There is really no need to limit reading the config under
$XDG_CONFIG_HOME or $HOME to rootless users only. This poses two
problems, first on a multi user system any config that should be only
applied to root in /etc will also be read by all other users which makes
this impossible to use without having all user overwrite that option
with their local containers.conf. If we read the config from $HOME as
root as well then such changes are easy.
Second, because connections/farms are currently written by the cli it
means as root is tries to write under /etc which is not good as in some
envs /etc is mounted read only.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is not called by podman or buildah, it also makes no sense to return
a path string with $HOME in it. Just delete it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The current code has a small race it first stats the file and if it
exists it tries to read the file. Between this it is possible that the
file was removed and thus cause a fatal error when reading the config.
The better way is to simply read the file and ignore the ENOENT error
instead where we want this behavior. This avoids the need for the extra
stat syscalls. For CONTAINERS_CONF and modules we still need the hard
error if the file does not exists so we have to keep it there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new containers.conf attribute to define how to set interface name inside containers.
Relates to: containers/podman#21313
Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
The tests are messy and should be turned into table-driven tests but I
do not have time at the moment.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Commit 395ba05c44 implemented a POC to allow for changing the behavior
when loading multiple container.conf files in sequence. By default, the
TOML encoder will override existing data/fields with the one specified
in the loaded file. The POC has demonstrated how this behavior can be
changed to append string slices instead of overriding/replacing them
entirely.
This change is the first step of integrating these appendable string
arrays into containers.conf and starts with enabling the `Env`,
`Mounts`, and `Volumes` fields in the `[Containers]` table.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Forcing a single upstream default for the init path is bad as some
distro use different install locations for various reasons.
To fix this use the existing helper_binaries_dir field to lookup in all
directories. To keep backwards compatibility we keep using the old
default and both Containers.InitPath and Engine.InitPath. Yes that is
right, somehow we ended up with the same config field under the
containers and engine section and they are both used in podman!
Thus we need to keep supporting both, only the field under the container
section was documented and now recommends the use of helper_binaries_dir.
To make the docs more clear also document what binaries are currently
looked up in helper_binaries_dir.
Note this needs further integration in podman.
Fixes#1110
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman should default to sqlite for new installs, however to not break
upgrades we should detect if a boltdb database exists and use that in
such case. Now in order to distinguish between an explicitly set
"sqlite" and "boltdb" and nothing set we use an empty default.
With that podman can know if we really should use the default or if it
was configured for a db explicitly. The actual detection logic must be
implemented in podman as we only know the file locations there.
This commit also drops the unused StateType as this was not used at all.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As requested in containers/podman/issues/20000, add a `privileged` field
to the containers table in containers.conf. I was hesitant to add such
a field at first (for security reasons) but I understand that such a
field can come in handy when using modules - certain workloads require a
privileged container.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
They are not correctly and inconcistently being used by Podman making it
super hard to know what's going on. Just remove them for now and deal
with the remaining chaos in subsequent changes in common and Podman.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The method ActiveDestination was being used only by Podman and there seemed to code complications as the code is split in multiple parts. Hence, moved the code to Podman to make it more readable and efficient.
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
To return absolute paths to modules a config was loaded with.
Knowing the modules is required for conmon's callback to
Podman's cleanup. Returning them as absolute paths makes
loading the modules a bit faster as it avoids the lookup.
Also drop the attempted performance tune in `Default()` to
accommodate for go's memory model.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new concept to containers.conf called "modules". A "module" is
a containers.conf file located at a specific directory. More than one
module can be loaded in the specified order, following existing
override semantics.
There are three directories to load modules from:
- $CONFIG_HOME/containers/containers.conf.modules
- /etc/containers/containers.conf.modules
- /usr/share/containers/containers.conf.modules
With CONFIG_HOME pointing to $HOME/.config or, if set, $XDG_CONFIG_HOME.
Absolute paths will be loaded as is, relative paths will be resolved
relative to the three directories above allowing for admin configs
(/etc/) to override system configs (/usr/share/) and user configs
($CONFIG_HOME) to override admin configs.
Also move some functions from config.go for locality.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add `New()` function to create a Config and deprecate `NewConfig` which is
a) not extensible and b) broken in the sense that no external caller was
actually using the argument.
Many call sites use `Default()` which now has improved documentation and
allows for interacting with `New(). Most call sites just need to access
a pro-loaded config (via `Default()`). This config can overridden by
`New()` if the caller sets the specific option - a requirement for an
upcoming feature for Podman allowing to load user-specified configs via
CLI flags.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
It has no external user and should not be exported to avoid any API
misuse; built-in defaults are an implementation detail.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Paul Holzinger
Vikas Goel
Oleksandr Redko
Chetan Giradkar
Valentin Rothberg
Aditya R
OpenShift Merge Robot