From 1d3ec78e0082067bec013bc393e3ffeebfbc710e Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 17 Oct 2023 14:58:52 +0200 Subject: [PATCH 1/3] vendor latest c/common Includes init path changes. Signed-off-by: Paul Holzinger --- cmd/podman/common/create.go | 2 +- cmd/podman/common/create_opts.go | 7 ------- go.mod | 2 +- go.sum | 4 ++-- .../containers/common/pkg/config/config.go | 21 +++++++++++++++++++ .../common/pkg/config/containers.conf | 3 +++ .../common/pkg/config/containers.conf-freebsd | 3 +++ .../containers/common/pkg/config/default.go | 9 +++----- vendor/modules.txt | 2 +- 9 files changed, 35 insertions(+), 18 deletions(-) diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 96c67010ca..105ea13c56 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -248,7 +248,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, initPathFlagName := "init-path" createFlags.StringVar( &cf.InitPath, - initPathFlagName, initPath(), + initPathFlagName, "", // Do not use the Value field for setting the default value to determine user input (i.e., non-empty string) "Path to the container-init binary", ) diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go index b67ee8f707..12deada21e 100644 --- a/cmd/podman/common/create_opts.go +++ b/cmd/podman/common/create_opts.go @@ -34,13 +34,6 @@ func Env() []string { return nil } -func initPath() string { - if !registry.IsRemote() { - return podmanConfig.ContainersConfDefaultsRO.InitPath() - } - return "" -} - func pidsLimit() int64 { if !registry.IsRemote() { return podmanConfig.ContainersConfDefaultsRO.PidsLimit() diff --git a/go.mod b/go.mod index 979c040e14..e47b8e3e4b 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.3.0 github.com/containers/buildah v1.32.1-0.20231016164031-ade05159a485 - github.com/containers/common v0.56.1-0.20231017183641-80fb777f79e5 + github.com/containers/common v0.56.1-0.20231018130318-493ab454c2af github.com/containers/conmon v2.0.20+incompatible github.com/containers/gvisor-tap-vsock v0.7.1 github.com/containers/image/v5 v5.28.0 diff --git a/go.sum b/go.sum index c51b8bfb2d..2e8222d3d7 100644 --- a/go.sum +++ b/go.sum @@ -251,8 +251,8 @@ github.com/containernetworking/plugins v1.3.0 h1:QVNXMT6XloyMUoO2wUOqWTC1hWFV62Q github.com/containernetworking/plugins v1.3.0/go.mod h1:Pc2wcedTQQCVuROOOaLBPPxrEXqqXBFt3cZ+/yVg6l0= github.com/containers/buildah v1.32.1-0.20231016164031-ade05159a485 h1:RqgxHW2iP5QJ3aRahT+KGI2aGXVZeZHTeulmeZQV0y0= github.com/containers/buildah v1.32.1-0.20231016164031-ade05159a485/go.mod h1:gOMfotERP5Gz2pN+AnuM3ephId/YL9DmbOtVck6fWfE= -github.com/containers/common v0.56.1-0.20231017183641-80fb777f79e5 h1:1y1a9x5eG+7E2yzb/KMGLg44xJQoFQExfSfIHW63EZ0= -github.com/containers/common v0.56.1-0.20231017183641-80fb777f79e5/go.mod h1:LM6Uyz5lq80P/DRnhs8NxvPIvBk2zmS2L/oednAGI/s= +github.com/containers/common v0.56.1-0.20231018130318-493ab454c2af h1:wjpdOCVcEtR+gfQXfyVxAftVlPnMdqWBVuJFZH62GkA= +github.com/containers/common v0.56.1-0.20231018130318-493ab454c2af/go.mod h1:LM6Uyz5lq80P/DRnhs8NxvPIvBk2zmS2L/oednAGI/s= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/gvisor-tap-vsock v0.7.1 h1:+Rc+sOPplrkQb/BUXeN0ug8TxjgyrIqo/9P/eNS2A4c= diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 2be4e6326f..087f9de4ac 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -149,6 +149,8 @@ type ContainersConfig struct { Init bool `toml:"init,omitempty"` // InitPath is the path for init to run if the Init bool is enabled + // + // Deprecated: Do not use this field directly use conf.FindInitBinary() instead. InitPath string `toml:"init_path,omitempty"` // IPCNS way to create a ipc namespace for the container @@ -351,6 +353,8 @@ type EngineConfig struct { InfraImage string `toml:"infra_image,omitempty"` // InitPath is the path to the container-init binary. + // + // Deprecated: Do not use this field directly use conf.FindInitBinary() instead. InitPath string `toml:"init_path,omitempty"` // KubeGenerateType sets the Kubernetes kind/specification to generate by default @@ -1223,3 +1227,20 @@ func ValidateImageVolumeMode(mode string) error { return fmt.Errorf("invalid image volume mode %q required value: %s", mode, strings.Join(validImageVolumeModes, ", ")) } + +// FindInitBinary will return the path to the init binary (catatonit) +func (c *Config) FindInitBinary() (string, error) { + // Sigh, for some reason we ended up with two InitPath field in containers.conf and + // both are used in podman so we have to keep supporting both to prevent regressions. + if c.Containers.InitPath != "" { + return c.Containers.InitPath, nil + } + if c.Engine.InitPath != "" { + return c.Engine.InitPath, nil + } + // keep old default working to guarantee backwards comapt + if _, err := os.Stat(DefaultInitPath); err == nil { + return DefaultInitPath, nil + } + return c.FindHelperBinary(defaultInitName, true) +} diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 37b17071dd..8c532f0798 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -149,6 +149,9 @@ default_sysctls = [ #init = false # Container init binary, if init=true, this is the init binary to be used for containers. +# If this option is not set catatonit is searched in the directories listed under +# the helper_binaries_dir option. It is recommended to just install catatonit +# there instead of configuring this option here. # #init_path = "/usr/libexec/podman/catatonit" diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd b/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd index de2bf682e5..f471e30790 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd +++ b/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd @@ -133,6 +133,9 @@ default_sysctls = [ #init = false # Container init binary, if init=true, this is the init binary to be used for containers. +# If this option is not set catatonit is searched in the directories listed under +# the helper_binaries_dir option. It is recommended to just install catatonit +# there instead of configuring this option here. # #init_path = "/usr/local/libexec/podman/catatonit" diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index b7167ed1b5..e6bac23173 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -30,6 +30,9 @@ const ( // _defaultImageVolumeMode is a mode to handle built-in image volumes. _defaultImageVolumeMode = _typeBind + + // defaultInitName is the default name of the init binary + defaultInitName = "catatonit" ) var ( @@ -432,7 +435,6 @@ func defaultEngineConfig() (*EngineConfig, error) { } c.RuntimeSupportsNoCgroups = []string{"crun", "krun"} c.RuntimeSupportsKVM = []string{"kata", "kata-runtime", "kata-qemu", "kata-fc", "krun"} - c.InitPath = DefaultInitPath c.NoPivotRoot = false c.InfraImage = DefaultInfraImage @@ -540,11 +542,6 @@ func (c *Config) Env() []string { return c.Containers.Env } -// InitPath returns location where init program added to containers when users specify the --init flag. -func (c *Config) InitPath() string { - return c.Containers.InitPath -} - // IPCNS returns the default IPC Namespace configuration to run containers with. func (c *Config) IPCNS() string { return c.Containers.IPCNS diff --git a/vendor/modules.txt b/vendor/modules.txt index 2698a6da7a..0861649ec8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -167,7 +167,7 @@ github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/pkg/volumes github.com/containers/buildah/util -# github.com/containers/common v0.56.1-0.20231017183641-80fb777f79e5 +# github.com/containers/common v0.56.1-0.20231018130318-493ab454c2af ## explicit; go 1.18 github.com/containers/common/libimage github.com/containers/common/libimage/define From efe5e98d06330548a8c9c1f653f0c6060b85e2be Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 17 Oct 2023 15:00:46 +0200 Subject: [PATCH 2/3] use FindInitBinary() for init binary Use the new FindInitBinary() function to lookup the init binary, this allows the use of helper_binaries_dir in contianers.conf[1] [NO NEW TESTS NEEDED] [1] https://github.com/containers/common/issues/1110 Signed-off-by: Paul Holzinger --- pkg/specgen/generate/container_create.go | 2 +- pkg/specgen/generate/oci.go | 11 ++--------- pkg/specgen/generate/pause_image.go | 2 +- pkg/specgen/generate/storage.go | 7 +++++-- 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index febf7276b6..bb96a32a7e 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -227,7 +227,7 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener options = append(options, libpod.WithHostUsers(s.HostUsers)) } - command, err := makeCommand(s, imageData, rtc) + command, err := makeCommand(s, imageData) if err != nil { return nil, nil, nil, err } diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index eb899a716a..fdeebe333e 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -8,7 +8,6 @@ import ( "strings" "github.com/containers/common/libimage" - "github.com/containers/common/pkg/config" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/specgen" "github.com/opencontainers/runtime-tools/generate" @@ -24,7 +23,7 @@ func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) { } // Produce the final command for the container. -func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *config.Config) ([]string, error) { +func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData) ([]string, error) { finalCommand := []string{} entrypoint := s.Entrypoint @@ -51,13 +50,7 @@ func makeCommand(s *specgen.SpecGenerator, imageData *libimage.ImageData, rtc *c } if s.Init { - initPath := s.InitPath - if initPath == "" && rtc != nil { - initPath = rtc.Engine.InitPath - } - if initPath == "" { - return nil, fmt.Errorf("no path to init binary found but container requested an init") - } + // bind mount for this binary is added in addContainerInitBinary() finalCommand = append([]string{define.ContainerInitPath, "--"}, finalCommand...) } diff --git a/pkg/specgen/generate/pause_image.go b/pkg/specgen/generate/pause_image.go index 6df46882f3..9e131625b0 100644 --- a/pkg/specgen/generate/pause_image.go +++ b/pkg/specgen/generate/pause_image.go @@ -55,7 +55,7 @@ func buildPauseImage(rt *libpod.Runtime, rtConfig *config.Config) (string, error // Also look into the path as some distributions install catatonit in // /usr/bin. - catatonitPath, err := rtConfig.FindHelperBinary("catatonit", true) + catatonitPath, err := rtConfig.FindInitBinary() if err != nil { return "", fmt.Errorf("finding pause binary: %w", err) } diff --git a/pkg/specgen/generate/storage.go b/pkg/specgen/generate/storage.go index 0c81821c62..4a7c776364 100644 --- a/pkg/specgen/generate/storage.go +++ b/pkg/specgen/generate/storage.go @@ -131,8 +131,11 @@ func finalizeMounts(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Ru // If requested, add container init binary if s.Init { initPath := s.InitPath - if initPath == "" && rtc != nil { - initPath = rtc.Engine.InitPath + if initPath == "" { + initPath, err = rtc.FindInitBinary() + if err != nil { + return nil, nil, nil, fmt.Errorf("lookup init binary: %w", err) + } } initMount, err := addContainerInitBinary(s, initPath) if err != nil { From caef657c5ba0dd00951196db03d79ca45b25e680 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 17 Oct 2023 15:04:19 +0200 Subject: [PATCH 3/3] libpod: rename confusing import name The packge is called slirp4netns and renaming it makes no sense, this was likely done by accident. Signed-off-by: Paul Holzinger --- libpod/info_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpod/info_linux.go b/libpod/info_linux.go index 5b1ac4172f..55ca37d30f 100644 --- a/libpod/info_linux.go +++ b/libpod/info_linux.go @@ -9,7 +9,7 @@ import ( "strings" "github.com/containers/common/libnetwork/pasta" - libpod "github.com/containers/common/libnetwork/slirp4netns" + "github.com/containers/common/libnetwork/slirp4netns" "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/cgroups" "github.com/containers/common/pkg/seccomp" @@ -59,7 +59,7 @@ func (r *Runtime) setPlatformHostInfo(info *define.HostInfo) error { slirp4netnsPath := r.config.Engine.NetworkCmdPath if slirp4netnsPath == "" { - slirp4netnsPath, _ = r.config.FindHelperBinary(libpod.BinaryName, true) + slirp4netnsPath, _ = r.config.FindHelperBinary(slirp4netns.BinaryName, true) } if slirp4netnsPath != "" { ver, err := version.Program(slirp4netnsPath)