From 69593923e08dcae27a7f56657f637cb79292a450 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:42:21 +0100 Subject: rootless: fix pod kill we don't need to access the storage Signed-off-by: Giuseppe Scrivano --- cmd/podman/pod_kill.go | 2 ++ 1 file changed, 2 insertions(+) (limited to 'cmd') diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go index ebd7db762..c538674a4 100644 --- a/cmd/podman/pod_kill.go +++ b/cmd/podman/pod_kill.go @@ -6,6 +6,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" + "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/pkg/signal" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -48,6 +49,7 @@ func init() { // podKillCmd kills one or more pods with a signal func podKillCmd(c *cliconfig.PodKillValues) error { + rootless.SetSkipStorageSetup(true) runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") -- cgit v1.2.3-54-g00ecf From 3f96d3617bd41a0fe653892c3c3675777b7aadf3 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:51:22 +0100 Subject: rootless: fix ps command Signed-off-by: Giuseppe Scrivano --- cmd/podman/main.go | 1 + cmd/podman/ps.go | 4 ++++ 2 files changed, 5 insertions(+) (limited to 'cmd') diff --git a/cmd/podman/main.go b/cmd/podman/main.go index ef300ef75..204344695 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -78,6 +78,7 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _podStopCommand: true, _podTopCommand: true, _restartCommand: true, + &_psCommand: true, _rmCommand: true, _runCommand: true, _unpauseCommand: true, diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index de6966c3b..ad942da2e 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -17,6 +17,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/util" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/go-units" @@ -200,6 +201,9 @@ func init() { } func psCmd(c *cliconfig.PsValues) error { + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } if c.Bool("trace") { span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd") defer span.Finish() -- cgit v1.2.3-54-g00ecf From 4ab7462adde0dff905e646cf4def54a2b2bc2804 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:57:36 +0100 Subject: rootless, rm: fix retcode when the container is not found Signed-off-by: Giuseppe Scrivano --- cmd/podman/rm.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 299420bb6..253771e14 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -108,6 +108,7 @@ func rmCmd(c *cliconfig.RmValues) error { c.Latest = false c.InputArgs = []string{rootless.Argument()} } else { + exitCode = 0 var containers []*libpod.Container if c.All { containers, err = runtime.GetContainers() @@ -121,6 +122,10 @@ func rmCmd(c *cliconfig.RmValues) error { for _, c := range c.InputArgs { container, err = runtime.LookupContainer(c) if err != nil { + if errors.Cause(err) == libpod.ErrNoSuchCtr { + exitCode = 1 + continue + } return err } containers = append(containers, container) @@ -136,7 +141,7 @@ func rmCmd(c *cliconfig.RmValues) error { os.Exit(ret) } } - os.Exit(0) + os.Exit(exitCode) } } -- cgit v1.2.3-54-g00ecf From ffc08860ce809effa7570e761f97f26267008bfe Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 10:13:21 +0100 Subject: rootless: reimplement restart with rootless.Argument() Signed-off-by: Giuseppe Scrivano --- cmd/podman/restart.go | 83 ++++++++++++++------------------------------------- 1 file changed, 23 insertions(+), 60 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go index 341cbf978..e6a6d8434 100644 --- a/cmd/podman/restart.go +++ b/cmd/podman/restart.go @@ -1,7 +1,6 @@ package main import ( - "fmt" "os" "github.com/containers/libpod/cmd/podman/cliconfig" @@ -61,6 +60,15 @@ func restartCmd(c *cliconfig.RestartValues) error { if os.Geteuid() != 0 { rootless.SetSkipStorageSetup(true) } + if rootless.IsRootless() { + // If we are in the re-execed rootless environment, + // override the arg to deal only with one container. + if os.Geteuid() == 0 { + c.All = false + c.Latest = false + c.InputArgs = []string{rootless.Argument()} + } + } args := c.InputArgs runOnly := c.Running @@ -107,6 +115,20 @@ func restartCmd(c *cliconfig.RestartValues) error { } } + if os.Geteuid() != 0 { + // In rootless mode we can deal with one container at at time. + for _, c := range restartContainers { + _, ret, err := joinContainerOrCreateRootlessUserNS(runtime, c) + if err != nil { + return err + } + if ret != 0 { + os.Exit(ret) + } + } + os.Exit(0) + } + maxWorkers := shared.Parallelize("restart") if c.GlobalIsSet("max-workers") { maxWorkers = c.GlobalFlags.MaxWorks @@ -114,22 +136,6 @@ func restartCmd(c *cliconfig.RestartValues) error { logrus.Debugf("Setting maximum workers to %d", maxWorkers) - if rootless.IsRootless() { - // With rootless containers we cannot really restart an existing container - // as we would need to join the mount namespace as well to be able to reuse - // the storage. - if err := stopRootlessContainers(restartContainers, timeout, useTimeout, maxWorkers); err != nil { - return err - } - became, ret, err := rootless.BecomeRootInUserNS() - if err != nil { - return err - } - if became { - os.Exit(ret) - } - } - // We now have a slice of all the containers to be restarted. Iterate them to // create restart Funcs with a timeout as needed for _, ctr := range restartContainers { @@ -152,46 +158,3 @@ func restartCmd(c *cliconfig.RestartValues) error { restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, restartFuncs) return printParallelOutput(restartErrors, errCount) } - -func stopRootlessContainers(stopContainers []*libpod.Container, timeout uint, useTimeout bool, maxWorkers int) error { - var stopFuncs []shared.ParallelWorkerInput - for _, ctr := range stopContainers { - state, err := ctr.State() - if err != nil { - return err - } - if state != libpod.ContainerStateRunning { - continue - } - - ctrTimeout := ctr.StopTimeout() - if useTimeout { - ctrTimeout = timeout - } - - c := ctr - f := func() error { - return c.StopWithTimeout(ctrTimeout) - } - - stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{ - ContainerID: c.ID(), - ParallelFunc: f, - }) - - restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, stopFuncs) - var lastError error - for _, result := range restartErrors { - if result != nil { - if errCount > 1 { - fmt.Println(result.Error()) - } - lastError = result - } - } - if lastError != nil { - return lastError - } - } - return nil -} -- cgit v1.2.3-54-g00ecf From ab576e8577b6cc95aebf4afb84d104cb74ea8717 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 10:24:06 +0100 Subject: rootless: implement pod restart Signed-off-by: Giuseppe Scrivano --- cmd/podman/main.go | 39 ++++++++++++++++++++------------------- cmd/podman/pod_restart.go | 14 ++++++++++++++ 2 files changed, 34 insertions(+), 19 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 204344695..dd8b61408 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -67,25 +67,26 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _exportCommand: true, //// `info` must be executed in an user namespace. //// If this change, please also update libpod.refreshRootless() - _loginCommand: true, - _logoutCommand: true, - _mountCommand: true, - _killCommand: true, - _pauseCommand: true, - _podRmCommand: true, - _podKillCommand: true, - _podStatsCommand: true, - _podStopCommand: true, - _podTopCommand: true, - _restartCommand: true, - &_psCommand: true, - _rmCommand: true, - _runCommand: true, - _unpauseCommand: true, - _searchCommand: true, - _statsCommand: true, - _stopCommand: true, - _topCommand: true, + _loginCommand: true, + _logoutCommand: true, + _mountCommand: true, + _killCommand: true, + _pauseCommand: true, + _podRmCommand: true, + _podKillCommand: true, + _podRestartCommand: true, + _podStatsCommand: true, + _podStopCommand: true, + _podTopCommand: true, + _restartCommand: true, + &_psCommand: true, + _rmCommand: true, + _runCommand: true, + _unpauseCommand: true, + _searchCommand: true, + _statsCommand: true, + _stopCommand: true, + _topCommand: true, } var rootCmd = &cobra.Command{ diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go index 0765b98db..9c8d28424 100644 --- a/cmd/podman/pod_restart.go +++ b/cmd/podman/pod_restart.go @@ -2,9 +2,11 @@ package main import ( "fmt" + "os" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -46,12 +48,24 @@ func init() { func podRestartCmd(c *cliconfig.PodRestartValues) error { var lastError error + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } defer runtime.Shutdown(false) + if rootless.IsRootless() { + var err error + + c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs) + if err != nil { + return err + } + } + restartIDs, conErrors, restartErrors := runtime.RestartPods(getContext(), c) for _, p := range restartIDs { -- cgit v1.2.3-54-g00ecf