From 14509a92bb87bc328c67182b9e985fd81f6f7b53 Mon Sep 17 00:00:00 2001
From: Urvashi Mohnani <umohnani@redhat.com>
Date: Wed, 29 Sep 2021 16:22:55 -0400
Subject: Allow a value of -1 to set unlimited pids limit

Users can set --pids-limit to -1 now to set unlimited
pids limit for a container - this matches the convention.

[NO TESTS NEEDED]

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
---
 cmd/podman/common/create.go     | 2 +-
 cmd/podman/containers/create.go | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'cmd')

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index f3bf2c0a2..b3dfc4967 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -433,7 +433,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		pidsLimitFlagName := "pids-limit"
 		createFlags.Int64(
 			pidsLimitFlagName, pidsLimit(),
-			"Tune container pids limit (set 0 for unlimited, -1 for server defaults)",
+			"Tune container pids limit (set -1 for unlimited)",
 		)
 		_ = cmd.RegisterFlagCompletionFunc(pidsLimitFlagName, completion.AutocompleteNone)
 
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 8b27de53e..aa34f9ba5 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -224,6 +224,10 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
 
 		if c.Flags().Changed("pids-limit") {
 			val := c.Flag("pids-limit").Value.String()
+			// Convert -1 to 0, so that -1 maps to unlimited pids limit
+			if val == "-1" {
+				val = "0"
+			}
 			pidsLimit, err := strconv.ParseInt(val, 10, 32)
 			if err != nil {
 				return vals, err
-- 
cgit v1.2.3-54-g00ecf


From fbe94088fd3dea66afcd7c7d26f1e2454b782b4d Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Mon, 11 Oct 2021 16:09:11 +0200
Subject: podman stats: move cgroup validation to server

Podman stats is not supported for rootless cgroupv1 setups. The check
for this must be on the server side and not the client.

[NO NEW TESTS NEEDED] we cannot test this because remote and server are
always on the same machine in CI

Fixes #11909

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 cmd/podman/containers/stats.go     | 12 ------------
 pkg/domain/infra/abi/containers.go |  9 +++++++++
 2 files changed, 9 insertions(+), 12 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go
index 11e8f6870..d21feaabc 100644
--- a/cmd/podman/containers/stats.go
+++ b/cmd/podman/containers/stats.go
@@ -11,9 +11,7 @@ import (
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/cmd/podman/validate"
 	"github.com/containers/podman/v3/libpod/define"
-	"github.com/containers/podman/v3/pkg/cgroups"
 	"github.com/containers/podman/v3/pkg/domain/entities"
-	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/utils"
 	"github.com/docker/go-units"
 	"github.com/pkg/errors"
@@ -113,16 +111,6 @@ func checkStatOptions(cmd *cobra.Command, args []string) error {
 }
 
 func stats(cmd *cobra.Command, args []string) error {
-	if rootless.IsRootless() {
-		unified, err := cgroups.IsCgroup2UnifiedMode()
-		if err != nil {
-			return err
-		}
-		if !unified {
-			return errors.New("stats is not supported in rootless mode without cgroups v2")
-		}
-	}
-
 	// Convert to the entities options.  We should not leak CLI-only
 	// options into the backend and separate concerns.
 	opts := entities.ContainerStatsOptions{
diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go
index 774362d03..d1e430f3b 100644
--- a/pkg/domain/infra/abi/containers.go
+++ b/pkg/domain/infra/abi/containers.go
@@ -1316,6 +1316,15 @@ func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []stri
 	if options.Interval < 1 {
 		return nil, errors.New("Invalid interval, must be a positive number greater zero")
 	}
+	if rootless.IsRootless() {
+		unified, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return nil, err
+		}
+		if !unified {
+			return nil, errors.New("stats is not supported in rootless mode without cgroups v2")
+		}
+	}
 	statsChan = make(chan entities.ContainerStatsReport, 1)
 
 	containerFunc := ic.Libpod.GetRunningContainers
-- 
cgit v1.2.3-54-g00ecf


From a213661ae7af22038465c8a61d97bde211674996 Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 14 Oct 2021 12:56:44 +0200
Subject: Fix panic in container create compat api

The bind and tmpfs options can be nil, we have to check that before we
try to use it.

Fixes #11961

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 cmd/podman/common/create_opts.go | 13 ++++++++-----
 test/apiv2/20-containers.at      | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 09ac61f2e..50d7c446d 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -104,15 +104,18 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
 		addField(&builder, "target", m.Target)
 		addField(&builder, "ro", strconv.FormatBool(m.ReadOnly))
 		addField(&builder, "consistency", string(m.Consistency))
-
 		// Map any specialized mount options that intersect between *Options and cli options
 		switch m.Type {
 		case mount.TypeBind:
-			addField(&builder, "bind-propagation", string(m.BindOptions.Propagation))
-			addField(&builder, "bind-nonrecursive", strconv.FormatBool(m.BindOptions.NonRecursive))
+			if m.BindOptions != nil {
+				addField(&builder, "bind-propagation", string(m.BindOptions.Propagation))
+				addField(&builder, "bind-nonrecursive", strconv.FormatBool(m.BindOptions.NonRecursive))
+			}
 		case mount.TypeTmpfs:
-			addField(&builder, "tmpfs-size", strconv.FormatInt(m.TmpfsOptions.SizeBytes, 10))
-			addField(&builder, "tmpfs-mode", strconv.FormatUint(uint64(m.TmpfsOptions.Mode), 10))
+			if m.TmpfsOptions != nil {
+				addField(&builder, "tmpfs-size", strconv.FormatInt(m.TmpfsOptions.SizeBytes, 10))
+				addField(&builder, "tmpfs-mode", strconv.FormatUint(uint64(m.TmpfsOptions.Mode), 10))
+			}
 		case mount.TypeVolume:
 			// All current VolumeOpts are handled above
 			// See vendor/github.com/containers/common/pkg/parse/parse.go:ValidateVolumeOpts()
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index afff68c22..748a0750f 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -379,3 +379,21 @@ t GET containers/$cid/json 200 \
     .HostConfig.Tmpfs['"/mnt/scratch"']~.*mode=755.*
 
 t DELETE containers/$cid?v=true 204
+
+# compat api: tmpfs without mount options
+payload='{"Mounts":[{"Type":"tmpfs","Target":"/mnt/scratch"}]}'
+t POST containers/create Image=$IMAGE HostConfig="$payload" 201 .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+t GET containers/$cid/json 200 \
+    .HostConfig.Tmpfs['"/mnt/scratch"']~.*tmpcopyup.* \
+
+t DELETE containers/$cid?v=true 204
+
+# compat api: bind mount without mount options
+payload='{"Mounts":[{"Type":"bind","Source":"/tmp","Target":"/mnt"}]}'
+t POST containers/create Image=$IMAGE HostConfig="$payload" 201 .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+t GET containers/$cid/json 200 \
+    .HostConfig.Binds[0]~/tmp:/mnt:.* \
+
+t DELETE containers/$cid?v=true 204
-- 
cgit v1.2.3-54-g00ecf


From b5dd62f31558caeb3c8cb4b83c0563db9f07cf20 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 14 Oct 2021 10:24:02 -0400
Subject: Don't use docker/pkg/archive, use containers/storage/pkg/archive

[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/diff/diff.go        | 2 +-
 libpod/container_copy_linux.go | 2 +-
 pkg/machine/pull.go            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/diff/diff.go b/cmd/podman/diff/diff.go
index 81bbb6c43..fba4ea540 100644
--- a/cmd/podman/diff/diff.go
+++ b/cmd/podman/diff/diff.go
@@ -8,7 +8,7 @@ import (
 	"github.com/containers/common/pkg/report"
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/pkg/domain/entities"
-	"github.com/docker/docker/pkg/archive"
+	"github.com/containers/storage/pkg/archive"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go
index 7d4dd0d46..954d54a1d 100644
--- a/libpod/container_copy_linux.go
+++ b/libpod/container_copy_linux.go
@@ -15,8 +15,8 @@ import (
 	"github.com/containers/buildah/util"
 	"github.com/containers/podman/v3/libpod/define"
 	"github.com/containers/podman/v3/pkg/rootless"
+	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
-	"github.com/docker/docker/pkg/archive"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go
index f79ac6ec4..3c8422a30 100644
--- a/pkg/machine/pull.go
+++ b/pkg/machine/pull.go
@@ -15,7 +15,7 @@ import (
 	"time"
 
 	"github.com/containers/image/v5/pkg/compression"
-	"github.com/docker/docker/pkg/archive"
+	"github.com/containers/storage/pkg/archive"
 	"github.com/sirupsen/logrus"
 	"github.com/vbauerster/mpb/v6"
 	"github.com/vbauerster/mpb/v6/decor"
-- 
cgit v1.2.3-54-g00ecf