Use the $PATH from the runtime config, if it includes one, so that when
the command to run isn't an absolute path and the command isn't being
processed by the shell, exec.Command()'s internal call to
exec.LookPath() will find it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a dummy "runtime" that just dumps its runtime config, either the
entirety of it, or a section of it corresponding to each command line
argument. Tests can use it to ensure that we set the right thing in the
configuration without also depending on the runtime to do as its asked,
which isn't always something we have control over.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Translate flags passed to mount() and read back using statfs() from hex
to named constants, to make troubleshooting a bit easier.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When attempting to change the mount propagation of the old root
directory tree before unmounting it, it's enough that we pass the
requested propagation flags.
In particular, MS_REC is the only flag that is supposed to be allowed to
be specified along with a mount propagation flag, but in practice it was
only triggering an error some of the time, and CI wasn't one of those
times.
The added test mounts the root filesystem as an overlay and then runs
buildah as a rootless user on top of that, which is more comparable to a
root-on-composefs configuration, which manages to trigger the error.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When setting mount propagation on the root mount before unmounting it,
use MS_REBIND, since we know it's already a bind mount, and we actually
want to affect the extant bind mount instead of creating another right
over it. Otherwise, we might as well have not bothered.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These experimental packages are now available in the Go standard
library since Go 1.21:
1. golang.org/x/exp/slices -> slices [1]
2. golang.org/x/exp/maps -> maps [2]
[1]: https://go.dev/doc/go1.21#slices
[2]: https://go.dev/doc/go1.21#maps
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Unless --no-pivot or the equivalent API flag is set, try to pivot_root()
to enter the rootfs during Run(). Fall back to using chroot() as before
if that fails for any reason.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
github.com/moby/sys/capability is a fork of the (no longer maintained)
github.com/syndtr/gocapability package.
For the list of changes since the fork took place, see
https://github.com/moby/sys/blob/main/capability/CHANGELOG.md
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Ambient capabilities can't be raised without inheritable ones, and since we
don't raise inheritable, we should not raise ambient either.
This went unnoticed because of a bug in syndtr/gocapability which is
only fixed in its fork (see the next commit).
Amends commit e7e55c988.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
govet warned about some places where we were passing something other
than a literal string to a function that took format specifiers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
1. Use gofmt to format the code:
git ls-files \*.go | grep -Ev '/?vendor/' | xargs gofmt -w -s
2. Add gofmt to golangci-lint (it's not enabled by default).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Before #5083, when running with chroot isolation ro mounts like secrets
from env vars would explicitly have the unix.MS_NOEXEC, unix.MS_NOSUID
and unix.MS_NODEV flags set when they were remounted. Now when running
with chroot isolation ro mounts like secrets from env vars are not
getting those same flags set and so the remount operation fails.
Specifically it looks like we are missing the unix.MS_NOSUID and
unix.MS_NODEV flags.
This change adds special handling for read-only mounts when we need to do
a remount to try to get the desired flags to stick. If we've requested
a read-only mount (unix.ST_RDONLY is set in requestFlags), then we add any
possibleImportantFlags that are set in fs.Flags to remountFlags so the remount
operation doesn't fail because they are missing. I've also added a test to
bud.bats that covers this case.
Signed-off-by: Jonah Bull <jonah.bull@elastic.co>
... in an attempt to try to get UID 0 in a user namespace to stop trying
to read files from root's home directory, where the permissions error is
treated as a hard failure.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Pay better attention to dev/nodev/exec/noexec/suid/nosuid/ro/rw flags on
bind, overlay, and tmpfs mounts when any of them are specified. Stop
quietly adding "nodev" when it isn't asked for.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
a bind mount cannot be made RDONLY in the same mount operation as it
is created. For that we need a second operation.
Closes: https://github.com/containers/buildah/issues/4203
[NO NEW TESTS NEEDED] it fails in Buildah in a container
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This adds no-op stubs for various things and adds an optional override
for creating the container chroot - on FreeBSD we use a jail to allow
setting the container hostname.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This intentionally breaks the FreeBSD so that I can move the code
unmodified which will help with future merge conflicts. A subsequent
commit will resolve this by factoring out Linux-specific code.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This leaves runUsingChrootSubprocOptions in the platform-specific file
since syscall.SysProcIDMap isn't available on FreeBSD.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This copies a large amount of code from run_linux.go. Later diffs in
this stack will factor out duplicate code where possible.
Terminal handling is implemented using the posix_openpt API. We could
use the Linux implementation which uses the /dev/ptmx but that is not
present on standard FreeBSD installs - its supplied by an optional
kernel module. Conversely, posix_openpt could be used for both platforms
but has a downside of requiring cgo so its probably better to use this
only on FreeBSD.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This commit replaces `ioutil.TempDir` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.
Prior to this commit, temporary directory created using `ioutil.TempDir`
needs to be removed manually by calling `os.RemoveAll`, which is omitted
in some tests. The error handling boilerplate e.g.
defer func() {
if err := os.RemoveAll(dir); err != nil {
t.Fatal(err)
}
}
is also tedious, but `t.TempDir` handles this for us nicely.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai
Jan Kaluza
Kir Kolyshkin
Paul Holzinger
flouthoc
Eng Zer Jun
openshift-merge-bot[bot]
Jonah Bull
Giuseppe Scrivano
Philip Dubé
Michal Biesek
Chris Evich
Daniel J Walsh
Doug Rabson