56 Commits

Author SHA1 Message Date
c276a13880 Properly translate users into runc format for exec
Runc exec expects the --user flag to be formatted as UID:GID.
Use chrootuser code to translate whatever user is passed to exec
into this format.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #1315
Approved by: vrothberg
2018-08-23 12:07:59 +00:00
d20f3a5146 switch projectatomic to containers
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1270
Approved by: mheon
2018-08-16 17:12:36 +00:00
92e9d7891e We need to sort mounts so that one mount does not over mount another.
Currently we add mounts from images, volumes and internal.
We can accidently over mount an existing mount.  This patch sorts the mounts
to make sure a parent directory is always mounted before its content.

Had to change the default propagation on image volume mounts from shared
to private to stop mount points from leaking out of the container.

Also switched from using some docker/docker/pkg to container/storage/pkg
to remove some dependencies on Docker.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1243
Approved by: mheon
2018-08-10 21:18:19 +00:00
8e1ef558eb Add --force to podman umount to force the unmounting of the rootfs
podman umount will currently only unmount file system if not other
process is using it, otherwise the umount decrements the container
storage to indicate that the caller is no longer using the mount
point, once the count gets to 0, the file system is actually unmounted.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1184
Approved by: TomSweeneyRedHat
2018-08-01 17:53:30 +00:00
7789284cbe Added pod.Restart() functionality to libpod.
Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function.
Refactored startNode to be able to either start or restart a node.
Built pod Restart() with new startNode with refresh true.

Signed-off-by: haircommander <pehunt@redhat.com>

Closes: #1152
Approved by: rhatdan
2018-07-25 17:54:27 +00:00
85db3f09bf Let containers/storage keep track of mounts
Currently we unmount storage that is still in use.
We should not be unmounting storeage that we mounted
via a different command or by podman mount. This
change relies on containers/storage to umount keep track of
how many times the storage was mounted before really unmounting
it from the system.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-07-19 17:01:07 -04:00
4f9b1ae625 Allow Init() on stopped containers
Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #1068
Approved by: baude
2018-07-09 20:33:09 +00:00
c3602075ec Make CGroups cleanup optional on whether they exist
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #981
Approved by: baude
2018-06-22 19:26:46 +00:00
3343456717 Add Refresh() to ctrs to refresh state after db change
The Refresh() function is used to reset a container's state after
a database format change to state is made that requires migration

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #981
Approved by: baude
2018-06-22 19:26:46 +00:00
1d9e884232 We are using err in defer function, needs to be defined name
Since we are checking if err is non nil in defer function we need
to define it, so that the check will work correctly.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #985
Approved by: mheon
2018-06-22 13:43:19 +00:00
da44d8d5c8 libpod: fix race with attach/start
Move the StartContainer call after the attach to the UNIX socket.  It
solves a race where the StartContainer could be done earlier and a
short-lived container could already exit by the time we tried to
attach to the socket.

Closes: https://github.com/projectatomic/libpod/issues/835

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2018-06-20 09:36:04 +02:00
c34e454177 Optionally init() during container restart
This allows us to restart containers that have never been started
without error. This makes RestartWithTimeout work with running,
stopped, and created containers.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #719
Approved by: rhatdan
2018-05-04 10:57:50 +00:00
8dfebd4607 varlink containers
first pass at adding in the container related endpoints/methods for the libpod
backend. Couple of important notes:

* endpoints that can use a console are not going to be done until we have "remote" console
* several of the container methods should probably be able to stream as opposed to a one-off return

Signed-off-by: baude <bbaude@redhat.com>

Closes: #708
Approved by: baude
2018-05-03 17:31:33 +00:00
27107fdac1 Vendor in latest containers/image and contaners/storage
Made necessary changes to functions to include contex.Context wherever needed

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #640
Approved by: baude
2018-04-19 14:08:47 +00:00
6c5ebb0315 Change container.locked to batched
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>

Closes: #619
Approved by: mheon
2018-04-16 15:18:38 +00:00
8d7635b1ac Change attach to accept a struct containing streams
Comparing Go interfaces, like io.Reader, to nil does not work. As
such, we need to include a bool with each stream telling whether
to attach to it.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #608
Approved by: baude
2018-04-13 18:43:44 +00:00
5e03cec7ec Changes to attach to enable per-stream attaching
This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #608
Approved by: baude
2018-04-13 18:43:44 +00:00
4b25039cf4 Fix locking interaction in batched Exec() on container
Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #610
Approved by: giuseppe
2018-04-13 16:36:09 +00:00
1700f2b238 Use buildah commit for podman commit
Resolves: #586 and #520
Signed-off-by: baude <bbaude@redhat.com>

Closes: #592
Approved by: mheon
2018-04-10 13:31:59 +00:00
b1a8d769b8 Stopping a stopped container should not be an error
Resolves: #575

Signed-off-by: baude <bbaude@redhat.com>

Closes: #588
Approved by: mheon
2018-04-03 18:37:41 +00:00
98b19aeb0c Refactor dependency checks from init() into public API
Instead of checking during init(), which could result in major
locking issues when used with pods, make our dependency checks in
the public API instead. This avoids doing them when we start pods
(where, because of the dependency graph, we can reasonably say
all dependencies are up before we start a container).

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #577
Approved by: rhatdan
2018-04-03 14:57:16 +00:00
4d4646d09b Do not require Init() before Start()
This will help dependency races

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #577
Approved by: rhatdan
2018-04-03 14:57:16 +00:00
f7c8dd5836 Stage 4 Image cleanup
Cull funcs from runtime_img.go which are no longer needed.  Also, fix any remaining
spots that use the old image technique.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #532
Approved by: mheon
2018-03-23 15:35:37 +00:00
38a1b2f16d Image library stage 4 - create and commit
Migrate the podman create and commit subcommandis to leverage the images library.  I also had
to migrate the cmd/ portions of run and rmi.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #498
Approved by: mheon
2018-03-20 16:20:12 +00:00
8840b92da6 Remove ability to specify mount label when mounting
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #506
Approved by: rhatdan
2018-03-16 13:35:23 +00:00
1856703e38 Add additional debug logging
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #482
Approved by: baude
2018-03-15 17:45:11 +00:00
55f2f58145 Add StartAndAttach() API endpoint for containers
This solves our prior problems with attach races by ensuring the
order is correct.

Also contains substantial cleanups to the attach code.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #482
Approved by: baude
2018-03-15 17:45:11 +00:00
02a26c2934 Implement container restarting
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #482
Approved by: baude
2018-03-15 17:45:11 +00:00
40d302be8f Modify pod API to move Init() into Start()
Separate Init() and Start() does not make sense on the pod side,
where we may have to start containers in order to initialize
others due to dependency orders.

Also adjusts internal containers API for more code sharing.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #478
Approved by: rhatdan
2018-03-13 13:54:45 +00:00
54f32f2cc0 Convert bind mounts to use DB field
Refactors creation of bind mounts into a separate function that
can be called from elsewhere (e.g. pod start or container
restart). This function stores the mounts in the DB using the
field established last commit.

Spec generation now relies upon this field in the DB instead of
manually enumerating files to be bind mounted in.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #462
Approved by: baude
2018-03-08 16:40:21 +00:00
fcc3663355 Move internal function resizeTty to container_internal
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #462
Approved by: baude
2018-03-08 16:40:21 +00:00
d23b9fd4ed Refactor saving OCI spec to disk into separate function
It will be needed for restarting containers

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #462
Approved by: baude
2018-03-08 16:40:21 +00:00
4344639508 podman import, load, and commit are too verbose
The progress should not be show for import, load, and commit.  It makes machine
parsing of the output much more difficult.  Also, each command should output an
image ID or name for the user.

Added a --verbose flag for users that still want to see progress.

Resolves issue #450

Signed-off-by: baude <bbaude@redhat.com>

Closes: #456
Approved by: rhatdan
2018-03-07 20:59:11 +00:00
bbf9a313c3 attach: set the terminal size and handle SIGWINCH
Notify conmon when the terminal size changes.  Use the same notification
to set the correct initial size.

Closes: https://github.com/projectatomic/libpod/issues/351

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #448
Approved by: baude
2018-03-06 20:47:46 +00:00
c5dc7f81fc Replace usage of runc with runtime
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
fa5f99effa Convert exec session tracking to use a dedicated struct
This will behave better if we need to add anything to it at a
later date - we can add fields to the struct without breaking
existing BoltDB databases.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
83d7ae6506 Fix gofmt & golint
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
780baec1d9 Relax locking in Exec()
This allows containers to be used by `ps` and other commands
while they have ongoing exec sessions. Concurrent exec should
also work but is not tested.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
70baafc1c7 Ensure that Cleanup() will not run on active containers
This ensures that containers with active exec sessions will not
have storage unmounted under them or network namespaces destroyed

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
8b87a17f56 Add tracking for exec session IDs
Exec sessions now have an ID generated and assigned to their PID
and stored in the database state. This allows us to track what
exec sessions are currently active.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:51 +00:00
345bfafee2 Rework exec to enable splitting to retrieve exec PID
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:50 +00:00
920b66707e Small fixes to container Exec
Fix an error message, and always set Privileged if the container
is also privileged.

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #412
Approved by: baude
2018-03-01 21:17:50 +00:00
5e7979f016 Address review comments
Review comments to delete WithNoNew function and its append.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #369
Approved by: rhatdan
2018-02-24 09:15:47 +00:00
831dc48883 Add support for --no-new-privs
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #369
Approved by: rhatdan
2018-02-24 09:15:47 +00:00
eafbe76ebe Refactor spec generation in libpod into a function
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #386
Approved by: baude
2018-02-23 04:25:47 +00:00
3d395767d8 Implement --image-volumes for create and run
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #377
Approved by: rhatdan
2018-02-22 15:14:00 +00:00
b07c8d6a73 Fix libpod to use given CGroup parent instead of a hardcoded one
Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #319
Approved by: TomSweeneyRedHat
2018-02-09 20:11:07 +00:00
3921f10a72 cleanup network stack as well as storage when container shuts down.
This patch will cleanup the network stack when the container exits

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2018-02-08 06:42:21 -05:00
ca7ebcac64 Change pause so only running containers are valid
Signed-off-by: Matthew Heon <mheon@redhat.com>
2018-02-07 10:47:43 -05:00
8fbfb93947 Error on attempting to restart container
Signed-off-by: Matthew Heon <mheon@redhat.com>

Closes: #304
Approved by: baude
2018-02-07 01:56:11 +00:00