opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-17 15:18:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use constants for mount types

Browse Source 
Inspired by https://github.com/containers/podman/pull/19238

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2023-07-14 06:37:43 -04:00
parent 265718596c
commit f256f4f954
24 changed files with 61 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libpod/container_inspect.go
View File

@ -277,12 +277,12 @@ func (c *Container) GetMounts(namedVolumes []*ContainerNamedVolume, imageVolumes
for _, mount := range mounts {
// It's a mount.
// Is it a tmpfs? If so, discard.
if mount.Type == "tmpfs" {
if mount.Type == define.TypeTmpfs {
continue
}
mountStruct := define.InspectMount{}
mountStruct.Type = "bind"
mountStruct.Type = define.TypeBind
mountStruct.Source = mount.Source
mountStruct.Destination = mount.Destination
@ -534,7 +534,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
}
}
for _, mount := range mounts {
if mount.Type == "tmpfs" {
if mount.Type == define.TypeTmpfs {
tmpfs[mount.Destination] = strings.Join(mount.Options, ",")
} else {
// TODO - maybe we should parse for empty source/destination

10
libpod/container_internal_common.go
View File

@ -351,7 +351,7 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
}
switch o {
case "U":
if m.Type == "tmpfs" {
if m.Type == define.TypeTmpfs {
options = append(options, []string{fmt.Sprintf("uid=%d", execUser.Uid), fmt.Sprintf("gid=%d", execUser.Gid)}...)
} else {
// only chown on initial creation of container
@ -581,7 +581,7 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
// Runc and other runtimes may choke on them.
// Easy solution: use securejoin to do a scoped evaluation of
// the links, then trim off the mount prefix.
if m.Type == "tmpfs" {
if m.Type == define.TypeTmpfs {
finalPath, err := securejoin.SecureJoin(c.state.Mountpoint, m.Destination)
if err != nil {
return nil, nil, fmt.Errorf("resolving symlinks for mount destination %s: %w", m.Destination, err)
@ -1598,10 +1598,10 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
if options.TargetFile != "" || options.CheckpointImageID != "" {
for dstPath, srcPath := range c.state.BindMounts {
newMount := spec.Mount{
Type: "bind",
Type: define.TypeBind,
Source: srcPath,
Destination: dstPath,
Options: []string{"bind", "private"},
Options: []string{define.TypeBind, "private"},
}
if c.IsReadOnly() && dstPath != "/dev/shm" {
newMount.Options = append(newMount.Options, "ro", "nosuid", "noexec", "nodev")
@ -1962,7 +1962,7 @@ func (c *Container) makeBindMounts() error {
case m.Destination == "/run/.containerenv":
hasRunContainerenv = true
break Loop
case m.Destination == "/run" && m.Source != "tmpfs":
case m.Destination == "/run" && m.Source != define.TypeTmpfs:
hasRunContainerenv = true
break Loop
}

20
libpod/container_internal_linux.go
View File

@ -30,7 +30,7 @@ import (
)
var (
bindOptions = []string{"bind", "rprivate"}
bindOptions = []string{define.TypeBind, "rprivate"}
)
func (c *Container) mountSHM(shmOptions string) error {
@ -39,7 +39,7 @@ func (c *Container) mountSHM(shmOptions string) error {
contextType = "rootcontext"
}
if err := unix.Mount("shm", c.config.ShmDir, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV,
if err := unix.Mount("shm", c.config.ShmDir, define.TypeTmpfs, unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV,
label.FormatMountLabelByType(shmOptions, c.config.MountLabel, contextType)); err != nil {
return fmt.Errorf("failed to mount shm tmpfs %q: %w", c.config.ShmDir, err)
}
@ -225,8 +225,8 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
}
tmpfsMnt := spec.Mount{
Destination: dest,
Type: "tmpfs",
Source: "tmpfs",
Type: define.TypeTmpfs,
Source: define.TypeTmpfs,
Options: append(options, "tmpcopyup", shmSizeSystemdMntOpt),
}
g.AddMount(tmpfsMnt)
@ -237,8 +237,8 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
}
tmpfsMnt := spec.Mount{
Destination: dest,
Type: "tmpfs",
Source: "tmpfs",
Type: define.TypeTmpfs,
Source: define.TypeTmpfs,
Options: append(options, "tmpcopyup", shmSizeSystemdMntOpt),
}
g.AddMount(tmpfsMnt)
@ -271,9 +271,9 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
} else {
systemdMnt = spec.Mount{
Destination: "/sys/fs/cgroup",
Type: "bind",
Type: define.TypeBind,
Source: "/sys/fs/cgroup",
Options: []string{"bind", "private", "rw"},
Options: []string{define.TypeBind, "private", "rw"},
}
}
g.AddMount(systemdMnt)
@ -282,7 +282,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
if hasCgroupNs && !hasSystemdMount {
return errors.New("cgroup namespace is not supported with cgroup v1 and systemd mode")
}
mountOptions := []string{"bind", "rprivate"}
mountOptions := []string{define.TypeBind, "rprivate"}
if !hasSystemdMount {
skipMount := hasSystemdMount
@ -311,7 +311,7 @@ func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) erro
if !skipMount {
systemdMnt := spec.Mount{
Destination: "/sys/fs/cgroup/systemd",
Type: "bind",
Type: define.TypeBind,
Source: "/sys/fs/cgroup/systemd",
Options: mountOptions,
}

3
libpod/container_path_resolution.go
View File

@ -5,6 +5,7 @@ import (
"path/filepath"
"strings"
"github.com/containers/podman/v4/libpod/define"
securejoin "github.com/cyphar/filepath-securejoin"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
@ -155,7 +156,7 @@ func isPathOnVolume(c *Container, containerPath string) bool {
func findBindMount(c *Container, containerPath string) *specs.Mount {
cleanedPath := filepath.Clean(containerPath)
for _, m := range c.config.Spec.Mounts {
if m.Type != "bind" {
if m.Type != define.TypeBind {
continue
}
if cleanedPath == filepath.Clean(m.Destination) {

2
libpod/define/mount_linux.go
View File

@ -9,5 +9,5 @@ const (
var (
// Mount potions for bind
BindOptions = []string{"bind"}
BindOptions = []string{TypeBind}
)

3
libpod/networking_linux.go
View File

@ -22,6 +22,7 @@ import (
netUtil "github.com/containers/common/libnetwork/util"
"github.com/containers/common/pkg/netns"
"github.com/containers/common/pkg/util"
"github.com/containers/podman/v4/libpod/define"
"github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/podman/v4/utils"
"github.com/containers/storage/pkg/lockfile"
@ -180,7 +181,7 @@ func (r *RootlessNetNS) Do(toRun func() error) error {
// see: https://github.com/containers/podman/issues/10929
if strings.HasPrefix(resolvePath, "/run/systemd/resolve/") {
rsr := r.getPath("/run/systemd/resolve")
err = unix.Mount("", rsr, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, "")
err = unix.Mount("", rsr, define.TypeTmpfs, unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, "")
if err != nil {
return fmt.Errorf("failed to mount tmpfs on %q for rootless netns: %w", rsr, err)
}

2
libpod/runtime_volume_common.go
View File

@ -78,7 +78,7 @@ func (r *Runtime) newVolume(ctx context.Context, noCreatePluginVolume bool, opti
for key, val := range volume.config.Options {
switch strings.ToLower(key) {
case "device":
if strings.ToLower(volume.config.Options["type"]) == "bind" {
if strings.ToLower(volume.config.Options["type"]) == define.TypeBind {
if _, err := os.Stat(val); err != nil {
return nil, fmt.Errorf("invalid volume option %s for driver 'local': %w", key, err)
}

2
libpod/volume_internal_common.go
View File

@ -101,7 +101,7 @@ func (v *Volume) mount() error {
}
switch volType {
case "":
case "bind":
case define.TypeBind:
mountArgs = append(mountArgs, "-o", volType)
default:
mountArgs = append(mountArgs, "-t", volType)

2
pkg/api/handlers/compat/containers_create.go
View File

@ -414,7 +414,7 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
Expose: expose,
GroupAdd: cc.HostConfig.GroupAdd,
Hostname: cc.Config.Hostname,
ImageVolume: "bind",
ImageVolume: define.TypeBind,
Init: init,
Interactive: cc.Config.OpenStdin,
IPC: string(cc.HostConfig.IpcMode),

2
pkg/domain/entities/pods.go
View File

@ -312,7 +312,7 @@ type ContainerCreateOptions struct {
func NewInfraContainerCreateOptions() ContainerCreateOptions {
options := ContainerCreateOptions{
IsInfra: true,
ImageVolume: "bind",
ImageVolume: define.TypeBind,
MemorySwappiness: -1,
}
return options

4
pkg/domain/infra/abi/play.go
View File

@ -66,7 +66,7 @@ func (ic *ContainerEngine) createServiceContainer(ctx context.Context, name stri
ctrOpts := entities.ContainerCreateOptions{
// Inherited from infra containers
ImageVolume: "bind",
ImageVolume: define.TypeBind,
IsInfra: false,
MemorySwappiness: -1,
ReadOnly: true,
@ -1150,7 +1150,7 @@ func (ic *ContainerEngine) importVolume(ctx context.Context, vol *libpod.Volume,
// Check if volume is using `local` driver and has mount options type other than tmpfs
if len(driver) == 0 || driver == define.VolumeDriverLocal {
if mountOptionType, ok := volumeOptions["type"]; ok {
if mountOptionType != "tmpfs" && !volumeMountStatus.Value {
if mountOptionType != define.TypeTmpfs && !volumeMountStatus.Value {
return fmt.Errorf("volume is using a driver %s and volume is not mounted on %s", driver, mountPoint)
}
}

2
pkg/specgen/container_validate.go
View File

@ -17,7 +17,7 @@ var (
// SdNotifyModeValues describes the only values that SdNotifyMode can be
SdNotifyModeValues = []string{define.SdNotifyModeContainer, define.SdNotifyModeConmon, define.SdNotifyModeIgnore}
// ImageVolumeModeValues describes the only values that ImageVolumeMode can be
ImageVolumeModeValues = []string{"ignore", "tmpfs", "anonymous"}
ImageVolumeModeValues = []string{"ignore", define.TypeTmpfs, "anonymous"}
)
func exclusiveOptions(opt1, opt2 string) error {

4
pkg/specgen/generate/kube/kube.go
View File

@ -182,7 +182,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
if len(s.ImageVolumeMode) == 0 {
s.ImageVolumeMode = rtc.Engine.ImageVolumeMode
}
if s.ImageVolumeMode == "bind" {
if s.ImageVolumeMode == define.TypeBind {
s.ImageVolumeMode = "anonymous"
}
@ -422,7 +422,7 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
mount := spec.Mount{
Destination: volume.MountPath,
Source: volumeSource.Source,
Type: "bind",
Type: define.TypeBind,
Options: options,
}
if len(volume.SubPath) > 0 {

2
pkg/specgen/generate/oci_freebsd.go
View File

@ -102,7 +102,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
},
spec.Mount{
Destination: "/dev/shm",
Type: "tmpfs",
Type: define.TypeTmpfs,
Source: "shm",
Options: []string{"notmpcopyup"},
},

12
pkg/specgen/generate/oci_linux.go
View File

@ -107,7 +107,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
}
sysMnt := spec.Mount{
Destination: "/sys",
Type: "bind",
Type: define.TypeBind,
Source: "/sys",
Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
}
@ -115,7 +115,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
g.RemoveMount("/sys/fs/cgroup")
sysFsCgroupMnt := spec.Mount{
Destination: "/sys/fs/cgroup",
Type: "bind",
Type: define.TypeBind,
Source: "/sys/fs/cgroup",
Options: []string{"rprivate", "nosuid", "noexec", "nodev", r, "rbind"},
}
@ -151,8 +151,8 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
g.RemoveMount("/dev/pts")
devPts := spec.Mount{
Destination: "/dev/pts",
Type: "devpts",
Source: "devpts",
Type: define.TypeDevpts,
Source: define.TypeDevpts,
Options: []string{"rprivate", "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"},
}
g.AddMount(devPts)
@ -164,9 +164,9 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
g.RemoveMount("/dev/mqueue")
devMqueue := spec.Mount{
Destination: "/dev/mqueue",
Type: "bind", // constant ?
Type: define.TypeBind, // constant ?
Source: "/dev/mqueue",
Options: []string{"bind", "nosuid", "noexec", "nodev"},
Options: []string{define.TypeBind, "nosuid", "noexec", "nodev"},
}
g.AddMount(devMqueue)
}

2
pkg/specgen/generate/storage.go
View File

@ -224,7 +224,7 @@ func getImageVolumes(ctx context.Context, img *libimage.Image, s *specgen.SpecGe
newVol.Options = []string{"rprivate", "rw", "nodev", "exec"}
volumes[cleanDest] = newVol
logrus.Debugf("Adding anonymous image volume at %q", cleanDest)
case "tmpfs":
case define.TypeTmpfs:
mount := spec.Mount{
Destination: cleanDest,
Source: define.TypeTmpfs,

2
pkg/specgenutil/specgen.go
View File

@ -552,7 +552,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if len(s.ImageVolumeMode) == 0 {
s.ImageVolumeMode = rtc.Engine.ImageVolumeMode
}
if s.ImageVolumeMode == "bind" {
if s.ImageVolumeMode == define.TypeBind {
s.ImageVolumeMode = "anonymous"
}

2
pkg/specgenutil/volumes.go
View File

@ -247,7 +247,7 @@ func parseMountOptions(mountType string, args []string) (*spec.Mount, error) {
if mountType != define.TypeBind {
return nil, fmt.Errorf("%q option not supported for %q mount types", kv[0], mountType)
}
mnt.Options = append(mnt.Options, "bind")
mnt.Options = append(mnt.Options, define.TypeBind)
case "bind-propagation":
if mountType != define.TypeBind {
return nil, fmt.Errorf("%q option not supported for %q mount types", kv[0], mountType)

4
pkg/util/mountOpts.go
View File

@ -4,6 +4,8 @@ import (
"errors"
"fmt"
"strings"
"github.com/containers/podman/v4/libpod/define"
)
var (
@ -131,7 +133,7 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string
foundCopyUp = true
// do not propagate notmpcopyup to the OCI runtime
continue
case "bind", "rbind":
case define.TypeBind, "rbind":
if isTmpfs {
return nil, fmt.Errorf("the 'bind' and 'rbind' options are not allowed with tmpfs mounts: %w", ErrBadMntOption)
}

4
test/e2e/generate_kube_test.go
View File

@ -1280,8 +1280,8 @@ USER test1`
It("podman generate kube on named volume with options", func() {
vol := "complex-named-volume"
volDevice := "tmpfs"
volType := "tmpfs"
volDevice := define.TypeTmpfs
volType := define.TypeTmpfs
volOpts := "nodev,noexec"
session := podmanTest.Podman([]string{"volume", "create", "--opt", "device=" + volDevice, "--opt", "type=" + volType, "--opt", "o=" + volOpts, vol})

18
test/e2e/play_kube_test.go
View File

@ -3289,7 +3289,7 @@ VOLUME %s`, ALPINE, hostPathDir+"/")
// only one will be mounted. Host path volumes take precedence.
ctrJSON := inspect.InspectContainerToJSON()
Expect(ctrJSON[0].Mounts).To(HaveLen(1))
Expect(ctrJSON[0].Mounts[0]).To(HaveField("Type", "bind"))
Expect(ctrJSON[0].Mounts[0]).To(HaveField("Type", define.TypeBind))
})
@ -3617,8 +3617,8 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`})
It("podman play kube persistentVolumeClaim", func() {
volName := "myvol"
volDevice := "tmpfs"
volType := "tmpfs"
volDevice := define.TypeTmpfs
volType := define.TypeTmpfs
volOpts := "nodev,noexec"
pvc := getPVC(withPVCName(volName),
@ -3986,8 +3986,8 @@ invalid kube kind
It("podman play kube teardown with volume without force delete", func() {
volName := RandomString(12)
volDevice := "tmpfs"
volType := "tmpfs"
volDevice := define.TypeTmpfs
volType := define.TypeTmpfs
volOpts := "nodev,noexec"
pvc := getPVC(withPVCName(volName),
@ -4018,8 +4018,8 @@ invalid kube kind
It("podman play kube teardown with volume force delete", func() {
volName := RandomString(12)
volDevice := "tmpfs"
volType := "tmpfs"
volDevice := define.TypeTmpfs
volType := define.TypeTmpfs
volOpts := "nodev,noexec"
pvc := getPVC(withPVCName(volName),
@ -4050,8 +4050,8 @@ invalid kube kind
It("podman play kube after teardown with volume reuse", func() {
volName := RandomString(12)
volDevice := "tmpfs"
volType := "tmpfs"
volDevice := define.TypeTmpfs
volType := define.TypeTmpfs
volOpts := "nodev,noexec"
pvc := getPVC(withPVCName(volName),

2
test/e2e/run_test.go
View File

@ -1260,7 +1260,7 @@ USER mail`, BB)
session := podmanTest.Podman([]string{"run", "--mount", "type=devpts,target=/foo/bar", fedoraMinimal, "stat", "-f", "-c%T", "/foo/bar"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("devpts"))
Expect(session.OutputToString()).To(ContainSubstring(define.TypeDevpts))
})
It("podman run --mount type=devpts,target=/dev/pts with uid, gid and mode", func() {

3
test/e2e/toolbox_test.go
View File

@ -34,6 +34,7 @@ import (
"strings"
"syscall"
"github.com/containers/podman/v4/libpod/define"
. "github.com/containers/podman/v4/test/utils"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
@ -301,7 +302,7 @@ var _ = Describe("Toolbox-specific testing", func() {
var session *PodmanSessionIntegration
session = podmanTest.Podman([]string{"run", "--privileged", "--userns=keep-id", "--user", "root:root", ALPINE,
"mount", "-t", "tmpfs", "tmpfs", "/tmp"})
"mount", "-t", define.TypeTmpfs, define.TypeTmpfs, "/tmp"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))

3
test/e2e/volume_inspect_test.go
View File

@ -1,6 +1,7 @@
package integration
import (
"github.com/containers/podman/v4/libpod/define"
. "github.com/containers/podman/v4/test/utils"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
@ -65,6 +66,6 @@ var _ = Describe("Podman volume inspect", func() {
inspect := podmanTest.Podman([]string{"volume", "inspect", volName})
inspect.WaitWithDefaultTimeout()
Expect(inspect).Should(Exit(0))
Expect(inspect.OutputToString()).To(ContainSubstring("tmpfs"))
Expect(inspect.OutputToString()).To(ContainSubstring(define.TypeTmpfs))
})
})