diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/spec/createconfig.go | 4 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 4 | ||||
| -rw-r--r-- | pkg/varlinkapi/containers.go | 86 |
3 files changed, 89 insertions, 5 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 632d60b55..344f4afb9 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -422,11 +422,7 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime, pod *l } options = append(options, libpod.WithNetNSFrom(connectedCtr)) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { - isRootless := rootless.IsRootless() postConfigureNetNS := c.NetMode.IsSlirp4netns() || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() - if isRootless && len(portBindings) > 0 { - return nil, errors.New("port bindings are not yet supported by rootless containers") - } options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, string(c.NetMode), networks)) } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 9ef0223f2..46105af4a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { + if config.PidMode.IsHost() && rootless.IsRootless() { + return + } + if !config.Privileged { for _, mp := range []string{ "/proc/acpi", diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index 07d981786..a01e3cc2b 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -12,6 +12,7 @@ import ( "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/cmd/podman/varlink" "github.com/containers/libpod/libpod" + cc "github.com/containers/libpod/pkg/spec" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" ) @@ -68,7 +69,12 @@ func (i *LibpodAPI) InspectContainer(call iopodman.VarlinkCall, name string) err if err != nil { return call.ReplyErrorOccurred(err.Error()) } - data, err := shared.GetCtrInspectInfo(ctr, inspectInfo) + artifact, err := getArtifact(ctr) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + + data, err := shared.GetCtrInspectInfo(ctr.Config(), inspectInfo, artifact) if err != nil { return call.ReplyErrorOccurred(err.Error()) } @@ -462,3 +468,81 @@ func (i *LibpodAPI) ContainerRestore(call iopodman.VarlinkCall, name string, kee } return call.ReplyContainerRestore(ctr.ID()) } + +func getArtifact(ctr *libpod.Container) (*cc.CreateConfig, error) { + var createArtifact cc.CreateConfig + artifact, err := ctr.GetArtifact("create-config") + if err != nil { + return nil, err + } + if err := json.Unmarshal(artifact, &createArtifact); err != nil { + return nil, err + } + return &createArtifact, nil +} + +// ContainerConfig returns just the container.config struct +func (i *LibpodAPI) ContainerConfig(call iopodman.VarlinkCall, name string) error { + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + config := ctr.Config() + b, err := json.Marshal(config) + if err != nil { + return call.ReplyErrorOccurred("unable to serialize container config") + } + return call.ReplyContainerConfig(string(b)) +} + +// ContainerArtifacts returns an untouched container's artifact in string format +func (i *LibpodAPI) ContainerArtifacts(call iopodman.VarlinkCall, name, artifactName string) error { + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + artifacts, err := ctr.GetArtifact(artifactName) + if err != nil { + return call.ReplyErrorOccurred("unable to get container artifacts") + } + b, err := json.Marshal(artifacts) + if err != nil { + return call.ReplyErrorOccurred("unable to serialize container artifacts") + } + return call.ReplyContainerArtifacts(string(b)) +} + +// ContainerInspectData returns the inspect data of a container in string format +func (i *LibpodAPI) ContainerInspectData(call iopodman.VarlinkCall, name string) error { + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + data, err := ctr.Inspect(true) + if err != nil { + return call.ReplyErrorOccurred("unable to inspect container") + } + b, err := json.Marshal(data) + if err != nil { + return call.ReplyErrorOccurred("unable to serialize container inspect data") + } + return call.ReplyContainerInspectData(string(b)) + +} + +// ContainerStateData returns a container's state data in string format +func (i *LibpodAPI) ContainerStateData(call iopodman.VarlinkCall, name string) error { + ctr, err := i.Runtime.LookupContainer(name) + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + data, err := ctr.ContainerState() + if err != nil { + return call.ReplyErrorOccurred("unable to obtain container state") + } + b, err := json.Marshal(data) + if err != nil { + return call.ReplyErrorOccurred("unable to serialize container inspect data") + } + return call.ReplyContainerStateData(string(b)) +} |