opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 09:05:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
17,283 Commits 50 Branches 246 Tags
Commit Graph

22 Commits

Author SHA1 Message Date
Miloslav Trmač
c83efd0f07 Update c/storage after https://github.com/containers/storage/pull/1436 
... and update to remove the now-deprecated Locker interface.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-12-01 16:05:13 +01:00
Prajwal S N
b8e03ab44d deps: bump go-criu to v6 
Signed-off-by: Prajwal S N <prajwalnadig21@gmail.com>
 2022-11-01 13:57:24 +05:30
Dan Čermák
5a2405ae1b Don't mount /dev/tty* inside privileged containers running systemd 
According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take
control over /dev/ttyN if exported, which can cause conflicts with the host's tty
in privileged containers. Thus we will not expose these to privileged containers
in systemd mode, as this is a bad idea according to systemd's maintainers.

Additionally, this commit adds a bats regression test to check that no /dev/ttyN
are present in a privileged container in systemd mode

This fixes https://github.com/containers/podman/issues/15878

Signed-off-by: Dan Čermák <dcermak@suse.com>
 2022-09-22 16:44:26 +02:00
Chris Evich
d968f3fe09 Replace deprecated ioutil 
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37.  Fortunately, functionality identical
replacements are provided by the packages `io` and `os`.  Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.

Signed-off-by: Chris Evich <cevich@redhat.com>
 2022-09-20 15:34:27 -04:00
Daniel J Walsh
dc8fdb46c5 label.Relabel third option is shared not recurse 
There is no option in Selinux labeling to only relabel the top level of
a directory. The option is to either label the path shared or not
shared. Changing to make sure future engineers do not assume that
recurse can work.

[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-09-17 07:14:31 -04:00
Giuseppe Scrivano
92dc61d5ed libpod: rename function 
the function checks if a path is under any mount, not just bind
mounts.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2022-09-14 17:08:57 +02:00
Doug Rabson
36cfd05a7d libpod: Move platform-specific bind mounts to a per-platform method 
This adds a new per-platform method makePlatformBindMounts and moves the
/etc/hostname mount. This file is only needed on Linux.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-12 16:11:25 +01:00
Doug Rabson
369d86040e libpod: Avoid a nil dereference when generating resolv.conf on FreeBSD 
The code which generates resolv.conf dereferenced c.config.Spec.Linux
and this field is not set for FreeBSD containers.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-12 16:08:56 +01:00
Daniel J Walsh
2c63b8439b Fix stutters 
Podman adds an Error: to every error message.  So starting an error
message with "error" ends up being reported to the user as

Error: error ...

This patch removes the stutter.

Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-09-10 07:52:00 -04:00
Doug Rabson
a3aecf0f26 libpod: Factor out setting volume atime to container_internal_linux.go 
It turns out that field names in syscall.Stat_t are platform-specific.
An alternative to this could change fixVolumePermissions to use
unix.Lstat since unix.Stat_t uses the same mmember name for Atim on both
Linux and FreeBSD.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:20:50 +01:00
Doug Rabson
7a1abd03c5 libpod: Move miscellaneous file handlling to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:20:50 +01:00
Doug Rabson
212b11c34c libpod: Factor out handling of slirp4netns and net=none 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:20:50 +01:00
Doug Rabson
eab4291d99 libpod: Move functions related to /etc bind mounts to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:20:50 +01:00
Doug Rabson
b3989be768 libpod: Move getRootNetNsDepCtr to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:50 +01:00
Doug Rabson
a148c16225 libpod: Use (*Container).addNetworkNamespace to restore checkpoint network 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
7518a9136a libpod: Move functions related to checkpoints to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
be5d1261b4 libpod: Move mountNotifySocket to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
71e2074e83 libpod: Move getUserOverrides, lookupHostUser to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
232eea5a00 libpod: Move isWorkDirSymlink, resolveWorkDir to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
0889215d83 libpod: Use platform-specific mount type for volume mounts 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
c1a86a8c4c libpod: Factor out platform-specific sections from generateSpec 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00
Doug Rabson
e101f4350b libpod: Move getOverlayUpperAndWorkDir and generateSpec to container_internal_common.go 
[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2022-09-05 10:17:49 +01:00