opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-02 02:58:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

[NO TESTS NEEDED] Vendor in containers/buildah v1.20.0

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-03-26 11:23:46 -04:00
parent fa6ba9b00f
commit fc197fb4f5
158 changed files with 3931 additions and 1954 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
vendor/github.com/containers/buildah/run_linux.go generated vendored
View File

@@ -24,9 +24,11 @@ import (
"github.com/containers/buildah/bind"
"github.com/containers/buildah/chroot"
"github.com/containers/buildah/copier"
"github.com/containers/buildah/define"
"github.com/containers/buildah/pkg/overlay"
"github.com/containers/buildah/util"
"github.com/containers/common/pkg/capabilities"
"github.com/containers/common/pkg/chown"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/subscriptions"
"github.com/containers/storage/pkg/idtools"
@@ -38,7 +40,6 @@ import (
"github.com/docker/libnetwork/resolvconf"
"github.com/docker/libnetwork/types"
"github.com/opencontainers/go-digest"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runtime-spec/specs-go"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
@@ -50,7 +51,7 @@ import (
)
// ContainerDevices is an alias for a slice of github.com/opencontainers/runc/libcontainer/configs.Device structures.
type ContainerDevices = []configs.Device
type ContainerDevices define.ContainerDevices
func setChildProcess() error {
if err := unix.Prctl(unix.PR_SET_CHILD_SUBREAPER, uintptr(1), 0, 0, 0); err != nil {
@@ -62,7 +63,7 @@ func setChildProcess() error {
// Run runs the specified command in the container's root filesystem.
func (b *Builder) Run(command []string, options RunOptions) error {
p, err := ioutil.TempDir("", Package)
p, err := ioutil.TempDir("", define.Package)
if err != nil {
return err
}
@@ -86,10 +87,10 @@ func (b *Builder) Run(command []string, options RunOptions) error {
g := &gp
isolation := options.Isolation
if isolation == IsolationDefault {
if isolation == define.IsolationDefault {
isolation = b.Isolation
if isolation == IsolationDefault {
isolation = IsolationOCI
if isolation == define.IsolationDefault {
isolation = define.IsolationOCI
}
}
if err := checkAndOverrideIsolationOptions(isolation, &options); err != nil {
@@ -199,7 +200,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
return err
}
// Only bind /etc/hosts if there's a network
if options.ConfigureNetwork != NetworkDisabled {
if options.ConfigureNetwork != define.NetworkDisabled {
bindFiles["/etc/hosts"] = hostFile
}
}
@@ -210,7 +211,7 @@ func (b *Builder) Run(command []string, options RunOptions) error {
return err
}
// Only bind /etc/resolv.conf if there's a network
if options.ConfigureNetwork != NetworkDisabled {
if options.ConfigureNetwork != define.NetworkDisabled {
bindFiles["/etc/resolv.conf"] = resolvFile
}
}
@@ -233,7 +234,7 @@ id=%q
image=%q
imageid=%q
rootless=%d
`, Version, b.Container, b.ContainerID, b.FromImage, b.FromImageID, rootless)
`, define.Version, b.Container, b.ContainerID, b.FromImage, b.FromImageID, rootless)
if err = ioutils.AtomicWriteFile(containerenvPath, []byte(containerenv), 0755); err != nil {
return err
@@ -254,25 +255,25 @@ rootless=%d
if options.CNIConfigDir == "" {
options.CNIConfigDir = b.CNIConfigDir
if b.CNIConfigDir == "" {
options.CNIConfigDir = util.DefaultCNIConfigDir
options.CNIConfigDir = define.DefaultCNIConfigDir
}
}
if options.CNIPluginPath == "" {
options.CNIPluginPath = b.CNIPluginPath
if b.CNIPluginPath == "" {
options.CNIPluginPath = util.DefaultCNIPluginPath
options.CNIPluginPath = define.DefaultCNIPluginPath
}
}
switch isolation {
case IsolationOCI:
case define.IsolationOCI:
var moreCreateArgs []string
if options.NoPivot {
moreCreateArgs = []string{"--no-pivot"}
} else {
moreCreateArgs = nil
}
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path))
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, define.Package+"-"+filepath.Base(path))
case IsolationChroot:
err = chroot.RunUsingChroot(spec, path, homeDir, options.Stdin, options.Stdout, options.Stderr)
case IsolationOCIRootless:
@@ -283,14 +284,14 @@ rootless=%d
if err := setupRootlessSpecChanges(spec, path, b.CommonBuildOpts.ShmSize); err != nil {
return err
}
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path))
err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, define.Package+"-"+filepath.Base(path))
default:
err = errors.Errorf("don't know how to run this command")
}
return err
}
func addCommonOptsToSpec(commonOpts *CommonBuildOptions, g *generate.Generator) error {
func addCommonOptsToSpec(commonOpts *define.CommonBuildOptions, g *generate.Generator) error {
// Resources - CPU
if commonOpts.CPUPeriod != 0 {
g.SetLinuxResourcesCPUPeriod(commonOpts.CPUPeriod)
@@ -392,7 +393,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin
return mounts, nil
}
func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath string, optionMounts []specs.Mount, bindFiles map[string]string, builtinVolumes, volumeMounts []string, shmSize string, namespaceOptions NamespaceOptions) error {
func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath string, optionMounts []specs.Mount, bindFiles map[string]string, builtinVolumes, volumeMounts []string, shmSize string, namespaceOptions define.NamespaceOptions) error {
// Start building a new list of mounts.
var mounts []specs.Mount
haveMount := func(destination string) bool {
@@ -534,7 +535,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st
}
// addNetworkConfig copies files from host and sets them up to bind mount into container
func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDPair, dnsServers, dnsSearch, dnsOptions []string, namespaceOptions NamespaceOptions) (string, error) {
func (b *Builder) addNetworkConfig(rdir, hostPath string, chownOpts *idtools.IDPair, dnsServers, dnsSearch, dnsOptions []string, namespaceOptions define.NamespaceOptions) (string, error) {
stat, err := os.Stat(hostPath)
if err != nil {
return "", err
@@ -677,7 +678,7 @@ func setupTerminal(g *generate.Generator, terminalPolicy TerminalPolicy, termina
}
}
func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) {
func runUsingRuntime(isolation define.Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) {
// Lock the caller to a single OS-level thread.
runtime.LockOSThread()
@@ -1039,7 +1040,7 @@ func setupRootlessNetwork(pid int) (teardown func(), err error) {
}, nil
}
func runConfigureNetwork(isolation Isolation, options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
func runConfigureNetwork(isolation define.Isolation, options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) {
var netconf, undo []*libcni.NetworkConfigList
if isolation == IsolationOCIRootless {
@@ -1503,7 +1504,7 @@ func runUsingRuntimeMain() {
os.Exit(1)
}
func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, idmapOptions IDMappingOptions, policy NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) {
func setupNamespaces(g *generate.Generator, namespaceOptions define.NamespaceOptions, idmapOptions define.IDMappingOptions, policy define.NetworkConfigurationPolicy) (configureNetwork bool, configureNetworks []string, configureUTS bool, err error) {
// Set namespace options in the container configuration.
configureUserns := false
specifiedNetwork := false
@@ -1522,7 +1523,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
configureNetworks = strings.Split(namespaceOption.Path, ",")
namespaceOption.Path = ""
}
configureNetwork = (policy != NetworkDisabled)
configureNetwork = (policy != define.NetworkDisabled)
}
case string(specs.UTSNamespace):
configureUTS = false
@@ -1571,7 +1572,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
if err := g.AddOrReplaceLinuxNamespace(string(specs.NetworkNamespace), ""); err != nil {
return false, nil, false, errors.Wrapf(err, "error adding new %q namespace for run", string(specs.NetworkNamespace))
}
configureNetwork = (policy != NetworkDisabled)
configureNetwork = (policy != define.NetworkDisabled)
}
} else {
if err := g.RemoveLinuxNamespace(string(specs.UserNamespace)); err != nil {
@@ -1584,7 +1585,7 @@ func setupNamespaces(g *generate.Generator, namespaceOptions NamespaceOptions, i
}
}
if configureNetwork && !unshare.IsRootless() {
for name, val := range util.DefaultNetworkSysctl {
for name, val := range define.DefaultNetworkSysctl {
// Check that the sysctl we are adding is actually supported
// by the kernel
p := filepath.Join("/proc/sys", strings.Replace(name, ".", "/", -1))
@@ -1739,7 +1740,7 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
}
}
if foundU {
if err := chownSourceVolume(host, processUID, processGID); err != nil {
if err := chown.ChangeHostPathOwnership(host, true, processUID, processGID); err != nil {
return specs.Mount{}, err
}
}
@@ -1762,7 +1763,7 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
// If chown true, add correct ownership to the overlay temp directories.
if foundU {
if err := chownSourceVolume(contentDir, processUID, processGID); err != nil {
if err := chown.ChangeHostPathOwnership(contentDir, true, processUID, processGID); err != nil {
return specs.Mount{}, err
}
}
@@ -1810,39 +1811,6 @@ func (b *Builder) runSetupVolumeMounts(mountLabel string, volumeMounts []string,
return mounts, nil
}
// chownSourceVolume changes the ownership of a volume source directory or file within the host.
func chownSourceVolume(path string, UID, GID int) error {
fi, err := os.Lstat(path)
if err != nil {
// Skip if path does not exist
if os.IsNotExist(err) {
logrus.Debugf("error returning file info of %q: %v", path, err)
return nil
}
return err
}
currentUID := int(fi.Sys().(*syscall.Stat_t).Uid)
currentGID := int(fi.Sys().(*syscall.Stat_t).Gid)
if UID != currentUID || GID != currentGID {
err := filepath.Walk(path, func(filePath string, f os.FileInfo, err error) error {
return os.Lchown(filePath, UID, GID)
})
if err != nil {
// Skip if path does not exist
if os.IsNotExist(err) {
logrus.Debugf("error changing the uid and gid of %q: %v", path, err)
return nil
}
return err
}
}
return nil
}
func setupMaskedPaths(g *generate.Generator) {
for _, mp := range []string{
"/proc/acpi",
@@ -1999,7 +1967,7 @@ func getDNSIP(dnsServers []string) (dns []net.IP, err error) {
func (b *Builder) configureUIDGID(g *generate.Generator, mountPoint string, options RunOptions) (string, error) {
// Set the user UID/GID/supplemental group list/capabilities lists.
user, homeDir, err := b.user(mountPoint, options.User)
user, homeDir, err := b.userForRun(mountPoint, options.User)
if err != nil {
return "", err
}
@@ -2116,7 +2084,7 @@ func setupRootlessSpecChanges(spec *specs.Spec, bundleDir string, shmSize string
return nil
}
func (b *Builder) runUsingRuntimeSubproc(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) {
func (b *Builder) runUsingRuntimeSubproc(isolation define.Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) {
var confwg sync.WaitGroup
config, conferr := json.Marshal(runUsingRuntimeSubprocOptions{
Options: options,
@@ -2176,13 +2144,13 @@ func (b *Builder) runUsingRuntimeSubproc(isolation Isolation, options RunOptions
return err
}
func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) error {
func checkAndOverrideIsolationOptions(isolation define.Isolation, options *RunOptions) error {
switch isolation {
case IsolationOCIRootless:
if ns := options.NamespaceOptions.Find(string(specs.IPCNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of an IPC namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.IPCNamespace)})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.IPCNamespace)})
_, err := exec.LookPath("slirp4netns")
hostNetworking := err != nil
networkNamespacePath := ""
@@ -2194,7 +2162,7 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
networkNamespacePath = ""
}
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{
Name: string(specs.NetworkNamespace),
Host: hostNetworking,
Path: networkNamespacePath,
@@ -2202,11 +2170,11 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
if ns := options.NamespaceOptions.Find(string(specs.PIDNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of a PID namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.PIDNamespace), Host: false})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.PIDNamespace), Host: false})
if ns := options.NamespaceOptions.Find(string(specs.UserNamespace)); ns == nil || ns.Host {
logrus.Debugf("Forcing use of a user namespace.")
}
options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.UserNamespace)})
options.NamespaceOptions.AddOrReplace(define.NamespaceOption{Name: string(specs.UserNamespace)})
case IsolationOCI:
pidns := options.NamespaceOptions.Find(string(specs.PIDNamespace))
userns := options.NamespaceOptions.Find(string(specs.UserNamespace))
@@ -2219,8 +2187,8 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions)
// DefaultNamespaceOptions returns the default namespace settings from the
// runtime-tools generator library.
func DefaultNamespaceOptions() (NamespaceOptions, error) {
options := NamespaceOptions{
func DefaultNamespaceOptions() (define.NamespaceOptions, error) {
options := define.NamespaceOptions{
{Name: string(specs.CgroupNamespace), Host: true},
{Name: string(specs.IPCNamespace), Host: true},
{Name: string(specs.MountNamespace), Host: true},
@@ -2236,7 +2204,7 @@ func DefaultNamespaceOptions() (NamespaceOptions, error) {
spec := g.Config
if spec.Linux != nil {
for _, ns := range spec.Linux.Namespaces {
options.AddOrReplace(NamespaceOption{
options.AddOrReplace(define.NamespaceOption{
Name: string(ns.Type),
Path: ns.Path,
})
@@ -2263,7 +2231,7 @@ type runUsingRuntimeSubprocOptions struct {
ConfigureNetworks []string
MoreCreateArgs []string
ContainerName string
Isolation Isolation
Isolation define.Isolation
}
func init() {