SHA256
1
0
forked from pool/podman

Accepting request 984429 from devel:microos

OBS-URL: https://build.opensuse.org/request/show/984429
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=95
This commit is contained in:
Dominique Leuenberger 2022-06-24 06:44:46 +00:00 committed by Git OBS Bridge
commit 298f933dbd
10 changed files with 42 additions and 249 deletions

View File

@ -1,38 +0,0 @@
From 3b94ac9fd951be492380e99323259add5456b706 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt@suse.de>
Date: Thu, 7 Apr 2022 14:24:07 +0200
Subject: [PATCH] Adjust buildah to opencontainers/selinux v1.10.1
Backport of https://github.com/containers/buildah/pull/3875
---
vendor/github.com/containers/buildah/selinux.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/vendor/github.com/containers/buildah/selinux.go b/vendor/github.com/containers/buildah/selinux.go
index e7e9fd8c2..de38d4aac 100644
--- a/vendor/github.com/containers/buildah/selinux.go
+++ b/vendor/github.com/containers/buildah/selinux.go
@@ -4,10 +4,10 @@ package buildah
import (
"fmt"
+ "os"
"github.com/opencontainers/runtime-tools/generate"
selinux "github.com/opencontainers/selinux/go-selinux"
- "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
)
@@ -33,7 +33,7 @@ func runLabelStdioPipes(stdioPipe [][]int, processLabel, mountLabel string) erro
}
for i := range stdioPipe {
pipeFdName := fmt.Sprintf("/proc/self/fd/%d", stdioPipe[i][0])
- if err := label.Relabel(pipeFdName, pipeContext, false); err != nil {
+ if err := selinux.SetFileLabel(pipeFdName, pipeContext); err != nil && !os.IsNotExist(err) {
return errors.Wrapf(err, "setting file label on %q", pipeFdName)
}
}
--
2.35.1

View File

@ -1,40 +0,0 @@
From 951c73696c76a54ca174c7478e225b99fee3e561 Mon Sep 17 00:00:00 2001
From: Tobias Polley <polley@predic8.de>
Date: Thu, 17 Mar 2022 23:00:54 +0100
Subject: [PATCH 1/2] Relabel: relabel links instead of their targets
Signed-off-by: Tobias Polley <polley@predic8.de>
---
vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go | 2 +-
.../opencontainers/selinux/go-selinux/rchcon_go115.go | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
index 897ecbac4..feb739d32 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go
@@ -12,7 +12,7 @@ import (
func rchcon(fpath, label string) error {
return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
- e := setFileLabel(p, label)
+ e := lSetFileLabel(p, label)
// Walk a file tree can race with removal, so ignore ENOENT.
if errors.Is(e, os.ErrNotExist) {
return nil
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
index 2c8b033ce..ecc7abfac 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go
@@ -11,7 +11,7 @@ import (
func rchcon(fpath, label string) error {
return pwalk.Walk(fpath, func(p string, _ os.FileInfo, _ error) error {
- e := setFileLabel(p, label)
+ e := lSetFileLabel(p, label)
// Walk a file tree can race with removal, so ignore ENOENT.
if errors.Is(e, os.ErrNotExist) {
return nil
--
2.35.1

View File

@ -1,129 +0,0 @@
From a8d92cf8540d4983934ba8f258a403de81af930d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 4 Apr 2022 13:14:35 +0200
Subject: [PATCH 2/2] specgen: do not set OOMScoreAdj by default
do not force a value of OOMScoreAdj=0 if it is wasn't specified by the
user.
Closes: https://github.com/containers/podman/issues/13731
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 164b64ea3baa8502a23fc0c7674f4a7e60507aa0)
---
cmd/podman/common/create.go | 3 +--
cmd/podman/common/create_opts.go | 2 +-
cmd/podman/containers/create.go | 7 +++++++
pkg/domain/entities/pods.go | 2 +-
pkg/specgenutil/specgen.go | 2 +-
test/e2e/run_test.go | 7 +++++++
test/system/030-run.bats | 6 ++++++
7 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 1121806d5..e7d073226 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -402,8 +402,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
)
oomScoreAdjFlagName := "oom-score-adj"
- createFlags.IntVar(
- &cf.OOMScoreAdj,
+ createFlags.Int(
oomScoreAdjFlagName, 0,
"Tune the host's OOM preferences (-1000 to 1000)",
)
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index b110b3d85..6c985cb60 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -277,7 +277,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
LogDriver: cc.HostConfig.LogConfig.Type,
LogOptions: stringMaptoArray(cc.HostConfig.LogConfig.Config),
Name: cc.Name,
- OOMScoreAdj: cc.HostConfig.OomScoreAdj,
+ OOMScoreAdj: &cc.HostConfig.OomScoreAdj,
Arch: "",
OS: "",
Variant: "",
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index 89d2e5515..1f3331272 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -238,6 +238,13 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra
vals.GroupAdd = groups
}
+ if c.Flags().Changed("oom-score-adj") {
+ val, err := c.Flags().GetInt("oom-score-adj")
+ if err != nil {
+ return vals, err
+ }
+ vals.OOMScoreAdj = &val
+ }
if c.Flags().Changed("pids-limit") {
val := c.Flag("pids-limit").Value.String()
// Convert -1 to 0, so that -1 maps to unlimited pids limit
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 7922db4e6..cb6132e26 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -210,7 +210,7 @@ type ContainerCreateOptions struct {
Name string `json:"container_name"`
NoHealthCheck bool
OOMKillDisable bool
- OOMScoreAdj int
+ OOMScoreAdj *int
Arch string
OS string
Variant string
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 17699a038..260d78913 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -660,7 +660,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
s.Name = c.Name
s.PreserveFDs = c.PreserveFDs
- s.OOMScoreAdj = &c.OOMScoreAdj
+ s.OOMScoreAdj = c.OOMScoreAdj
if c.Restart != "" {
splitRestart := strings.Split(c.Restart, ":")
switch len(splitRestart) {
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 81dcc4342..d772cbc21 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -609,6 +609,13 @@ USER bin`, BB)
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Equal("111"))
+
+ currentOOMScoreAdj, err := ioutil.ReadFile("/proc/self/oom_score_adj")
+ Expect(err).To(BeNil())
+ session = podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "cat", "/proc/self/oom_score_adj"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(Equal(strings.TrimRight(string(currentOOMScoreAdj), "\n")))
})
It("podman run limits host test", func() {
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index ec85ef166..72e4a2bc8 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -815,4 +815,10 @@ EOF
run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts
is "${lines[0]}" ".*${HOST}.*"
}
+
+@test "podman run doesn't override oom-score-adj" {
+ current_oom_score_adj=$(cat /proc/self/oom_score_adj)
+ run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
+ is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"
+}
# vim: filetype=sh
--
2.35.1

View File

@ -1,31 +0,0 @@
From a079b84539fc6120c12ee656f0224303845b3206 Mon Sep 17 00:00:00 2001
From: ttyS3 <ttys3.rust@gmail.com>
Date: Sun, 8 May 2022 01:25:48 +0800
Subject: [PATCH] fix: Container.cGroupPath() skip empty line to avoid false
error logging
Signed-off-by: ttyS3 <ttys3.rust@gmail.com>
[NO NEW TESTS NEEDED]
---
libpod/container.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libpod/container.go b/libpod/container.go
index e280b87a8..a953f1da9 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -958,6 +958,10 @@ func (c *Container) cGroupPath() (string, error) {
var cgroupPath string
for _, line := range bytes.Split(lines, []byte("\n")) {
+ // skip last empty line
+ if len(line) == 0 {
+ continue
+ }
// cgroups(7) nails it down to three fields with the 3rd
// pointing to the cgroup's path which works both on v1 and v2.
fields := bytes.Split(line, []byte(":"))
--
2.36.1

View File

@ -2,7 +2,7 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
<param name="revision">v4.0.3</param>
<param name="revision">v4.1.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/podman.git</param>
<param name="changesrevision">62534053086fdeba7b93117e7c4dc6e797835a3e</param></service></servicedata>
<param name="changesrevision">f73d8f8875c2be7cd2049094c29aff90b1150241</param></service></servicedata>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3f45b4f7f138a64fa001a7095d79836967f5abfccb3cc8e0f89c1377cd155a7b
size 6767212

3
podman-4.1.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9165045acc54d34151fcd87741ff14ce0795360e473d26647161252702938914
size 6466752

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Wed Jun 22 09:41:22 UTC 2022 - rbrown@suse.com
- Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
- Drop obsolete patches:
* 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
* 0001-Relabel-relabel-links-instead-of-their-targets.patch
* 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
* 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
-------------------------------------------------------------------
Mon May 23 11:48:34 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>

View File

@ -22,7 +22,7 @@
%define with_libostree 1
%endif
Name: podman
Version: 4.0.3
Version: 4.1.1
Release: 0
Summary: Daemon-less container engine for managing containers, pods and images
License: Apache-2.0
@ -32,11 +32,6 @@ Source0: %{name}-%{version}.tar.xz
Source1: podman.conf
Source3: %{name}-rpmlintrc
Source4: README.SUSE.SLES
# PATCH-FIX-UPSTREAM
Patch1: 0001-Relabel-relabel-links-instead-of-their-targets.patch
Patch2: 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
Patch3: 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
Patch4: 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
BuildRequires: bash-completion
BuildRequires: cni
BuildRequires: device-mapper-devel