diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/adapter/client.go | 17 | ||||
| -rw-r--r-- | pkg/adapter/client_unix.go | 18 | ||||
| -rw-r--r-- | pkg/adapter/client_windows.go | 12 | ||||
| -rw-r--r-- | pkg/hooks/docs/oci-hooks.5.md | 2 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.c | 20 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 2 | ||||
| -rw-r--r-- | pkg/spec/storage.go | 38 | ||||
| -rw-r--r-- | pkg/sysinfo/sysinfo_solaris.go | 1 | ||||
| -rw-r--r-- | pkg/util/mountOpts.go | 16 |
9 files changed, 75 insertions, 51 deletions
diff --git a/pkg/adapter/client.go b/pkg/adapter/client.go index 69aa3220a..6feae5400 100644 --- a/pkg/adapter/client.go +++ b/pkg/adapter/client.go @@ -91,3 +91,20 @@ func newSocketConnection(address string) (*Endpoint, error) { } return &endpoint, nil } + +// newBridgeConnection creates a bridge type endpoint with username, destination, and log-level +func newBridgeConnection(formattedBridge string, remoteConn *remoteclientconfig.RemoteConnection, logLevel string) (*Endpoint, error) { + endpoint := Endpoint{ + Type: BridgeConnection, + } + + if len(formattedBridge) < 1 && remoteConn == nil { + return nil, errors.New("bridge connections must either be created by string or remoteconnection") + } + if len(formattedBridge) > 0 { + endpoint.Connection = formattedBridge + return &endpoint, nil + } + endpoint.Connection = formatDefaultBridge(remoteConn, logLevel) + return &endpoint, nil +} diff --git a/pkg/adapter/client_unix.go b/pkg/adapter/client_unix.go index e0406567c..4781acd06 100644 --- a/pkg/adapter/client_unix.go +++ b/pkg/adapter/client_unix.go @@ -7,24 +7,10 @@ import ( "fmt" "github.com/containers/libpod/cmd/podman/remoteclientconfig" - "github.com/pkg/errors" ) -// newBridgeConnection creates a bridge type endpoint with username, destination, and log-level -func newBridgeConnection(formattedBridge string, remoteConn *remoteclientconfig.RemoteConnection, logLevel string) (*Endpoint, error) { - endpoint := Endpoint{ - Type: BridgeConnection, - } - - if len(formattedBridge) < 1 && remoteConn == nil { - return nil, errors.New("bridge connections must either be created by string or remoteconnection") - } - if len(formattedBridge) > 0 { - endpoint.Connection = formattedBridge - return &endpoint, nil - } - endpoint.Connection = fmt.Sprintf( +func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLevel string) string { + return fmt.Sprintf( `ssh -T %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`, remoteConn.Username, remoteConn.Destination, logLevel) - return &endpoint, nil } diff --git a/pkg/adapter/client_windows.go b/pkg/adapter/client_windows.go index 088550667..31e5d9830 100644 --- a/pkg/adapter/client_windows.go +++ b/pkg/adapter/client_windows.go @@ -3,13 +3,13 @@ package adapter import ( + "fmt" + "github.com/containers/libpod/cmd/podman/remoteclientconfig" - "github.com/containers/libpod/libpod" ) -func newBridgeConnection(formattedBridge string, remoteConn *remoteclientconfig.RemoteConnection, logLevel string) (*Endpoint, error) { - // TODO - // Unix and Windows appear to quote their ssh implementations differently therefore once we figure out what - // windows ssh is doing here, we can then get the format correct. - return nil, libpod.ErrNotImplemented +func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLevel string) string { + return fmt.Sprintf( + `ssh -T %s@%s -- /usr/bin/varlink -A '/usr/bin/podman --log-level=%s varlink $VARLINK_ADDRESS' bridge`, + remoteConn.Username, remoteConn.Destination, logLevel) } diff --git a/pkg/hooks/docs/oci-hooks.5.md b/pkg/hooks/docs/oci-hooks.5.md index c876dd2f8..fc0442283 100644 --- a/pkg/hooks/docs/oci-hooks.5.md +++ b/pkg/hooks/docs/oci-hooks.5.md @@ -90,7 +90,7 @@ $ cat /etc/containers/oci/hooks.d/oci-systemd-hook.json "path": "/usr/libexec/oci/hooks.d/oci-systemd-hook" } "when": { - "args": [".*/init$" , ".*/systemd$"], + "commands": [".*/init$" , ".*/systemd$"], }, "stages": ["prestart", "poststop"] } diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index eb62d55e9..c409e3343 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -295,7 +295,7 @@ static void __attribute__((constructor)) init() uid = geteuid (); gid = getegid (); - sprintf (path, "/proc/%d/ns/user", pid); + sprintf (path, "/proc/%ld/ns/user", pid); fd = open (path, O_RDONLY); if (fd < 0 || setns (fd, 0) < 0) { @@ -305,7 +305,7 @@ static void __attribute__((constructor)) init() close (fd); /* Errors here cannot be ignored as we already joined a ns. */ - sprintf (path, "/proc/%d/ns/mnt", pid); + sprintf (path, "/proc/%ld/ns/mnt", pid); fd = open (path, O_RDONLY); if (fd < 0) { @@ -316,7 +316,7 @@ static void __attribute__((constructor)) init() r = setns (fd, 0); if (r < 0) { - fprintf (stderr, "cannot join mount namespace for %d: %s", pid, strerror (errno)); + fprintf (stderr, "cannot join mount namespace for %ld: %s", pid, strerror (errno)); exit (EXIT_FAILURE); } close (fd); @@ -416,9 +416,16 @@ create_pause_process (const char *pause_pid_file_path, char **argv) sprintf (pid_str, "%d", pid); - asprintf (&tmp_file_path, "%s.XXXXXX", pause_pid_file_path); + if (asprintf (&tmp_file_path, "%s.XXXXXX", pause_pid_file_path) < 0) + { + fprintf (stderr, "unable to print to string\n"); + kill (pid, SIGKILL); + _exit (EXIT_FAILURE); + } + if (tmp_file_path == NULL) { + fprintf (stderr, "temporary file path is NULL\n"); kill (pid, SIGKILL); _exit (EXIT_FAILURE); } @@ -426,6 +433,7 @@ create_pause_process (const char *pause_pid_file_path, char **argv) fd = mkstemp (tmp_file_path); if (fd < 0) { + fprintf (stderr, "error creating temporary file: %s\n", strerror (errno)); kill (pid, SIGKILL); _exit (EXIT_FAILURE); } @@ -433,6 +441,7 @@ create_pause_process (const char *pause_pid_file_path, char **argv) r = TEMP_FAILURE_RETRY (write (fd, pid_str, strlen (pid_str))); if (r < 0) { + fprintf (stderr, "cannot write to file descriptor: %s\n", strerror (errno)); kill (pid, SIGKILL); _exit (EXIT_FAILURE); } @@ -471,7 +480,7 @@ create_pause_process (const char *pause_pid_file_path, char **argv) close (fd); setenv ("_PODMAN_PAUSE", "1", 1); - execlp (argv[0], NULL); + execlp (argv[0], argv[0], NULL); /* If the execve fails, then do the pause here. */ do_pause (); @@ -693,7 +702,6 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re pid = syscall_clone (CLONE_NEWUSER|CLONE_NEWNS|SIGCHLD, NULL); if (pid < 0) { - FILE *fp; fprintf (stderr, "cannot clone: %s\n", strerror (errno)); check_proc_sys_userns_file (_max_user_namespaces); check_proc_sys_userns_file (_unprivileged_user_namespaces); diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 3f78ffc67..ca8faecbd 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -22,7 +22,7 @@ import ( ) /* -#cgo remoteclient CFLAGS: -DDISABLE_JOIN_SHORTCUT +#cgo remoteclient CFLAGS: -Wall -Werror -DDISABLE_JOIN_SHORTCUT #include <stdlib.h> #include <sys/types.h> extern uid_t rootless_uid(); diff --git a/pkg/spec/storage.go b/pkg/spec/storage.go index 283585ef8..ed767f5ba 100644 --- a/pkg/spec/storage.go +++ b/pkg/spec/storage.go @@ -251,9 +251,11 @@ func (config *CreateConfig) getVolumesFrom(runtime *libpod.Runtime) (map[string] return nil, nil, errors.Errorf("invalid options %q, can only specify 'ro', 'rw', and 'z", splitVol[1]) } options = strings.Split(splitVol[1], ",") - if err := ValidateVolumeOpts(options); err != nil { + opts, err := ValidateVolumeOpts(options) + if err != nil { return nil, nil, err } + options = opts } ctr, err := runtime.LookupContainer(splitVol[0]) if err != nil { @@ -447,9 +449,11 @@ func getBindMount(args []string) (spec.Mount, error) { newMount.Source = newMount.Destination } - if err := ValidateVolumeOpts(newMount.Options); err != nil { + opts, err := ValidateVolumeOpts(newMount.Options) + if err != nil { return newMount, err } + newMount.Options = opts return newMount, nil } @@ -575,35 +579,45 @@ func ValidateVolumeCtrDir(ctrDir string) error { } // ValidateVolumeOpts validates a volume's options -func ValidateVolumeOpts(options []string) error { +func ValidateVolumeOpts(options []string) ([]string, error) { var foundRootPropagation, foundRWRO, foundLabelChange, bindType int + finalOpts := make([]string, 0, len(options)) for _, opt := range options { switch opt { case "rw", "ro": foundRWRO++ if foundRWRO > 1 { - return errors.Errorf("invalid options %q, can only specify 1 'rw' or 'ro' option", strings.Join(options, ", ")) + return nil, errors.Errorf("invalid options %q, can only specify 1 'rw' or 'ro' option", strings.Join(options, ", ")) } case "z", "Z": foundLabelChange++ if foundLabelChange > 1 { - return errors.Errorf("invalid options %q, can only specify 1 'z' or 'Z' option", strings.Join(options, ", ")) + return nil, errors.Errorf("invalid options %q, can only specify 1 'z' or 'Z' option", strings.Join(options, ", ")) } case "private", "rprivate", "shared", "rshared", "slave", "rslave": foundRootPropagation++ if foundRootPropagation > 1 { - return errors.Errorf("invalid options %q, can only specify 1 '[r]shared', '[r]private' or '[r]slave' option", strings.Join(options, ", ")) + return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]shared', '[r]private' or '[r]slave' option", strings.Join(options, ", ")) } case "bind", "rbind": bindType++ if bindType > 1 { - return errors.Errorf("invalid options %q, can only specify 1 '[r]bind' option", strings.Join(options, ", ")) - } + return nil, errors.Errorf("invalid options %q, can only specify 1 '[r]bind' option", strings.Join(options, ", ")) + } + case "cached", "delegated": + // The discarded ops are OS X specific volume options + // introduced in a recent Docker version. + // They have no meaning on Linux, so here we silently + // drop them. This matches Docker's behavior (the options + // are intended to be always safe to use, even not on OS + // X). + continue default: - return errors.Errorf("invalid option type %q", opt) + return nil, errors.Errorf("invalid mount option %q", opt) } + finalOpts = append(finalOpts, opt) } - return nil + return finalOpts, nil } // GetVolumeMounts takes user provided input for bind mounts and creates Mount structs @@ -633,9 +647,11 @@ func (config *CreateConfig) getVolumeMounts() (map[string]spec.Mount, map[string } if len(splitVol) > 2 { options = strings.Split(splitVol[2], ",") - if err := ValidateVolumeOpts(options); err != nil { + opts, err := ValidateVolumeOpts(options) + if err != nil { return nil, nil, err } + options = opts } if err := ValidateVolumeHostDir(src); err != nil { diff --git a/pkg/sysinfo/sysinfo_solaris.go b/pkg/sysinfo/sysinfo_solaris.go index c858d57e0..7463cdd8f 100644 --- a/pkg/sysinfo/sysinfo_solaris.go +++ b/pkg/sysinfo/sysinfo_solaris.go @@ -11,6 +11,7 @@ import ( /* #cgo LDFLAGS: -llgrp +#cgo CFLAGS: -Wall -Werror #include <unistd.h> #include <stdlib.h> #include <sys/lgrp_user.h> diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index 489e7eeef..40c99384d 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -20,26 +20,22 @@ func ProcessOptions(options []string) []string { foundbind, foundrw, foundro bool rootProp string ) + for _, opt := range options { switch opt { case "bind", "rbind": foundbind = true - break - } - } - if !foundbind { - options = append(options, "rbind") - } - for _, opt := range options { - switch opt { - case "rw": - foundrw = true case "ro": foundro = true + case "rw": + foundrw = true case "private", "rprivate", "slave", "rslave", "shared", "rshared": rootProp = opt } } + if !foundbind { + options = append(options, "rbind") + } if !foundrw && !foundro { options = append(options, "rw") } |