When updateNames() copies an image's record from a read-only store into
the read-write store, copy the accompanying data as well.
Add fields for setting data items at creation-time to LayerOptions,
ImageOptions, and ContainerOptions to make this easier for us and our
consumers.
Replace the store-specific Create() (and the one CreateWithFlags() and
Put()) with private create() and put() methods, since they're not
intended for consumption outside of this package, and add Flags to the
options structures we pass into those methods. In create() methods,
make copies of those passed-in options structures before modifying any
of their contents.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We do have commands that don't take any arguments, and quietly ignoring
arguments when they get them is not a good idea.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If STORAGE_TRANSIENT is set to 1 then transient mode will be enabled
in the tests.
Also adds overlay-transient to the cirrus CI.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Have the action handlers return an error value, and let
main() format that error, if any; this avoids duplicated
error formating code in the action handlers, dropping
89 lines.
This might change the error format in some cases (typically
%v vs. %+v).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
do not pick the first available image if it was requested to not use
any mapping.
It causes a problem where an image is already present in the local
store with a mapping, then a container that doesn't specify any
mapping would end up to reuse that:
$ podman system reset -y
$ podman run --rm --uidmap 0:10000:1000 centos ls -ld /home
drwxr-xr-x. 2 root root 6 Nov 3 2020 /home
$ podman run --rm centos ls -ld /home
drwxr-xr-x. 2 10000 10000 6 Nov 3 2020 /home
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Currently when we build podman bindings we are pulling in the entire
storage libraries, even though we only need a few structures and
functions.
Testing with the following program
```
package main
import (
"fmt"
"github.com/containers/storage/types"
)
func main() {
fmt.Println(types.GetRootlessRuntimeDir(0))
}
```
Removing types above gives me compile size of the the program
du -s t.old t.new
9640 t.before
3232 t.after
Currently these functions are being vendored into
containers/common/pkg/config, which leads to large size in podman-remote
and podman bindings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Interface added to mount image rootfs without any container.
image can be mounted only in ReadOnly mode.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
New interface for deleting already-created Store object
When the store is not needed, it is neccessary to remove
it and release the memory
Signed-off-by: yangfeiyu <yangfeiyu20102011@163.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The dependency on docker's filter package prevents us from using newer
versions of docker/moby where the package's API has changed. The filter
package is small enough to justify maintaining a small fork of it. Also,
since the opts package is only used for the `containers-storage` binary
and is not part of the actual storage library, move it to the ./internal
directory to make it clearer that this is an internal API.
Fixes: #450
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Images don't have to have layers, so they don't have to have top layers,
and we shouldn't return an error when attempting to determine the size
of such an image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These interfaces can be used to setup a graphdriver mountpoint
of the source directory for use within a container.
The RemoveTemp interface umounts the mountpoint and then removes
all of the modified data in the graphdriver for this source directory.
The primary use case of these interfaces is for container engines that
want to mount a directory from the host system into the container. The
source dirctory then can be modified without actually changing the
directory on the host.
Containers will use these interfaces for sharing packaing cache directories
like /var/cache/dnf, to help speed up container builds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In an effort to remove cross vendoring, trying to fix buildah from importing
from libpod. I beleive these libraries make more sense in containers/storage
then in libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Drop our dependency on the image library's manifest package by requiring
that callers pass its Digest() function to us as a callback. This makes
our CLI test/diagnostic tool calculate digests of s1 manifests
incorrectly, but that's not something that we were testing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Print backtrace information when displaying an error returned by our
API, to make troubleshooting tests a bit easier.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change how we compute digests for BigData items with names that start
with "manifest" so that we use the image library's manifest.Digest()
function, which knows how to preprocess schema1 manifests to get the
right value, instead of just trying to finesse it.
Track the digests of multiple manifest-named items for images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
I found that other projects, tend to parse multiple maps at once. So, we may
want to allow the base library to do so in order to decrease complexity in the
upper layers.
This is follow-up on previous refactoring in 7b209d36fd, I didn't got
it right on first try, sry.
Signed-off-by: Šimon Lukašík <isimluk@fedoraproject.org>
We want to allow tools like podman/buildah to override default storage
container mount options on a container by container basis.
For example if the default mount options for containers/storage include
nodev or nosuid, we want to allow podman to turn these off if the user
specifies --privileged.
We also might want to turn off certain user namespace flags that will cause
buildah and podman build to work slower when creating container images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
where it belongs.
I have noticed that this parsing gets spread across projects. Basically, the
very same method is present in libpod, buildah, and cri-o projects. We better
start re-using this code from single place or soon everyone has its own version.
Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
podman unmount wants to know if the image is only mounted 1 time
and refuse to unmount if the container state expects it to be mounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add force to umount to force the umount of a container image
Add an interface to indicate whether or not the layer is mounted
Add a boolean return from unmount to indicate when the layer is really unmounted
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a ContainerSize() method, which knows how to compute the sizes of
container, so that our callers don't need to all be updated when we make
changes to how we store them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add an ImageSize() method, which knows how to compute the sizes of
images, so that our callers don't need to all be updated when we make
changes to how we store them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow images to have multiple top layers which should only differ by
which UID/GID mappings are used in them, to make creating multiple
containres which use the same mappings faster.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add integration tests to exercise CopyFileWithTar and CopyWithTar, both
with and without Chown flags.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Provide the information that was actually requested when we produce JSON
output for the layer-parent-owners and container-parent-owners commands.
Carried over from #156.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add store methods for finding the list of UIDs and GIDs which probably
need to be mapped if a given layer or container's layer, which has to
have been mounted at least once in order for us to know where it goes,
is going to be used for a container that is run with the configured ID
mappings in a separate user namespace.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add support to the Store objects for per-container UID/GID mapping.
* UID and GID maps can be specified when creating layers and containers.
* If mapping options are specified when creating a container, those
options are used for creating the layer which we create for the
container and recorded with the container for convenience.
* A layer defaults to using the ID mapping configured for its parent, or
to the default which was used to initialize the Store object if it has
no parent.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add explicitly-settable digest values for images that are treated mostly
like the implicit digests that we track for manifests, for the sake of
v1 images which have manifests that need to be preprocessed before being
digested to produce an image's digest value. We'll still have the
digest of the unprocessed manifest, but that shouldn't hurt.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a "digest" of an image that is equal to the digest of its big data
item named "manifest", if it has one, that we can index and use for
locating images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make the CLI use all of the default settings if none of them are
overridden on the command line, or none of them, if any are overridden.
Any other behavior is hard to use in integration tests, and confusing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change the labels we use when displaying our settings as part of a debug
log, and prepend that information to the "status" output.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fix the weird formatting of the output from the various create commands
and the import-layer command.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai