mirror of
https://github.com/containers/podman.git
synced 2025-12-01 02:27:13 +08:00
vendor latest c/{buildah,common,image,storage}
Make sure everything passes for rc2. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
14
vendor/github.com/containers/buildah/chroot/run_common.go
generated
vendored
14
vendor/github.com/containers/buildah/chroot/run_common.go
generated
vendored
@@ -48,12 +48,13 @@ func init() {
|
||||
type runUsingChrootExecSubprocOptions struct {
|
||||
Spec *specs.Spec
|
||||
BundlePath string
|
||||
NoPivot bool
|
||||
}
|
||||
|
||||
// RunUsingChroot runs a chrooted process, using some of the settings from the
|
||||
// passed-in spec, and using the specified bundlePath to hold temporary files,
|
||||
// directories, and mountpoints.
|
||||
func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reader, stdout, stderr io.Writer) (err error) {
|
||||
func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reader, stdout, stderr io.Writer, noPivot bool) (err error) {
|
||||
var confwg sync.WaitGroup
|
||||
var homeFound bool
|
||||
for _, env := range spec.Process.Env {
|
||||
@@ -97,6 +98,7 @@ func RunUsingChroot(spec *specs.Spec, bundlePath, homeDir string, stdin io.Reade
|
||||
config, conferr := json.Marshal(runUsingChrootSubprocOptions{
|
||||
Spec: spec,
|
||||
BundlePath: bundlePath,
|
||||
NoPivot: noPivot,
|
||||
})
|
||||
if conferr != nil {
|
||||
return fmt.Errorf("encoding configuration for %q: %w", runUsingChrootCommand, conferr)
|
||||
@@ -196,6 +198,7 @@ func runUsingChrootMain() {
|
||||
fmt.Fprintf(os.Stderr, "invalid options spec in runUsingChrootMain\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
noPivot := options.NoPivot
|
||||
|
||||
// Prepare to shuttle stdio back and forth.
|
||||
rootUID32, rootGID32, err := util.GetHostRootIDs(options.Spec)
|
||||
@@ -442,7 +445,7 @@ func runUsingChrootMain() {
|
||||
}()
|
||||
|
||||
// Set up mounts and namespaces, and run the parent subprocess.
|
||||
status, err := runUsingChroot(options.Spec, options.BundlePath, ctty, stdin, stdout, stderr, closeOnceRunning)
|
||||
status, err := runUsingChroot(options.Spec, options.BundlePath, ctty, stdin, stdout, stderr, noPivot, closeOnceRunning)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error running subprocess: %v\n", err)
|
||||
os.Exit(1)
|
||||
@@ -463,7 +466,7 @@ func runUsingChrootMain() {
|
||||
// runUsingChroot, still in the grandparent process, sets up various bind
|
||||
// mounts and then runs the parent process in its own user namespace with the
|
||||
// necessary ID mappings.
|
||||
func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io.Reader, stdout, stderr io.Writer, closeOnceRunning []*os.File) (wstatus unix.WaitStatus, err error) {
|
||||
func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io.Reader, stdout, stderr io.Writer, noPivot bool, closeOnceRunning []*os.File) (wstatus unix.WaitStatus, err error) {
|
||||
var confwg sync.WaitGroup
|
||||
|
||||
// Create a new mount namespace for ourselves and bind mount everything to a new location.
|
||||
@@ -496,6 +499,7 @@ func runUsingChroot(spec *specs.Spec, bundlePath string, ctty *os.File, stdin io
|
||||
config, conferr := json.Marshal(runUsingChrootExecSubprocOptions{
|
||||
Spec: spec,
|
||||
BundlePath: bundlePath,
|
||||
NoPivot: noPivot,
|
||||
})
|
||||
if conferr != nil {
|
||||
fmt.Fprintf(os.Stderr, "error re-encoding configuration for %q\n", runUsingChrootExecCommand)
|
||||
@@ -619,8 +623,10 @@ func runUsingChrootExecMain() {
|
||||
// Try to chroot into the root. Do this before we potentially
|
||||
// block the syscall via the seccomp profile. Allow the
|
||||
// platform to override this - on FreeBSD, we use a simple
|
||||
// jail to set the hostname in the container
|
||||
// jail to set the hostname in the container, and on Linux
|
||||
// we attempt to pivot_root.
|
||||
if err := createPlatformContainer(options); err != nil {
|
||||
logrus.Debugf("createPlatformContainer: %v", err)
|
||||
var oldst, newst unix.Stat_t
|
||||
if err := unix.Stat(options.Spec.Root.Path, &oldst); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error stat()ing intended root directory %q: %v\n", options.Spec.Root.Path, err)
|
||||
|
||||
1
vendor/github.com/containers/buildah/chroot/run_freebsd.go
generated
vendored
1
vendor/github.com/containers/buildah/chroot/run_freebsd.go
generated
vendored
@@ -41,6 +41,7 @@ var (
|
||||
type runUsingChrootSubprocOptions struct {
|
||||
Spec *specs.Spec
|
||||
BundlePath string
|
||||
NoPivot bool
|
||||
}
|
||||
|
||||
func setPlatformUnshareOptions(spec *specs.Spec, cmd *unshare.Cmd) error {
|
||||
|
||||
54
vendor/github.com/containers/buildah/chroot/run_linux.go
generated
vendored
54
vendor/github.com/containers/buildah/chroot/run_linux.go
generated
vendored
@@ -47,6 +47,7 @@ var (
|
||||
type runUsingChrootSubprocOptions struct {
|
||||
Spec *specs.Spec
|
||||
BundlePath string
|
||||
NoPivot bool
|
||||
UIDMappings []syscall.SysProcIDMap
|
||||
GIDMappings []syscall.SysProcIDMap
|
||||
}
|
||||
@@ -224,8 +225,57 @@ func makeRlimit(limit specs.POSIXRlimit) unix.Rlimit {
|
||||
return unix.Rlimit{Cur: limit.Soft, Max: limit.Hard}
|
||||
}
|
||||
|
||||
func createPlatformContainer(_ runUsingChrootExecSubprocOptions) error {
|
||||
return errors.New("unsupported createPlatformContainer")
|
||||
func createPlatformContainer(options runUsingChrootExecSubprocOptions) error {
|
||||
if options.NoPivot {
|
||||
return errors.New("not using pivot_root()")
|
||||
}
|
||||
// borrowing a technique from runc, who credit the LXC maintainers for this
|
||||
// open descriptors for the old and new root directories so that we can use fchdir()
|
||||
oldRootFd, err := unix.Open("/", unix.O_DIRECTORY, 0)
|
||||
if err != nil {
|
||||
return fmt.Errorf("opening host root directory: %w", err)
|
||||
}
|
||||
defer func() {
|
||||
if err := unix.Close(oldRootFd); err != nil {
|
||||
logrus.Warnf("closing host root directory: %v", err)
|
||||
}
|
||||
}()
|
||||
newRootFd, err := unix.Open(options.Spec.Root.Path, unix.O_DIRECTORY, 0)
|
||||
if err != nil {
|
||||
return fmt.Errorf("opening container root directory: %w", err)
|
||||
}
|
||||
defer func() {
|
||||
if err := unix.Close(newRootFd); err != nil {
|
||||
logrus.Warnf("closing container root directory: %v", err)
|
||||
}
|
||||
}()
|
||||
// change to the new root directory
|
||||
if err := unix.Fchdir(newRootFd); err != nil {
|
||||
return fmt.Errorf("changing to container root directory: %w", err)
|
||||
}
|
||||
// this makes the current directory the root directory. not actually
|
||||
// sure what happens to the other one
|
||||
if err := unix.PivotRoot(".", "."); err != nil {
|
||||
return fmt.Errorf("pivot_root: %w", err)
|
||||
}
|
||||
// go back and clean up the old one
|
||||
if err := unix.Fchdir(oldRootFd); err != nil {
|
||||
return fmt.Errorf("changing to host root directory: %w", err)
|
||||
}
|
||||
// make sure we only unmount things under this tree
|
||||
if err := unix.Mount(".", ".", "bind", unix.MS_BIND|unix.MS_SLAVE|unix.MS_REC, ""); err != nil {
|
||||
return fmt.Errorf("tweaking mount flags on host root directory before unmounting from mount namespace: %w", err)
|
||||
}
|
||||
// detach this (unnamed?) old directory
|
||||
if err := unix.Unmount(".", unix.MNT_DETACH); err != nil {
|
||||
return fmt.Errorf("unmounting host root directory in mount namespace: %w", err)
|
||||
}
|
||||
// go back to a named root directory
|
||||
if err := unix.Fchdir(newRootFd); err != nil {
|
||||
return fmt.Errorf("changing to container root directory at last: %w", err)
|
||||
}
|
||||
logrus.Debugf("pivot_root()ed into %q", options.Spec.Root.Path)
|
||||
return nil
|
||||
}
|
||||
|
||||
func mountFlagsForFSFlags(fsFlags uintptr) uintptr {
|
||||
|
||||
Reference in New Issue
Block a user