mirror of https://github.com/containers/podman.git
Merge pull request #14706 from ashley-cui/rootmach
Only allow Rootless runs of Podman Machine
This commit is contained in:
commit
d6cdb996bc
|
@ -20,6 +20,7 @@ var (
|
||||||
Use: "init [options] [NAME]",
|
Use: "init [options] [NAME]",
|
||||||
Short: "Initialize a virtual machine",
|
Short: "Initialize a virtual machine",
|
||||||
Long: "initialize a virtual machine ",
|
Long: "initialize a virtual machine ",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: initMachine,
|
RunE: initMachine,
|
||||||
Args: cobra.MaximumNArgs(1),
|
Args: cobra.MaximumNArgs(1),
|
||||||
Example: `podman machine init myvm`,
|
Example: `podman machine init myvm`,
|
||||||
|
|
|
@ -20,6 +20,7 @@ var (
|
||||||
Use: "inspect [options] [MACHINE...]",
|
Use: "inspect [options] [MACHINE...]",
|
||||||
Short: "Inspect an existing machine",
|
Short: "Inspect an existing machine",
|
||||||
Long: "Provide details on a managed virtual machine",
|
Long: "Provide details on a managed virtual machine",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: inspect,
|
RunE: inspect,
|
||||||
Example: `podman machine inspect myvm`,
|
Example: `podman machine inspect myvm`,
|
||||||
ValidArgsFunction: autocompleteMachine,
|
ValidArgsFunction: autocompleteMachine,
|
||||||
|
|
|
@ -27,6 +27,7 @@ var (
|
||||||
Aliases: []string{"ls"},
|
Aliases: []string{"ls"},
|
||||||
Short: "List machines",
|
Short: "List machines",
|
||||||
Long: "List managed virtual machines.",
|
Long: "List managed virtual machines.",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: list,
|
RunE: list,
|
||||||
Args: validate.NoArgs,
|
Args: validate.NoArgs,
|
||||||
ValidArgsFunction: completion.AutocompleteNone,
|
ValidArgsFunction: completion.AutocompleteNone,
|
||||||
|
|
|
@ -5,6 +5,7 @@ package machine
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
@ -17,6 +18,7 @@ import (
|
||||||
"github.com/containers/podman/v4/cmd/podman/validate"
|
"github.com/containers/podman/v4/cmd/podman/validate"
|
||||||
"github.com/containers/podman/v4/libpod/events"
|
"github.com/containers/podman/v4/libpod/events"
|
||||||
"github.com/containers/podman/v4/pkg/machine"
|
"github.com/containers/podman/v4/pkg/machine"
|
||||||
|
"github.com/containers/podman/v4/pkg/rootless"
|
||||||
"github.com/containers/podman/v4/pkg/util"
|
"github.com/containers/podman/v4/pkg/util"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
@ -162,3 +164,10 @@ func closeMachineEvents(cmd *cobra.Command, _ []string) error {
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func rootlessOnly(cmd *cobra.Command, args []string) error {
|
||||||
|
if !rootless.IsRootless() {
|
||||||
|
return fmt.Errorf("cannot run command %q as root", cmd.CommandPath())
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
|
@ -20,6 +20,7 @@ var (
|
||||||
Use: "rm [options] [MACHINE]",
|
Use: "rm [options] [MACHINE]",
|
||||||
Short: "Remove an existing machine",
|
Short: "Remove an existing machine",
|
||||||
Long: "Remove a managed virtual machine ",
|
Long: "Remove a managed virtual machine ",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: rm,
|
RunE: rm,
|
||||||
Args: cobra.MaximumNArgs(1),
|
Args: cobra.MaximumNArgs(1),
|
||||||
Example: `podman machine rm myvm`,
|
Example: `podman machine rm myvm`,
|
||||||
|
|
|
@ -18,6 +18,7 @@ var (
|
||||||
Use: "set [options] [NAME]",
|
Use: "set [options] [NAME]",
|
||||||
Short: "Sets a virtual machine setting",
|
Short: "Sets a virtual machine setting",
|
||||||
Long: "Sets an updatable virtual machine setting",
|
Long: "Sets an updatable virtual machine setting",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: setMachine,
|
RunE: setMachine,
|
||||||
Args: cobra.MaximumNArgs(1),
|
Args: cobra.MaximumNArgs(1),
|
||||||
Example: `podman machine set --rootful=false`,
|
Example: `podman machine set --rootful=false`,
|
||||||
|
|
|
@ -20,6 +20,7 @@ var (
|
||||||
Use: "ssh [options] [NAME] [COMMAND [ARG ...]]",
|
Use: "ssh [options] [NAME] [COMMAND [ARG ...]]",
|
||||||
Short: "SSH into an existing machine",
|
Short: "SSH into an existing machine",
|
||||||
Long: "SSH into a managed virtual machine ",
|
Long: "SSH into a managed virtual machine ",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: ssh,
|
RunE: ssh,
|
||||||
Example: `podman machine ssh myvm
|
Example: `podman machine ssh myvm
|
||||||
podman machine ssh myvm echo hello`,
|
podman machine ssh myvm echo hello`,
|
||||||
|
|
|
@ -18,6 +18,7 @@ var (
|
||||||
Use: "start [MACHINE]",
|
Use: "start [MACHINE]",
|
||||||
Short: "Start an existing machine",
|
Short: "Start an existing machine",
|
||||||
Long: "Start a managed virtual machine ",
|
Long: "Start a managed virtual machine ",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: start,
|
RunE: start,
|
||||||
Args: cobra.MaximumNArgs(1),
|
Args: cobra.MaximumNArgs(1),
|
||||||
Example: `podman machine start myvm`,
|
Example: `podman machine start myvm`,
|
||||||
|
|
|
@ -17,6 +17,7 @@ var (
|
||||||
Use: "stop [MACHINE]",
|
Use: "stop [MACHINE]",
|
||||||
Short: "Stop an existing machine",
|
Short: "Stop an existing machine",
|
||||||
Long: "Stop a managed virtual machine ",
|
Long: "Stop a managed virtual machine ",
|
||||||
|
PersistentPreRunE: rootlessOnly,
|
||||||
RunE: stop,
|
RunE: stop,
|
||||||
Args: cobra.MaximumNArgs(1),
|
Args: cobra.MaximumNArgs(1),
|
||||||
Example: `podman machine stop myvm`,
|
Example: `podman machine stop myvm`,
|
||||||
|
|
|
@ -10,9 +10,12 @@ podman\-machine\-init - Initialize a new virtual machine
|
||||||
|
|
||||||
Initialize a new virtual machine for Podman.
|
Initialize a new virtual machine for Podman.
|
||||||
|
|
||||||
Podman on macOS requires a virtual machine. This is because containers are Linux -
|
Rootless only.
|
||||||
|
|
||||||
|
Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux -
|
||||||
containers do not run on any other OS because containers' core functionality are
|
containers do not run on any other OS because containers' core functionality are
|
||||||
tied to the Linux kernel.
|
tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines,
|
||||||
|
but can be optionally used on Linux.
|
||||||
|
|
||||||
**podman machine init** initializes a new Linux virtual machine where containers are run.
|
**podman machine init** initializes a new Linux virtual machine where containers are run.
|
||||||
SSH keys are automatically generated to access the VM, and system connections to the root account
|
SSH keys are automatically generated to access the VM, and system connections to the root account
|
||||||
|
|
|
@ -13,6 +13,8 @@ Inspect one or more virtual machines
|
||||||
Obtain greater detail about Podman virtual machines. More than one virtual machine can be
|
Obtain greater detail about Podman virtual machines. More than one virtual machine can be
|
||||||
inspected at once.
|
inspected at once.
|
||||||
|
|
||||||
|
Rootless only.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
#### **--format**
|
#### **--format**
|
||||||
|
|
||||||
|
|
|
@ -12,9 +12,12 @@ podman\-machine\-list - List virtual machines
|
||||||
|
|
||||||
List Podman managed virtual machines.
|
List Podman managed virtual machines.
|
||||||
|
|
||||||
Podman on macOS requires a virtual machine. This is because containers are Linux -
|
Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux -
|
||||||
containers do not run on any other OS because containers' core functionality is
|
containers do not run on any other OS because containers' core functionality are
|
||||||
tied to the Linux kernel.
|
tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines,
|
||||||
|
but can be optionally used on Linux.
|
||||||
|
|
||||||
|
Rootless only.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
|
|
||||||
|
|
|
@ -16,6 +16,7 @@ generated for that VM are also removed as is its image file on the filesystem.
|
||||||
Users get a display of what will be deleted and are required to confirm unless the option `--force`
|
Users get a display of what will be deleted and are required to confirm unless the option `--force`
|
||||||
is used.
|
is used.
|
||||||
|
|
||||||
|
Rootless only.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,8 @@ podman\-machine\-set - Sets a virtual machine setting
|
||||||
|
|
||||||
Change a machine setting.
|
Change a machine setting.
|
||||||
|
|
||||||
|
Rootless only.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
|
|
||||||
#### **--cpus**=*number*
|
#### **--cpus**=*number*
|
||||||
|
|
|
@ -16,6 +16,8 @@ with the virtual machine is established.
|
||||||
|
|
||||||
The exit code from ssh command will be forwarded to the podman machine ssh caller, see [Exit Codes](#Exit-Codes).
|
The exit code from ssh command will be forwarded to the podman machine ssh caller, see [Exit Codes](#Exit-Codes).
|
||||||
|
|
||||||
|
Rootless only.
|
||||||
|
|
||||||
## OPTIONS
|
## OPTIONS
|
||||||
|
|
||||||
#### **--help**
|
#### **--help**
|
||||||
|
|
|
@ -10,9 +10,12 @@ podman\-machine\-start - Start a virtual machine
|
||||||
|
|
||||||
Starts a virtual machine for Podman.
|
Starts a virtual machine for Podman.
|
||||||
|
|
||||||
Podman on macOS requires a virtual machine. This is because containers are Linux -
|
Rootless only.
|
||||||
|
|
||||||
|
Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux -
|
||||||
containers do not run on any other OS because containers' core functionality are
|
containers do not run on any other OS because containers' core functionality are
|
||||||
tied to the Linux kernel.
|
tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines,
|
||||||
|
but can be optionally used on Linux.
|
||||||
|
|
||||||
Only one Podman managed VM can be active at a time. If a VM is already running,
|
Only one Podman managed VM can be active at a time. If a VM is already running,
|
||||||
`podman machine start` will return an error.
|
`podman machine start` will return an error.
|
||||||
|
|
|
@ -10,9 +10,12 @@ podman\-machine\-stop - Stop a virtual machine
|
||||||
|
|
||||||
Stops a virtual machine.
|
Stops a virtual machine.
|
||||||
|
|
||||||
Podman on macOS requires a virtual machine. This is because containers are Linux -
|
Rootless only.
|
||||||
|
|
||||||
|
Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux -
|
||||||
containers do not run on any other OS because containers' core functionality are
|
containers do not run on any other OS because containers' core functionality are
|
||||||
tied to the Linux kernel.
|
tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines,
|
||||||
|
but can be optionally used on Linux.
|
||||||
|
|
||||||
**podman machine stop** stops a Linux virtual machine where containers are run.
|
**podman machine stop** stops a Linux virtual machine where containers are run.
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,14 @@ podman\-machine - Manage Podman's virtual machine
|
||||||
**podman machine** *subcommand*
|
**podman machine** *subcommand*
|
||||||
|
|
||||||
## DESCRIPTION
|
## DESCRIPTION
|
||||||
`podman machine` is a set of subcommands that manage Podman's virtual machine on macOS.
|
`podman machine` is a set of subcommands that manage Podman's virtual machine.
|
||||||
|
|
||||||
|
Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux -
|
||||||
|
containers do not run on any other OS because containers' core functionality are
|
||||||
|
tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines,
|
||||||
|
but can be optionally used on Linux.
|
||||||
|
|
||||||
|
All `podman machine` commands are rootless only.
|
||||||
|
|
||||||
## SUBCOMMANDS
|
## SUBCOMMANDS
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
"github.com/containers/podman/v4/pkg/rootless"
|
||||||
. "github.com/containers/podman/v4/test/utils"
|
. "github.com/containers/podman/v4/test/utils"
|
||||||
. "github.com/onsi/ginkgo"
|
. "github.com/onsi/ginkgo"
|
||||||
. "github.com/onsi/gomega"
|
. "github.com/onsi/gomega"
|
||||||
|
@ -92,9 +93,12 @@ var _ = Describe("podman system reset", func() {
|
||||||
|
|
||||||
// TODO: machine tests currently don't run outside of the machine test pkg
|
// TODO: machine tests currently don't run outside of the machine test pkg
|
||||||
// no machines are created here to cleanup
|
// no machines are created here to cleanup
|
||||||
|
// machine commands are rootless only
|
||||||
|
if rootless.IsRootless() {
|
||||||
session = podmanTest.Podman([]string{"machine", "list", "-q"})
|
session = podmanTest.Podman([]string{"machine", "list", "-q"})
|
||||||
session.WaitWithDefaultTimeout()
|
session.WaitWithDefaultTimeout()
|
||||||
Expect(session).Should(Exit(0))
|
Expect(session).Should(Exit(0))
|
||||||
Expect(session.OutputToStringArray()).To(BeEmpty())
|
Expect(session.OutputToStringArray()).To(BeEmpty())
|
||||||
|
}
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue