No functionality change, just code simplification.
Covered by existing test (e.g. "run should also override /etc/hostname"
in tests/run.bats).
NO NEW TESTS NEEDED
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When containers.conf has the "container_name_as_hostname" option set,
use that value, with values that don't fit `[A-Za-z0-9][A-Za-z0-9.-]+`
stripped out.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow the "from" option for cache mounts to refer to an image, which, if
we attempt to mount read-write, is mounted using an overlay to avoid
getting errors if the process we're running with the cache mount
attempts to write to it.
Add logic to clean up the bind mount in Builder.getBindMount() that's
triggered if Builder.runSetupVolumeMounts() returns an error.
When creating cache directories for cache mounts, process the
container's ID mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These experimental packages are now available in the Go standard
library since Go 1.21:
1. golang.org/x/exp/slices -> slices [1]
2. golang.org/x/exp/maps -> maps [2]
[1]: https://go.dev/doc/go1.21#slices
[2]: https://go.dev/doc/go1.21#maps
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
The "recurse" parameter of the relabel() function signature is passed to
a function which calls it "shared".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fix a time-of-check/time-of-use error when mounting type=bind and
type=cache directories that use a "src" flag. A hostile writer could
use a concurrently-running stage or build to replace that "src" location
between the point when we had resolved possible symbolic links and when
runc/crun/whatever actually went to create the bind mount
(CVE-2024-11218).
Stop ignoring the "src" option for cache mounts when there's no "from"
option.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When the target location of a RUN --mount is specified as a relative
path, we normally try to convert it to an absolute path by combining it
with the currently-configured working directory. If there is no such
value, though, the result is still not an absolute path. Work around
this by using "/" when the configured working directory is "".
Set this field in the `runMountInfo` struct on FreeBSD, as we already
did on Linux.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Describe the "env" and "type" options in the buildah-build(1) man page.
When parsing the "--secret=" flag for the CLI, instead of ignoring an
option that we don't recognize, return an error.
Even though the set of meaningful "id" values for secrets is passed in
via the command line, don't directly use it to construct a file path.
Change the default mode for SSH agent sockets that we create from 0o620
to 0o600.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We always map 169.254.1.2 with pasta to the host now so ensure the
host.containers.internal entry is set correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
govet warned about some places where we were passing something other
than a literal string to a function that took format specifiers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Make the traditional handling of volumes (where they're "frozen" and can
only be modified by ADD or COPY, which requires that we cache their
contents and save/restore them before/after RUN instructions) an option
that is not enabled by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When setting up resolv.conf on Linux we need to reference the Linux
namespaces from spec.Linux. This is not needed for FreeBSD and this
change moves the dereference of spec.Linux to addResolvConfEntries and
makes it conditional.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Use slices.Clone() and maps.Clone() instead of our own non-generic
functions. We have to be more careful in a couple of places where we
set items in maps which aren't unconditionally initialized.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Previously buildah may have created a incorrect hosts/resolv.conf file,
when netavark, slirp4netns or pasta are used we have to actually
consider their special setup and use the correct nameservers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should never configure the files before we setup the network as we
are missing a lot of information. This is part 1 of the refactor where
we split the functions between create/add entries part. See the
following commit to actualy see how me make use of this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is a common mistake by users and is ignored in some places
but not everywhere. This change will help this to be ignored everwhere.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Previously, when mounting multiple mounts, if any mount had a `type`
specified, it would override the default type for subsequent mounts.
This meant, for example, that having a RUN step like:
```
RUN --mount=type=cache,target=/cache --mount=source=.,target=/src
```
would incorrectly mount the second source as a cache, instead of a
bind-mount.
This fix ensures the default is reset between each iteration of the
loop, ensuring we get the right mount type.
Signed-off-by: Benjamin Schubert <contact@benschubert.me>
internal/parse does not need to depend on libimage.
This allows for a smaller podman remote client.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This uses the same code as podman for slirp4netns, this means
- ipv6 is enabled by default
- slirp4netns options are read from contianers.conf
- slirp4netns options can now be set on the cli. This required some
small rework on where we parse the network string.
Lastly I updated the --network docs, to document the new slirp4netns
mode. That included fixing up buildah-from and buildah-run pages which
were incomplete in that regard. Now we show the same for all options.
Fixes#3968
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some tools depend on the hostname being present in /etc/hosts. I would
argue they are broken but its not like we can do anything about that.
This adds the hostname with the local host ip when the host network is
used. For private networking we already add the hostname.
We also now correctly force host networking in chroot mode, it was
silently ignored before thus causing extra confusion here.
Fixes#4446
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Restore SysProcAttr.Pdeathsig values for child processes that we start,
so that they get a SIGKILL when we exit for whatever reason. Lock the
calling goroutine to a native thread while that's happening, like we
should always have done.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
it is not safe to use prctl(PR_SET_PDEATHSIG) in a Go program since
the parent of the process is considered the *thread* that created the
child process, and the Go runtime can free a thread at any time. We
would either need to lock the thread, or simpler just not use it.
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/17918
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
`Buildkit` and `docker` accepts `required` flag as `true` in
`--mount=type=secret` so let do same for buildah.
Example usage
```Dockerfile
FROM docker.io/nginx:1.23.3
RUN --mount=type=secret,id=nginx-crt,dst=/nginx-repo.crt,required \
--mount=type=secret,id=nginx-key,dst=/nginx-repo.key,required \
set -x \
&& . /etc/os-release \
&& stat /nginx-repo.crt \
&& stat /nginx-repo.key
```
Closes: https://github.com/containers/podman/issues/18438
Signed-off-by: Aditya R <arajan@redhat.com>
It seems buildah was cleaning path after unmounting the content which
was added by `--mount`, however buildah should `remove` only if the path
it did not pre-exist otherwise it should just simply `unmount`.
Following behaviour aligns buildah to buildkit
Closes: https://github.com/containers/buildah/issues/4739
Signed-off-by: Aditya R <arajan@redhat.com>
Allow containers running under buildah to use
--group-add keep-groups, so that they can inherit
access to the users groups.
Also allow users to add supplimental groups to the container.
Fixes: https://github.com/containers/buildah/issues/4476
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
User may get confusing error messages were it is not clear that they are
related to the network setup, wrap the error to make it more clear that
some network setup failed.
[NO NEW TESTS NEEDED]
Fixescontainers/podman#16809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When working with `--mount=type=bind` and `--mount=type=cache` allow
`target` to accept relative paths w.r.t to the configured work dir.
Closes: https://github.com/containers/buildah/issues/4309
Signed-off-by: Aditya R <arajan@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
This allows declaring run mounts using e.g. '-mount=type=nullfs,...' on
FreeBSD which makes more sense for FreeBSD users. It is also consistent
with 'podman run' which requires the nullfs mount type on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
... and use a more traditional error handling model,
where responsibility for the cleanup passes to the caller
_only_ if the called function succeeds.
To reinforce that, hard-code nil returns on error paths
instead of returning the locks.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It can return at most one lock, so don't return an array.
Should not change behavior right now, but it will simplify
cleanup.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
By construction it's now quite clear that the locks should
always be locked.
Don't even bother with AssertLockedForWriting(), that's
partially (checking for lock ownership, not for read-write ownership)
implied by Unlock() already.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
They exist in memory anyway, so this is more efficient:
we avoid the need to manually touch the filesystem again,
the associated costs - and the error paths go away.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Single `RUN` can contain multiple `--mount` commands so lets append into
`lockedTargets` so we collect `lockfiles` from all the `--mount`
instructions.
Helps in: https://github.com/containers/buildah/issues/4342
Signed-off-by: Aditya R <arajan@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Kir Kolyshkin
Nalin Dahyabhai
Eng Zer Jun
Paul Holzinger
Doug Rabson
Daniel J Walsh
Giuseppe Scrivano
Valentin Rothberg
Benjamin Schubert
Lokesh Mandvekar
guoguangwu
Aditya R
Chris Evich
Miloslav Trmač