the previous error condition was causing an early failure when the
configuration file existed. It prevented some additional checks and
to correctly set the RunRoot and GraphRoot to their default values
when they are not overriden in the configuration file.
We have not noticed it earlier as Podman would still use the
configuration from the DB in this case, so the issue is visible with
Podman only when the RunRoot is not specified in the configuration
file and in the libpod DB as well.
Closes: https://github.com/containers/libpod/issues/3274
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
If the root user created a new user namespace, it still has to use the
system configuration and storage.
Previously if root created a user namespace when missing
CAP_SYS_ADMIN, we would use the configuration file under
/root/.config/containers instead of /etc/containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We have not been checking the permissions on the rootless directory
this causes issues in tools trying to access the login directory
if XDG_RUNTIME_DIR is not set correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In an effort to remove cross vendoring, trying to fix buildah from importing
from libpod. I beleive these libraries make more sense in containers/storage
then in libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Config is now runconfig.Config
* HostConfig is now runconfig.HostConfig
* MergeConfig is now runconfig.Merge
* CompareConfig is now runconfig.Compare
* ParseRun is now runconfig.Parse
* ContainerConfigFromJob is now runconfig.ContainerConfigFromJob
* ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob
This facilitates refactoring commands.go and shrinks the core.
Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes)
This makes all users of Put() have a corresponding call
to Get() which means we will be able to track whether
any particular ID is in use and if not unmount it.
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
lxc-start requires / to be mounted private, otherwise the changes
it does inside the container (both mounts and unmounts) will propagate
out to the host.
We work around this by starting up lxc-start in its own namespace where
we set / to rshared.
Unfortunately go can't really execute any code between clone and exec,
so we can't do this in a nice way. Instead we have a horrible hack that
use the unshare command, the shell and the mount command...
lxc-start requires / to be mounted private, otherwise the changes
it does inside the container (both mounts and unmounts) will propagate
out to the host.
We work around this by starting up lxc-start in its own namespace where
we set / to rprivate.
Unfortunately go can't really execute any code between clone and exec,
so we can't do this in a nice way. Instead we have a horrible hack that
use the unshare command, the shell and the mount command...
For consistency the Buildfile should have the option to
set the working directory.
Of course that is one option more to the buildfile,
so please tell me if we really want this to happen.
Giuseppe Scrivano