summaryrefslogtreecommitdiff
path: root/libpod/runtime.go
Commit message (Collapse)AuthorAge
* Do not make renumber shut down the runtimeMatthew Heon2019-02-21
| | | | | | | | | | | | | | | The original intent behind the requirement was to ensure that, if two SHM lock structs were open at the same time, we should not make such a runtime available to the user, and should clean it up instead. It turns out that we don't even need to open a second SHM lock struct - if we get an error mapping the first one due to a lock count mismatch, we can just delete it, and it cleans itself up when it errors. So there's no reason not to return a valid runtime. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Recreate SHM locks when renumbering on count mismatchMatthew Heon2019-02-21
| | | | | | | | | | | | | | When we're renumbering locks, we're destroying all existing allocations anyways, so destroying the old lock struct is not a particularly big deal. Existing long-lived libpod instances will continue to use the old locks, but that will be solved in a followon. Also, solve an issue with returning error values in the C code. There were a few places where we return ERRNO where it was not set, so make them return actual error codes). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Move RenumberLocks into runtime initMatthew Heon2019-02-21
| | | | | | | | | | | | | | | | | | We can't do renumbering after init - we need to open a potentially invalid locks file (too many/too few locks), and then potentially delete the old locks and make new ones. We need to be in init to bypass the checks that would otherwise make this impossible. This leaves us with two choices: make RenumberLocks a separate entrypoint from NewRuntime, duplicating a lot of configuration load code (we need to know where the locks live, how many there are, etc) - or modify NewRuntime to allow renumbering during it. Previous experience says the first is not really a viable option and produces massive code bloat, so the second it is. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod: honor runtime_path from libpod.confGiuseppe Scrivano2019-02-15
| | | | | | | | | | | | | | Add backward compatibility for `runtime_path` that was used by older versions of Podman. The issue was introduced with: 650cf122e1b33f4d8f4426ee1cc1a4bf00c14798 If `runtime_path` is specified, it overrides any other configuration and a warning is printed. It should be considered deprecated and will be removed in future. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: open the correct fileDaniel J Walsh2019-02-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: copy some settings from the global configurationGiuseppe Scrivano2019-02-05
| | | | | | | | | if some paths are overriden in the global configuration file, be sure that rootless podman honors them. Closes: https://github.com/containers/libpod/issues/2174 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2069 from mheon/warn_on_overriding_driverOpenShift Merge Robot2019-01-23
|\ | | | | Warn on overriding user-specified storage driver w/ DB
| * Warn on overriding user-specified storage driver w/ DBMatthew Heon2019-01-02
| | | | | | | | | | | | | | | | Overriding storage.conf is not intuitive behavior, so pop up an error message when it happens, so people know that bad things are happening. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Show a better error message when podman info fails during a refreshRyan Gonzalez2019-01-21
| | | | | | | | Signed-off-by: Ryan Gonzalez <rymg19@gmail.com>
* | oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | libpod: allow multiple oci runtimesVincent Batts2019-01-14
| | | | | | | | | | | | | | | | | | | | This deprecates the libpod.conf variable of `runtime_path=`, and now has `runtimes=`, like a map for naming the runtime, preparing for a `--runtime` flag to `podman run` (i.e. runc, kata, etc.) Reference: https://github.com/containers/libpod/issues/1750 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | If you fail to open shm lock then attempt to create itDaniel J Walsh2019-01-09
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Rootless with shmlocks was not working.Daniel J Walsh2019-01-05
| | | | | | | | | | | | | | | | This patch makes the path unigue to each UID. Also cleans up some return code to return the path it is trying to lock. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Move lock init after tmp dir is populated properlyMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | Don't initialize the lock manager until almost the end of libpod init, so we can guarantee our tmp dir is properly set up and exists. This wasn't an issue on systems that had previously run Podman, but CI caught it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | When refreshing libpod, if SHM locks exist, remove themMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will hopefully help cases where libpod is initialized multiple times on the same system (as on our CI tests). We still run into potential issues where multiple Podmans with multiple tmp paths try to run on the same system - we could end up thrashing the locks. I think we need a file locks driver for situations like that. We can also see about storing paths in the SHM segment, to make sure multiple libpod instances aren't using the same one. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Ensure different error messages and creating/opening locksMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Remove runtime lockDir and add in-memory lock managerMatthew Heon2019-01-04
| | | | | | | | | | | | | | | | | | Remove runtime's lockDir as it is no longer needed after the lock rework. Add a trivial in-memory lock manager for unit testing Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Convert containers to SHM lockingMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Add lock manager to libpod runtimeMatthew Heon2019-01-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | add container-init supportValentin Rothberg2019-01-04
|/ | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Support podman image trust commandQi Wang2018-12-19
| | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Add "podman volume" commandumohnani82018-12-06
| | | | | | | | | | | | | | | Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Merge pull request #1918 from mheon/use_db_pathsOpenShift Merge Robot2018-12-05
|\ | | | | Use paths written in DB instead if they differ from our defaults
| * Use runtime lockDir in BoltDB stateMatthew Heon2018-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | Instead of storing the runtime's file lock dir in the BoltDB state, refer to the runtime inside the Bolt state instead, and use the path stored in the runtime. This is necessary since we moved DB initialization very far up in runtime init, before the locks dir is properly initialized (and it must happen before the locks dir can be created, as we use the DB to retrieve the proper path for the locks dir now). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Revert changes to GetDefaultStoreOptionsMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | We don't need this for anything more than rootless work in Libpod now, but Buildah still uses it as it was originally written, so leave it intact as part of our API. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Ensure directory where we will make database existsMatthew Heon2018-12-03
| | | | | | | | | | | | | | | | Ensure that the directory where we will create the Podman db exists prior to creating the database - otherwise creating the DB will fail. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Do not initialize locks dir in BoltDBMatthew Heon2018-12-02
| | | | | | | | | | | | | | We already create the locks directory as part of the libpod runtime's init - no need to do it again as part of BoltDB's init. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Move rootless storage config into libpodMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previous commits ensured that we would use database-configured paths if not explicitly overridden. However, our runtime generation did unconditionally override storage config, which made this useless. Move rootless storage configuration setup to libpod, and change storage setup so we only override if a setting is explicitly set, so we can still override what we want. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Set default paths from DB if not explicitly overriddenMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | If the DB contains default paths, and the user has not explicitly overridden them, use the paths in the DB over our own defaults. The DB validates these paths, so it would error and prevent operation if they did not match. As such, instead of erroring, we can use the DB's paths instead of our own. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Add a struct indicating if some Runtime fields were setMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To configure runtime fields from the database, we need to know whether they were explicitly overwritten by the user (we don't want to overwrite anything that was explicitly set). Store a struct containing whether the variables we'll grab from the DB were explicitly set by the user so we know what we can and can't overwrite. This determines whether libpod runtime and static dirs were set via config file in a horribly hackish way (double TOML decode), but I can't think of a better way, and it shouldn't be that expensive as the libpod config is tiny. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Make DB config validation an explicit stepMatthew Heon2018-12-02
| | | | | | | | | | | | | | | | | | | | Previously, we implicitly validated runtime configuration against what was stored in the database as part of database init. Make this an explicit step, so we can call it after the database has been initialized. This will allow us to retrieve paths from the database and use them to overwrite our defaults if they differ. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Move DB configuration up in runtime setupMatthew Heon2018-12-02
| | | | | | | | | | | | | | When we configure a runtime, we now will need to hit the DB early on, so we can verify the paths we're going to use for c/storage are correct. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1939 from mheon/no_firewall_if_rootlessOpenShift Merge Robot2018-12-04
|\ \ | | | | | | Don't initialize CNI when running as rootless
| * | Don't initialize CNI when running as rootlessMatthew Heon2018-12-04
| |/ | | | | | | | | | | | | | | We don't use CNI to configure networks for rootless containers, so no need to set it up. It may also cause issues with inotify, so disabling it resolves some potential problems. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* rootless: create libpod.conf when it doesn't existGiuseppe Scrivano2018-11-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Sync default config with libpod.confAnders F Björklund2018-10-29
| | | | | | Only changed libpod.conf file, which might not even be in use. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Use more reliable check for rootless for firewall initMatthew Heon2018-10-23
| | | | | | | | | | We probably won't be able to initialize a firewall plugin when we are not running as root, so we shouldn't even try. Replace the less-effect EUID check with the rootless package's better check to make sure we don't accidentally set up the firewall in these cases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Move rootless directory handling to the libpod/pkg/util directoryDaniel J Walsh2018-10-22
| | | | | | This should allow us to share this code with buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: always set XDG_RUNTIME_DIRGiuseppe Scrivano2018-10-03
| | | | | | | | it is used internally by containers/image to locate the auth file. Closes: https://github.com/containers/libpod/issues/1457 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: fix message which assumes the runtime is runcGiuseppe Scrivano2018-10-01
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add new field to libpod to indicate whether or not to use labellingDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | Also update some missing fields libpod.conf obtions in man pages. Fix sort order of security options and add a note about disabling labeling. When a process requests a new label. libpod needs to reserve all labels to make sure that their are no conflicts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1406 Approved by: mheon
* Hooks supports two directories, process default and overrideDaniel J Walsh2018-09-17
| | | | | | | | | | | | | ALso cleanup files section or podman man page Add description of policy.json Sort alphabetically. Add more info on oci hooks Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1487 Approved by: umohnani8
* Add a way to disable port reservationMatthew Heon2018-09-13
| | | | | | | | | | | We've increased the default rlimits to allow Podman to hold many ports open without hitting limits and crashing, but this doesn't solve the amount of memory that holding open potentially thousands of ports will use. Offer a switch to optionally disable port reservation for performance- and memory-constrained use cases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Explicitly set default CNI network name in libpod.confMatthew Heon2018-09-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1438 Approved by: TomSweeneyRedHat
* Vendor CNI plugins firewall codeMatthew Heon2018-09-10
| | | | | | | | | | | | | | The upstream CNI project has a PR open for adding iptables and firewalld support, but this has been stalled for the better part of a year upstream. On advice of several maintainers, we are vendoring this code into libpod, to perform the relevant firewall configuration ourselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1431 Approved by: baude
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: be in an userns to initialize the runtimeGiuseppe Scrivano2018-09-04
| | | | | | | | | | | be sure to be in an userns for a rootless process before initializing the runtime. In case we are not running as uid==0, take advantage of "podman info" that creates the runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: allow to override policy.json by the userGiuseppe Scrivano2018-08-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1336 Approved by: mheon