From fe4333c1e87ab479fda44261b2cb820484422f85 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 11 Feb 2021 22:55:56 +0100 Subject: Enable whitespace linter Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger Signed-off-by: Matthew Heon --- libpod/runtime.go | 5 ----- 1 file changed, 5 deletions(-) (limited to 'libpod/runtime.go') diff --git a/libpod/runtime.go b/libpod/runtime.go index 0dc220b52..9ab98a27e 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -146,7 +146,6 @@ func NewRuntime(ctx context.Context, options ...RuntimeOption) (*Runtime, error) // An error will be returned if the configuration file at the given path does // not exist or cannot be loaded func NewRuntimeFromConfig(ctx context.Context, userConfig *config.Config, options ...RuntimeOption) (*Runtime, error) { - return newRuntimeFromConfig(ctx, userConfig, options...) } @@ -382,7 +381,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // Initialize remaining OCI runtimes for name, paths := range runtime.config.Engine.OCIRuntimes { - ociRuntime, err := newConmonOCIRuntime(name, paths, runtime.conmonPath, runtime.runtimeFlags, runtime.config) if err != nil { // Don't fatally error. @@ -437,7 +435,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // Set up the CNI net plugin if !rootless.IsRootless() { - netPlugin, err := ocicni.InitCNI(runtime.config.Network.DefaultNetwork, runtime.config.Network.NetworkConfigDir, runtime.config.Network.CNIPluginDirs...) if err != nil { return errors.Wrapf(err, "error configuring CNI network plugin") @@ -484,7 +481,6 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { if became { os.Exit(ret) } - } // If the file doesn't exist, we need to refresh the state // This will trigger on first use as well, but refreshing an @@ -787,7 +783,6 @@ type DBConfig struct { // mergeDBConfig merges the configuration from the database. func (r *Runtime) mergeDBConfig(dbConfig *DBConfig) { - c := &r.config.Engine if !r.storageSet.RunRootSet && dbConfig.StorageTmp != "" { if r.storageConfig.RunRoot != dbConfig.StorageTmp && -- cgit v1.2.3-54-g00ecf From 873014e4eee81ab090b2c97ba0ce99be7c798b75 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 5 Feb 2021 06:04:30 -0500 Subject: Do not reset storage when running inside of a container Currently if the host shares container storage with a container running podman, the podman inside of the container resets the storage on the host. This can cause issues on the host, as well as causes the podman command running the container, to fail to unmount /dev/shm. podman run -ti --rm --privileged -v /var/lib/containers:/var/lib/containers quay.io/podman/stable podman run alpine echo hello * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy Since podman is volume mounting in the graphroot, it will add a flag to /run/.containerenv to tell podman inside of container whether to reset storage or not. Since the inner podman is running inside of the container, no reason to assume this is a fresh reboot, so if "container" environment variable is set then skip reset of storage. Also added tests to make sure /run/.containerenv is runnig correctly. Fixes: https://github.com/containers/podman/issues/9191 Signed-off-by: Daniel J Walsh Signed-off-by: Matthew Heon --- libpod/container_internal_linux.go | 4 ++-- libpod/runtime.go | 37 ++++++++++++++++++++++++++++++++++--- test/e2e/run_test.go | 23 +++++++++++++++++++++++ 3 files changed, 59 insertions(+), 5 deletions(-) (limited to 'libpod/runtime.go') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 2f1bd52c4..1da8e6c38 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1626,7 +1626,7 @@ func (c *Container) makeBindMounts() error { // Make .containerenv if it does not exist if _, ok := c.state.BindMounts["/run/.containerenv"]; !ok { - var containerenv string + containerenv := c.runtime.graphRootMountedFlag(c.config.Spec.Mounts) isRootless := 0 if rootless.IsRootless() { isRootless = 1 @@ -1641,7 +1641,7 @@ id=%q image=%q imageid=%q rootless=%d -`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless) +%s`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless, containerenv) } containerenvPath, err := c.writeStringToRundir(".containerenv", containerenv) if err != nil { diff --git a/libpod/runtime.go b/libpod/runtime.go index 9ab98a27e..7726a1f8e 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -1,6 +1,7 @@ package libpod import ( + "bufio" "context" "fmt" "os" @@ -26,6 +27,7 @@ import ( "github.com/containers/storage" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/pkg/namesgenerator" + spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -622,9 +624,12 @@ func (r *Runtime) Shutdown(force bool) error { func (r *Runtime) refresh(alivePath string) error { logrus.Debugf("Podman detected system restart - performing state refresh") - // First clear the state in the database - if err := r.state.Refresh(); err != nil { - return err + // Clear state of database if not running in container + if !graphRootMounted() { + // First clear the state in the database + if err := r.state.Refresh(); err != nil { + return err + } } // Next refresh the state of all containers to recreate dirs and @@ -899,3 +904,29 @@ func (r *Runtime) getVolumePlugin(name string) (*plugin.VolumePlugin, error) { return plugin.GetVolumePlugin(name, pluginPath) } + +func graphRootMounted() bool { + f, err := os.OpenFile("/run/.containerenv", os.O_RDONLY, os.ModePerm) + if err != nil { + return false + } + defer f.Close() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + if scanner.Text() == "graphRootMounted=1" { + return true + } + } + return false +} + +func (r *Runtime) graphRootMountedFlag(mounts []spec.Mount) string { + root := r.store.GraphRoot() + for _, val := range mounts { + if strings.HasPrefix(root, val.Source) { + return "graphRootMounted=1" + } + } + return "" +} diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 7d367cccf..bff3995df 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -47,6 +47,29 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman run check /run/.containerenv", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/run/.containerenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("")) + + session = podmanTest.Podman([]string{"run", "--privileged", "--name=test1", ALPINE, "cat", "/run/.containerenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("name=\"test1\"")) + Expect(session.OutputToString()).To(ContainSubstring("image=\"" + ALPINE + "\"")) + + session = podmanTest.Podman([]string{"run", "-v", "/:/host", ALPINE, "cat", "/run/.containerenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("graphRootMounted=1")) + + session = podmanTest.Podman([]string{"run", "-v", "/:/host", "--privileged", ALPINE, "cat", "/run/.containerenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("graphRootMounted=1")) + }) + It("podman run a container based on a complex local image name", func() { imageName := strings.TrimPrefix(nginx, "quay.io/") session := podmanTest.Podman([]string{"run", imageName, "ls"}) -- cgit v1.2.3-54-g00ecf