From 96ab0c64b4e398c1be0a352e88fa900688fcd2e1 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Tue, 12 Nov 2019 17:57:31 -0500 Subject: container create: os/arch check Unless explicitely overridden, check if the image's OS and architecture and throw an errors in case of a mismatch. Signed-off-by: Valentin Rothberg --- cmd/podman/shared/create.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index c7ea2e389..2bf8c7604 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -7,6 +7,7 @@ import ( "io" "os" "path/filepath" + goruntime "runtime" "strconv" "strings" "syscall" @@ -88,9 +89,11 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. return nil, nil, err } + overrideOS := c.String("override-os") + overrideArch := c.String("override-arch") dockerRegistryOptions := image.DockerRegistryOptions{ - OSChoice: c.String("override-os"), - ArchitectureChoice: c.String("override-arch"), + OSChoice: overrideOS, + ArchitectureChoice: overrideArch, } newImage, err := runtime.ImageRuntime().New(ctx, name, rtc.SignaturePolicyPath, c.String("authfile"), writer, &dockerRegistryOptions, image.SigningOptions{}, nil, pullType) @@ -101,6 +104,15 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. if err != nil { return nil, nil, err } + + if overrideOS == "" && data.Os != goruntime.GOOS { + return nil, nil, errors.Errorf("incompatible image OS %q on %q host", data.Os, goruntime.GOOS) + } + + if overrideArch == "" && data.Architecture != goruntime.GOARCH { + return nil, nil, errors.Errorf("incompatible image architecture %q on %q host", data.Architecture, goruntime.GOARCH) + } + names := newImage.Names() if len(names) > 0 { imageName = names[0] -- cgit v1.2.3-54-g00ecf