Modify validate functions to work on a remote clients.
Any of the path checks will not work on remote machines or make
sense on remote clients. Therefore they should not be checked.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Even though these are not read from the config file, they are
still required as fields to pass data in libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the user has a libpod.conf file with an option of "", then
we will ignore it and use the value from containers.conf.
Also the Set variables are only to be set, if a user specified an
override command, not if they were set in the libpod.conf file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The rootless config path was wrong when running with XDG_CONFIG_HOME
set.
Reported-in: github.com/containers/libpod/issues/6163
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We need to normalize the capadd and capdrop functions, and
we need to return errors if the caller gives us bad input.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We need to identify the list of containers that support KVM separation, these
containers can run with a different SELinux label, and we might be able to
make different decisions in the container engines about how to launch these
containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Move pkg/sysinfo and pkg/apparmor out of libpod into containers/common.
This will allow other packages to use these libraries without requiring all of libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When using podman by putting the prebuild binarys into the users homedirectory, paths in the config starting with "~" are not resolved as this is normally done by the shell.
Resolving "~" to HomeDir enables the user (or a config provider) to publish a config which doesn't require adaption for each user (e.G. by changing /home/<username>/usr/bin/cni as this now becomes ~/usr/bin/cni).
This commit adds a new func resolveHomeDir(string) (string, error) which resolves a given path if it contains a reference to homedir or returns the path unchanged when not.
It throws an error when it's unable to get the users HomeDir.
Signed-off-by: Raphael Höser <raphael@hoeser.info>
containers/common pkg/config is for more engines then just libpod.
We want to use the 'libpod' section to configure parts of buildah. Renaming this
section to engine, makes it more obvious to users that these fields can effect other
container engines.
Certain fields are still libpod specific, so we do not change those fields.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Callers should use containers/storage directly.
Also remove MergeDBConfig, this is no longer used by any callers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In NewConfig(), settings in the file whose name we're passed should
matter more than the hardwired default files, or the file named in the
CONTAINERS_CONF environment variable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Export CheckCgroupsAndAdjustConfig() as global function and remove it from NewConfig(). So we can handle it in libpod and avoid Buildah to display cgroup warning message when reading containers.conf.
Signed-off-by: Qi Wang <qiwan@redhat.com>
During the transision period of replacing libpod.conf with containers.conf, pkg/config should also read the libpod.conf if it exist.
This patch reads the libpod.conf in NewConfig() and converts the configurations to ContainersConfig Struct.
Signed-off-by: Qi Wang <qiwan@redhat.com>
pull_policy is the same as podman run --pull option to determin whether to pull a new image when running a container.
Accepted "always", "missing", and "never". Default value is "missing".
Signed-off-by: Qi Wang <qiwan@redhat.com>
Allow users to modify the default ammount of time to wait to send SIGKILL
after you tell a container to stop with a SIGINT.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Replace pkg/caps with pkg/capabilities (from libpod). It's also a fork
from Docker but attributes its origing with copyright notes and has a
trimmed down (and faster) API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Line 255:"guarantess" is a misspelling of "guarantees" (misspell)
Line 292:"guarantess" is a misspelling of "guarantees" (misspell)
rm some double spaces
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
This is causing issues in rootless and remote mode. We should not be creating
directories on the fly.
Also stop exporting functions that are not used by Buildah and Podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The Capability check handles merging of Default capabiltiies along
with user specified add and drop capabilities.
Fork docker/docker/oci/caps file to prevent a huge vendor
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix handling of toml files
No longer need merge, since we can specify a default conf for each toml file.
The toml code will retain the previous defaults and only use the newly specified
values.
This greatly simplifies the code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to hide Optional Bools from the default configuration. Callers should only have to deal with boolean
fields and not deal with optionals.
Add accessor functions for all optional bools, easier.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add configurations from libpod.conf to containers.conf.Use merge code from libpod to read and merge configurations from file.
Add unshare_linux for build linux: HomeDir should buildah not only for linux. so add unshare_linux for linux and unshare.go for other
convert bool to optinalbool:Use OptionalBool for on-disk configurations so we can distinguish field is undefined vs. user set to false.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Daniel J Walsh