From 7a5342804944472246ed0b977e9088e0b01be87b Mon Sep 17 00:00:00 2001 From: cdoern Date: Mon, 21 Mar 2022 22:52:50 -0400 Subject: fix pod volume passing and alter infra inheritance the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern Signed-off-by: cdoern Signed-off-by: cdoern --- libpod/container_config.go | 23 +++++++++++++++-------- libpod/container_inspect.go | 6 +++--- libpod/container_internal.go | 4 ++-- libpod/kube.go | 2 +- libpod/pod_api.go | 4 ++-- 5 files changed, 23 insertions(+), 16 deletions(-) (limited to 'libpod') diff --git a/libpod/container_config.go b/libpod/container_config.go index 0d9cd5723..ea644764c 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -8,6 +8,7 @@ import ( "github.com/containers/common/pkg/secrets" "github.com/containers/image/v5/manifest" "github.com/containers/podman/v4/pkg/namespaces" + "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/storage" spec "github.com/opencontainers/runtime-spec/specs-go" ) @@ -405,13 +406,19 @@ type ContainerMiscConfig struct { InitContainerType string `json:"init_container_type,omitempty"` } +// InfraInherit contains the compatible options inheritable from the infra container type InfraInherit struct { - InfraSecurity ContainerSecurityConfig - InfraLabels []string `json:"labelopts,omitempty"` - InfraVolumes []*ContainerNamedVolume `json:"namedVolumes,omitempty"` - InfraOverlay []*ContainerOverlayVolume `json:"overlayVolumes,omitempty"` - InfraImageVolumes []*ContainerImageVolume `json:"ctrImageVolumes,omitempty"` - InfraUserVolumes []string `json:"userVolumes,omitempty"` - InfraResources *spec.LinuxResources `json:"resources,omitempty"` - InfraDevices []spec.LinuxDevice `json:"device_host_src,omitempty"` + ApparmorProfile string `json:"apparmor_profile,omitempty"` + CapAdd []string `json:"cap_add,omitempty"` + CapDrop []string `json:"cap_drop,omitempty"` + HostDeviceList []spec.LinuxDevice `json:"host_device_list,omitempty"` + ImageVolumes []*specgen.ImageVolume `json:"image_volumes,omitempty"` + InfraResources *spec.LinuxResources `json:"resource_limits,omitempty"` + Mounts []spec.Mount `json:"mounts,omitempty"` + NoNewPrivileges bool `json:"no_new_privileges,omitempty"` + OverlayVolumes []*specgen.OverlayVolume `json:"overlay_volumes,omitempty"` + SeccompPolicy string `json:"seccomp_policy,omitempty"` + SeccompProfilePath string `json:"seccomp_profile_path,omitempty"` + SelinuxOpts []string `json:"selinux_opts,omitempty"` + Volumes []*specgen.NamedVolume `json:"volumes,omitempty"` } diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 5fb32bd90..f2a2c2d16 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -103,8 +103,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver } } - namedVolumes, mounts := c.sortUserVolumes(ctrSpec) - inspectMounts, err := c.GetInspectMounts(namedVolumes, c.config.ImageVolumes, mounts) + namedVolumes, mounts := c.SortUserVolumes(ctrSpec) + inspectMounts, err := c.GetMounts(namedVolumes, c.config.ImageVolumes, mounts) if err != nil { return nil, err } @@ -222,7 +222,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver // Get inspect-formatted mounts list. // Only includes user-specified mounts. Only includes bind mounts and named // volumes, not tmpfs volumes. -func (c *Container) GetInspectMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, mounts []spec.Mount) ([]define.InspectMount, error) { +func (c *Container) GetMounts(namedVolumes []*ContainerNamedVolume, imageVolumes []*ContainerImageVolume, mounts []spec.Mount) ([]define.InspectMount, error) { inspectMounts := []define.InspectMount{} // No mounts, return early diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 0db59f2fe..f1f467879 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -2235,9 +2235,9 @@ func (c *Container) prepareCheckpointExport() error { return nil } -// sortUserVolumes sorts the volumes specified for a container +// SortUserVolumes sorts the volumes specified for a container // between named and normal volumes -func (c *Container) sortUserVolumes(ctrSpec *spec.Spec) ([]*ContainerNamedVolume, []spec.Mount) { +func (c *Container) SortUserVolumes(ctrSpec *spec.Spec) ([]*ContainerNamedVolume, []spec.Mount) { namedUserVolumes := []*ContainerNamedVolume{} userMounts := []spec.Mount{} diff --git a/libpod/kube.go b/libpod/kube.go index a193df2cb..22fbb5f9f 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -773,7 +773,7 @@ func libpodEnvVarsToKubeEnvVars(envs []string, imageEnvs []string) ([]v1.EnvVar, // libpodMountsToKubeVolumeMounts converts the containers mounts to a struct kube understands func libpodMountsToKubeVolumeMounts(c *Container) ([]v1.VolumeMount, []v1.Volume, map[string]string, error) { - namedVolumes, mounts := c.sortUserVolumes(c.config.Spec) + namedVolumes, mounts := c.SortUserVolumes(c.config.Spec) vms := make([]v1.VolumeMount, 0, len(mounts)) vos := make([]v1.Volume, 0, len(mounts)) annotations := make(map[string]string) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index be726d8d1..48049798b 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -602,8 +602,8 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus infraConfig.PidNS = p.PidMode() infraConfig.UserNS = p.UserNSMode() - namedVolumes, mounts := infra.sortUserVolumes(infra.config.Spec) - inspectMounts, err = infra.GetInspectMounts(namedVolumes, infra.config.ImageVolumes, mounts) + namedVolumes, mounts := infra.SortUserVolumes(infra.config.Spec) + inspectMounts, err = infra.GetMounts(namedVolumes, infra.config.ImageVolumes, mounts) infraSecurity = infra.GetSecurityOptions() if err != nil { return nil, err -- cgit v1.2.3-54-g00ecf