aboutsummaryrefslogtreecommitdiff
path: root/libpod/runtime_volume_linux.go
Commit message (Collapse)AuthorAge
* Initial implementation of volume pluginsMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix missing options in volumes display while setting uid and gidzhangguanzhang2020-12-23
| | | | | | | | | | | | | | | | | ``` $ podman volume create testvol --opt o=uid=1001,gid=1001 $ ./bin/podman volume create testvol2 --opt o=uid=1001,gid=1001 $ podman volume inspect testvol "Options": {}, $ podman volume inspect testvol2 "Options": { "GID": "1001", "UID": "1001", "o": "uid=1001,gid=1001" }, ``` Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* fix: allow volume creation when the _data directory already existsYan Minari2020-11-05
| | | | | | This restores pre f7e72bc86aff2ff986290f190309deceb7f22099 behavior Signed-off-by: Yan Minari <yangm97@gmail.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for containers.confDaniel J Walsh2020-03-27
| | | | | | | vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add basic deadlock detection for container start/removeMatthew Heon2020-02-24
| | | | | | | | | | | | | | | We can easily tell if we're going to deadlock by comparing lock IDs before actually taking the lock. Add a few checks for this in common places where deadlocks might occur. This does not yet cover pod operations, where detection is more difficult (and costly) due to the number of locks being involved being higher than 2. Also, add some error wrapping on the Podman side, so we can tell people to use `system renumber` when it occurs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix SELinux labels of volumesDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | If we attempt to label a volume and the file system does not support labeling, then just warn. SELinux may or may not work, on the volume. There is no way to setup a private label on a newly created volume without using the container mountlabel. If we don't have a mount label at the time of creation of the volume, the only option we have is to create a shared label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* make lint: enable gocriticValentin Rothberg2020-01-13
| | | | | | | `gocritic` is a powerful linter that helps in preventing certain kinds of errors as well as enforcing a coding style. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Return a better error for volume name conflictsMatthew Heon2019-10-23
| | | | | | | | | | | | | | | | | When you try and create a new volume with the name of a volume that already exists, you presently get a thoroughly unhelpful error from `mkdir` as the volume attempts to create the directory it will be mounted at. An EEXIST out of mkdir is not particularly helpful to Podman users - it doesn't explain that the name is already taken by another volume. The solution here is potentially racy as the runtime is not locked, so someone else could take the name while we're still getting things set up, but that's a narrow timing window, and we will still return an error - just an error that's not as good as this one. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Ensure volumes can be removed when they fail to unmountMatthew Heon2019-10-14
| | | | | | | | | | | | | | | | | | | | Also, ensure that we don't try to mount them without root - it appears that it can somehow not error and report that mount was successful when it clearly did not succeed, which can induce this case. We reuse the `--force` flag to indicate that a volume should be removed even after unmount errors. It seems fairly natural to expect that --force will remove a volume that is otherwise presenting problems. Finally, ignore EINVAL on unmount - if the mount point no longer exists our job is done. Fixes: #4247 Fixes: #4248 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Correctly report errors on unmounting SHMMatthew Heon2019-09-05
| | | | | | | | | | | When we fail to remove a container's SHM, that's an error, and we need to report it as such. This may be part of our lingering storage woes. Also, remove MNT_DETACH. It may be another cause of the storage removal failures. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add ability for volumes with options to mount/umountMatthew Heon2019-09-05
| | | | | | | | | | | | | When volume options and the local volume driver are specified, the volume is intended to be mounted using the 'mount' command. Supported options will be used to volume the volume before the first container using it starts, and unmount the volume after the last container using it dies. This should work for any local filesystem, though at present I've only tested with tmpfs and btrfs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Re-add locks to volumes.Matthew Heon2019-08-28
| | | | | | | | | | This will require a 'podman system renumber' after being applied to get lock numbers for existing volumes. Add the DB backend code for rewriting volume configs and use it for updating lock numbers as part of 'system renumber'. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Implement backend for 'volume inspect'Matthew Heon2019-08-02
| | | | | | | | | Begin to separate the internal structures and frontend for inspect on volumes. We can't rely on keeping internal data structures for external presentation - separating presentation and internal data format is good practice. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* Use standard remove functions for removing pod ctrsMatthew Heon2019-05-10
| | | | | | | Instead of rewriting the logic, reuse the standard logic we use for removing containers, which is much better tested. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix E2E testsMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | The Commit test is blatantly wrong and testing buggy behavior. We should be commiting the destination, if anything - and more likely nothing at all. When force-removing volumes, don't remove the volumes of containers we need to remove. This can lead to a chicken and the egg problem where the container removes the volume before we can. When we re-add volume locks this could lead to deadlocks. I don't really want to deal with this, and this doesn't seem a particularly harmful quirk, so we'll let this slide until we get a bug report. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Volume force-remove now removed dependent containersMatthew Heon2019-04-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Switch Libpod over to new explicit named volumesMatthew Heon2019-04-04
| | | | | | | | | | | | | This swaps the previous handling (parse all volume mounts on the container and look for ones that might refer to named volumes) for the new, explicit named volume lists stored per-container. It also deprecates force-removing volumes that are in use. I don't know how we want to handle this yet, but leaving containers that depend on a volume that no longer exists is definitely not correct. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* volumes: push the chown logic to runtime_volume_linux.goGiuseppe Scrivano2019-03-29
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Default to SELinux private label for play kube mountsPeter Hunt2019-03-28
| | | | | | | | | | Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* Remove locks from volumesMatthew Heon2019-02-21
| | | | | | | | | | | | | | | | | | | I was looking into why we have locks in volumes, and I'm fairly convinced they're unnecessary. We don't have a state whose accesses we need to guard with locks and syncs. The only real purpose for the lock was to prevent concurrent removal of the same volume. Looking at the code, concurrent removal ought to be fine with a bit of reordering - one or the other might fail, but we will successfully evict the volume from the state. Also, remove the 'prune' bool from RemoveVolume. None of our other API functions accept it, and it only served to toggle off more verbose error messages. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove runtime lockDir and add in-memory lock managerMatthew Heon2019-01-04
| | | | | | | | | Remove runtime's lockDir as it is no longer needed after the lock rework. Add a trivial in-memory lock manager for unit testing Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add "podman volume" commandumohnani82018-12-06
Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>