aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/api/handlers/compat/containers_export.go3
-rw-r--r--pkg/api/handlers/compat/images.go9
-rw-r--r--pkg/api/handlers/compat/images_build.go22
-rw-r--r--pkg/api/handlers/compat/images_push.go7
-rw-r--r--pkg/api/handlers/compat/secrets.go5
-rw-r--r--pkg/api/handlers/libpod/containers.go5
-rw-r--r--pkg/api/handlers/libpod/images.go13
-rw-r--r--pkg/api/handlers/libpod/manifests.go4
-rw-r--r--pkg/api/handlers/libpod/secrets.go2
-rw-r--r--pkg/api/server/handler_logging.go3
-rw-r--r--pkg/api/server/handler_rid.go4
-rw-r--r--pkg/api/server/register_secrets.go8
-rw-r--r--pkg/auth/auth.go3
-rw-r--r--pkg/auth/auth_test.go7
-rw-r--r--pkg/bindings/errors.go4
-rw-r--r--pkg/bindings/generator/generator.go3
-rw-r--r--pkg/bindings/images/build.go21
-rw-r--r--pkg/bindings/manifests/manifests.go3
-rw-r--r--pkg/bindings/secrets/types.go1
-rw-r--r--pkg/bindings/secrets/types_create_options.go15
-rw-r--r--pkg/bindings/test/auth_test.go3
-rw-r--r--pkg/bindings/test/common_test.go5
-rw-r--r--pkg/checkpoint/checkpoint_restore.go3
-rw-r--r--pkg/checkpoint/crutils/checkpoint_restore_utils.go3
-rw-r--r--pkg/ctime/ctime_test.go5
-rw-r--r--pkg/domain/entities/events.go5
-rw-r--r--pkg/domain/entities/images.go3
-rw-r--r--pkg/domain/entities/secrets.go4
-rw-r--r--pkg/domain/infra/abi/images.go6
-rw-r--r--pkg/domain/infra/abi/play.go7
-rw-r--r--pkg/domain/infra/abi/secrets.go8
-rw-r--r--pkg/domain/infra/abi/terminal/sigproxy_commn.go16
-rw-r--r--pkg/domain/infra/abi/trust.go4
-rw-r--r--pkg/domain/infra/tunnel/containers.go10
-rw-r--r--pkg/domain/infra/tunnel/images.go3
-rw-r--r--pkg/domain/infra/tunnel/runtime.go31
-rw-r--r--pkg/domain/infra/tunnel/secrets.go3
-rw-r--r--pkg/domain/utils/scp.go3
-rw-r--r--pkg/machine/config.go3
-rw-r--r--pkg/machine/e2e/init_test.go5
-rw-r--r--pkg/machine/e2e/machine_test.go3
-rw-r--r--pkg/machine/fcos.go4
-rw-r--r--pkg/machine/ignition.go5
-rw-r--r--pkg/machine/keys.go5
-rw-r--r--pkg/machine/pull.go3
-rw-r--r--pkg/machine/qemu/claim_darwin.go4
-rw-r--r--pkg/machine/qemu/machine.go9
-rw-r--r--pkg/machine/wsl/machine.go5
-rw-r--r--pkg/machine/wsl/util_windows.go3
-rw-r--r--pkg/rootless/rootless_linux.c1
-rw-r--r--pkg/rootless/rootless_linux.go15
-rw-r--r--pkg/signal/signal_common.go15
-rw-r--r--pkg/signal/signal_common_test.go49
-rw-r--r--pkg/signal/signal_linux.go8
-rw-r--r--pkg/signal/signal_linux_mipsx.go8
-rw-r--r--pkg/signal/signal_unix.go8
-rw-r--r--pkg/signal/signal_unsupported.go6
-rw-r--r--pkg/specgen/generate/config_linux_cgo.go4
-rw-r--r--pkg/specgen/generate/container.go2
-rw-r--r--pkg/specgen/generate/pause_image.go3
-rw-r--r--pkg/specgen/generate/validate.go3
-rw-r--r--pkg/specgenutil/util.go3
-rw-r--r--pkg/systemd/generate/containers.go16
-rw-r--r--pkg/systemd/generate/containers_test.go282
-rw-r--r--pkg/systemd/generate/pods.go16
-rw-r--r--pkg/systemd/generate/pods_test.go158
-rw-r--r--pkg/systemd/notifyproxy/notifyproxy.go3
-rw-r--r--pkg/trust/policy.go9
-rw-r--r--pkg/trust/registries.go3
-rw-r--r--pkg/util/utils_freebsd.go2
-rw-r--r--pkg/util/utils_linux.go5
71 files changed, 646 insertions, 286 deletions
diff --git a/pkg/api/handlers/compat/containers_export.go b/pkg/api/handlers/compat/containers_export.go
index 66e1dcca5..03e547411 100644
--- a/pkg/api/handlers/compat/containers_export.go
+++ b/pkg/api/handlers/compat/containers_export.go
@@ -2,7 +2,6 @@ package compat
import (
"fmt"
- "io/ioutil"
"net/http"
"os"
@@ -19,7 +18,7 @@ func ExportContainer(w http.ResponseWriter, r *http.Request) {
utils.ContainerNotFound(w, name, err)
return
}
- tmpfile, err := ioutil.TempFile("", "api.tar")
+ tmpfile, err := os.CreateTemp("", "api.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go
index 0493c6ffb..cce482441 100644
--- a/pkg/api/handlers/compat/images.go
+++ b/pkg/api/handlers/compat/images.go
@@ -4,7 +4,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
"net/http"
"os"
"strings"
@@ -49,7 +48,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) {
// 500 server
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
- tmpfile, err := ioutil.TempFile("", "api.tar")
+ tmpfile, err := os.CreateTemp("", "api.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
@@ -193,7 +192,7 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) {
// fromSrc – Source to import. The value may be a URL from which the image can be retrieved or - to read the image from the request body. This parameter may only be used when importing an image.
source := query.FromSrc
if source == "-" {
- f, err := ioutil.TempFile("", "api_load.tar")
+ f, err := os.CreateTemp("", "api_load.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to create tempfile: %w", err))
return
@@ -480,7 +479,7 @@ func LoadImages(w http.ResponseWriter, r *http.Request) {
// First write the body to a temporary file that we can later attempt
// to load.
- f, err := ioutil.TempFile("", "api_load.tar")
+ f, err := os.CreateTemp("", "api_load.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to create tempfile: %w", err))
return
@@ -547,7 +546,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
images[i] = possiblyNormalizedName
}
- tmpfile, err := ioutil.TempFile("", "api.tar")
+ tmpfile, err := os.CreateTemp("", "api.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 4035b4315..d4c8c0743 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"net/http"
"os"
"path/filepath"
@@ -131,6 +130,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Secrets string `schema:"secrets"`
SecurityOpt string `schema:"securityopt"`
ShmSize int `schema:"shmsize"`
+ SkipUnusedStages bool `schema:"skipunusedstages"`
Squash bool `schema:"squash"`
TLSVerify bool `schema:"tlsVerify"`
Tags []string `schema:"t"`
@@ -139,12 +139,13 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Ulimits string `schema:"ulimits"`
UnsetEnvs []string `schema:"unsetenv"`
}{
- Dockerfile: "Dockerfile",
- IdentityLabel: true,
- Registry: "docker.io",
- Rm: true,
- ShmSize: 64 * 1024 * 1024,
- TLSVerify: true,
+ Dockerfile: "Dockerfile",
+ IdentityLabel: true,
+ Registry: "docker.io",
+ Rm: true,
+ ShmSize: 64 * 1024 * 1024,
+ TLSVerify: true,
+ SkipUnusedStages: true,
}
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
@@ -182,7 +183,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
dockerFileSet := false
if utils.IsLibpodRequest(r) && query.Remote != "" {
// The context directory could be a URL. Try to handle that.
- anchorDir, err := ioutil.TempDir(parse.GetTempDir(), "libpod_builder")
+ anchorDir, err := os.MkdirTemp(parse.GetTempDir(), "libpod_builder")
if err != nil {
utils.InternalServerError(w, err)
}
@@ -676,6 +677,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
RemoveIntermediateCtrs: query.Rm,
ReportWriter: reporter,
RusageLogFile: query.RusageLogFile,
+ SkipUnusedStages: types.NewOptionalBool(query.SkipUnusedStages),
Squash: query.Squash,
SystemContext: systemContext,
Target: query.Target,
@@ -730,7 +732,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
if logrus.IsLevelEnabled(logrus.DebugLevel) {
if v, found := os.LookupEnv("PODMAN_RETAIN_BUILD_ARTIFACT"); found {
if keep, _ := strconv.ParseBool(v); keep {
- t, _ := ioutil.TempFile("", "build_*_server")
+ t, _ := os.CreateTemp("", "build_*_server")
defer t.Close()
body = io.MultiWriter(t, w)
}
@@ -852,7 +854,7 @@ func parseLibPodIsolation(isolation string) (buildah.Isolation, error) {
func extractTarFile(r *http.Request) (string, error) {
// build a home for the request body
- anchorDir, err := ioutil.TempDir("", "libpod_builder")
+ anchorDir, err := os.MkdirTemp("", "libpod_builder")
if err != nil {
return "", err
}
diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go
index a1173de0b..e1655a3bc 100644
--- a/pkg/api/handlers/compat/images_push.go
+++ b/pkg/api/handlers/compat/images_push.go
@@ -4,8 +4,9 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
+ "io"
"net/http"
+ "os"
"strings"
"github.com/containers/image/v5/types"
@@ -26,7 +27,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) {
decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder)
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
- digestFile, err := ioutil.TempFile("", "digest.txt")
+ digestFile, err := os.CreateTemp("", "digest.txt")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
@@ -186,7 +187,7 @@ loop: // break out of for/select infinite loop
break loop
}
- digestBytes, err := ioutil.ReadAll(digestFile)
+ digestBytes, err := io.ReadAll(digestFile)
if err != nil {
report.Error = &jsonmessage.JSONError{
Message: err.Error(),
diff --git a/pkg/api/handlers/compat/secrets.go b/pkg/api/handlers/compat/secrets.go
index 13b3c4e24..847f05f27 100644
--- a/pkg/api/handlers/compat/secrets.go
+++ b/pkg/api/handlers/compat/secrets.go
@@ -111,14 +111,11 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("Decode(): %w", err))
return
}
- if len(createParams.Labels) > 0 {
- utils.Error(w, http.StatusBadRequest, fmt.Errorf("labels not supported: %w", errors.New("bad parameter")))
- return
- }
decoded, _ := base64.StdEncoding.DecodeString(createParams.Data)
reader := bytes.NewReader(decoded)
opts.Driver = createParams.Driver.Name
+ opts.Labels = createParams.Labels
ic := abi.ContainerEngine{Libpod: runtime}
report, err := ic.SecretCreate(r.Context(), createParams.Name, reader, opts)
diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go
index a76e3d988..854740b17 100644
--- a/pkg/api/handlers/libpod/containers.go
+++ b/pkg/api/handlers/libpod/containers.go
@@ -4,7 +4,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
"net/http"
"os"
"strings"
@@ -248,7 +247,7 @@ func Checkpoint(w http.ResponseWriter, r *http.Request) {
}
if query.Export {
- f, err := ioutil.TempFile("", "checkpoint")
+ f, err := os.CreateTemp("", "checkpoint")
if err != nil {
utils.InternalServerError(w, err)
return
@@ -329,7 +328,7 @@ func Restore(w http.ResponseWriter, r *http.Request) {
var names []string
if query.Import {
- t, err := ioutil.TempFile("", "restore")
+ t, err := os.CreateTemp("", "restore")
if err != nil {
utils.InternalServerError(w, err)
return
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 82c1971cd..412532954 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -4,7 +4,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"net/http"
"os"
"strconv"
@@ -182,7 +181,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) {
switch query.Format {
case define.OCIArchive, define.V2s2Archive:
- tmpfile, err := ioutil.TempFile("", "api.tar")
+ tmpfile, err := os.CreateTemp("", "api.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
@@ -193,7 +192,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) {
return
}
case define.OCIManifestDir, define.V2s2ManifestDir:
- tmpdir, err := ioutil.TempDir("", "save")
+ tmpdir, err := os.MkdirTemp("", "save")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempdir: %w", err))
return
@@ -279,7 +278,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
switch query.Format {
case define.V2s2Archive, define.OCIArchive:
- tmpfile, err := ioutil.TempFile("", "api.tar")
+ tmpfile, err := os.CreateTemp("", "api.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
@@ -290,7 +289,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
return
}
case define.OCIManifestDir, define.V2s2ManifestDir:
- tmpdir, err := ioutil.TempDir("", "save")
+ tmpdir, err := os.MkdirTemp("", "save")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tmpdir: %w", err))
return
@@ -329,7 +328,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
func ImagesLoad(w http.ResponseWriter, r *http.Request) {
runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
- tmpfile, err := ioutil.TempFile("", "libpod-images-load.tar")
+ tmpfile, err := os.CreateTemp("", "libpod-images-load.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
@@ -378,7 +377,7 @@ func ImagesImport(w http.ResponseWriter, r *http.Request) {
// Check if we need to load the image from a URL or from the request's body.
source := query.URL
if len(query.URL) == 0 {
- tmpfile, err := ioutil.TempFile("", "libpod-images-import.tar")
+ tmpfile, err := os.CreateTemp("", "libpod-images-import.tar")
if err != nil {
utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err))
return
diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go
index d5af72a61..c96e4936b 100644
--- a/pkg/api/handlers/libpod/manifests.go
+++ b/pkg/api/handlers/libpod/manifests.go
@@ -5,7 +5,7 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
"strconv"
@@ -83,7 +83,7 @@ func ManifestCreate(w http.ResponseWriter, r *http.Request) {
status = http.StatusCreated
}
- buffer, err := ioutil.ReadAll(r.Body)
+ buffer, err := io.ReadAll(r.Body)
if err != nil {
utils.InternalServerError(w, err)
return
diff --git a/pkg/api/handlers/libpod/secrets.go b/pkg/api/handlers/libpod/secrets.go
index 6eba65f2b..c24ac8563 100644
--- a/pkg/api/handlers/libpod/secrets.go
+++ b/pkg/api/handlers/libpod/secrets.go
@@ -22,6 +22,7 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) {
Name string `schema:"name"`
Driver string `schema:"driver"`
DriverOpts map[string]string `schema:"driveropts"`
+ Labels map[string]string `schema:"labels"`
}{
// override any golang type defaults
}
@@ -33,6 +34,7 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) {
opts.Driver = query.Driver
opts.DriverOpts = query.DriverOpts
+ opts.Labels = query.Labels
ic := abi.ContainerEngine{Libpod: runtime}
report, err := ic.SecretCreate(r.Context(), query.Name, r.Body, opts)
diff --git a/pkg/api/server/handler_logging.go b/pkg/api/server/handler_logging.go
index 699fab7a5..38ee8321c 100644
--- a/pkg/api/server/handler_logging.go
+++ b/pkg/api/server/handler_logging.go
@@ -2,7 +2,6 @@ package server
import (
"io"
- "io/ioutil"
"net/http"
"time"
@@ -41,7 +40,7 @@ func loggingHandler() mux.MiddlewareFunc {
"API": "request",
"X-Reference-Id": r.Header.Get("X-Reference-Id"),
})
- r.Body = ioutil.NopCloser(
+ r.Body = io.NopCloser(
io.TeeReader(r.Body, annotated.WriterLevel(logrus.TraceLevel)))
w = responseWriter{ResponseWriter: w}
diff --git a/pkg/api/server/handler_rid.go b/pkg/api/server/handler_rid.go
index ee278071a..3e404cc31 100644
--- a/pkg/api/server/handler_rid.go
+++ b/pkg/api/server/handler_rid.go
@@ -2,7 +2,7 @@ package server
import (
"fmt"
- "io/ioutil"
+ "io"
"net/http"
"github.com/containers/podman/v4/pkg/api/types"
@@ -17,7 +17,7 @@ import (
func referenceIDHandler() mux.MiddlewareFunc {
return func(h http.Handler) http.Handler {
// Only log Apache access_log-like entries at Info level or below
- out := ioutil.Discard
+ out := io.Discard
if logrus.IsLevelEnabled(logrus.InfoLevel) {
out = logrus.StandardLogger().Out
}
diff --git a/pkg/api/server/register_secrets.go b/pkg/api/server/register_secrets.go
index 8918ad238..a60145958 100644
--- a/pkg/api/server/register_secrets.go
+++ b/pkg/api/server/register_secrets.go
@@ -25,6 +25,14 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error {
// type: string
// description: Secret driver
// default: "file"
+ // - in: query
+ // name: driveropts
+ // type: string
+ // description: Secret driver options
+ // - in: query
+ // name: labels
+ // type: string
+ // description: Labels on the secret
// - in: body
// name: request
// description: Secret
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 270cd4207..52a632b33 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -4,7 +4,6 @@ import (
"encoding/base64"
"encoding/json"
"fmt"
- "io/ioutil"
"net/http"
"os"
"strings"
@@ -233,7 +232,7 @@ func encodeMultiAuthConfigs(authConfigs map[string]types.DockerAuthConfig) (stri
// TMPDIR will be used.
func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (string, error) {
// Initialize an empty temporary JSON file.
- tmpFile, err := ioutil.TempFile("", "auth.json.")
+ tmpFile, err := os.CreateTemp("", "auth.json.")
if err != nil {
return "", err
}
diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go
index f25cbf2cc..90a81ac9a 100644
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@@ -3,7 +3,6 @@ package auth
import (
"encoding/base64"
"encoding/json"
- "io/ioutil"
"net/http"
"os"
"testing"
@@ -37,10 +36,10 @@ func systemContextForAuthFile(t *testing.T, fileContents string) (*types.SystemC
return nil, func() {}
}
- f, err := ioutil.TempFile("", "auth.json")
+ f, err := os.CreateTemp("", "auth.json")
require.NoError(t, err)
path := f.Name()
- err = ioutil.WriteFile(path, []byte(fileContents), 0700)
+ err = os.WriteFile(path, []byte(fileContents), 0700)
require.NoError(t, err)
return &types.SystemContext{AuthFilePath: path}, func() { os.Remove(path) }
}
@@ -347,7 +346,7 @@ func TestAuthConfigsToAuthFile(t *testing.T) {
assert.Empty(t, filePath)
} else {
assert.NoError(t, err)
- content, err := ioutil.ReadFile(filePath)
+ content, err := os.ReadFile(filePath)
require.NoError(t, err)
assert.Contains(t, string(content), tc.expectedContains)
os.Remove(filePath)
diff --git a/pkg/bindings/errors.go b/pkg/bindings/errors.go
index 29f087c22..d9dfa95a6 100644
--- a/pkg/bindings/errors.go
+++ b/pkg/bindings/errors.go
@@ -4,7 +4,7 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
+ "io"
"github.com/containers/podman/v4/pkg/errorhandling"
)
@@ -29,7 +29,7 @@ func (h APIResponse) Process(unmarshalInto interface{}) error {
// ProcessWithError drains the response body, and processes the HTTP status code
// Note: Closing the response.Body is left to the caller
func (h APIResponse) ProcessWithError(unmarshalInto interface{}, unmarshalErrorInto interface{}) error {
- data, err := ioutil.ReadAll(h.Response.Body)
+ data, err := io.ReadAll(h.Response.Body)
if err != nil {
return fmt.Errorf("unable to process API response: %w", err)
}
diff --git a/pkg/bindings/generator/generator.go b/pkg/bindings/generator/generator.go
index 06be52451..78244b502 100644
--- a/pkg/bindings/generator/generator.go
+++ b/pkg/bindings/generator/generator.go
@@ -12,7 +12,6 @@ import (
"go/ast"
"go/parser"
"go/token"
- "io/ioutil"
"os"
"os/exec"
"strings"
@@ -72,7 +71,7 @@ func main() {
)
srcFile := os.Getenv("GOFILE")
inputStructName := os.Args[1]
- b, err := ioutil.ReadFile(srcFile)
+ b, err := os.ReadFile(srcFile)
if err != nil {
panic(err)
}
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index ef875c9eb..f8552cddb 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -9,7 +9,6 @@ import (
"fmt"
"io"
"io/fs"
- "io/ioutil"
"net/http"
"net/url"
"os"
@@ -234,6 +233,14 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
if options.CacheFrom != nil {
params.Set("cachefrom", options.CacheFrom.String())
}
+
+ switch options.SkipUnusedStages {
+ case types.OptionalBoolTrue:
+ params.Set("skipunusedstages", "1")
+ case types.OptionalBoolFalse:
+ params.Set("skipunusedstages", "0")
+ }
+
if options.CacheTo != nil {
params.Set("cacheto", options.CacheTo.String())
}
@@ -395,11 +402,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
dontexcludes := []string{"!Dockerfile", "!Containerfile", "!.dockerignore", "!.containerignore"}
for _, c := range containerFiles {
if c == "/dev/stdin" {
- content, err := ioutil.ReadAll(os.Stdin)
+ content, err := io.ReadAll(os.Stdin)
if err != nil {
return nil, err
}
- tmpFile, err := ioutil.TempFile("", "build")
+ tmpFile, err := os.CreateTemp("", "build")
if err != nil {
return nil, err
}
@@ -465,7 +472,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
if arr[0] == "src" {
// read specified secret into a tmp file
// move tmp file to tar and change secret source to relative tmp file
- tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret")
+ tmpSecretFile, err := os.CreateTemp(options.ContextDirectory, "podman-build-secret")
if err != nil {
return nil, err
}
@@ -531,7 +538,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
if logrus.IsLevelEnabled(logrus.DebugLevel) {
if v, found := os.LookupEnv("PODMAN_RETAIN_BUILD_ARTIFACT"); found {
if keep, _ := strconv.ParseBool(v); keep {
- t, _ := ioutil.TempFile("", "build_*_client")
+ t, _ := os.CreateTemp("", "build_*_client")
defer t.Close()
body = io.TeeReader(response.Body, t)
}
@@ -737,10 +744,10 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
}
func parseDockerignore(root string) ([]string, error) {
- ignore, err := ioutil.ReadFile(filepath.Join(root, ".containerignore"))
+ ignore, err := os.ReadFile(filepath.Join(root, ".containerignore"))
if err != nil {
var dockerIgnoreErr error
- ignore, dockerIgnoreErr = ioutil.ReadFile(filepath.Join(root, ".dockerignore"))
+ ignore, dockerIgnoreErr = os.ReadFile(filepath.Join(root, ".dockerignore"))
if dockerIgnoreErr != nil && !os.IsNotExist(dockerIgnoreErr) {
return nil, err
}
diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go
index 752366937..d987e51d8 100644
--- a/pkg/bindings/manifests/manifests.go
+++ b/pkg/bindings/manifests/manifests.go
@@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"net/http"
"os"
"strconv"
@@ -257,7 +256,7 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp
}
defer response.Body.Close()
- data, err := ioutil.ReadAll(response.Body)
+ data, err := io.ReadAll(response.Body)
if err != nil {
return "", fmt.Errorf("unable to process API response: %w", err)
}
diff --git a/pkg/bindings/secrets/types.go b/pkg/bindings/secrets/types.go
index 01c3c248d..d2f449556 100644
--- a/pkg/bindings/secrets/types.go
+++ b/pkg/bindings/secrets/types.go
@@ -22,4 +22,5 @@ type CreateOptions struct {
Name *string
Driver *string
DriverOpts map[string]string
+ Labels map[string]string
}
diff --git a/pkg/bindings/secrets/types_create_options.go b/pkg/bindings/secrets/types_create_options.go
index 6b1666a42..c9c88e1f3 100644
--- a/pkg/bindings/secrets/types_create_options.go
+++ b/pkg/bindings/secrets/types_create_options.go
@@ -61,3 +61,18 @@ func (o *CreateOptions) GetDriverOpts() map[string]string {
}
return o.DriverOpts
}
+
+// WithLabels set field Labels to given value
+func (o *CreateOptions) WithLabels(value map[string]string) *CreateOptions {
+ o.Labels = value
+ return o
+}
+
+// GetLabels returns value of field Labels
+func (o *CreateOptions) GetLabels() map[string]string {
+ if o.Labels == nil {
+ var z map[string]string
+ return z
+ }
+ return o.Labels
+}
diff --git a/pkg/bindings/test/auth_test.go b/pkg/bindings/test/auth_test.go
index c4c4b16d8..5b148a51c 100644
--- a/pkg/bindings/test/auth_test.go
+++ b/pkg/bindings/test/auth_test.go
@@ -1,7 +1,6 @@
package bindings_test
import (
- "io/ioutil"
"os"
"time"
@@ -76,7 +75,7 @@ var _ = Describe("Podman images", func() {
imageRef := imageRep + ":" + imageTag
// Create a temporary authentication file.
- tmpFile, err := ioutil.TempFile("", "auth.json.")
+ tmpFile, err := os.CreateTemp("", "auth.json.")
Expect(err).To(BeNil())
_, err = tmpFile.Write([]byte{'{', '}'})
Expect(err).To(BeNil())
diff --git a/pkg/bindings/test/common_test.go b/pkg/bindings/test/common_test.go
index 6b0175f59..f174b84f8 100644
--- a/pkg/bindings/test/common_test.go
+++ b/pkg/bindings/test/common_test.go
@@ -3,7 +3,6 @@ package bindings_test
import (
"context"
"fmt"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -146,7 +145,7 @@ func newBindingTest() *bindingTest {
// createTempDirinTempDir create a temp dir with prefix podman_test
func createTempDirInTempDir() (string, error) {
- return ioutil.TempDir("", "libpod_api")
+ return os.MkdirTemp("", "libpod_api")
}
func (b *bindingTest) startAPIService() *gexec.Session {
@@ -264,7 +263,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte {
// If running localized tests, the cache dir is created and populated. if the
// tests are remote, this is a no-op
createCache()
- path, err := ioutil.TempDir("", "libpodlock")
+ path, err := os.MkdirTemp("", "libpodlock")
if err != nil {
fmt.Println(err)
os.Exit(1)
diff --git a/pkg/checkpoint/checkpoint_restore.go b/pkg/checkpoint/checkpoint_restore.go
index e7c843143..248b9cdbf 100644
--- a/pkg/checkpoint/checkpoint_restore.go
+++ b/pkg/checkpoint/checkpoint_restore.go
@@ -4,7 +4,6 @@ import (
"context"
"errors"
"fmt"
- "io/ioutil"
"os"
metadata "github.com/checkpoint-restore/checkpointctl/lib"
@@ -26,7 +25,7 @@ import (
func CRImportCheckpointTar(ctx context.Context, runtime *libpod.Runtime, restoreOptions entities.RestoreOptions) ([]*libpod.Container, error) {
// First get the container definition from the
// tarball to a temporary directory
- dir, err := ioutil.TempDir("", "checkpoint")
+ dir, err := os.MkdirTemp("", "checkpoint")
if err != nil {
return nil, err
}
diff --git a/pkg/checkpoint/crutils/checkpoint_restore_utils.go b/pkg/checkpoint/crutils/checkpoint_restore_utils.go
index 132632322..b9db9562a 100644
--- a/pkg/checkpoint/crutils/checkpoint_restore_utils.go
+++ b/pkg/checkpoint/crutils/checkpoint_restore_utils.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -237,7 +236,7 @@ func CRRuntimeSupportsPodCheckpointRestore(runtimePath string) bool {
// given checkpoint archive and returns the runtime used to create
// the given checkpoint archive.
func CRGetRuntimeFromArchive(input string) (*string, error) {
- dir, err := ioutil.TempDir("", "checkpoint")
+ dir, err := os.MkdirTemp("", "checkpoint")
if err != nil {
return nil, err
}
diff --git a/pkg/ctime/ctime_test.go b/pkg/ctime/ctime_test.go
index abfc627da..014f15aa9 100644
--- a/pkg/ctime/ctime_test.go
+++ b/pkg/ctime/ctime_test.go
@@ -1,7 +1,6 @@
package ctime
import (
- "io/ioutil"
"os"
"testing"
"time"
@@ -10,13 +9,13 @@ import (
func TestCreated(t *testing.T) {
before := time.Now()
- fileA, err := ioutil.TempFile("", "ctime-test-")
+ fileA, err := os.CreateTemp("", "ctime-test-")
if err != nil {
t.Error(err)
}
defer os.Remove(fileA.Name())
- fileB, err := ioutil.TempFile("", "ctime-test-")
+ fileB, err := os.CreateTemp("", "ctime-test-")
if err != nil {
t.Error(err)
}
diff --git a/pkg/domain/entities/events.go b/pkg/domain/entities/events.go
index de218b285..34a6fe048 100644
--- a/pkg/domain/entities/events.go
+++ b/pkg/domain/entities/events.go
@@ -14,7 +14,7 @@ type Event struct {
// TODO: it would be nice to have full control over the types at some
// point and fork such Docker types.
dockerEvents.Message
- HealthStatus string
+ HealthStatus string `json:",omitempty"`
}
// ConvertToLibpodEvent converts an entities event to a libpod one.
@@ -34,6 +34,7 @@ func ConvertToLibpodEvent(e Event) *libpodEvents.Event {
image := e.Actor.Attributes["image"]
name := e.Actor.Attributes["name"]
details := e.Actor.Attributes
+ podID := e.Actor.Attributes["podId"]
delete(details, "image")
delete(details, "name")
delete(details, "containerExitCode")
@@ -47,6 +48,7 @@ func ConvertToLibpodEvent(e Event) *libpodEvents.Event {
Type: t,
HealthStatus: e.HealthStatus,
Details: libpodEvents.Details{
+ PodID: podID,
Attributes: details,
},
}
@@ -61,6 +63,7 @@ func ConvertToEntitiesEvent(e libpodEvents.Event) *Event {
attributes["image"] = e.Image
attributes["name"] = e.Name
attributes["containerExitCode"] = strconv.Itoa(e.ContainerExitCode)
+ attributes["podId"] = e.PodID
message := dockerEvents.Message{
// Compatibility with clients that still look for deprecated API elements
Status: e.Status.String(),
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index cad11b0ab..b1eb3b005 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -335,7 +335,8 @@ type ImageSaveOptions struct {
// Output - write image to the specified path.
Output string
// Quiet - suppress output when copying images
- Quiet bool
+ Quiet bool
+ SignaturePolicy string
}
// ImageScpOptions provide options for securely copying images to and from a remote host
diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go
index d8af937a7..5686b90e9 100644
--- a/pkg/domain/entities/secrets.go
+++ b/pkg/domain/entities/secrets.go
@@ -13,6 +13,7 @@ type SecretCreateReport struct {
type SecretCreateOptions struct {
Driver string
DriverOpts map[string]string
+ Labels map[string]string
}
type SecretListRequest struct {
@@ -55,6 +56,7 @@ type SecretVersion struct {
type SecretSpec struct {
Name string
Driver SecretDriverSpec
+ Labels map[string]string
}
type SecretDriverSpec struct {
@@ -70,6 +72,8 @@ type SecretCreateRequest struct {
Data string
// Driver represents a driver (default "file")
Driver SecretDriverSpec
+ // Labels are labels on the secret
+ Labels map[string]string
}
// Secret create response
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 6934de60e..16b75829f 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io/fs"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -340,7 +339,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
return err
}
- if err := ioutil.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
+ if err := os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
return err
}
}
@@ -406,6 +405,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
saveOptions := &libimage.SaveOptions{}
saveOptions.DirForceCompress = options.Compress
saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
+ saveOptions.SignaturePolicyPath = options.SignaturePolicy
// Force signature removal to preserve backwards compat.
// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
@@ -910,5 +910,5 @@ func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStore
if err != nil {
return err
}
- return ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
+ return os.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index a65403fb4..bd9117f72 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"path/filepath"
"strconv"
@@ -117,7 +116,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
validKinds := 0
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
@@ -889,7 +888,7 @@ func (ic *ContainerEngine) playKubePVC(ctx context.Context, pvcYAML *v1.Persiste
func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) {
var cm v1.ConfigMap
- content, err := ioutil.ReadAll(r)
+ content, err := io.ReadAll(r)
if err != nil {
return cm, fmt.Errorf("unable to read ConfigMap YAML content: %w", err)
}
@@ -1021,7 +1020,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ e
reports := new(entities.PlayKubeReport)
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 47159d65a..929858c5c 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
"path/filepath"
"strings"
@@ -14,7 +13,7 @@ import (
)
func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) {
- data, _ := ioutil.ReadAll(reader)
+ data, _ := io.ReadAll(reader)
secretsPath := ic.Libpod.GetSecretsStorageDir()
manager, err := ic.Libpod.SecretsManager()
if err != nil {
@@ -45,6 +44,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
storeOpts := secrets.StoreOptions{
DriverOpts: options.DriverOpts,
+ Labels: options.Labels,
}
secretID, err := manager.Store(name, data, options.Driver, storeOpts)
@@ -74,6 +74,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
return nil, nil, fmt.Errorf("inspecting secret %s: %w", nameOrID, err)
}
}
+ if secret.Labels == nil {
+ secret.Labels = make(map[string]string)
+ }
report := &entities.SecretInfoReport{
ID: secret.ID,
CreatedAt: secret.CreatedAt,
@@ -84,6 +87,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
Name: secret.Driver,
Options: secret.DriverOptions,
},
+ Labels: secret.Labels,
},
}
reports = append(reports, report)
diff --git a/pkg/domain/infra/abi/terminal/sigproxy_commn.go b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
index 3a0132ef3..d42685508 100644
--- a/pkg/domain/infra/abi/terminal/sigproxy_commn.go
+++ b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
@@ -15,33 +15,25 @@ import (
"github.com/sirupsen/logrus"
)
-// Make sure the signal buffer is sufficiently big.
-// runc is using the same value.
-const signalBufferSize = 2048
-
// ProxySignals ...
func ProxySignals(ctr *libpod.Container) {
// Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going
// to the container now.
shutdown.Stop() //nolint: errcheck
- sigBuffer := make(chan os.Signal, signalBufferSize)
+ sigBuffer := make(chan os.Signal, signal.SignalBufferSize)
signal.CatchAll(sigBuffer)
logrus.Debugf("Enabling signal proxying")
go func() {
for s := range sigBuffer {
- // Ignore SIGCHLD and SIGPIPE - these are mostly likely
- // intended for the podman command itself.
- // SIGURG was added because of golang 1.14 and its preemptive changes
- // causing more signals to "show up".
- // https://github.com/containers/podman/issues/5483
- if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG {
+ syscallSignal := s.(syscall.Signal)
+ if signal.IsSignalIgnoredBySigProxy(syscallSignal) {
continue
}
- if err := ctr.Kill(uint(s.(syscall.Signal))); err != nil {
+ if err := ctr.Kill(uint(syscallSignal)); err != nil {
if errors.Is(err, define.ErrCtrStateInvalid) {
logrus.Infof("Ceasing signal forwarding to container %s as it has stopped", ctr.ID())
} else {
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index c58ddff06..9b30920d7 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -3,7 +3,7 @@ package abi
import (
"context"
"fmt"
- "io/ioutil"
+ "os"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/trust"
@@ -18,7 +18,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
if len(options.PolicyPath) > 0 {
policyPath = options.PolicyPath
}
- report.Raw, err = ioutil.ReadFile(policyPath)
+ report.Raw, err = os.ReadFile(policyPath)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 0dc73081d..0b573686f 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -620,6 +620,9 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s
}
func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, output, errput *os.File) error {
+ if output == nil && errput == nil {
+ fmt.Printf("%s\n", name)
+ }
attachErr := make(chan error)
attachReady := make(chan bool)
options := new(containers.AttachOptions).WithStream(true)
@@ -825,6 +828,13 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
}
// Attach
+ if opts.SigProxy {
+ remoteProxySignals(con.ID, func(signal string) error {
+ killOpts := entities.KillOptions{All: false, Latest: false, Signal: signal}
+ _, err := ic.ContainerKill(ctx, []string{con.ID}, killOpts)
+ return err
+ })
+ }
if err := startAndAttach(ic, con.ID, &opts.DetachKeys, opts.InputStream, opts.OutputStream, opts.ErrorStream); err != nil {
if err == define.ErrDetach {
return &report, nil
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index cc99b1b3a..9ae1ff959 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -4,7 +4,6 @@ import (
"context"
"errors"
"fmt"
- "io/ioutil"
"os"
"strconv"
"strings"
@@ -264,7 +263,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
switch opts.Format {
case "oci-dir", "docker-dir":
- f, err = ioutil.TempFile("", "podman_save")
+ f, err = os.CreateTemp("", "podman_save")
if err == nil {
defer func() { _ = os.Remove(f.Name()) }()
}
diff --git a/pkg/domain/infra/tunnel/runtime.go b/pkg/domain/infra/tunnel/runtime.go
index 6542ea5b7..75bd4ef5e 100644
--- a/pkg/domain/infra/tunnel/runtime.go
+++ b/pkg/domain/infra/tunnel/runtime.go
@@ -2,6 +2,12 @@ package tunnel
import (
"context"
+ "os"
+ "syscall"
+
+ "github.com/containers/podman/v4/libpod/define"
+ "github.com/containers/podman/v4/pkg/signal"
+ "github.com/sirupsen/logrus"
)
// Image-related runtime using an ssh-tunnel to utilize Podman service
@@ -18,3 +24,28 @@ type ContainerEngine struct {
type SystemEngine struct {
ClientCtx context.Context
}
+
+func remoteProxySignals(ctrID string, killFunc func(string) error) {
+ sigBuffer := make(chan os.Signal, signal.SignalBufferSize)
+ signal.CatchAll(sigBuffer)
+
+ logrus.Debugf("Enabling signal proxying")
+
+ go func() {
+ for s := range sigBuffer {
+ syscallSignal := s.(syscall.Signal)
+ if signal.IsSignalIgnoredBySigProxy(syscallSignal) {
+ continue
+ }
+ signalName, err := signal.ParseSysSignalToName(syscallSignal)
+ if err != nil {
+ logrus.Infof("Ceasing signal %v forwarding to container %s as it has stopped: %s", s, ctrID, err)
+ }
+ if err := killFunc(signalName); err != nil {
+ if err.Error() == define.ErrCtrStateInvalid.Error() {
+ logrus.Debugf("Ceasing signal %q forwarding to container %s as it has stopped", signalName, ctrID)
+ }
+ }
+ }
+ }()
+}
diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go
index d26718b12..aa48cb764 100644
--- a/pkg/domain/infra/tunnel/secrets.go
+++ b/pkg/domain/infra/tunnel/secrets.go
@@ -14,7 +14,8 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
opts := new(secrets.CreateOptions).
WithDriver(options.Driver).
WithDriverOpts(options.DriverOpts).
- WithName(name)
+ WithName(name).
+ WithLabels(options.Labels)
created, err := secrets.Create(ic.ClientCtx, reader, opts)
if err != nil {
return nil, err
diff --git a/pkg/domain/utils/scp.go b/pkg/domain/utils/scp.go
index 44a0d94d7..19567551e 100644
--- a/pkg/domain/utils/scp.go
+++ b/pkg/domain/utils/scp.go
@@ -2,7 +2,6 @@ package utils
import (
"fmt"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -29,7 +28,7 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool, sshMode
return nil, nil, nil, nil, err
}
- f, err := ioutil.TempFile("", "podman") // open temp file for load/save output
+ f, err := os.CreateTemp("", "podman") // open temp file for load/save output
if err != nil {
return nil, nil, nil, nil, err
}
diff --git a/pkg/machine/config.go b/pkg/machine/config.go
index 54aa9e1b7..8c22ae6a3 100644
--- a/pkg/machine/config.go
+++ b/pkg/machine/config.go
@@ -5,7 +5,6 @@ package machine
import (
"errors"
- "io/ioutil"
"net"
"net/url"
"os"
@@ -283,7 +282,7 @@ func (m *VMFile) Delete() error {
// Read the contents of a given file and return in []bytes
func (m *VMFile) Read() ([]byte, error) {
- return ioutil.ReadFile(m.GetPath())
+ return os.ReadFile(m.GetPath())
}
// NewMachineFile is a constructor for VMFile
diff --git a/pkg/machine/e2e/init_test.go b/pkg/machine/e2e/init_test.go
index c298d3b14..ebf59dcd7 100644
--- a/pkg/machine/e2e/init_test.go
+++ b/pkg/machine/e2e/init_test.go
@@ -1,7 +1,6 @@
package e2e_test
import (
- "io/ioutil"
"os"
"strconv"
"time"
@@ -138,9 +137,9 @@ var _ = Describe("podman machine init", func() {
})
It("machine init with volume", func() {
- tmpDir, err := ioutil.TempDir("", "")
+ tmpDir, err := os.MkdirTemp("", "")
Expect(err).To(BeNil())
- _, err = ioutil.TempFile(tmpDir, "example")
+ _, err = os.CreateTemp(tmpDir, "example")
Expect(err).To(BeNil())
mount := tmpDir + ":/testmountdir"
defer os.RemoveAll(tmpDir)
diff --git a/pkg/machine/e2e/machine_test.go b/pkg/machine/e2e/machine_test.go
index 5de04b9f7..5cd89c7ab 100644
--- a/pkg/machine/e2e/machine_test.go
+++ b/pkg/machine/e2e/machine_test.go
@@ -3,7 +3,6 @@ package e2e_test
import (
"fmt"
"io"
- "io/ioutil"
url2 "net/url"
"os"
"path"
@@ -77,7 +76,7 @@ var _ = SynchronizedAfterSuite(func() {},
func setup() (string, *machineTestBuilder) {
// Set TMPDIR if this needs a new directory
- homeDir, err := ioutil.TempDir("", "podman_test")
+ homeDir, err := os.MkdirTemp("", "podman_test")
if err != nil {
Fail(fmt.Sprintf("failed to create home directory: %q", err))
}
diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go
index 246f92a19..311891c26 100644
--- a/pkg/machine/fcos.go
+++ b/pkg/machine/fcos.go
@@ -6,7 +6,7 @@ package machine
import (
"encoding/json"
"fmt"
- "io/ioutil"
+ "io"
"net/http"
url2 "net/url"
"os"
@@ -175,7 +175,7 @@ func GetFCOSDownload(imageStream string) (*FcosDownloadInfo, error) {
if err != nil {
return nil, err
}
- body, err := ioutil.ReadAll(resp.Body)
+ body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index 366d10499..39ddce14c 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -7,7 +7,6 @@ import (
"encoding/json"
"fmt"
"io/fs"
- "io/ioutil"
"net/url"
"os"
"path/filepath"
@@ -227,7 +226,7 @@ WantedBy=sysinit.target
if err != nil {
return err
}
- return ioutil.WriteFile(ign.WritePath, b, 0644)
+ return os.WriteFile(ign.WritePath, b, 0644)
}
func getDirs(usrName string) []Directory {
@@ -559,7 +558,7 @@ func getCerts(certsDir string, isDir bool) []File {
}
func prepareCertFile(path string, name string) (File, error) {
- b, err := ioutil.ReadFile(path)
+ b, err := os.ReadFile(path)
if err != nil {
logrus.Warnf("Unable to read cert file %v", err)
return File{}, err
diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go
index 94cbdac04..fce405695 100644
--- a/pkg/machine/keys.go
+++ b/pkg/machine/keys.go
@@ -7,7 +7,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -27,7 +26,7 @@ func CreateSSHKeys(writeLocation string) (string, error) {
if err := generatekeys(writeLocation); err != nil {
return "", err
}
- b, err := ioutil.ReadFile(writeLocation + ".pub")
+ b, err := os.ReadFile(writeLocation + ".pub")
if err != nil {
return "", err
}
@@ -45,7 +44,7 @@ func CreateSSHKeysPrefix(dir string, file string, passThru bool, skipExisting bo
} else {
fmt.Println("Keys already exist, reusing")
}
- b, err := ioutil.ReadFile(filepath.Join(dir, file) + ".pub")
+ b, err := os.ReadFile(filepath.Join(dir, file) + ".pub")
if err != nil {
return "", err
}
diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go
index 22a1b4c0a..9cba78237 100644
--- a/pkg/machine/pull.go
+++ b/pkg/machine/pull.go
@@ -8,7 +8,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"net/http"
url2 "net/url"
"os"
@@ -191,7 +190,7 @@ func Decompress(localPath, uncompressedPath string) error {
if err != nil {
return err
}
- sourceFile, err := ioutil.ReadFile(localPath)
+ sourceFile, err := os.ReadFile(localPath)
if err != nil {
return err
}
diff --git a/pkg/machine/qemu/claim_darwin.go b/pkg/machine/qemu/claim_darwin.go
index 66aed9ad8..c51d17bc9 100644
--- a/pkg/machine/qemu/claim_darwin.go
+++ b/pkg/machine/qemu/claim_darwin.go
@@ -2,7 +2,7 @@ package qemu
import (
"fmt"
- "io/ioutil"
+ "io"
"net"
"os"
"os/user"
@@ -43,7 +43,7 @@ func claimDockerSock() bool {
return false
}
_ = con.SetReadDeadline(time.Now().Add(time.Second * 5))
- read, err := ioutil.ReadAll(con)
+ read, err := io.ReadAll(con)
return err == nil && string(read) == "OK"
}
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index 738cd74be..fab25aa35 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -12,7 +12,6 @@ import (
"errors"
"fmt"
"io/fs"
- "io/ioutil"
"net"
"net/http"
"net/url"
@@ -391,11 +390,11 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) {
// If the user provides an ignition file, we need to
// copy it into the conf dir
if len(opts.IgnitionPath) > 0 {
- inputIgnition, err := ioutil.ReadFile(opts.IgnitionPath)
+ inputIgnition, err := os.ReadFile(opts.IgnitionPath)
if err != nil {
return false, err
}
- return false, ioutil.WriteFile(v.getIgnitionFile(), inputIgnition, 0644)
+ return false, os.WriteFile(v.getIgnitionFile(), inputIgnition, 0644)
}
// Write the ignition file
ign := machine.DynamicIgnition{
@@ -1109,7 +1108,7 @@ func getVMInfos() ([]*machine.ListResponse, error) {
vm := new(MachineVM)
if strings.HasSuffix(d.Name(), ".json") {
fullPath := filepath.Join(vmConfigDir, d.Name())
- b, err := ioutil.ReadFile(fullPath)
+ b, err := os.ReadFile(fullPath)
if err != nil {
return err
}
@@ -1539,7 +1538,7 @@ func (v *MachineVM) writeConfig() error {
if err != nil {
return err
}
- if err := ioutil.WriteFile(v.ConfigPath.GetPath(), b, 0644); err != nil {
+ if err := os.WriteFile(v.ConfigPath.GetPath(), b, 0644); err != nil {
return err
}
return nil
diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go
index 44b82b823..81980736d 100644
--- a/pkg/machine/wsl/machine.go
+++ b/pkg/machine/wsl/machine.go
@@ -10,7 +10,6 @@ import (
"fmt"
"io"
"io/fs"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -423,7 +422,7 @@ func (v *MachineVM) writeConfig() error {
if err != nil {
return err
}
- if err := ioutil.WriteFile(jsonFile, b, 0644); err != nil {
+ if err := os.WriteFile(jsonFile, b, 0644); err != nil {
return fmt.Errorf("could not write machine json config: %w", err)
}
@@ -1285,7 +1284,7 @@ func readWinProxyTid(v *MachineVM) (uint32, uint32, string, error) {
}
tidFile := filepath.Join(stateDir, winSshProxyTid)
- contents, err := ioutil.ReadFile(tidFile)
+ contents, err := os.ReadFile(tidFile)
if err != nil {
return 0, 0, "", err
}
diff --git a/pkg/machine/wsl/util_windows.go b/pkg/machine/wsl/util_windows.go
index 67d1bfc5c..5f8da10ec 100644
--- a/pkg/machine/wsl/util_windows.go
+++ b/pkg/machine/wsl/util_windows.go
@@ -4,7 +4,6 @@ import (
"encoding/base64"
"errors"
"fmt"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -209,7 +208,7 @@ func reboot() error {
return fmt.Errorf("could not create data directory: %w", err)
}
commFile := filepath.Join(dataDir, "podman-relaunch.dat")
- if err := ioutil.WriteFile(commFile, []byte(encoded), 0600); err != nil {
+ if err := os.WriteFile(commFile, []byte(encoded), 0600); err != nil {
return fmt.Errorf("could not serialize command state: %w", err)
}
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 3588313c6..fb22ed221 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -235,6 +235,7 @@ can_use_shortcut ()
if (strcmp (argv[argc], "mount") == 0
|| strcmp (argv[argc], "machine") == 0
+ || strcmp (argv[argc], "context") == 0
|| strcmp (argv[argc], "search") == 0
|| (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0))
{
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index f3453320f..7de50eaf1 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -9,7 +9,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"os/exec"
gosignal "os/signal"
@@ -224,7 +223,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) {
}
func copyMappings(from, to string) error {
- content, err := ioutil.ReadFile(from)
+ content, err := os.ReadFile(from)
if err != nil {
return err
}
@@ -235,7 +234,7 @@ func copyMappings(from, to string) error {
if bytes.Contains(content, []byte("4294967295")) {
content = []byte("0 0 1\n1 1 4294967294\n")
}
- return ioutil.WriteFile(to, content, 0600)
+ return os.WriteFile(to, content, 0600)
}
func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ bool, _ int, retErr error) {
@@ -343,13 +342,13 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
if !uidsMapped {
logrus.Warnf("Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user")
setgroups := fmt.Sprintf("/proc/%d/setgroups", pid)
- err = ioutil.WriteFile(setgroups, []byte("deny\n"), 0666)
+ err = os.WriteFile(setgroups, []byte("deny\n"), 0666)
if err != nil {
return false, -1, fmt.Errorf("cannot write setgroups file: %w", err)
}
logrus.Debugf("write setgroups file exited with 0")
- err = ioutil.WriteFile(uidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Geteuid())), 0666)
+ err = os.WriteFile(uidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Geteuid())), 0666)
if err != nil {
return false, -1, fmt.Errorf("cannot write uid_map: %w", err)
}
@@ -369,7 +368,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
gidsMapped = err == nil
}
if !gidsMapped {
- err = ioutil.WriteFile(gidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Getegid())), 0666)
+ err = os.WriteFile(gidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Getegid())), 0666)
if err != nil {
return false, -1, fmt.Errorf("cannot write gid_map: %w", err)
}
@@ -399,7 +398,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo
// We have lost the race for writing the PID file, as probably another
// process created a namespace and wrote the PID.
// Try to join it.
- data, err := ioutil.ReadFile(pausePid)
+ data, err := os.ReadFile(pausePid)
if err == nil {
var pid uint64
pid, err = strconv.ParseUint(string(data), 10, 0)
@@ -469,7 +468,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
for _, path := range paths {
if !needNewNamespace {
- data, err := ioutil.ReadFile(path)
+ data, err := os.ReadFile(path)
if err != nil {
lastErr = err
continue
diff --git a/pkg/signal/signal_common.go b/pkg/signal/signal_common.go
index fc1ecc04d..a81d0461b 100644
--- a/pkg/signal/signal_common.go
+++ b/pkg/signal/signal_common.go
@@ -9,6 +9,10 @@ import (
"syscall"
)
+// Make sure the signal buffer is sufficiently big.
+// runc is using the same value.
+const SignalBufferSize = 2048
+
// ParseSignal translates a string to a valid syscall signal.
// It returns an error if the signal map doesn't include the given signal.
func ParseSignal(rawSignal string) (syscall.Signal, error) {
@@ -56,3 +60,14 @@ func StopCatch(sigc chan os.Signal) {
signal.Stop(sigc)
close(sigc)
}
+
+// ParseSysSignalToName translates syscall.Signal to its name in the operating system.
+// For example, syscall.Signal(9) will return "KILL" on Linux system.
+func ParseSysSignalToName(s syscall.Signal) (string, error) {
+ for k, v := range SignalMap {
+ if v == s {
+ return k, nil
+ }
+ }
+ return "", fmt.Errorf("unknown syscall signal: %s", s)
+}
diff --git a/pkg/signal/signal_common_test.go b/pkg/signal/signal_common_test.go
index c4ae6b389..bd9b230f7 100644
--- a/pkg/signal/signal_common_test.go
+++ b/pkg/signal/signal_common_test.go
@@ -118,3 +118,52 @@ func TestParseSignalNameOrNumber(t *testing.T) {
})
}
}
+
+func TestParseSysSignalToName(t *testing.T) {
+ type args struct {
+ signal syscall.Signal
+ }
+ tests := []struct {
+ name string
+ args args
+ want string
+ wantErr bool
+ }{
+ {
+ name: "Kill should work",
+ args: args{
+ signal: syscall.SIGKILL,
+ },
+ want: "KILL",
+ wantErr: false,
+ },
+ {
+ name: "Non-defined signal number should not work",
+ args: args{
+ signal: 923,
+ },
+ want: "",
+ wantErr: true,
+ },
+ {
+ name: "garbage should fail",
+ args: args{
+ signal: -1,
+ },
+ want: "",
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ got, err := ParseSysSignalToName(tt.args.signal)
+ if (err != nil) != tt.wantErr {
+ t.Errorf("ParseSysSignalToName() error = %v, wantErr %v", err, tt.wantErr)
+ return
+ }
+ if got != tt.want {
+ t.Errorf("ParseSysSignalToName() got = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
diff --git a/pkg/signal/signal_linux.go b/pkg/signal/signal_linux.go
index 5103b6033..81e4ed758 100644
--- a/pkg/signal/signal_linux.go
+++ b/pkg/signal/signal_linux.go
@@ -89,3 +89,11 @@ var SignalMap = map[string]syscall.Signal{
"RTMAX-1": sigrtmax - 1,
"RTMAX": sigrtmax,
}
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+ // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+ // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+ // https://github.com/containers/podman/issues/5483
+ return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
diff --git a/pkg/signal/signal_linux_mipsx.go b/pkg/signal/signal_linux_mipsx.go
index cdf9ad4c5..c97eeb23d 100644
--- a/pkg/signal/signal_linux_mipsx.go
+++ b/pkg/signal/signal_linux_mipsx.go
@@ -90,3 +90,11 @@ var SignalMap = map[string]syscall.Signal{
"RTMAX-1": sigrtmax - 1,
"RTMAX": sigrtmax,
}
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+ // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+ // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+ // https://github.com/containers/podman/issues/5483
+ return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
diff --git a/pkg/signal/signal_unix.go b/pkg/signal/signal_unix.go
index 7919e3670..01d99d7bc 100644
--- a/pkg/signal/signal_unix.go
+++ b/pkg/signal/signal_unix.go
@@ -87,3 +87,11 @@ var SignalMap = map[string]syscall.Signal{
"RTMAX-1": sigrtmax - 1,
"RTMAX": sigrtmax,
}
+
+// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+ // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself.
+ // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up".
+ // https://github.com/containers/podman/issues/5483
+ return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG
+}
diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go
index 19ae93a61..590aaf978 100644
--- a/pkg/signal/signal_unsupported.go
+++ b/pkg/signal/signal_unsupported.go
@@ -87,3 +87,9 @@ var SignalMap = map[string]syscall.Signal{
"RTMAX-1": sigrtmax - 1,
"RTMAX": sigrtmax,
}
+
+// IsSignalIgnoredBySigProxy determines whether to sig-proxy should ignore syscall signal
+// keep the container running or not. In unsupported OS this should not ignore any syscall signal.
+func IsSignalIgnoredBySigProxy(s syscall.Signal) bool {
+ return false
+}
diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go
index 74ba4aeeb..6903ccb51 100644
--- a/pkg/specgen/generate/config_linux_cgo.go
+++ b/pkg/specgen/generate/config_linux_cgo.go
@@ -7,7 +7,7 @@ import (
"context"
"errors"
"fmt"
- "io/ioutil"
+ "os"
"github.com/containers/common/libimage"
goSeccomp "github.com/containers/common/pkg/seccomp"
@@ -47,7 +47,7 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libi
if s.SeccompProfilePath != "" {
logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath)
- seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath)
+ seccompProfile, err := os.ReadFile(s.SeccompProfilePath)
if err != nil {
return nil, fmt.Errorf("opening seccomp profile failed: %w", err)
}
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index c18b5654a..736fa5ab3 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -352,7 +352,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s
if conf.Spec.Process != nil && conf.Spec.Process.Env != nil {
env := make(map[string]string)
for _, entry := range conf.Spec.Process.Env {
- split := strings.Split(entry, "=")
+ split := strings.SplitN(entry, "=", 2)
if len(split) == 2 {
env[split[0]] = split[1]
}
diff --git a/pkg/specgen/generate/pause_image.go b/pkg/specgen/generate/pause_image.go
index ddf35f230..1b502927f 100644
--- a/pkg/specgen/generate/pause_image.go
+++ b/pkg/specgen/generate/pause_image.go
@@ -3,7 +3,6 @@ package generate
import (
"context"
"fmt"
- "io/ioutil"
"os"
buildahDefine "github.com/containers/buildah/define"
@@ -62,7 +61,7 @@ func buildPauseImage(rt *libpod.Runtime, rtConfig *config.Config) (string, error
COPY %s /catatonit
ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath)
- tmpF, err := ioutil.TempFile("", "pause.containerfile")
+ tmpF, err := os.CreateTemp("", "pause.containerfile")
if err != nil {
return "", err
}
diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go
index e9ebdfce3..10997a202 100644
--- a/pkg/specgen/generate/validate.go
+++ b/pkg/specgen/generate/validate.go
@@ -3,7 +3,6 @@ package generate
import (
"errors"
"fmt"
- "io/ioutil"
"os"
"path/filepath"
@@ -180,7 +179,7 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error
// If running under the root cgroup try to create or reuse a "probe" cgroup to read memory values
own = "podman_probe"
_ = os.MkdirAll(filepath.Join("/sys/fs/cgroup", own), 0o755)
- _ = ioutil.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+memory"), 0o644)
+ _ = os.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+memory"), 0o644)
}
memoryMax := filepath.Join("/sys/fs/cgroup", own, "memory.max")
diff --git a/pkg/specgenutil/util.go b/pkg/specgenutil/util.go
index b14e2a032..d61e57ce2 100644
--- a/pkg/specgenutil/util.go
+++ b/pkg/specgenutil/util.go
@@ -3,7 +3,6 @@ package specgenutil
import (
"errors"
"fmt"
- "io/ioutil"
"net"
"os"
"strconv"
@@ -18,7 +17,7 @@ import (
// ReadPodIDFile reads the specified file and returns its content (i.e., first
// line).
func ReadPodIDFile(path string) (string, error) {
- content, err := ioutil.ReadFile(path)
+ content, err := os.ReadFile(path)
if err != nil {
return "", fmt.Errorf("reading pod ID file: %w", err)
}
diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go
index 8510cfd42..71e9065ea 100644
--- a/pkg/systemd/generate/containers.go
+++ b/pkg/systemd/generate/containers.go
@@ -78,7 +78,7 @@ Requires={{{{- range $index, $value := .Requires }}}}{{{{ if $index}}}} {{{{end}
{{{{- end}}}}
[Service]
-Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i{{{{- end}}}}
+Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i {{{{- end}}}}
{{{{- if .ExtraEnvs}}}}
Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}{{{{end}}}}
{{{{- end}}}}
@@ -254,6 +254,10 @@ func setContainerNameForTemplate(startCommand []string, info *containerInfo) ([]
return startCommand, nil
}
+func formatOptionsString(cmd string) string {
+ return formatOptions(strings.Split(cmd, " "))
+}
+
func formatOptions(options []string) string {
var formatted strings.Builder
if len(options) == 0 {
@@ -294,8 +298,8 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
info.Type = "forking"
info.EnvVariable = define.EnvVariable
info.ExecStart = "{{{{.Executable}}}} start {{{{.ContainerNameOrID}}}}"
- info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}"
- info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}"
+ info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}")
+ info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}")
for i, env := range info.AdditionalEnvVariables {
info.AdditionalEnvVariables[i] = escapeSystemdArg(env)
}
@@ -312,9 +316,9 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst
info.NotifyAccess = "all"
info.PIDFile = ""
info.ContainerIDFile = "%t/%n.ctr-id"
- info.ExecStartPre = "/bin/rm -f {{{{.ContainerIDFile}}}}"
- info.ExecStop = "{{{{.Executable}}}} stop --ignore --cidfile={{{{.ContainerIDFile}}}}"
- info.ExecStopPost = "{{{{.Executable}}}} rm -f --ignore --cidfile={{{{.ContainerIDFile}}}}"
+ info.ExecStartPre = formatOptionsString("/bin/rm -f {{{{.ContainerIDFile}}}}")
+ info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop --ignore --cidfile={{{{.ContainerIDFile}}}}")
+ info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} rm -f --ignore --cidfile={{{{.ContainerIDFile}}}}")
// The create command must at least have three arguments:
// /usr/bin/podman run $IMAGE
index := 0
diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go
index 7f92e75b8..11e8f549e 100644
--- a/pkg/systemd/generate/containers_test.go
+++ b/pkg/systemd/generate/containers_test.go
@@ -57,8 +57,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=82
ExecStart=/usr/bin/podman start 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
-ExecStop=/usr/bin/podman stop -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
-ExecStopPost=/usr/bin/podman stop -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
+ExecStop=/usr/bin/podman stop \
+ -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
+ExecStopPost=/usr/bin/podman stop \
+ -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -83,8 +85,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -107,8 +111,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -134,8 +140,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -161,8 +169,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -188,8 +198,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -217,8 +229,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -243,8 +257,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -266,7 +282,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman container run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -276,8 +293,13 @@ ExecStart=/usr/bin/podman container run \
--replace \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space"
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -299,7 +321,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman container run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -309,8 +332,13 @@ ExecStart=/usr/bin/podman container run \
--sdnotify=container \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space"
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -332,7 +360,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman container run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -342,8 +371,13 @@ ExecStart=/usr/bin/podman container run \
--replace \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space"
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -365,7 +399,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -375,8 +410,13 @@ ExecStart=/usr/bin/podman run \
-d \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -398,7 +438,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -409,8 +450,13 @@ ExecStart=/usr/bin/podman run \
-d \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -432,7 +478,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -442,8 +489,13 @@ ExecStart=/usr/bin/podman run \
--detach \
--name jadda-jadda \
--hostname hello-world awesome-image:latest command arg1 ... argN
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -465,15 +517,21 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -496,7 +554,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -505,8 +564,13 @@ ExecStart=/usr/bin/podman run \
` +
detachparam +
` awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -530,7 +594,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -541,8 +606,13 @@ ExecStart=/usr/bin/podman run \
--name test \
-p 80:80 awesome-image:latest somecmd \
--detach=false
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -564,7 +634,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman \
--events-backend none \
--runroot /root run \
@@ -573,8 +644,13 @@ ExecStart=/usr/bin/podman \
--rm \
--sdnotify=conmon \
-d awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -596,15 +672,21 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman container run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -626,7 +708,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -637,8 +720,13 @@ ExecStart=/usr/bin/podman run \
--name test \
--log-driver=journald \
--log-opt=tag={{.Name}} awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -660,7 +748,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -670,8 +759,13 @@ ExecStart=/usr/bin/podman run \
--replace \
--name test awesome-image:latest sh \
-c "kill $$$$ && echo %%\\"
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -693,7 +787,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -704,8 +799,13 @@ ExecStart=/usr/bin/podman run \
--cgroups=foo \
--conmon-pidfile=foo \
--cidfile=foo alpine
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -727,7 +827,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -740,8 +841,13 @@ ExecStart=/usr/bin/podman run \
--conmon-pidfile=foo \
--cidfile=foo \
--pod-id-file /tmp/pod-foobar.pod-id-file alpine
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -764,7 +870,8 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Environment=FOO=abc "BAR=my test" USER=%%a
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -775,8 +882,13 @@ ExecStart=/usr/bin/podman run \
--env=BAR \
--env=MYENV=2 \
-e USER awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -802,8 +914,10 @@ Environment=USER=%%a
Restart=on-failure
TimeoutStopSec=70
ExecStart=/usr/bin/podman start foobar
-ExecStop=/usr/bin/podman stop -t 10 foobar
-ExecStopPost=/usr/bin/podman stop -t 10 foobar
+ExecStop=/usr/bin/podman stop \
+ -t 10 foobar
+ExecStopPost=/usr/bin/podman stop \
+ -t 10 foobar
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -826,15 +940,21 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
StartLimitBurst=42
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -856,7 +976,8 @@ RequiresMountsFor=/var/run/containers/storage
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
@@ -864,8 +985,13 @@ ExecStart=/usr/bin/podman run \
--sdnotify=conmon \
-d \
-h hostname awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
@@ -888,7 +1014,8 @@ Environment=PODMAN_SYSTEMD_UNIT=%n-%i
Restart=on-failure
StartLimitBurst=42
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStartPre=/bin/rm \
+ -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--name=container-foo-%i \
--cidfile=%t/%n.ctr-id \
@@ -896,8 +1023,13 @@ ExecStart=/usr/bin/podman run \
--rm \
--sdnotify=conmon \
-d awesome-image:latest
-ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
-ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+ExecStop=/usr/bin/podman stop \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm \
+ -f \
+ --ignore \
+ --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go
index 729a038a5..588bfb430 100644
--- a/pkg/systemd/generate/pods.go
+++ b/pkg/systemd/generate/pods.go
@@ -294,9 +294,9 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
}
info.EnvVariable = define.EnvVariable
- info.ExecStart = "{{{{.Executable}}}} start {{{{.InfraNameOrID}}}}"
- info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}"
- info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}"
+ info.ExecStart = formatOptionsString("{{{{.Executable}}}} start {{{{.InfraNameOrID}}}}")
+ info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}")
+ info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}")
// Assemble the ExecStart command when creating a new pod.
//
@@ -371,11 +371,11 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions)
startCommand = append(startCommand, podCreateArgs...)
startCommand = escapeSystemdArguments(startCommand)
- info.ExecStartPre1 = "/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}"
- info.ExecStartPre2 = strings.Join(startCommand, " ")
- info.ExecStart = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod start --pod-id-file {{{{.PodIDFile}}}}"
- info.ExecStop = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod stop --ignore --pod-id-file {{{{.PodIDFile}}}} {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}}"
- info.ExecStopPost = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod rm --ignore -f --pod-id-file {{{{.PodIDFile}}}}"
+ info.ExecStartPre1 = formatOptionsString("/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}")
+ info.ExecStartPre2 = formatOptions(startCommand)
+ info.ExecStart = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod start --pod-id-file {{{{.PodIDFile}}}}")
+ info.ExecStop = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod stop --ignore --pod-id-file {{{{.PodIDFile}}}} {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}}")
+ info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod rm --ignore -f --pod-id-file {{{{.PodIDFile}}}}")
}
info.TimeoutStopSec = minTimeoutStopSec + info.StopTimeout
diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go
index 000d73e9a..c44ab111e 100644
--- a/pkg/systemd/generate/pods_test.go
+++ b/pkg/systemd/generate/pods_test.go
@@ -79,8 +79,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -107,8 +109,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -136,8 +140,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -164,8 +170,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -192,8 +200,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -222,8 +232,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -246,11 +258,22 @@ Before=
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop foo
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+ExecStartPre=/bin/rm \
+ -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create \
+ --infra-conmon-pidfile %t/pod-123abc.pid \
+ --pod-id-file %t/pod-123abc.pod-id \
+ --exit-policy=stop foo
+ExecStart=/usr/bin/podman pod start \
+ --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop \
+ --ignore \
+ --pod-id-file %t/pod-123abc.pod-id \
+ -t 10
+ExecStopPost=/usr/bin/podman pod rm \
+ --ignore \
+ -f \
+ --pod-id-file %t/pod-123abc.pod-id
PIDFile=%t/pod-123abc.pid
Type=forking
@@ -276,8 +299,10 @@ Restart=on-failure
RestartSec=15
TimeoutStopSec=102
ExecStart=/usr/bin/podman start jadda-jadda-infra
-ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra
-ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra
+ExecStop=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
+ExecStopPost=/usr/bin/podman stop \
+ -t 42 jadda-jadda-infra
PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid
Type=forking
@@ -301,11 +326,24 @@ Before=container-1.service container-2.service
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+ExecStartPre=/bin/rm \
+ -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create \
+ --infra-conmon-pidfile %t/pod-123abc.pid \
+ --pod-id-file %t/pod-123abc.pod-id \
+ --exit-policy=stop \
+ --name foo "bar=arg with space" \
+ --replace
+ExecStart=/usr/bin/podman pod start \
+ --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop \
+ --ignore \
+ --pod-id-file %t/pod-123abc.pod-id \
+ -t 10
+ExecStopPost=/usr/bin/podman pod rm \
+ --ignore \
+ -f \
+ --pod-id-file %t/pod-123abc.pod-id
PIDFile=%t/pod-123abc.pid
Type=forking
@@ -329,11 +367,26 @@ Before=container-1.service container-2.service
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace
-ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start --pod-id-file %t/pod-123abc.pod-id
-ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
-ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+ExecStartPre=/bin/rm \
+ -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman \
+ --events-backend none \
+ --runroot /root pod create \
+ --infra-conmon-pidfile %t/pod-123abc.pid \
+ --pod-id-file %t/pod-123abc.pod-id \
+ --exit-policy=stop \
+ --name foo "bar=arg with space" \
+ --replace
+ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start \
+ --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop \
+ --ignore \
+ --pod-id-file %t/pod-123abc.pod-id \
+ -t 10
+ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm \
+ --ignore \
+ -f \
+ --pod-id-file %t/pod-123abc.pod-id
PIDFile=%t/pod-123abc.pid
Type=forking
@@ -357,11 +410,24 @@ Before=container-1.service container-2.service
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo --replace
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+ExecStartPre=/bin/rm \
+ -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create \
+ --infra-conmon-pidfile %t/pod-123abc.pid \
+ --pod-id-file %t/pod-123abc.pod-id \
+ --exit-policy=stop \
+ --name foo \
+ --replace
+ExecStart=/usr/bin/podman pod start \
+ --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop \
+ --ignore \
+ --pod-id-file %t/pod-123abc.pod-id \
+ -t 10
+ExecStopPost=/usr/bin/podman pod rm \
+ --ignore \
+ -f \
+ --pod-id-file %t/pod-123abc.pod-id
PIDFile=%t/pod-123abc.pid
Type=forking
@@ -385,11 +451,25 @@ Before=container-1.service container-2.service
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
-ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id
-ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --label key={{someval}} --exit-policy=continue --replace
-ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id
-ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10
-ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id
+ExecStartPre=/bin/rm \
+ -f %t/pod-123abc.pid %t/pod-123abc.pod-id
+ExecStartPre=/usr/bin/podman pod create \
+ --infra-conmon-pidfile %t/pod-123abc.pid \
+ --pod-id-file %t/pod-123abc.pod-id \
+ --name foo \
+ --label key={{someval}} \
+ --exit-policy=continue \
+ --replace
+ExecStart=/usr/bin/podman pod start \
+ --pod-id-file %t/pod-123abc.pod-id
+ExecStop=/usr/bin/podman pod stop \
+ --ignore \
+ --pod-id-file %t/pod-123abc.pod-id \
+ -t 10
+ExecStopPost=/usr/bin/podman pod rm \
+ --ignore \
+ -f \
+ --pod-id-file %t/pod-123abc.pod-id
PIDFile=%t/pod-123abc.pid
Type=forking
diff --git a/pkg/systemd/notifyproxy/notifyproxy.go b/pkg/systemd/notifyproxy/notifyproxy.go
index 32fea48bf..4b92d9e6c 100644
--- a/pkg/systemd/notifyproxy/notifyproxy.go
+++ b/pkg/systemd/notifyproxy/notifyproxy.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"net"
"os"
"strings"
@@ -50,7 +49,7 @@ type NotifyProxy struct {
// New creates a NotifyProxy. The specified temp directory can be left empty.
func New(tmpDir string) (*NotifyProxy, error) {
- tempFile, err := ioutil.TempFile(tmpDir, "-podman-notify-proxy.sock")
+ tempFile, err := os.CreateTemp(tmpDir, "-podman-notify-proxy.sock")
if err != nil {
return nil, err
}
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go
index d746e78cf..e0c5e0689 100644
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@@ -7,7 +7,6 @@ import (
"encoding/json"
"errors"
"fmt"
- "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -72,7 +71,7 @@ type gpgIDReader func(string) []string
// createTmpFile creates a temp file under dir and writes the content into it
func createTmpFile(dir, pattern string, content []byte) (string, error) {
- tmpfile, err := ioutil.TempFile(dir, pattern)
+ tmpfile, err := os.CreateTemp(dir, pattern)
if err != nil {
return "", err
}
@@ -133,7 +132,7 @@ func parseUids(colonDelimitKeys []byte) []string {
// getPolicy parses policy.json into policyContent.
func getPolicy(policyPath string) (policyContent, error) {
var policyContentStruct policyContent
- policyContent, err := ioutil.ReadFile(policyPath)
+ policyContent, err := os.ReadFile(policyPath)
if err != nil {
return policyContentStruct, fmt.Errorf("unable to read policy file: %w", err)
}
@@ -207,7 +206,7 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
_, err = os.Stat(policyPath)
if !os.IsNotExist(err) {
- policyContent, err := ioutil.ReadFile(policyPath)
+ policyContent, err := os.ReadFile(policyPath)
if err != nil {
return err
}
@@ -244,5 +243,5 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error {
if err != nil {
return fmt.Errorf("setting trust policy: %w", err)
}
- return ioutil.WriteFile(policyPath, data, 0644)
+ return os.WriteFile(policyPath, data, 0644)
}
diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go
index 86d580059..ed7bca1d6 100644
--- a/pkg/trust/registries.go
+++ b/pkg/trust/registries.go
@@ -2,7 +2,6 @@ package trust
import (
"fmt"
- "io/ioutil"
"os"
"path/filepath"
"strings"
@@ -72,7 +71,7 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
continue
}
configPath := filepath.Join(dirPath, configName)
- configBytes, err := ioutil.ReadFile(configPath)
+ configBytes, err := os.ReadFile(configPath)
if err != nil {
return nil, err
}
diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go
index 9b0d7c8c7..ba91308af 100644
--- a/pkg/util/utils_freebsd.go
+++ b/pkg/util/utils_freebsd.go
@@ -13,6 +13,6 @@ func GetContainerPidInformationDescriptors() ([]string, error) {
return []string{}, errors.New("this function is not supported on freebsd")
}
-func AddPrivilegedDevices(g *generate.Generator) error {
+func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
return nil
}
diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go
index 7b2d98666..07927db1c 100644
--- a/pkg/util/utils_linux.go
+++ b/pkg/util/utils_linux.go
@@ -70,7 +70,7 @@ func FindDeviceNodes() (map[string]string, error) {
return nodes, nil
}
-func AddPrivilegedDevices(g *generate.Generator) error {
+func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error {
hostDevices, err := getDevices("/dev")
if err != nil {
return err
@@ -104,6 +104,9 @@ func AddPrivilegedDevices(g *generate.Generator) error {
}
} else {
for _, d := range hostDevices {
+ if systemdMode && strings.HasPrefix(d.Path, "/dev/tty") {
+ continue
+ }
g.AddDevice(d)
}
// Add resources device - need to clear the existing one first.