opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 03:08:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2603 from mheon/misc_pod_fixes

Browse Source 
Misc pod fixes
This commit is contained in:
OpenShift Merge Robot
2019-03-11 00:54:38 -07:00
committed by GitHub
parent d95f97a63e 54fd1a7bb9
commit 349e691149
2 changed files with 46 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libpod/container_internal_linux.go
View File

@ -665,7 +665,9 @@ func (c *Container) makeBindMounts() error {
if !netDisabled { if !netDisabled {
// If /etc/resolv.conf and /etc/hosts exist, delete them so we // If /etc/resolv.conf and /etc/hosts exist, delete them so we
// will recreate // will recreate. Only do this if we aren't sharing them with
// another container.
if c.config.NetNsCtr == "" {
if path, ok := c.state.BindMounts["/etc/resolv.conf"]; ok { if path, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
if err := os.Remove(path); err != nil && !os.IsNotExist(err) { if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
return errors.Wrapf(err, "error removing container %s resolv.conf", c.ID()) return errors.Wrapf(err, "error removing container %s resolv.conf", c.ID())
@ -678,6 +680,7 @@ func (c *Container) makeBindMounts() error {
} }
delete(c.state.BindMounts, "/etc/hosts") delete(c.state.BindMounts, "/etc/hosts")
} }
}
if c.config.NetNsCtr != "" { if c.config.NetNsCtr != "" {
// We share a net namespace // We share a net namespace

24
libpod/runtime_pod_infra_linux.go
View File

@ -12,6 +12,7 @@ import (
spec "github.com/opencontainers/runtime-spec/specs-go" spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/generate"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus"
) )
const ( const (
@ -31,9 +32,27 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
isRootless := rootless.IsRootless() isRootless := rootless.IsRootless()
entryCmd := []string{r.config.InfraCommand} entryCmd := []string{r.config.InfraCommand}
// I've seen circumstances where config is being passed as nil.
// Let's err on the side of safety and make sure it's safe to use.
if config != nil {
setEntrypoint := false
// default to entrypoint in image if there is one // default to entrypoint in image if there is one
if len(config.Entrypoint) > 0 { if len(config.Entrypoint) > 0 {
entryCmd = config.Entrypoint entryCmd = config.Entrypoint
setEntrypoint = true
}
if len(config.Cmd) > 0 {
// We can't use the default pause command, since we're
// sourcing from the image. If we didn't already set an
// entrypoint, set one now.
if !setEntrypoint {
// Use the Docker default "/bin/sh -c"
// entrypoint, as we're overriding command.
// If an image doesn't want this, it can
// override entrypoint too.
entryCmd = []string{"/bin/sh", "-c"}
}
entryCmd = append(entryCmd, config.Cmd...)
} }
if len(config.Env) > 0 { if len(config.Env) > 0 {
for _, nameValPair := range config.Env { for _, nameValPair := range config.Env {
@ -44,10 +63,13 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID
g.AddProcessEnv(nameValSlice[0], nameValSlice[1]) g.AddProcessEnv(nameValSlice[0], nameValSlice[1])
} }
} }
}
g.SetRootReadonly(true) g.SetRootReadonly(true)
g.SetProcessArgs(entryCmd) g.SetProcessArgs(entryCmd)
logrus.Debugf("Using %q as infra container entrypoint", entryCmd)
if isRootless { if isRootless {
g.RemoveMount("/dev/pts") g.RemoveMount("/dev/pts")
devPts := spec.Mount{ devPts := spec.Mount{
@ -97,5 +119,5 @@ func (r *Runtime) createInfraContainer(ctx context.Context, p *Pod) (*Container,
imageName := newImage.Names()[0] imageName := newImage.Names()[0]
imageID := data.ID imageID := data.ID
return r.makeInfraContainer(ctx, p, imageName, imageID, newImage.Config) return r.makeInfraContainer(ctx, p, imageName, imageID, data.Config)
} }