summaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
Commit message (Collapse)AuthorAge
* libpod: Move platform-specific bind mounts to a per-platform methodDoug Rabson2022-09-12
| | | | | | | | | This adds a new per-platform method makePlatformBindMounts and moves the /etc/hostname mount. This file is only needed on Linux. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Fix stuttersDaniel J Walsh2022-09-10
| | | | | | | | | | | | | | Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman: skip /sys/fs/cgroup/systemd if not presentGiuseppe Scrivano2022-09-07
| | | | | | | | | | | skip adding the /sys/fs/cgroup/systemd bind mount if it is not already present on the host. [NO NEW TESTS NEEDED] requires a system without systemd. Closes: https://github.com/containers/podman/issues/15647 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* libpod: Factor out setting volume atime to container_internal_linux.goDoug Rabson2022-09-05
| | | | | | | | | | | It turns out that field names in syscall.Stat_t are platform-specific. An alternative to this could change fixVolumePermissions to use unix.Lstat since unix.Stat_t uses the same mmember name for Atim on both Linux and FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move miscellaneous file handlling to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Factor out handling of slirp4netns and net=noneDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move functions related to /etc bind mounts to ↵Doug Rabson2022-09-05
| | | | | | | | container_internal_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move getRootNetNsDepCtr to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move functions related to checkpoints to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move mountNotifySocket to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move getUserOverrides, lookupHostUser to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move isWorkDirSymlink, resolveWorkDir to container_internal_common.goDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Use platform-specific mount type for volume mountsDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Factor out platform-specific sections from generateSpecDoug Rabson2022-09-05
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move getOverlayUpperAndWorkDir and generateSpec to ↵Doug Rabson2022-09-05
| | | | | | | | container_internal_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Add container GID to additional groupsMatthew Heon2022-09-02
| | | | | | | Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
* libpod: Move uses of unix.O_PATH to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | | The O_PATH flag is a recent addition to the open syscall and is not present in darwin or in FreeBSD releases before 13.1. The constant is not present in the FreeBSD version of x/sys/unix since that package supports FreeBSD 12.3 and later. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move rootless network setup details to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | This removes a use of state.NetNS which is a linux-specific field defined in container_linux.go from the generic container_internal.go, allowing that to build on non-linux platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Merge pull request #15248 from vrothberg/RUN-1606OpenShift Merge Robot2022-08-11
|\ | | | | kube play: sd-notify integration
| * libpod: allow the notify socket to be passed programaticallyValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | | The notify socket can now either be specified via an environment variable or programatically (where the env is ignored). The notify mode and the socket are now also displayed in `container inspect` which comes in handy for debugging and allows for propper testing. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | build(deps) bump CDI dependency from 0.4.0 to 0.5.0Evan Lezar2022-08-10
|/ | | | | | | | | | bump github.com/container-orchestrated-devices/container-device-interface from 0.4.0 to 0.5.0 This requires that the cdi.Registry be instantiated with AutoRefresh disabled for CLI clients. [NO NEW TESTS NEEDED] Signed-off-by: Evan Lezar <elezar@nvidia.com>
* libpod: create /etc/passwd if missingGiuseppe Scrivano2022-07-21
| | | | | | | | | create the /etc/passwd and /etc/group files if they are missing in the image. Closes: https://github.com/containers/podman/issues/14966 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* [CI:DOCS] Improve language. Fix spelling and typos.Erik Sjölund2022-07-11
| | | | | | | | | * Correct spelling and typos. * Improve language. Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* libpod: switch to golang native error wrappingSascha Grunert2022-07-05
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Merge pull request #14732 from dfr/criuopenshift-ci[bot]2022-06-27
|\ | | | | Add missing criu symbols to criu_unsupported.go
| * Fix spelling of GetCriuVersionDoug Rabson2022-06-27
| | | | | | | | Signed-off-by: Doug Rabson <dfr@rabson.org>
* | podman cgroup enhancementcdoern2022-06-24
|/ | | | | | | | | | | currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* [CI:DOCS] "setup" -> "set up" in source code commentsErik Sjölund2022-06-19
| | | | | | | * Replace "setup", "lookup" with "set up", "look up" when used as verbs. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #14585 from Luap99/nolintopenshift-ci[bot]2022-06-14
|\ | | | | golangci-lint: enable nolintlint
| * golangci-lint: enable nolintlintPaul Holzinger2022-06-14
| | | | | | | | | | | | | | | | | | | | The nolintlint linter does not deny the use of `//nolint` Instead it allows us to enforce a common nolint style: - force that a linter name must be specified - do not add a space between `//` and `nolint` - make sure nolint is only used when there is actually a problem Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | container: do not create .containerenv with -v SRC:/runGiuseppe Scrivano2022-06-14
|/ | | | | | | | | if /run is on a volume do not create the file /run/.containerenv as it would leak outside of the container. Closes: https://github.com/containers/podman/issues/14577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #14220 from Luap99/resolvconfOpenShift Merge Robot2022-06-07
|\ | | | | use resolvconf package from c/common/libnetwork
| * use resolvconf package from c/common/libnetworkPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | Podman and Buildah should use the same code the generate the resolv.conf file. This mostly moved the podman code into c/common and created a better API for it so buildah can use it as well. [NO NEW TESTS NEEDED] All existing tests should continue to pass. Fixes #13599 (There is no way to test this in CI without breaking the hosts resolv.conf) Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ \ | |/ |/| | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
|/ | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* First batch of resolutions to FIXMEsMatthew Heon2022-05-25
| | | | | | | | | Most of these are no longer relevant, just drop the comments. Most notable change: allow `podman kill` on paused containers. Works just fine when I test it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #14308 from n1hility/root-cgroupOpenShift Merge Robot2022-05-25
|\ | | | | Support running podman under a root v2 cgroup
| * Support running podman under a root v2 cgroupJason T. Greene2022-05-21
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Use containers/common/pkg/util.StringToSliceDaniel J Walsh2022-05-23
|/ | | | | | [NO NEW TESTS NEEDED] Just code cleanup for better reuse Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* linter: enable unconvert linterValentin Rothberg2022-05-19
| | | | | | | Detects unneccessary type conversions and helps in keeping the code base cleaner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14062 from Luap99/resolv.confOpenShift Merge Robot2022-04-29
|\ | | | | libpod: host netns keep same /etc/resolv.conf
| * libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | enable errcheck linterPaul Holzinger2022-04-29
|/ | | | | | | | The errcheck linter makes sure that errors are always check and not ignored by accident. It spotted a lot of unchecked errors, mostly in the tests but also some real problem in the code. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* enable gocritic linterPaul Holzinger2022-04-26
| | | | | | | | | | | | | | | | | | | | | | The linter ensures a common code style. - use switch/case instead of else if - use if instead of switch/case for single case statement - add space between comment and text - detect the use of defer with os.Exit() - use short form var += "..." instead of var = var + "..." - detect problems with append() ``` newSlice := append(orgSlice, val) ``` This could lead to nasty bugs because the orgSlice will be changed in place if it has enough capacity too hold the new elements. Thus we newSlice might not be a copy. Of course most of the changes are just cosmetic and do not cause any logic errors but I think it is a good idea to enforce a common style. This should help maintainability. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13978 from Luap99/unparamOpenShift Merge Robot2022-04-25
|\ | | | | enable unparam linter
| * enable unparam linterPaul Holzinger2022-04-25
| | | | | | | | | | | | | | The unparam linter is useful to detect unused function parameters and return values. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13973 from Luap99/linter-reviveOpenShift Merge Robot2022-04-23
|\ \ | |/ |/| replace golint with revive linter