From 36039a38ea8463c31c14ce52c38f22cc93e72ede Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 10:46:30 +0200 Subject: create: move validate after setting default ns validate the configuration only after we set the default namespaces. Signed-off-by: Giuseppe Scrivano --- pkg/specgen/generate/container_create.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'pkg') diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 1be77d315..369c64e1f 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -15,9 +15,6 @@ import ( // MakeContainer creates a container based on the SpecGenerator func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Container, error) { - if err := s.Validate(); err != nil { - return nil, errors.Wrap(err, "invalid config provided") - } rtc, err := rt.GetConfig() if err != nil { return nil, err @@ -94,6 +91,10 @@ func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Contai options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName)) + if err := s.Validate(); err != nil { + return nil, errors.Wrap(err, "invalid config provided") + } + runtimeSpec, err := SpecGenToOCI(s, rt, newImage) if err != nil { return nil, err -- cgit v1.2.3-54-g00ecf From 23d431f0bf4ef4e550d23b43264c2ffdc940c767 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 10:49:15 +0200 Subject: specgen: fix error message the check is correct but the error message was stating the opposite. Signed-off-by: Giuseppe Scrivano --- pkg/specgen/container_validate.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg') diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 56c1a7ea9..87fc59dfe 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -34,7 +34,7 @@ func (s *SpecGenerator) Validate() error { } // Cannot set hostname and utsns if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() { - return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when creating an UTS namespace") + return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace") } // systemd values must be true, false, or always if len(s.ContainerBasicConfig.Systemd) > 0 && !util.StringInSlice(strings.ToLower(s.ContainerBasicConfig.Systemd), SystemDValues) { -- cgit v1.2.3-54-g00ecf From a3acc4f97775a446f93deeb924ab99b708bcfe88 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 24 Apr 2020 11:41:37 +0200 Subject: podman: add support for --rootfs Signed-off-by: Giuseppe Scrivano --- cmd/podman/containers/create.go | 17 ++++++----------- cmd/podman/containers/run.go | 8 +++++--- pkg/specgen/generate/config_linux_cgo.go | 3 +++ pkg/specgen/generate/container.go | 6 +++++- pkg/specgen/generate/container_create.go | 16 ++++++++++------ pkg/specgen/specgen.go | 9 +++++++-- 6 files changed, 36 insertions(+), 23 deletions(-) (limited to 'pkg') diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 8f140e2b8..da550b606 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -75,8 +75,7 @@ func init() { func create(cmd *cobra.Command, args []string) error { var ( - err error - rawImageInput string + err error ) cliVals.Net, err = common.NetFlagsToNetOptions(cmd) if err != nil { @@ -92,20 +91,16 @@ func create(cmd *cobra.Command, args []string) error { defer errorhandling.SyncQuiet(cidFile) } - if rfs := cliVals.RootFS; !rfs { - rawImageInput = args[0] - } - if err := createInit(cmd); err != nil { return err } - if err := pullImage(args[0]); err != nil { - return err + if !cliVals.RootFS { + if err := pullImage(args[0]); err != nil { + return err + } } - - //TODO rootfs still - s := specgen.NewSpecGenerator(rawImageInput) + s := specgen.NewSpecGenerator(args[0], cliVals.RootFS) if err := common.FillOutSpecGen(s, &cliVals, args); err != nil { return err } diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index 409b72198..e3fe4cd0b 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -104,8 +104,10 @@ func run(cmd *cobra.Command, args []string) error { return err } - if err := pullImage(args[0]); err != nil { - return err + if !cliVals.RootFS { + if err := pullImage(args[0]); err != nil { + return err + } } // If -i is not set, clear stdin @@ -136,7 +138,7 @@ func run(cmd *cobra.Command, args []string) error { } runOpts.Detach = cliVals.Detach runOpts.DetachKeys = cliVals.DetachKeys - s := specgen.NewSpecGenerator(args[0]) + s := specgen.NewSpecGenerator(args[0], cliVals.RootFS) if err := common.FillOutSpecGen(s, &cliVals, args); err != nil { return err } diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go index b06ef5c9a..5d629a6e6 100644 --- a/pkg/specgen/generate/config_linux_cgo.go +++ b/pkg/specgen/generate/config_linux_cgo.go @@ -24,6 +24,9 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *imag } if scp == seccomp.PolicyImage { + if img == nil { + return nil, errors.New("cannot read seccomp profile without a valid image") + } labels, err := img.Labels(context.Background()) if err != nil { return nil, err diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index de3239fda..9797ad572 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -15,7 +15,11 @@ import ( func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerator) error { var appendEntryPoint bool - // TODO add support for raw rootfs + // If a rootfs is used, then there is no image data + if s.ContainerStorageConfig.Rootfs != "" { + return nil + } + newImage, err := r.ImageRuntime().NewFromLocal(s.Image) if err != nil { return err diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 369c64e1f..49a717c5d 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -7,6 +7,7 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/libpod/image" "github.com/containers/libpod/pkg/specgen" "github.com/containers/storage" "github.com/pkg/errors" @@ -84,13 +85,16 @@ func MakeContainer(rt *libpod.Runtime, s *specgen.SpecGenerator) (*libpod.Contai return nil, err } options = append(options, createExitCommandOption(s, rt.StorageConfig(), rtc, podmanPath)) - newImage, err := rt.ImageRuntime().NewFromLocal(s.Image) - if err != nil { - return nil, err + var newImage *image.Image + if s.Rootfs != "" { + options = append(options, libpod.WithRootFS(s.Rootfs)) + } else { + newImage, err = rt.ImageRuntime().NewFromLocal(s.Image) + if err != nil { + return nil, err + } + options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName)) } - - options = append(options, libpod.WithRootFSFromImage(newImage.ID(), s.Image, s.RawImageName)) - if err := s.Validate(); err != nil { return nil, errors.Wrap(err, "invalid config provided") } diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 37f2b3190..275af1f49 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -402,8 +402,13 @@ type NamedVolume struct { } // NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs -func NewSpecGenerator(image string) *SpecGenerator { - csc := ContainerStorageConfig{Image: image} +func NewSpecGenerator(arg string, rootfs bool) *SpecGenerator { + csc := ContainerStorageConfig{} + if rootfs { + csc.Rootfs = arg + } else { + csc.Image = arg + } return &SpecGenerator{ ContainerStorageConfig: csc, } -- cgit v1.2.3-54-g00ecf