Allow changing of port forward rules on restore

Restored containers, until now, had the same port mappings as the
original started container. This commit adds the parameter '--publish'
to 'podman container restore' with the same semantic as during
create/run.

With this change it is possible to create a copy from a container with a
'--publish' rule and replace the original '--publish' setting with a new
one.

 # podman run -p 2345:8080 container
 # podman container checkpoint -l --export=dump.tar
 # podman container restore -p 5432:8080 --import=dump.tar

The restored container will now listen on localhost:5432 instead of
localhost:2345 as the original created container.

Signed-off-by: Adrian Reber <areber@redhat.com>

cmd/podman/common/netflags.go

@@ -170,7 +170,7 @@ func NetFlagsToNetOptions(cmd *cobra.Command, netnsFromConfig bool) (*entities.N
 		return nil, err
 	}
 	if len(inputPorts) > 0 {
-		opts.PublishPorts, err = createPortBindings(inputPorts)
+		opts.PublishPorts, err = CreatePortBindings(inputPorts)
 		if err != nil {
 			return nil, err
 		}

cmd/podman/common/util.go

@@ -89,8 +89,8 @@ func createExpose(expose []string) (map[uint16]string, error) {
 	return toReturn, nil
 }
 
-// createPortBindings iterates ports mappings into SpecGen format.
+// CreatePortBindings iterates ports mappings into SpecGen format.
-func createPortBindings(ports []string) ([]specgen.PortMapping, error) {
+func CreatePortBindings(ports []string) ([]specgen.PortMapping, error) {
 	// --publish is formatted as follows:
 	// [[hostip:]hostport[-endPort]:]containerport[-endPort][/protocol]
 	toReturn := make([]specgen.PortMapping, 0, len(ports))

cmd/podman/containers/restore.go

@@ -36,9 +36,7 @@ var (
 	}
 )
 
-var (
+var restoreOptions entities.RestoreOptions
-	restoreOptions entities.RestoreOptions
-)
 
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
@@ -66,10 +64,17 @@ func init() {
 	flags.BoolVar(&restoreOptions.IgnoreStaticIP, "ignore-static-ip", false, "Ignore IP address set via --static-ip")
 	flags.BoolVar(&restoreOptions.IgnoreStaticMAC, "ignore-static-mac", false, "Ignore MAC address set via --mac-address")
 	flags.BoolVar(&restoreOptions.IgnoreVolumes, "ignore-volumes", false, "Do not export volumes associated with container")
+
+	flags.StringSliceP(
+		"publish", "p", []string{},
+		"Publish a container's port, or a range of ports, to the host (default [])",
+	)
+	_ = restoreCommand.RegisterFlagCompletionFunc("publish", completion.AutocompleteNone)
+
 	validate.AddLatestFlag(restoreCommand, &restoreOptions.Latest)
 }
 
-func restore(_ *cobra.Command, args []string) error {
+func restore(cmd *cobra.Command, args []string) error {
 	var errs utils.OutputErrors
 	if rootless.IsRootless() {
 		return errors.New("restoring a container requires root")
@@ -90,6 +95,17 @@ func restore(_ *cobra.Command, args []string) error {
 		return errors.Errorf("--tcp-established cannot be used with --name")
 	}
 
+	inputPorts, err := cmd.Flags().GetStringSlice("publish")
+	if err != nil {
+		return err
+	}
+	if len(inputPorts) > 0 {
+		restoreOptions.PublishPorts, err = common.CreatePortBindings(inputPorts)
+		if err != nil {
+			return err
+		}
+	}
+
 	argLen := len(args)
 	if restoreOptions.Import != "" {
 		if restoreOptions.All || restoreOptions.Latest {

pkg/checkpoint/checkpoint_restore.go

@@ -11,6 +11,7 @@ import (
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/errorhandling"
+	"github.com/containers/podman/v3/pkg/specgen/generate"
 	"github.com/containers/storage/pkg/archive"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -95,6 +96,14 @@ func CRImportCheckpoint(ctx context.Context, runtime *libpod.Runtime, restoreOpt
 		newName = true
 	}
 
+	if len(restoreOptions.PublishPorts) > 0 {
+		ports, _, _, err := generate.ParsePortMapping(restoreOptions.PublishPorts)
+		if err != nil {
+			return nil, err
+		}
+		ctrConfig.PortMappings = ports
+	}
+
 	pullOptions := &libimage.PullOptions{}
 	pullOptions.Writer = os.Stderr
 	if _, err := runtime.LibimageRuntime().Pull(ctx, ctrConfig.RootfsImageName, config.PullPolicyMissing, pullOptions); err != nil {

pkg/domain/entities/containers.go

@@ -197,6 +197,7 @@ type RestoreOptions struct {
 	Name            string
 	TCPEstablished  bool
 	ImportPrevious  string
+	PublishPorts    []specgen.PortMapping
 }
 
 type RestoreReport struct {

pkg/specgen/generate/pod_create.go

@@ -125,7 +125,7 @@ func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod
 		options = append(options, libpod.WithPodUseImageHosts())
 	}
 	if len(p.PortMappings) > 0 {
-		ports, _, _, err := parsePortMapping(p.PortMappings)
+		ports, _, _, err := ParsePortMapping(p.PortMappings)
 		if err != nil {
 			return nil, err
 		}

pkg/specgen/generate/ports.go

@@ -24,7 +24,7 @@ const (
 // Parse port maps to OCICNI port mappings.
 // Returns a set of OCICNI port mappings, and maps of utilized container and
 // host ports.
-func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping, map[string]map[string]map[uint16]uint16, map[string]map[string]map[uint16]uint16, error) {
+func ParsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping, map[string]map[string]map[uint16]uint16, map[string]map[string]map[uint16]uint16, error) {
 	// First, we need to validate the ports passed in the specgen, and then
 	// convert them into CNI port mappings.
 	type tempMapping struct {
@@ -254,7 +254,7 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
 
 // Make final port mappings for the container
 func createPortMappings(ctx context.Context, s *specgen.SpecGenerator, imageData *libimage.ImageData) ([]ocicni.PortMapping, error) {
-	finalMappings, containerPortValidate, hostPortValidate, err := parsePortMapping(s.PortMappings)
+	finalMappings, containerPortValidate, hostPortValidate, err := ParsePortMapping(s.PortMappings)
 	if err != nil {
 		return nil, err
 	}