From 4fa94d7e14bcfb41b4a73093f0b08a51469b2c45 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 2 Dec 2020 15:01:46 -0500 Subject: Do not mount sysfs as rootless in more cases We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon --- pkg/specgen/generate/oci.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 8454458a8..9649873fd 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt inUserNS = true } } - if inUserNS && s.NetNS.IsHost() { + if inUserNS && s.NetNS.NSMode != specgen.NoNetwork { canMountSys = false } -- cgit v1.2.3-54-g00ecf From 9b4266eb942b10926ea69ba13d84d5e36a61bd3c Mon Sep 17 00:00:00 2001 From: Milivoje Legenovic Date: Mon, 7 Dec 2020 12:50:10 +0100 Subject: Docker compat API - containers create ignores the name /containers/create compat endpoint does not set the name correctly (#7857) Signed-off-by: Milivoje Legenovic --- pkg/api/handlers/compat/containers_create.go | 6 +++--- test/apiv2/rest_api/test_rest_v2_0_0.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'pkg') diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go index 729639928..409a74de2 100644 --- a/pkg/api/handlers/compat/containers_create.go +++ b/pkg/api/handlers/compat/containers_create.go @@ -37,6 +37,9 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) { return } + // Override the container name in the body struct + body.Name = query.Name + if len(body.HostConfig.Links) > 0 { utils.Error(w, utils.ErrLinkNotSupport.Error(), http.StatusBadRequest, errors.Wrapf(utils.ErrLinkNotSupport, "bad parameter")) return @@ -69,9 +72,6 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) { return } - // Override the container name in the body struct - body.Name = query.Name - ic := abi.ContainerEngine{Libpod: runtime} report, err := ic.ContainerCreate(r.Context(), sg) if err != nil { diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index 52348d4f4..abb820053 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -172,7 +172,7 @@ class TestApi(unittest.TestCase): self.assertEqual(net_default.status_code, 201, net_default.text) create = requests.post( - PODMAN_URL + "/v1.40/containers/create?name=postCreate", + PODMAN_URL + "/v1.40/containers/create?name=postCreateConnect", json={ "Cmd": ["top"], "Image": "alpine:latest", -- cgit v1.2.3-54-g00ecf From 2ddb16d4c8ace2da51f4abd94efd463c637e8808 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 7 Dec 2020 11:58:10 +0100 Subject: container create: do not clear image name When creating a container, do not clear the input-image name before looking up image names. Also add a regression test. Fixes: #8558 Signed-off-by: Valentin Rothberg Signed-off-by: Matthew Heon --- pkg/specgen/generate/container_create.go | 1 - test/system/030-run.bats | 11 +++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 45a374216..6a77d0807 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -98,7 +98,6 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener // present. imgName := newImage.InputName if s.Image == newImage.InputName && strings.HasPrefix(newImage.ID(), s.Image) { - imgName = "" names := newImage.Names() if len(names) > 0 { imgName = names[0] diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 71831da10..bf7f67f7f 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -532,6 +532,17 @@ json-file | f run_podman untag $IMAGE $newtag $newtag2 } +# Regression test for issue #8558 +@test "podman run on untagged image: make sure that image metadata is set" { + run_podman inspect $IMAGE --format "{{.ID}}" + imageID="$output" + + run_podman untag $IMAGE + run_podman run --rm $imageID ls + + run_podman tag $imageID $IMAGE +} + @test "podman run with --net=host and --port prints warning" { run_podman run -d --rm -p 8080 --net=host $IMAGE ls > /dev/null is "$output" ".*Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use" -- cgit v1.2.3-54-g00ecf From 34eac83371210e8fd445244fcf91599580edf39e Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Fri, 4 Dec 2020 11:00:02 -0500 Subject: Close image rawSource when each loop ends Previously close rawSouce in the middle makes future use of rawSource invalid. Move the rawSource.Close() to the end of each loop. Signed-off-by: Qi Wang --- pkg/domain/infra/abi/images.go | 147 +++++++++++++++++++++-------------------- 1 file changed, 77 insertions(+), 70 deletions(-) (limited to 'pkg') diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index ef0e15264..75ce518b6 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -714,83 +714,90 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie } for _, signimage := range names { - srcRef, err := alltransports.ParseImageName(signimage) - if err != nil { - return nil, errors.Wrapf(err, "error parsing image name") - } - rawSource, err := srcRef.NewImageSource(ctx, sc) - if err != nil { - return nil, errors.Wrapf(err, "error getting image source") - } - err = rawSource.Close() - if err != nil { - logrus.Errorf("unable to close new image source %q", err) - } - getManifest, _, err := rawSource.GetManifest(ctx, nil) - if err != nil { - return nil, errors.Wrapf(err, "error getting getManifest") - } - dockerReference := rawSource.Reference().DockerReference() - if dockerReference == nil { - return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference())) - } - var sigStoreDir string - if options.Directory != "" { - sigStoreDir = options.Directory - } - if sigStoreDir == "" { - if rootless.IsRootless() { - sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore") - } else { - var sigStoreURI string - registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) - if registryInfo != nil { - if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" { - sigStoreURI = registryInfo.SigStore - } + err = func() error { + srcRef, err := alltransports.ParseImageName(signimage) + if err != nil { + return errors.Wrapf(err, "error parsing image name") + } + rawSource, err := srcRef.NewImageSource(ctx, sc) + if err != nil { + return errors.Wrapf(err, "error getting image source") + } + defer func() { + if err = rawSource.Close(); err != nil { + logrus.Errorf("unable to close %s image source %q", srcRef.DockerReference().Name(), err) } - if sigStoreURI == "" { - return nil, errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String()) + }() + getManifest, _, err := rawSource.GetManifest(ctx, nil) + if err != nil { + return errors.Wrapf(err, "error getting getManifest") + } + dockerReference := rawSource.Reference().DockerReference() + if dockerReference == nil { + return errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference())) + } + var sigStoreDir string + if options.Directory != "" { + sigStoreDir = options.Directory + } + if sigStoreDir == "" { + if rootless.IsRootless() { + sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore") + } else { + var sigStoreURI string + registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) + if registryInfo != nil { + if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" { + sigStoreURI = registryInfo.SigStore + } + } + if sigStoreURI == "" { + return errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String()) - } - sigStoreDir, err = localPathFromURI(sigStoreURI) - if err != nil { - return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreURI) + } + sigStoreDir, err = localPathFromURI(sigStoreURI) + if err != nil { + return errors.Wrapf(err, "invalid signature storage %s", sigStoreURI) + } } } - } - manifestDigest, err := manifest.Digest(getManifest) - if err != nil { - return nil, err - } - repo := reference.Path(dockerReference) - if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references - return nil, errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String()) - } + manifestDigest, err := manifest.Digest(getManifest) + if err != nil { + return err + } + repo := reference.Path(dockerReference) + if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references + return errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String()) + } - // create signature - newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy) - if err != nil { - return nil, errors.Wrapf(err, "error creating new signature") - } - // create the signstore file - signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex()) - if err := os.MkdirAll(signatureDir, 0751); err != nil { - // The directory is allowed to exist - if !os.IsExist(err) { - logrus.Error(err) - continue + // create signature + newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy) + if err != nil { + return errors.Wrapf(err, "error creating new signature") } - } - sigFilename, err := getSigFilename(signatureDir) - if err != nil { - logrus.Errorf("error creating sigstore file: %v", err) - continue - } - err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644) + // create the signstore file + signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex()) + if err := os.MkdirAll(signatureDir, 0751); err != nil { + // The directory is allowed to exist + if !os.IsExist(err) { + logrus.Error(err) + return nil + } + } + sigFilename, err := getSigFilename(signatureDir) + if err != nil { + logrus.Errorf("error creating sigstore file: %v", err) + return nil + } + err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644) + if err != nil { + logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String()) + return nil + } + return nil + }() if err != nil { - logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String()) - continue + return nil, err } } return nil, nil -- cgit v1.2.3-54-g00ecf From a680958de0b56ce2d681a8b1cc14692f578c74a4 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Fri, 4 Dec 2020 17:08:39 +0100 Subject: Use PasswordCallback instead of Password for ssh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently asking for login password, even if not supported by the ssh server. So wait with prompt until actually requested. Signed-off-by: Anders F Björklund --- pkg/bindings/connection.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkg') diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index 31435ae91..b0e3ceb9b 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -207,11 +207,11 @@ func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) ( authMethods = append(authMethods, ssh.Password(pw)) } if len(authMethods) == 0 { - pass, err := terminal.ReadPassword("Login password:") - if err != nil { - return Connection{}, err + callback := func() (string, error) { + pass, err := terminal.ReadPassword("Login password:") + return string(pass), err } - authMethods = append(authMethods, ssh.Password(string(pass))) + authMethods = append(authMethods, ssh.PasswordCallback(callback)) } port := _url.Port() -- cgit v1.2.3-54-g00ecf From 0bbb997838c4828b63c7f45003866fff1fe517e7 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 2 Dec 2020 08:28:30 -0500 Subject: Support --network=default as if it was private Docker defines an option of "default" which means to use the default network. We should support this with the same code path as --network="". This is important for compatibility with the Docker API. Fixes: https://github.com/containers/podman/issues/8544 Signed-off-by: Daniel J Walsh --- pkg/specgen/generate/namespaces.go | 2 ++ pkg/specgen/namespaces.go | 16 +++++++--------- test/e2e/run_networking_test.go | 23 +++++++++++++++++++++-- 3 files changed, 30 insertions(+), 11 deletions(-) (limited to 'pkg') diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index ddc73ca61..036c7b7a1 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -233,6 +233,8 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. val = fmt.Sprintf("slirp4netns:%s", s.NetNS.Value) } toReturn = append(toReturn, libpod.WithNetNS(portMappings, postConfigureNetNS, val, nil)) + case specgen.Private: + fallthrough case specgen.Bridge: portMappings, err := createPortMappings(ctx, s, img) if err != nil { diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index d15745fa0..9d78a0210 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -258,24 +258,22 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) { var cniNetworks []string // Net defaults to Slirp on rootless switch { - case ns == "slirp4netns", strings.HasPrefix(ns, "slirp4netns:"): + case ns == string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"): toReturn.NSMode = Slirp - case ns == "pod": + case ns == string(FromPod): toReturn.NSMode = FromPod - case ns == "": + case ns == "" || ns == string(Default) || ns == string(Private): if rootless.IsRootless() { toReturn.NSMode = Slirp } else { toReturn.NSMode = Bridge } - case ns == "bridge": + case ns == string(Bridge): toReturn.NSMode = Bridge - case ns == "none": + case ns == string(NoNetwork): toReturn.NSMode = NoNetwork - case ns == "host": + case ns == string(Host): toReturn.NSMode = Host - case ns == "private": - toReturn.NSMode = Private case strings.HasPrefix(ns, "ns:"): split := strings.SplitN(ns, ":", 2) if len(split) != 2 { @@ -283,7 +281,7 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) { } toReturn.NSMode = Path toReturn.Value = split[1] - case strings.HasPrefix(ns, "container:"): + case strings.HasPrefix(ns, string(FromContainer)+":"): split := strings.SplitN(ns, ":", 2) if len(split) != 2 { return toReturn, nil, errors.Errorf("must provide name or ID or a container when specifying container:") diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 3e80e953e..3fb00a28b 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -49,9 +49,28 @@ var _ = Describe("Podman run networking", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman run network connection with default", func() { + session := podmanTest.Podman([]string{"run", "--network", "default", ALPINE, "wget", "www.podman.io"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run network connection with none", func() { + session := podmanTest.Podman([]string{"run", "--network", "none", ALPINE, "wget", "www.podman.io"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + Expect(session.ErrorToString()).To(ContainSubstring("wget: bad address 'www.podman.io'")) + }) + + It("podman run network connection with private", func() { + session := podmanTest.Podman([]string{"run", "--network", "private", ALPINE, "wget", "www.podman.io"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman run network connection with loopback", func() { - session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.podman.io"}) - session.Wait(90) + session := podmanTest.Podman([]string{"run", "--network", "host", ALPINE, "wget", "www.podman.io"}) + session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) -- cgit v1.2.3-54-g00ecf From 704dff44c60b4bcb1327c7ef99289cda27baaae0 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Wed, 2 Dec 2020 16:10:18 -0700 Subject: Change bindings to stop two API calls for ping * existing code caused an unnecessary 301 redirect Signed-off-by: Jhon Honce --- pkg/bindings/connection.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index b0e3ceb9b..f2cb3147c 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -152,7 +152,7 @@ func pingNewConnection(ctx context.Context) error { return err } // the ping endpoint sits at / in this case - response, err := client.DoRequest(nil, http.MethodGet, "../../../_ping", nil, nil) + response, err := client.DoRequest(nil, http.MethodGet, "/_ping", nil, nil) if err != nil { return err } -- cgit v1.2.3-54-g00ecf From fa9ad1671e9b3433c6b5fb0c393cebca70a0811b Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 2 Dec 2020 10:05:34 -0500 Subject: Use Libpod tmpdir for pause path Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon --- libpod/reset.go | 2 +- libpod/runtime.go | 11 ++++++++++- libpod/runtime_migrate.go | 6 +++--- libpod/runtime_migrate_unsupported.go | 2 +- pkg/domain/infra/abi/system.go | 17 +++++++++++++---- pkg/util/utils_supported.go | 13 ++++++++++++- pkg/util/utils_windows.go | 6 ++++++ 7 files changed, 46 insertions(+), 11 deletions(-) (limited to 'pkg') diff --git a/libpod/reset.go b/libpod/reset.go index f8828fed4..6d2842723 100644 --- a/libpod/reset.go +++ b/libpod/reset.go @@ -46,7 +46,7 @@ func (r *Runtime) Reset(ctx context.Context) error { } } - if err := stopPauseProcess(); err != nil { + if err := r.stopPauseProcess(); err != nil { logrus.Errorf("Error stopping pause process: %v", err) } diff --git a/libpod/runtime.go b/libpod/runtime.go index 73d73fb5d..1f50f3407 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -472,7 +472,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { // we will need to access the storage. if os.Geteuid() != 0 { aliveLock.Unlock() // Unlock to avoid deadlock as BecomeRootInUserNS will reexec. - pausePid, err := util.GetRootlessPauseProcessPidPath() + pausePid, err := util.GetRootlessPauseProcessPidPathGivenDir(runtime.config.Engine.TmpDir) if err != nil { return errors.Wrapf(err, "could not get pause process pid file path") } @@ -538,6 +538,15 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { return nil } +// TmpDir gets the current Libpod temporary files directory. +func (r *Runtime) TmpDir() (string, error) { + if !r.valid { + return "", define.ErrRuntimeStopped + } + + return r.config.Engine.TmpDir, nil +} + // GetConfig returns a copy of the configuration used by the runtime func (r *Runtime) GetConfig() (*config.Config, error) { r.lock.RLock() diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go index 1ad32fe9c..f0f800ef0 100644 --- a/libpod/runtime_migrate.go +++ b/libpod/runtime_migrate.go @@ -18,9 +18,9 @@ import ( "github.com/sirupsen/logrus" ) -func stopPauseProcess() error { +func (r *Runtime) stopPauseProcess() error { if rootless.IsRootless() { - pausePidPath, err := util.GetRootlessPauseProcessPidPath() + pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(r.config.Engine.TmpDir) if err != nil { return errors.Wrapf(err, "could not get pause process pid file path") } @@ -98,5 +98,5 @@ func (r *Runtime) migrate(ctx context.Context) error { } } - return stopPauseProcess() + return r.stopPauseProcess() } diff --git a/libpod/runtime_migrate_unsupported.go b/libpod/runtime_migrate_unsupported.go index e362cca63..a9d351318 100644 --- a/libpod/runtime_migrate_unsupported.go +++ b/libpod/runtime_migrate_unsupported.go @@ -10,6 +10,6 @@ func (r *Runtime) migrate(ctx context.Context) error { return nil } -func stopPauseProcess() error { +func (r *Runtime) stopPauseProcess() error { return nil } diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 72fd98ac1..ec2532bea 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -11,6 +11,7 @@ import ( "strings" "github.com/containers/common/pkg/config" + "github.com/containers/podman/v2/libpod" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/domain/entities" @@ -86,7 +87,11 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) return nil } - pausePidPath, err := util.GetRootlessPauseProcessPidPath() + tmpDir, err := ic.Libpod.TmpDir() + if err != nil { + return err + } + pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir) if err != nil { return errors.Wrapf(err, "could not get pause process pid file path") } @@ -112,7 +117,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) } became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths) - if err := movePauseProcessToScope(); err != nil { + if err := movePauseProcessToScope(ic.Libpod); err != nil { conf, err := ic.Config(context.Background()) if err != nil { return err @@ -133,8 +138,12 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) return nil } -func movePauseProcessToScope() error { - pausePidPath, err := util.GetRootlessPauseProcessPidPath() +func movePauseProcessToScope(r *libpod.Runtime) error { + tmpDir, err := r.TmpDir() + if err != nil { + return err + } + pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir) if err != nil { return errors.Wrapf(err, "could not get pause process pid file path") } diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go index 2d636a7cb..a63c76415 100644 --- a/pkg/util/utils_supported.go +++ b/pkg/util/utils_supported.go @@ -99,7 +99,8 @@ func GetRootlessConfigHomeDir() (string, error) { } // GetRootlessPauseProcessPidPath returns the path to the file that holds the pid for -// the pause process +// the pause process. +// DEPRECATED - switch to GetRootlessPauseProcessPidPathGivenDir func GetRootlessPauseProcessPidPath() (string, error) { runtimeDir, err := GetRuntimeDir() if err != nil { @@ -107,3 +108,13 @@ func GetRootlessPauseProcessPidPath() (string, error) { } return filepath.Join(runtimeDir, "libpod", "pause.pid"), nil } + +// GetRootlessPauseProcessPidPathGivenDir returns the path to the file that +// holds the PID of the pause process, given the location of Libpod's temporary +// files. +func GetRootlessPauseProcessPidPathGivenDir(libpodTmpDir string) (string, error) { + if libpodTmpDir == "" { + return "", errors.Errorf("must provide non-empty tmporary directory") + } + return filepath.Join(libpodTmpDir, "pause.pid"), nil +} diff --git a/pkg/util/utils_windows.go b/pkg/util/utils_windows.go index 9bba2d1ee..46ca5e7f1 100644 --- a/pkg/util/utils_windows.go +++ b/pkg/util/utils_windows.go @@ -25,6 +25,12 @@ func GetRootlessPauseProcessPidPath() (string, error) { return "", errors.Wrap(errNotImplemented, "GetRootlessPauseProcessPidPath") } +// GetRootlessPauseProcessPidPath returns the path to the file that holds the pid for +// the pause process +func GetRootlessPauseProcessPidPathGivenDir(unused string) (string, error) { + return "", errors.Wrap(errNotImplemented, "GetRootlessPauseProcessPidPath") +} + // GetRuntimeDir returns the runtime directory func GetRuntimeDir() (string, error) { return "", errors.New("this function is not implemented for windows") -- cgit v1.2.3-54-g00ecf From bc602e49a2dd6141f1a3ea2a906df5386f33ac2d Mon Sep 17 00:00:00 2001 From: baude Date: Wed, 2 Dec 2020 08:19:48 -0600 Subject: target is not tag remove mistaken use of target being used for tag Signed-off-by: baude --- pkg/api/handlers/compat/images_build.go | 4 ---- 1 file changed, 4 deletions(-) (limited to 'pkg') diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index a4bb72140..149050209 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -104,9 +104,6 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { if len(query.Tag) > 0 { output = query.Tag[0] } - if _, found := r.URL.Query()["target"]; found { - output = query.Target - } var additionalNames []string if len(query.Tag) > 1 { @@ -162,7 +159,6 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { reporter := channel.NewWriter(make(chan []byte, 1)) defer reporter.Close() - buildOptions := imagebuildah.BuildOptions{ ContextDirectory: contextDirectory, PullPolicy: pullPolicy, -- cgit v1.2.3-54-g00ecf From 688a6f1dd57e847c4d4ad8dc900b7e0adfa70c04 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 1 Dec 2020 14:51:11 -0500 Subject: Do not use "true" after "syslog" in exit commands Instead of being interpreted as an argument to the boolean flag, the 'true' is being intepreted as the Podman command to be run - so we're trying to run `podman true`, which does not exist. This causes the cleanup command to fail when `--log-level=debug` is set, so containers are not cleaned up or removed. This problem is easily reproduced with any command combining the `--rm`, `-d`, and `--log-level=debug` flags - the command will execute and exit, but the container will not be removed. Separate, but worth looking into later: the errors we get on trying `podman true` with any flags are terrible - if you just type `podman true` you get a quite sane "Unrecognized command" error, but if you try `podman true --rm` you get an "unknown flag --rm" error - which makes very little sense given the command itself doesn't exist. Signed-off-by: Matthew Heon --- pkg/specgen/generate/container_create.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 6a77d0807..4f36744ca 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -387,7 +387,7 @@ func CreateExitCommandArgs(storageConfig storage.StoreOptions, config *config.Co } if syslog { - command = append(command, "--syslog", "true") + command = append(command, "--syslog") } command = append(command, []string{"container", "cleanup"}...) -- cgit v1.2.3-54-g00ecf