Add ImageDirectory() and ImageRunDirectory(), which return the paths of
directories which the caller can use to store image-specific data which
will be cleaned up automatically when the image is removed or the system
is restarted, respectively.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
drop the rootless argument from DefaultStoreOptions and
UpdateStoreOptions since this can be retrieved internally through the
unshare package.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
gofumpt is a superset of gofmt, enabling some more code formatting
rules.
This commit is brought to you by
gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Allow storage users to split the filesystem of containers vs image
store, `imagestore` if configured will pull images in image storage
instead of the `graphRoot` while keeping the other parts still in the
originally configured `graphRoot`.
overlay: set workdir and upperdir according to splitstore
If splitstore is set `workdir` and `upperdir` must go into the
splitstore i.e `graphRoot`.
Signed-off-by: Aditya R <arajan@redhat.com>
Add initial Check() and Repair() methods to Stores.
Check() checks for inconsistencies between the layers which the
lower-level storage driver claims to know about and the ones which we
know we're managing. It checks that layers referenced by layers,
images, and containers are known to us and that images referenced by
containers are known to us. It checks that data which we store
alongside layers, images, and containers is still present, and to the
extent which we store other information about that data (frequenly just
the size of the data), verifies that it matches recorded expectations.
Lastly, it checks that layers which are part of images (and which we
therefore know what they should have in them) have the expected content,
and nothing else.
Repair() removes any containers, images, and layers which have any
errors associated with them. This is destructive, so its use should be
considered and deliberate.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add "unshare", "create-storage-layer", and "storage-layers" commands to
the test helper, along with a "-U" flag to have it unshare when handling
a given command.
Add "-o" as an alias for the "--owner" flag to "copy".
Add "-r" as an alias for the "--ro" flag to "mount".
Add a "-q" flag to "layers" so that we can list just the IDs.
Drop mention of a couple of not-implemented options from
docs/containers-storage-create-layer.md.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When updateNames() copies an image's record from a read-only store into
the read-write store, copy the accompanying data as well.
Add fields for setting data items at creation-time to LayerOptions,
ImageOptions, and ContainerOptions to make this easier for us and our
consumers.
Replace the store-specific Create() (and the one CreateWithFlags() and
Put()) with private create() and put() methods, since they're not
intended for consumption outside of this package, and add Flags to the
options structures we pass into those methods. In create() methods,
make copies of those passed-in options structures before modifying any
of their contents.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We do have commands that don't take any arguments, and quietly ignoring
arguments when they get them is not a good idea.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If STORAGE_TRANSIENT is set to 1 then transient mode will be enabled
in the tests.
Also adds overlay-transient to the cirrus CI.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Have the action handlers return an error value, and let
main() format that error, if any; this avoids duplicated
error formating code in the action handlers, dropping
89 lines.
This might change the error format in some cases (typically
%v vs. %+v).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
do not pick the first available image if it was requested to not use
any mapping.
It causes a problem where an image is already present in the local
store with a mapping, then a container that doesn't specify any
mapping would end up to reuse that:
$ podman system reset -y
$ podman run --rm --uidmap 0:10000:1000 centos ls -ld /home
drwxr-xr-x. 2 root root 6 Nov 3 2020 /home
$ podman run --rm centos ls -ld /home
drwxr-xr-x. 2 10000 10000 6 Nov 3 2020 /home
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Currently when we build podman bindings we are pulling in the entire
storage libraries, even though we only need a few structures and
functions.
Testing with the following program
```
package main
import (
"fmt"
"github.com/containers/storage/types"
)
func main() {
fmt.Println(types.GetRootlessRuntimeDir(0))
}
```
Removing types above gives me compile size of the the program
du -s t.old t.new
9640 t.before
3232 t.after
Currently these functions are being vendored into
containers/common/pkg/config, which leads to large size in podman-remote
and podman bindings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Interface added to mount image rootfs without any container.
image can be mounted only in ReadOnly mode.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
New interface for deleting already-created Store object
When the store is not needed, it is neccessary to remove
it and release the memory
Signed-off-by: yangfeiyu <yangfeiyu20102011@163.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The dependency on docker's filter package prevents us from using newer
versions of docker/moby where the package's API has changed. The filter
package is small enough to justify maintaining a small fork of it. Also,
since the opts package is only used for the `containers-storage` binary
and is not part of the actual storage library, move it to the ./internal
directory to make it clearer that this is an internal API.
Fixes: #450
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Images don't have to have layers, so they don't have to have top layers,
and we shouldn't return an error when attempting to determine the size
of such an image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These interfaces can be used to setup a graphdriver mountpoint
of the source directory for use within a container.
The RemoveTemp interface umounts the mountpoint and then removes
all of the modified data in the graphdriver for this source directory.
The primary use case of these interfaces is for container engines that
want to mount a directory from the host system into the container. The
source dirctory then can be modified without actually changing the
directory on the host.
Containers will use these interfaces for sharing packaing cache directories
like /var/cache/dnf, to help speed up container builds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In an effort to remove cross vendoring, trying to fix buildah from importing
from libpod. I beleive these libraries make more sense in containers/storage
then in libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Drop our dependency on the image library's manifest package by requiring
that callers pass its Digest() function to us as a callback. This makes
our CLI test/diagnostic tool calculate digests of s1 manifests
incorrectly, but that's not something that we were testing.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Print backtrace information when displaying an error returned by our
API, to make troubleshooting tests a bit easier.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Change how we compute digests for BigData items with names that start
with "manifest" so that we use the image library's manifest.Digest()
function, which knows how to preprocess schema1 manifests to get the
right value, instead of just trying to finesse it.
Track the digests of multiple manifest-named items for images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
I found that other projects, tend to parse multiple maps at once. So, we may
want to allow the base library to do so in order to decrease complexity in the
upper layers.
This is follow-up on previous refactoring in 7b209d36fd, I didn't got
it right on first try, sry.
Signed-off-by: Šimon Lukašík <isimluk@fedoraproject.org>
We want to allow tools like podman/buildah to override default storage
container mount options on a container by container basis.
For example if the default mount options for containers/storage include
nodev or nosuid, we want to allow podman to turn these off if the user
specifies --privileged.
We also might want to turn off certain user namespace flags that will cause
buildah and podman build to work slower when creating container images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
where it belongs.
I have noticed that this parsing gets spread across projects. Basically, the
very same method is present in libpod, buildah, and cri-o projects. We better
start re-using this code from single place or soon everyone has its own version.
Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
podman unmount wants to know if the image is only mounted 1 time
and refuse to unmount if the container state expects it to be mounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add force to umount to force the umount of a container image
Add an interface to indicate whether or not the layer is mounted
Add a boolean return from unmount to indicate when the layer is really unmounted
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a ContainerSize() method, which knows how to compute the sizes of
container, so that our callers don't need to all be updated when we make
changes to how we store them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add an ImageSize() method, which knows how to compute the sizes of
images, so that our callers don't need to all be updated when we make
changes to how we store them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow images to have multiple top layers which should only differ by
which UID/GID mappings are used in them, to make creating multiple
containres which use the same mappings faster.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Giuseppe Scrivano