When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and filter them
out when generating a layer diff or --output data.
The exceptions will be directories that the conformance tests confirm
that BuildKit also leaves behind, though for compatibility with the
classic builder, we have to make that conditional.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and clear them
all out if they look basically the same after the command finishes.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The TempVolumes field is used to track data that's specific to a Run()
call, and there can be more than one of those going at a time. Merge
its data into the runMountArtifacts struct, which already keeps a list
of locations that we have to clean up in exactly the same way.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When containers.conf has the "container_name_as_hostname" option set,
use that value, with values that don't fit `[A-Za-z0-9][A-Za-z0-9.-]+`
stripped out.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow the "from" option for cache mounts to refer to an image, which, if
we attempt to mount read-write, is mounted using an overlay to avoid
getting errors if the process we're running with the cache mount
attempts to write to it.
Add logic to clean up the bind mount in Builder.getBindMount() that's
triggered if Builder.runSetupVolumeMounts() returns an error.
When creating cache directories for cache mounts, process the
container's ID mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make sure that we consistently unmount the list of images that we're
told to, even in cases where we return an error before arranging to do
so in Run().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The github.com/opencontainers/runtime-spec/specs-go module was being
imported twice, once with a non-default package name, and once with its
default name, which is more than we needed.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fix a time-of-check/time-of-use error when mounting type=bind and
type=cache directories that use a "src" flag. A hostile writer could
use a concurrently-running stage or build to replace that "src" location
between the point when we had resolved possible symbolic links and when
runc/crun/whatever actually went to create the bind mount
(CVE-2024-11218).
Stop ignoring the "src" option for cache mounts when there's no "from"
option.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Unless --no-pivot or the equivalent API flag is set, try to pivot_root()
to enter the rootfs during Run(). Fall back to using chroot() as before
if that fails for any reason.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When the target location of a RUN --mount is specified as a relative
path, we normally try to convert it to an absolute path by combining it
with the currently-configured working directory. If there is no such
value, though, the result is still not an absolute path. Work around
this by using "/" when the configured working directory is "".
Set this field in the `runMountInfo` struct on FreeBSD, as we already
did on Linux.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We always map 169.254.1.2 with pasta to the host now so ensure the
host.containers.internal entry is set correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Attempting to use 'buildah run --network=host' caused a nil pointer
dereference while setting up the container's resolv.conf file -
(*Builder).addResolvConfEntries expects a non-nil value for its specs
parameter.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Make the traditional handling of volumes (where they're "frozen" and can
only be modified by ADD or COPY, which requires that we cache their
contents and save/restore them before/after RUN instructions) an option
that is not enabled by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Previously buildah may have created a incorrect hosts/resolv.conf file,
when netavark, slirp4netns or pasta are used we have to actually
consider their special setup and use the correct nameservers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should never configure the files before we setup the network as we
are missing a lot of information. This is part 1 of the refactor where
we split the functions between create/add entries part. See the
following commit to actualy see how me make use of this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In FreeBSD-14.0, it is possible to configure a jail's network settings
from outside the jail using ifconfig and route's new '-j' option. This
removes the need for a separate jail to own the container's vnet.
This support will also be present in future FreeBSD-13.x releases
starting with FreeBSD-13.3.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Projects which are using buildah as a library and set `TMPDIR` manually
can stumble upon a use-case where `TMPDIR` was set to a relative path.
Such as `export TMPDIR=.` in such case buildah will try to create a
temporary root using `Mkdirtemp` leading to a point where bundle is not
generated correctly since path was relative.
Following use case can be resolved by making sure that buildah always
converts relative path to absolute path and `GetTempDir` does it well.
Example reproducer with podman
```Dockerfile
FROM alpine
RUN echo hello
```
```console
export TMPDIR=.
podman build --no-cache -t test .
```
Expected failure
```console
STEP 1/2: FROM alpine
STEP 2/2: RUN echo hello
error running container: checking permissions on "buildah2341274198": stat buildah2341274198: no such file or directory
ERRO[0000] did not get container create message from subprocess: EOF
Error: building at STEP "RUN echo hello": while running runtime: exit status 1
```
Closes: RHEL-2598
Signed-off-by: Aditya R <arajan@redhat.com>
Note: in theory, we could support read/write overlays on FreeBSD using a
combination of unionfs and nullfs but this would take two mounts and the
API only lets us return a single mount from MountWithOptions. Read only
mounts can be done with just nullfs and this is enough to support read
only image mounts in podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This uses the same code as podman for slirp4netns, this means
- ipv6 is enabled by default
- slirp4netns options are read from contianers.conf
- slirp4netns options can now be set on the cli. This required some
small rework on where we parse the network string.
Lastly I updated the --network docs, to document the new slirp4netns
mode. That included fixing up buildah-from and buildah-run pages which
were incomplete in that regard. Now we show the same for all options.
Fixes #3968
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some tools depend on the hostname being present in /etc/hosts. I would
argue they are broken but its not like we can do anything about that.
This adds the hostname with the local host ip when the host network is
used. For private networking we already add the hostname.
We also now correctly force host networking in chroot mode, it was
silently ignored before thus causing extra confusion here.
Fixes #4446
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
it is not safe to use prctl(PR_SET_PDEATHSIG) in a Go program since
the parent of the process is considered the *thread* that created the
child process, and the Go runtime can free a thread at any time. We
would either need to lock the thread, or simpler just not use it.
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/17918
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In the tutorial, switch to calling `DefaultStoreOptionsAutoDetectUID()`
instead of `DefaultStoreOptions()`, which should figure things out
better.
In the tutorial, add an example of using Run(), where for API backward
compatibility reasons, we can't tell the difference between "grant no
capabilties by default" and "grant the default set of capabilities by
default".
The default isolation can be set automatically, so start doing that at
run-time, but have the tutorial look it up anyway because the tutorial
on the web will be newer than our current release for at least a while.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
This allows declaring run mounts using e.g. '-mount=type=nullfs,...' on
FreeBSD which makes more sense for FreeBSD users. It is also consistent
with 'podman run' which requires the nullfs mount type on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This was needed early in development but is no longer necessary since
the OCI runtime handles container mounts in the host namespace.
Something like it could be used with some other options to allow nested
containers but that is not high on the priority list.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
... and use a more traditional error handling model,
where responsibility for the cleanup passes to the caller
_only_ if the called function succeeds.
To reinforce that, hard-code nil returns on error paths
instead of returning the locks.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It can return at most one lock, so don't return an array.
Should not change behavior right now, but it will simplify
cleanup.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
They exist in memory anyway, so this is more efficient:
we avoid the need to manually touch the filesystem again,
the associated costs - and the error paths go away.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
On FreeBSD, this is required when installing some packages from
FreeBSD-base which have files protected with the immutable flag (e.g.
/usr/bin/passwd).
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
