
+ availableGidsOnce sync.Once
+)
+
+// GetAvailableGids returns how many GIDs are available in the
+// current user namespace.
+func GetAvailableGids() (int64, error) {
+ availableGidsOnce.Do(func() {
+ idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
+ if err != nil {
+ availableGidsErr = err
+ return
+ }
+ availableGids = int64(0)
+ for _, r := range idMap {
+ availableGids += r.Count
+ }
+ })
+ return availableGids, availableGidsErr
+}
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 2ac3b376f..147450703 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -11,6 +11,7 @@ import (
"github.com/containers/podman/v2/pkg/specgen"
"github.com/containers/podman/v2/pkg/util"
"github.com/containers/storage"
+ "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -272,6 +273,21 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
// Security options
if len(s.SelinuxOpts) > 0 {
options = append(options, libpod.WithSecLabels(s.SelinuxOpts))
+ } else {
+ if pod != nil {
+ // duplicate the security options from the pod
+ processLabel, err := pod.ProcessLabel()
+ if err != nil {
+ return nil, err
+ }
+ if processLabel != "" {
+ selinuxOpts, err := label.DupSecOpt(processLabel)
+ if err != nil {
+ return nil, err
+ }
+ options = append(options, libpod.WithSecLabels(selinuxOpts))
+ }
+ }
}
options = append(options, libpod.WithPrivileged(s.Privileged))
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index b57ddf1aa..f02432f5b 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -10,7 +10,6 @@ import (
"github.com/containers/podman/v2/libpod/image"
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/specgen"
- "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors"
@@ -200,7 +199,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
gid5Available := true
if isRootless {
- nGids, err := GetAvailableGids()
+ nGids, err := rootless.GetAvailableGids()
if err != nil {
return nil, err
}
@@ -360,15 +359,3 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
return configSpec, nil
}
-
-func GetAvailableGids() (int64, error) {
- idMap, err := user.ParseIDMapFile("/proc/self/gid_map")
- if err != nil {
- return 0, err
- }
- count := int64(0)
- for _, r := range idMap {
- count += r.Count
- }
- return count, nil
-}