When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and filter them
out when generating a layer diff or --output data.
The exceptions will be directories that the conformance tests confirm
that BuildKit also leaves behind, though for compatibility with the
classic builder, we have to make that conditional.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and clear them
all out if they look basically the same after the command finishes.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The TempVolumes field is used to track data that's specific to a Run()
call, and there can be more than one of those going at a time. Merge
its data into the runMountArtifacts struct, which already keeps a list
of locations that we have to clean up in exactly the same way.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags)
directly, instead of letting the runtime handle the relabeling.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This fixes the following warnings:
> run_linux.go:1065:3: redefines-builtin-id: redefinition of the built-in function max (revive)
> max := define.RLimitDefaultValue
> ^
> run_linux.go:1069:5: redefines-builtin-id: redefinition of the built-in function max (revive)
> max = rlimit.Max
> ^
> run_linux.go:1077:3: redefines-builtin-id: redefinition of the built-in function max (revive)
> max := define.RLimitDefaultValue
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When containers.conf has the "container_name_as_hostname" option set,
use that value, with values that don't fit `[A-Za-z0-9][A-Za-z0-9.-]+`
stripped out.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow the "from" option for cache mounts to refer to an image, which, if
we attempt to mount read-write, is mounted using an overlay to avoid
getting errors if the process we're running with the cache mount
attempts to write to it.
Add logic to clean up the bind mount in Builder.getBindMount() that's
triggered if Builder.runSetupVolumeMounts() returns an error.
When creating cache directories for cache mounts, process the
container's ID mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make sure that we consistently unmount the list of images that we're
told to, even in cases where we return an error before arranging to do
so in Run().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These experimental packages are now available in the Go standard
library since Go 1.21:
1. golang.org/x/exp/slices -> slices [1]
2. golang.org/x/exp/maps -> maps [2]
[1]: https://go.dev/doc/go1.21#slices
[2]: https://go.dev/doc/go1.21#maps
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Fix a time-of-check/time-of-use error when mounting type=bind and
type=cache directories that use a "src" flag. A hostile writer could
use a concurrently-running stage or build to replace that "src" location
between the point when we had resolved possible symbolic links and when
runc/crun/whatever actually went to create the bind mount
(CVE-2024-11218).
Stop ignoring the "src" option for cache mounts when there's no "from"
option.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Unless --no-pivot or the equivalent API flag is set, try to pivot_root()
to enter the rootfs during Run(). Fall back to using chroot() as before
if that fails for any reason.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When the target location of a RUN --mount is specified as a relative
path, we normally try to convert it to an absolute path by combining it
with the currently-configured working directory. If there is no such
value, though, the result is still not an absolute path. Work around
this by using "/" when the configured working directory is "".
Set this field in the `runMountInfo` struct on FreeBSD, as we already
did on Linux.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Ambient capabilities can't be raised without inheritable ones, and since we
don't raise inheritable, we should not raise ambient either.
This went unnoticed because of a bug in syndtr/gocapability which is
only fixed in its fork (see the next commit).
Amends commit e7e55c988.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
If we're running a command in a working container whose platform doesn't
match our own, attempt to register any emulators for which we find
configurations of the type included in Fedora's qemu-user-static
packages.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We always map 169.254.1.2 with pasta to the host now so ensure the
host.containers.internal entry is set correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Make the traditional handling of volumes (where they're "frozen" and can
only be modified by ADD or COPY, which requires that we cache their
contents and save/restore them before/after RUN instructions) an option
that is not enabled by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When setting up resolv.conf on Linux we need to reference the Linux
namespaces from spec.Linux. This is not needed for FreeBSD and this
change moves the dereference of spec.Linux to addResolvConfEntries and
makes it conditional.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Use the directories configured in containers.conf, now that
containers/common can tell us what they are, and now that it provides a
place to configure defaults for container tools, always override the
library's default set, even if it's empty, which means we do nothing.
Switch to the default CDI registry instead of the recenty-deprecated
non-global one.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add support for using CDI to resolve `--device` devices for RUN
instructions during `buildah build`, `buildah from`, and `buildah run`,
as `podman run` does.
This generally requires that we stop resolving device specifications
(arguments passed to --device) earlier and deferring that until it's
time to run a process, because CDI wants to pick over those values,
modify a runtime spec to set up the ones that it knows about, and then
hand back the list of values that it doesn't know about.
We don't want to do a dry run of this during CLI processing because that
would create a window where the underlying hardware state could change,
and that could produce some hard-to-diagnose errors.
Being able to test this is going to require that we add the `--device`
flag to `buildah run` (`--security-opt` affects how we build the
container's layer, so it has to be done at `buildah from`).
The default configured devices list is pulled in by CLI flag processing
during `buildah from` and `buildah build`, so it doesn't also need to be
explicitly passed to `buildah run` or the internal Run() method.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Previously buildah may have created a incorrect hosts/resolv.conf file,
when netavark, slirp4netns or pasta are used we have to actually
consider their special setup and use the correct nameservers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should never configure the files before we setup the network as we
are missing a lot of information. This is part 1 of the refactor where
we split the functions between create/add entries part. See the
following commit to actualy see how me make use of this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman currently sets the ulimits of nofile and nproc
to max in rootless mode, if the user does not override.
Buildah on the other hand just passes in the current defaults.
Podman build should match podman run, and this will fix that problem.
Fixes: https://github.com/containers/buildah/issues/5273
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a common mistake by users and is ignored in some places
but not everywhere. This change will help this to be ignored everwhere.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Projects which are using buildah as a library and set `TMPDIR` manually
can stumble upon a use-case where `TMPDIR` was set to a relative path.
Such as `export TMPDIR=.` in such case buildah will try to create a
temporary root using `Mkdirtemp` leading to a point where bundle is not
generated correctly since path was relative.
Following use case can be resolved by making sure that buildah always
converts relative path to absolute path and `GetTempDir` does it well.
Example reproducer with podman
```Dockerfile
FROM alpine
RUN echo hello
```
```console
export TMPDIR=.
podman build --no-cache -t test .
```
Expected failure
```console
STEP 1/2: FROM alpine
STEP 2/2: RUN echo hello
error running container: checking permissions on "buildah2341274198": stat buildah2341274198: no such file or directory
ERRO[0000] did not get container create message from subprocess: EOF
Error: building at STEP "RUN echo hello": while running runtime: exit status 1
```
Closes: RHEL-2598
Signed-off-by: Aditya R <arajan@redhat.com>
internal/parse does not need to depend on libimage.
This allows for a smaller podman remote client.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Docker allows the passing of -1 to indicate the maximum limit
allowed for the current process.
Fixes: https://github.com/containers/podman/issues/19319
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Jan Kaluza
Nalin Dahyabhai
Kir Kolyshkin
Giuseppe Scrivano
openshift-merge-bot[bot]
Eng Zer Jun
Daniel J Walsh
Paul Holzinger
Doug Rabson
Valentin Rothberg
Aditya R