Update containers common package

The new version adds NetworkCreateOptions. For now pass nil

[NO NEW TESTS NEEDED]

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
This commit is contained in:
Ygal Blum
2022-12-05 15:39:18 +02:00
parent 68e51834a9
commit 7d16c2b69e
18 changed files with 54 additions and 22 deletions

4
go.mod
View File

@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.1.1
github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f
github.com/containers/common v0.50.2-0.20221128124429-24d78208a290
github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.23.1-0.20221130170538-333c50e3eac8
github.com/containers/ocicrypt v1.1.6
@ -62,7 +62,7 @@ require (
go.etcd.io/bbolt v1.3.6
golang.org/x/net v0.2.0
golang.org/x/sync v0.1.0
golang.org/x/sys v0.2.0
golang.org/x/sys v0.3.0
golang.org/x/term v0.2.0
golang.org/x/text v0.4.0
google.golang.org/protobuf v1.28.1

8
go.sum
View File

@ -264,8 +264,8 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG
github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f h1:Nzbda2tG7/aimoKnDxysqFgS1Q/gSsbcn88lFPj9LwY=
github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f/go.mod h1:0HcSoS6BHXWzMKqtxY1L0gupebEX33oPC+X62lPi6+c=
github.com/containers/common v0.50.2-0.20221128124429-24d78208a290 h1:ds8YJg3Z91jOcqVR31aFFMH+BOobolXBeGktas58VgY=
github.com/containers/common v0.50.2-0.20221128124429-24d78208a290/go.mod h1:rzuZglPq/5sz6n29nhyDPCXh44CZymkCR2sacEZb7zw=
github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 h1:L54LXA/DGRhp1cDN11HLaXcLCYh/ftqDhKYn9S1uetc=
github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9/go.mod h1:M1epBsHlUAeySDuMx+HdbvKBVf0odzLciecS5AQa6FA=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.23.1-0.20221130170538-333c50e3eac8 h1:GLTTwKYkNGDhG3HagLuPvhieu1JEjDs9RsCDr8oJr9s=
@ -1232,8 +1232,8 @@ golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM=

View File

@ -143,7 +143,7 @@ func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Netw
if util.StringInSlice(network.Name, []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"}) {
return nil, fmt.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name)
}
network, err := ic.Libpod.Network().NetworkCreate(network)
network, err := ic.Libpod.Network().NetworkCreate(network, nil)
if err != nil {
return nil, err
}

View File

@ -287,7 +287,7 @@ func newVLANPlugin(pluginType, device, mode string, mtu int, ipam *ipamConfig) V
caps := make(map[string]bool)
caps["ips"] = true
// if we use host-local set the ips cap to ensure we can set static ips via runtime config
if ipam.PluginType == types.HostLocalIPAMDriver {
if m.IPAM.PluginType == types.HostLocalIPAMDriver {
m.Capabilities = caps
}
return m

View File

@ -17,7 +17,7 @@ import (
// NetworkCreate will take a partial filled Network and fill the
// missing fields. It creates the Network and returns the full Network.
func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) {
func (n *cniNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) {
n.lock.Lock()
defer n.lock.Unlock()
err := n.loadNetworks()
@ -26,6 +26,11 @@ func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) {
}
network, err := n.networkCreate(&net, false)
if err != nil {
if options != nil && options.IgnoreIfExists && errors.Is(err, types.ErrNetworkExists) {
if network, ok := n.networks[net.Name]; ok {
return *network.libpodNet, nil
}
}
return types.Network{}, err
}
// add the new network to the map

View File

@ -82,12 +82,12 @@ type InitConfig struct {
// Note: The networks are not loaded from disk until a method is called.
func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock
lock, err := lockfile.GetLockfile(filepath.Join(conf.CNIConfigDir, "cni.lock"))
lock, err := lockfile.GetLockFile(filepath.Join(conf.CNIConfigDir, "cni.lock"))
if err != nil {
// If we're on a read-only filesystem, there is no risk of
// contention. Fall back to a local lockfile.
if errors.Is(err, unix.EROFS) {
lock, err = lockfile.GetLockfile(filepath.Join(conf.RunDir, "cni.lock"))
lock, err = lockfile.GetLockFile(filepath.Join(conf.RunDir, "cni.lock"))
if err != nil {
return nil, err
}

View File

@ -21,7 +21,7 @@ import (
// NetworkCreate will take a partial filled Network and fill the
// missing fields. It creates the Network and returns the full Network.
func (n *netavarkNetwork) NetworkCreate(net types.Network) (types.Network, error) {
func (n *netavarkNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) {
n.lock.Lock()
defer n.lock.Unlock()
err := n.loadNetworks()
@ -30,6 +30,11 @@ func (n *netavarkNetwork) NetworkCreate(net types.Network) (types.Network, error
}
network, err := n.networkCreate(&net, false)
if err != nil {
if options != nil && options.IgnoreIfExists && errors.Is(err, types.ErrNetworkExists) {
if network, ok := n.networks[net.Name]; ok {
return *network, nil
}
}
return types.Network{}, err
}
// add the new network to the map

View File

@ -95,7 +95,7 @@ type InitConfig struct {
// Note: The networks are not loaded from disk until a method is called.
func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
// TODO: consider using a shared memory lock
lock, err := lockfile.GetLockfile(filepath.Join(conf.NetworkConfigDir, "netavark.lock"))
lock, err := lockfile.GetLockFile(filepath.Join(conf.NetworkConfigDir, "netavark.lock"))
if err != nil {
return nil, err
}

View File

@ -9,7 +9,7 @@ import (
type ContainerNetwork interface {
// NetworkCreate will take a partial filled Network and fill the
// missing fields. It creates the Network and returns the full Network.
NetworkCreate(Network) (Network, error)
NetworkCreate(Network, *NetworkCreateOptions) (Network, error)
// NetworkRemove will remove the Network with the given name or ID.
NetworkRemove(nameOrID string) error
// NetworkList will return all known Networks. Optionally you can
@ -289,3 +289,8 @@ type TeardownOptions struct {
// FilterFunc can be passed to NetworkList to filter the networks.
type FilterFunc func(Network) bool
type NetworkCreateOptions struct {
// IgnoreIfExists if true, do not fail if the network already exists
IgnoreIfExists bool
}

View File

@ -431,7 +431,7 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error {
// GetUserConnection returns an user connection to D-BUS
func GetUserConnection(uid int) (*systemdDbus.Conn, error) {
return systemdDbus.NewConnection(func() (*dbus.Conn, error) {
return dbusAuthConnection(uid, dbus.SessionBusPrivate)
return dbusAuthConnection(uid, dbus.SessionBusPrivateNoAutoStartup)
})
}

View File

@ -194,6 +194,9 @@ type ContainersConfig struct {
// performance implications.
PrepareVolumeOnCreate bool `toml:"prepare_volume_on_create,omitempty"`
// ReadOnly causes engine to run all containers with root file system mounted read-only
ReadOnly bool `toml:"read_only,omitempty"`
// SeccompProfile is the seccomp.json profile path which is used as the
// default for the runtime.
SeccompProfile string `toml:"seccomp_profile,omitempty"`

View File

@ -216,6 +216,10 @@ default_sysctls = [
#
#prepare_volume_on_create = false
# Run all containers with root file system mounted read-only
#
# read_only = false
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
#

View File

@ -39,7 +39,7 @@ func NewDriver(rootPath string) (*Driver, error) {
return nil, err
}
lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secretsdata.lock"))
lock, err := lockfile.GetLockFile(filepath.Join(rootPath, "secretsdata.lock"))
if err != nil {
return nil, err
}

View File

@ -127,7 +127,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
return nil, err
}
lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secrets.lock"))
lock, err := lockfile.GetLockFile(filepath.Join(rootPath, "secrets.lock"))
if err != nil {
return nil, err
}

View File

@ -7,9 +7,11 @@
package execabs
import "strings"
import (
"errors"
"os/exec"
)
func isGo119ErrDot(err error) bool {
// TODO: return errors.Is(err, exec.ErrDot)
return strings.Contains(err.Error(), "current directory")
return errors.Is(err, exec.ErrDot)
}

View File

@ -367,6 +367,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
//sys IsWindowUnicode(hwnd HWND) (isUnicode bool) = user32.IsWindowUnicode
//sys IsWindowVisible(hwnd HWND) (isVisible bool) = user32.IsWindowVisible
//sys GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) = user32.GetGUIThreadInfo
//sys GetLargePageMinimum() (size uintptr)
// Volume Management Functions
//sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW

View File

@ -252,6 +252,7 @@ var (
procGetFileType = modkernel32.NewProc("GetFileType")
procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW")
procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW")
procGetLargePageMinimum = modkernel32.NewProc("GetLargePageMinimum")
procGetLastError = modkernel32.NewProc("GetLastError")
procGetLogicalDriveStringsW = modkernel32.NewProc("GetLogicalDriveStringsW")
procGetLogicalDrives = modkernel32.NewProc("GetLogicalDrives")
@ -2180,6 +2181,12 @@ func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) (
return
}
func GetLargePageMinimum() (size uintptr) {
r0, _, _ := syscall.Syscall(procGetLargePageMinimum.Addr(), 0, 0, 0, 0)
size = uintptr(r0)
return
}
func GetLastError() (lasterr error) {
r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0)
if r0 != 0 {

4
vendor/modules.txt vendored
View File

@ -118,7 +118,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
# github.com/containers/common v0.50.2-0.20221128124429-24d78208a290
# github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9
## explicit; go 1.17
github.com/containers/common/libimage
github.com/containers/common/libimage/define
@ -811,7 +811,7 @@ golang.org/x/net/trace
## explicit
golang.org/x/sync/errgroup
golang.org/x/sync/semaphore
# golang.org/x/sys v0.2.0
# golang.org/x/sys v0.3.0
## explicit; go 1.17
golang.org/x/sys/cpu
golang.org/x/sys/execabs