From b75a79b9818d1f94dd5624b043ae571295c2c6dd Mon Sep 17 00:00:00 2001 From: Erik Sjölund Date: Thu, 23 Jul 2020 20:51:37 +0200 Subject: Fix exit code example in podman-run.1.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Erik Sjölund --- docs/source/markdown/podman-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 7b93eb025..d20b69507 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1066,7 +1066,7 @@ the exit codes follow the **chroot**(1) standard, see below: **Exit code** _contained command_ exit code - $ podman run busybox /bin/sh -c 'exit 3' + $ podman run busybox /bin/sh -c 'exit 3'; echo $? 3 ## EXAMPLES -- cgit v1.2.3-54-g00ecf From a34888de319307b6cc1e8b250fb9ded73aa5b6b8 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 23 Jul 2020 11:57:34 -0400 Subject: The `podman start --attach` command should not print ID Somewhere in the Podman v2 rewrite, we allowed `podman start --attach` to print the container ID of the started container after exiting from the attach session (via detach key or the container exiting naturally). We should never print the ID when `--attach` is given, which makes the fix simple - make the print statement conditional on `--attach` not being present. Wierdly, this only happened with `--interactive` was given to `podman start`. I don't know why that is, but this resolves the issue without having to dig any deeper, so I'm content. Fixes #7055 Signed-off-by: Matthew Heon --- cmd/podman/containers/start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go index 21f22b986..8f9984421 100644 --- a/cmd/podman/containers/start.go +++ b/cmd/podman/containers/start.go @@ -99,7 +99,7 @@ func start(cmd *cobra.Command, args []string) error { } for _, r := range responses { - if r.Err == nil { + if r.Err == nil && !startOptions.Attach { fmt.Println(r.RawInput) } else { errs = append(errs, r.Err) -- cgit v1.2.3-54-g00ecf From ae34c6386019d77a92de2e7085f0c4c1f04a09cf Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Sat, 25 Jul 2020 15:03:35 +0200 Subject: replace the html/template package with text/template Currently some commands use the html/template package. This can lead to invalid output. e.g. `system df --verbose` will print `<none>` instead of `` with an untaged image. Signed-off-by: Paul Holzinger --- cmd/podman/networks/inspect.go | 2 +- cmd/podman/networks/list.go | 2 +- cmd/podman/system/df.go | 2 +- cmd/podman/system/events.go | 2 +- cmd/podman/volumes/inspect.go | 2 +- cmd/podman/volumes/list.go | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/podman/networks/inspect.go b/cmd/podman/networks/inspect.go index 0ce1b5e83..4afebf620 100644 --- a/cmd/podman/networks/inspect.go +++ b/cmd/podman/networks/inspect.go @@ -3,10 +3,10 @@ package network import ( "encoding/json" "fmt" - "html/template" "io" "os" "strings" + "text/template" "github.com/containers/libpod/v2/cmd/podman/registry" "github.com/containers/libpod/v2/pkg/domain/entities" diff --git a/cmd/podman/networks/list.go b/cmd/podman/networks/list.go index ad2ee98b1..105bd25c6 100644 --- a/cmd/podman/networks/list.go +++ b/cmd/podman/networks/list.go @@ -3,10 +3,10 @@ package network import ( "encoding/json" "fmt" - "html/template" "os" "strings" "text/tabwriter" + "text/template" "github.com/containers/libpod/v2/cmd/podman/registry" "github.com/containers/libpod/v2/cmd/podman/validate" diff --git a/cmd/podman/system/df.go b/cmd/podman/system/df.go index c2308f0cc..a242c4f66 100644 --- a/cmd/podman/system/df.go +++ b/cmd/podman/system/df.go @@ -2,11 +2,11 @@ package system import ( "fmt" - "html/template" "io" "os" "strings" "text/tabwriter" + "text/template" "time" "github.com/containers/libpod/v2/cmd/podman/registry" diff --git a/cmd/podman/system/events.go b/cmd/podman/system/events.go index 246611c1a..0a46a4042 100644 --- a/cmd/podman/system/events.go +++ b/cmd/podman/system/events.go @@ -3,9 +3,9 @@ package system import ( "bufio" "context" - "html/template" "os" "strings" + "text/template" "github.com/containers/buildah/pkg/formats" "github.com/containers/libpod/v2/cmd/podman/registry" diff --git a/cmd/podman/volumes/inspect.go b/cmd/podman/volumes/inspect.go index 9a8f4049b..235137fc7 100644 --- a/cmd/podman/volumes/inspect.go +++ b/cmd/podman/volumes/inspect.go @@ -2,9 +2,9 @@ package volumes import ( "fmt" - "html/template" "os" "strings" + "text/template" "github.com/containers/buildah/pkg/formats" "github.com/containers/libpod/v2/cmd/podman/registry" diff --git a/cmd/podman/volumes/list.go b/cmd/podman/volumes/list.go index 9e3a8f77b..804b9f319 100644 --- a/cmd/podman/volumes/list.go +++ b/cmd/podman/volumes/list.go @@ -3,11 +3,11 @@ package volumes import ( "context" "fmt" - "html/template" "io" "os" "strings" "text/tabwriter" + "text/template" "github.com/containers/libpod/v2/cmd/podman/registry" "github.com/containers/libpod/v2/cmd/podman/validate" -- cgit v1.2.3-54-g00ecf From 5d790bb2be77fae2de429d1004bec5fed0c55ba8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 27 Jul 2020 13:33:27 -0400 Subject: When chowning we should not follow symbolic link Signed-off-by: Daniel J Walsh --- libpod/container_internal.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index c44ba5fe6..e277a88c5 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1544,7 +1544,7 @@ func (c *Container) chownVolume(volumeName string) error { if err != nil { return err } - if err := os.Chown(path, uid, gid); err != nil { + if err := os.Lchown(path, uid, gid); err != nil { return err } return nil -- cgit v1.2.3-54-g00ecf From e0774e65b4515418dce25d0487c3e6f23e1b8f12 Mon Sep 17 00:00:00 2001 From: Anthony Sottile Date: Mon, 27 Jul 2020 15:47:46 -0700 Subject: add newline to output in error message Signed-off-by: Anthony Sottile --- cmd/podman/registry/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index a7e368115..24e728bad 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -33,7 +33,7 @@ func PodmanConfig() *entities.PodmanConfig { func newPodmanConfig() { if err := setXdgDirs(); err != nil { - fmt.Fprintf(os.Stderr, err.Error()) + fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } -- cgit v1.2.3-54-g00ecf From 828b5474914c4036d3a6135c63604d223ced3610 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 28 Jul 2020 09:18:21 -0400 Subject: Specifying --ipc=host --pid=host is broken For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh --- cmd/podman/common/create_opts.go | 2 +- cmd/podman/common/specgen.go | 64 ++++++++++++++++++++++++++-------------- cmd/podman/containers/create.go | 2 +- test/e2e/run_ns_test.go | 31 +++++++++++++++++++ 4 files changed, 75 insertions(+), 24 deletions(-) diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index 08ffa5544..bb50df8c9 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -10,7 +10,7 @@ type ContainerCLIOpts struct { BlkIOWeightDevice []string CapAdd []string CapDrop []string - CGroupsNS string + CgroupNS string CGroupsMode string CGroupParent string CIDFile string diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index aa8669e7a..7716fc150 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -186,6 +186,46 @@ func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.Linu return memory, nil } +func setNamespaces(s *specgen.SpecGenerator, c *ContainerCLIOpts) error { + var err error + + if c.PID != "" { + s.PidNS, err = specgen.ParseNamespace(c.PID) + if err != nil { + return err + } + } + if c.IPC != "" { + s.IpcNS, err = specgen.ParseNamespace(c.IPC) + if err != nil { + return err + } + } + if c.UTS != "" { + s.UtsNS, err = specgen.ParseNamespace(c.UTS) + if err != nil { + return err + } + } + if c.CgroupNS != "" { + s.CgroupNS, err = specgen.ParseNamespace(c.CgroupNS) + if err != nil { + return err + } + } + // userns must be treated differently + if c.UserNS != "" { + s.UserNS, err = specgen.ParseUserNamespace(c.UserNS) + if err != nil { + return err + } + } + if c.Net != nil { + s.NetNS = c.Net.Network + } + return nil +} + func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string) error { var ( err error @@ -250,28 +290,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } s.Expose = expose - for k, v := range map[string]*specgen.Namespace{ - c.IPC: &s.IpcNS, - c.PID: &s.PidNS, - c.UTS: &s.UtsNS, - c.CGroupsNS: &s.CgroupNS, - } { - if k != "" { - *v, err = specgen.ParseNamespace(k) - if err != nil { - return err - } - } - } - // userns must be treated differently - if c.UserNS != "" { - s.UserNS, err = specgen.ParseUserNamespace(c.UserNS) - if err != nil { - return err - } - } - if c.Net != nil { - s.NetNS = c.Net.Network + if err := setNamespaces(s, c); err != nil { + return err } if sig := c.StopSignal; len(sig) > 0 { diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 10761be33..41e63da76 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -195,7 +195,7 @@ func createInit(c *cobra.Command) error { cliVals.IPC = c.Flag("ipc").Value.String() cliVals.UTS = c.Flag("uts").Value.String() cliVals.PID = c.Flag("pid").Value.String() - cliVals.CGroupsNS = c.Flag("cgroupns").Value.String() + cliVals.CgroupNS = c.Flag("cgroupns").Value.String() if c.Flag("entrypoint").Changed { val := c.Flag("entrypoint").Value.String() cliVals.Entrypoint = &val diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 1c1b5cfbb..7113fa69e 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -4,6 +4,7 @@ package integration import ( "os" + "os/exec" "strings" . "github.com/containers/libpod/v2/test/utils" @@ -104,4 +105,34 @@ var _ = Describe("Podman run ns", func() { session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) }) + + It("podman run --ipc=host --pid=host", func() { + cmd := exec.Command("ls", "-l", "/proc/self/ns/pid") + res, err := cmd.Output() + Expect(err).To(BeNil()) + fields := strings.Split(string(res), " ") + hostPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + + cmd = exec.Command("ls", "-l", "/proc/self/ns/ipc") + res, err = cmd.Output() + Expect(err).To(BeNil()) + fields = strings.Split(string(res), " ") + hostIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + + session := podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/pid"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + fields = strings.Split(session.OutputToString(), " ") + ctrPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + + session = podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/ipc"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + fields = strings.Split(session.OutputToString(), " ") + ctrIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + + Expect(hostPidNS).To(Equal(ctrPidNS)) + Expect(hostIpcNS).To(Equal(ctrIpcNS)) + }) + }) -- cgit v1.2.3-54-g00ecf From da752a7ed32f90a3f187eeb5f3f372889561a021 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 23 Jul 2020 16:43:43 -0400 Subject: Binding the same container port to >1 host port is OK The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon --- pkg/specgen/generate/ports.go | 15 ++++++++------- test/e2e/run_networking_test.go | 16 ++++++++++++++++ 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go index c8d1c27c5..2125c6b9f 100644 --- a/pkg/specgen/generate/ports.go +++ b/pkg/specgen/generate/ports.go @@ -123,19 +123,20 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping, postAssignHostPort = true } } else { - testCPort := ctrPortMap[cPort] - if testCPort != 0 && testCPort != hPort { - // This is an attempt to redefine a port - return nil, nil, nil, errors.Errorf("conflicting port mappings for container port %d (protocol %s)", cPort, p) - } - ctrPortMap[cPort] = hPort - testHPort := hostPortMap[hPort] if testHPort != 0 && testHPort != cPort { return nil, nil, nil, errors.Errorf("conflicting port mappings for host port %d (protocol %s)", hPort, p) } hostPortMap[hPort] = cPort + // Mapping a container port to multiple + // host ports is allowed. + // We only store the latest of these in + // the container port map - we don't + // need to know all of them, just one. + testCPort := ctrPortMap[cPort] + ctrPortMap[cPort] = hPort + // If we have an exact duplicate, just continue if testCPort == hPort && testHPort == cPort { continue diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 9357145ab..40cc9e1e6 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -222,6 +222,22 @@ var _ = Describe("Podman run networking", func() { Expect(inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostIP).To(Equal("")) }) + It("podman run -p 8080:8080 -p 8081:8080", func() { + name := "testctr" + session := podmanTest.Podman([]string{"create", "-t", "-p", "4000:8080", "-p", "8000:8080", "--name", name, ALPINE, "/bin/sh"}) + session.WaitWithDefaultTimeout() + inspectOut := podmanTest.InspectContainer(name) + Expect(len(inspectOut)).To(Equal(1)) + Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(1)) + Expect(len(inspectOut[0].NetworkSettings.Ports["8080/tcp"])).To(Equal(2)) + + hp1 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][0].HostPort + hp2 := inspectOut[0].NetworkSettings.Ports["8080/tcp"][1].HostPort + + // We can't guarantee order + Expect((hp1 == "4000" && hp2 == "8000") || (hp1 == "8000" && hp2 == "4000")).To(BeTrue()) + }) + It("podman run network expose host port 80 to container port 8000", func() { SkipIfRootless() session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"}) -- cgit v1.2.3-54-g00ecf From 9b1a7894a1aa3097c7f7901e9087f04ca04788e1 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 29 Jul 2020 14:10:59 -0400 Subject: Don't crash when giving bogus format commands Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh Signed-off-by: Matthew Heon --- cmd/podman/images/history.go | 5 ++++- cmd/podman/images/list.go | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cmd/podman/images/history.go b/cmd/podman/images/history.go index 3732e6e03..1f0fd9a79 100644 --- a/cmd/podman/images/history.go +++ b/cmd/podman/images/history.go @@ -125,7 +125,10 @@ func history(cmd *cobra.Command, args []string) error { } format := hdr + "{{range . }}" + row + "{{end}}" - tmpl := template.Must(template.New("report").Parse(format)) + tmpl, err := template.New("report").Parse(format) + if err != nil { + return err + } w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) err = tmpl.Execute(w, hr) if err != nil { diff --git a/cmd/podman/images/list.go b/cmd/podman/images/list.go index 94d03bd6f..ea88b519b 100644 --- a/cmd/podman/images/list.go +++ b/cmd/podman/images/list.go @@ -168,7 +168,11 @@ func writeTemplate(imgs []imageReporter) error { } } format := hdr + "{{range . }}" + row + "{{end}}" - tmpl := template.Must(template.New("list").Parse(format)) + tmpl, err := template.New("list").Parse(format) + if err != nil { + return err + } + tmpl = template.Must(tmpl, nil) w := tabwriter.NewWriter(os.Stdout, 8, 2, 2, ' ', 0) defer w.Flush() return tmpl.Execute(w, imgs) -- cgit v1.2.3-54-g00ecf From 8e9724524d2eef8d67afa1de2300bb0eaa49bd18 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 30 Jul 2020 09:24:09 -0400 Subject: Ensure that 'rmi --force' evicts Podman containers The logic for `podman rmi --force` includes a bit of code that will remove Libpod containers using Libpod's container removal logic - this ensures that they're cleanly and completely removed. For other containers (Buildah, CRI-O, etc) we fall back to manually removing the containers using the image from c/storage. Unfortunately, our logic for invoking the Podman removal function had an error, and it did not properly handle cases where we were force-removing an image with >1 name. Force-removing such images by ID guarantees their removal, not just an untag of a single name; our code for identifying whether to remove containers did not proper detect this case, so we fell through and deleted the Podman containers as storage containers, leaving traces of them in the Libpod DB. Fixes #7153 Signed-off-by: Matthew Heon --- libpod/runtime_img.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index eab05f34d..7c75dbf98 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -48,7 +48,7 @@ func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool) imageCtrs = append(imageCtrs, ctr) } } - if len(imageCtrs) > 0 && len(img.Names()) <= 1 { + if len(imageCtrs) > 0 && (len(img.Names()) <= 1 || (force && img.InputIsID())) { if force { for _, ctr := range imageCtrs { if err := r.removeContainer(ctx, ctr, true, false, false); err != nil { -- cgit v1.2.3-54-g00ecf From 994dc3294291e07926954737c3874457affb9994 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 30 Jul 2020 21:16:59 +0200 Subject: fix swapped mem_usage/percent fields Correct the wrong field assignment in `podman stats --format=json`. Signed-off-by: Paul Holzinger --- cmd/podman/containers/stats.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go index 86674cfc9..76a6ab46e 100644 --- a/cmd/podman/containers/stats.go +++ b/cmd/podman/containers/stats.go @@ -230,8 +230,8 @@ func outputJSON(stats []*containerStats) error { Id: j.ID(), Name: j.Name, CpuPercent: j.CPUPerc(), - MemUsage: j.MemPerc(), - MemPerc: j.MemUsage(), + MemUsage: j.MemUsage(), + MemPerc: j.MemPerc(), NetIO: j.NetIO(), BlockIO: j.BlockIO(), Pids: j.PIDS(), -- cgit v1.2.3-54-g00ecf From 2cc9af369290428ca3d5e96bee5b65262b57a1f7 Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Thu, 30 Jul 2020 13:50:50 -0400 Subject: add {{.RunningFor}} placeholder in ps --format For docker compatibility Signed-off-by: Ashley Cui --- cmd/podman/containers/ps.go | 4 ++++ test/e2e/ps_test.go | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/cmd/podman/containers/ps.go b/cmd/podman/containers/ps.go index 7c84cbae1..34f06d349 100644 --- a/cmd/podman/containers/ps.go +++ b/cmd/podman/containers/ps.go @@ -307,6 +307,10 @@ func (l psReporter) Status() string { return l.State() } +func (l psReporter) RunningFor() string { + return l.CreatedHuman() +} + // Command returns the container command in string format func (l psReporter) Command() string { command := strings.Join(l.ListContainer.Command, " ") diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 152c85704..48746f30c 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -476,5 +476,13 @@ var _ = Describe("Podman ps", func() { session.WaitWithDefaultTimeout() Expect(session.OutputToString()).To(ContainSubstring("echo very long cr...")) }) + It("podman ps --format {{RunningFor}}", func() { + _, ec, _ := podmanTest.RunLsContainer("") + Expect(ec).To(Equal(0)) + result := podmanTest.Podman([]string{"ps", "-a", "--format", "{{.RunningFor}}"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring("ago")) + }) }) -- cgit v1.2.3-54-g00ecf From 2d715405182f67937c152d4cd74b282a2e6ca786 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 30 Jul 2020 22:59:45 +0200 Subject: volumes: do not recurse when chowning keep the file ownership when chowning and honor the user namespace mappings. Closes: https://github.com/containers/podman/issues/7130 Signed-off-by: Giuseppe Scrivano Signed-off-by: Matthew Heon --- libpod/container_internal.go | 35 ++++++----- test/system/070-build.bats | 134 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 13 deletions(-) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index e277a88c5..675311461 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1521,9 +1521,6 @@ func (c *Container) chownVolume(volumeName string) error { return errors.Wrapf(err, "error retrieving named volume %s for container %s", volumeName, c.ID()) } - uid := int(c.config.Spec.Process.User.UID) - gid := int(c.config.Spec.Process.User.GID) - vol.lock.Lock() defer vol.lock.Unlock() @@ -1534,22 +1531,34 @@ func (c *Container) chownVolume(volumeName string) error { if vol.state.NeedsChown { vol.state.NeedsChown = false + + uid := int(c.config.Spec.Process.User.UID) + gid := int(c.config.Spec.Process.User.GID) + + if c.config.IDMappings.UIDMap != nil { + p := idtools.IDPair{ + UID: uid, + GID: gid, + } + mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap) + newPair, err := mappings.ToHost(p) + if err != nil { + return errors.Wrapf(err, "error mapping user %d:%d", uid, gid) + } + uid = newPair.UID + gid = newPair.GID + } + vol.state.UIDChowned = uid vol.state.GIDChowned = gid if err := vol.save(); err != nil { return err } - err := filepath.Walk(vol.MountPoint(), func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if err := os.Lchown(path, uid, gid); err != nil { - return err - } - return nil - }) - if err != nil { + + mountPoint := vol.MountPoint() + + if err := os.Lchown(mountPoint, uid, gid); err != nil { return err } } diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 7d6660270..6879b956f 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -98,6 +98,140 @@ EOF is "$output" ".*error building at STEP .*: source can't be a URL for COPY" } +@test "podman build - workdir, cmd, env, label" { + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + + # Random workdir, and multiple random strings to verify command & env + workdir=/$(random_string 10) + s_echo=$(random_string 15) + s_env1=$(random_string 20) + s_env2=$(random_string 25) + s_env3=$(random_string 30) + s_env4=$(random_string 40) + + # Label name: make sure it begins with a letter! jq barfs if you + # try to ask it for '.foo.xyz', i.e. any string beginning with digit + label_name=l$(random_string 8) + label_value=$(random_string 12) + + # Command to run on container startup with no args + cat >$tmpdir/mycmd <$PODMAN_TMPDIR/env-file <$tmpdir/Containerfile < expect=<$expect}>" + is "$actual" "$expect" "jq .Config.$field" + done + + # Bad symlink in volume. Prior to #7094, well, we wouldn't actually + # get here because any 'podman run' on a volume that had symlinks, + # be they dangling or valid, would barf with + # Error: chown /_data/symlink: ENOENT + run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/badsymlink + is "$output" "1:2:'/a/b/c/badsymlink' -> '/no/such/nonesuch'" \ + "bad symlink to nonexistent file is chowned and preserved" + + run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/goodsymlink + is "$output" "1:2:'/a/b/c/goodsymlink' -> '/bin/mydefaultcmd'" \ + "good symlink to existing file is chowned and preserved" + + run_podman run --rm build_test stat -c'%u:%g' /bin/mydefaultcmd + is "$output" "2:3" "target of symlink is not chowned" + + run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/myfile + is "$output" "4:5:/a/b/c/myfile" "file in volume is chowned" + + # Clean up + run_podman rmi -f build_test +} + @test "podman build - stdin test" { if is_remote && is_rootless; then skip "unreliable with podman-remote and rootless; #2972" -- cgit v1.2.3-54-g00ecf From a9a55be991fa8f06cf266bd84a72589713a71ac9 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Fri, 31 Jul 2020 12:39:55 -0400 Subject: Disable a nonfunctional build test The amount of drift in the system tests on v2.0 is starting to become difficult to deal with. 2.1.0 can't come soon enough. Signed-off-by: Matthew Heon --- test/system/070-build.bats | 134 --------------------------------------------- 1 file changed, 134 deletions(-) diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 6879b956f..7d6660270 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -98,140 +98,6 @@ EOF is "$output" ".*error building at STEP .*: source can't be a URL for COPY" } -@test "podman build - workdir, cmd, env, label" { - tmpdir=$PODMAN_TMPDIR/build-test - mkdir -p $tmpdir - - # Random workdir, and multiple random strings to verify command & env - workdir=/$(random_string 10) - s_echo=$(random_string 15) - s_env1=$(random_string 20) - s_env2=$(random_string 25) - s_env3=$(random_string 30) - s_env4=$(random_string 40) - - # Label name: make sure it begins with a letter! jq barfs if you - # try to ask it for '.foo.xyz', i.e. any string beginning with digit - label_name=l$(random_string 8) - label_value=$(random_string 12) - - # Command to run on container startup with no args - cat >$tmpdir/mycmd <$PODMAN_TMPDIR/env-file <$tmpdir/Containerfile < expect=<$expect}>" - is "$actual" "$expect" "jq .Config.$field" - done - - # Bad symlink in volume. Prior to #7094, well, we wouldn't actually - # get here because any 'podman run' on a volume that had symlinks, - # be they dangling or valid, would barf with - # Error: chown /_data/symlink: ENOENT - run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/badsymlink - is "$output" "1:2:'/a/b/c/badsymlink' -> '/no/such/nonesuch'" \ - "bad symlink to nonexistent file is chowned and preserved" - - run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/goodsymlink - is "$output" "1:2:'/a/b/c/goodsymlink' -> '/bin/mydefaultcmd'" \ - "good symlink to existing file is chowned and preserved" - - run_podman run --rm build_test stat -c'%u:%g' /bin/mydefaultcmd - is "$output" "2:3" "target of symlink is not chowned" - - run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/myfile - is "$output" "4:5:/a/b/c/myfile" "file in volume is chowned" - - # Clean up - run_podman rmi -f build_test -} - @test "podman build - stdin test" { if is_remote && is_rootless; then skip "unreliable with podman-remote and rootless; #2972" -- cgit v1.2.3-54-g00ecf