When suppressing what we think are pulled-up directories at commit-time,
only do that when we're _not_ squashing the image, in which case we
really do need to output it into the one layer that our output image
will have.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
run: after we've picked up the exit status of the "main" process that
we're running, reap anything that was reparented to us before returning.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When Ensure() tells us about the parent directories of a mountpoint
target that it created for us, add them to the list of items that we'll
exclude from the commit unless something else causes them to be
modified.
The "native" overlay diff method just walks the diff directory, so we
can get directories in the committed layer that look exactly like the
ones in the previous layer, depending on the storage driver. And while
it's barely noticeable, we can still control for it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Have Ensure() also return the parent directories of items that it
created, along with information about them that can be used to filter
them out of the layer at commit-time.
This modifies the signature of Ensure(), but it was added in 1.41.0, and
shouldn't (yet) have any external users.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and filter them
out when generating a layer diff or --output data.
The exceptions will be directories that the conformance tests confirm
that BuildKit also leaves behind, though for compatibility with the
classic builder, we have to make that conditional.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When RUN requires us to create the target for a mountpoint, make note of
it and any parent directories that needed to be created, and clear them
all out if they look basically the same after the command finishes.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The TempVolumes field is used to track data that's specific to a Run()
call, and there can be more than one of those going at a time. Merge
its data into the runMountArtifacts struct, which already keeps a list
of locations that we have to clean up in exactly the same way.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the named constants for the status values that runtimes can report
to us when we run them with the "state" command.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
No functionality change, just code simplification.
Covered by existing test (e.g. "run should also override /etc/hostname"
in tests/run.bats).
NO NEW TESTS NEEDED
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When containers.conf has the "container_name_as_hostname" option set,
use that value, with values that don't fit `[A-Za-z0-9][A-Za-z0-9.-]+`
stripped out.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Allow the "from" option for cache mounts to refer to an image, which, if
we attempt to mount read-write, is mounted using an overlay to avoid
getting errors if the process we're running with the cache mount
attempts to write to it.
Add logic to clean up the bind mount in Builder.getBindMount() that's
triggered if Builder.runSetupVolumeMounts() returns an error.
When creating cache directories for cache mounts, process the
container's ID mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These experimental packages are now available in the Go standard
library since Go 1.21:
1. golang.org/x/exp/slices -> slices [1]
2. golang.org/x/exp/maps -> maps [2]
[1]: https://go.dev/doc/go1.21#slices
[2]: https://go.dev/doc/go1.21#maps
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
The "recurse" parameter of the relabel() function signature is passed to
a function which calls it "shared".
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fix a time-of-check/time-of-use error when mounting type=bind and
type=cache directories that use a "src" flag. A hostile writer could
use a concurrently-running stage or build to replace that "src" location
between the point when we had resolved possible symbolic links and when
runc/crun/whatever actually went to create the bind mount
(CVE-2024-11218).
Stop ignoring the "src" option for cache mounts when there's no "from"
option.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When handling RUN --mount=type=bind, where the mount is read-write,
instead of a simple bind mount, create an overlay mount with an upper
directory that will be discarded after the overlay mount is unmounted.
This brings us in line with the expected behavior, wherein writes to
bind mounts should be discarded.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When the target location of a RUN --mount is specified as a relative
path, we normally try to convert it to an absolute path by combining it
with the currently-configured working directory. If there is no such
value, though, the result is still not an absolute path. Work around
this by using "/" when the configured working directory is "".
Set this field in the `runMountInfo` struct on FreeBSD, as we already
did on Linux.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Describe the "env" and "type" options in the buildah-build(1) man page.
When parsing the "--secret=" flag for the CLI, instead of ignoring an
option that we don't recognize, return an error.
Even though the set of meaningful "id" values for secrets is passed in
via the command line, don't directly use it to construct a file path.
Change the default mode for SSH agent sockets that we create from 0o620
to 0o600.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We always map 169.254.1.2 with pasta to the host now so ensure the
host.containers.internal entry is set correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
govet warned about some places where we were passing something other
than a literal string to a function that took format specifiers.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Make the traditional handling of volumes (where they're "frozen" and can
only be modified by ADD or COPY, which requires that we cache their
contents and save/restore them before/after RUN instructions) an option
that is not enabled by default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When setting up resolv.conf on Linux we need to reference the Linux
namespaces from spec.Linux. This is not needed for FreeBSD and this
change moves the dereference of spec.Linux to addResolvConfEntries and
makes it conditional.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Use slices.Clone() and maps.Clone() instead of our own non-generic
functions. We have to be more careful in a couple of places where we
set items in maps which aren't unconditionally initialized.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Previously buildah may have created a incorrect hosts/resolv.conf file,
when netavark, slirp4netns or pasta are used we have to actually
consider their special setup and use the correct nameservers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should never configure the files before we setup the network as we
are missing a lot of information. This is part 1 of the refactor where
we split the functions between create/add entries part. See the
following commit to actualy see how me make use of this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is a common mistake by users and is ignored in some places
but not everywhere. This change will help this to be ignored everwhere.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Previously, when mounting multiple mounts, if any mount had a `type`
specified, it would override the default type for subsequent mounts.
This meant, for example, that having a RUN step like:
```
RUN --mount=type=cache,target=/cache --mount=source=.,target=/src
```
would incorrectly mount the second source as a cache, instead of a
bind-mount.
This fix ensures the default is reset between each iteration of the
loop, ensuring we get the right mount type.
Signed-off-by: Benjamin Schubert <contact@benschubert.me>
internal/parse does not need to depend on libimage.
This allows for a smaller podman remote client.
Based on Miloslav's work: https://github.com/containers/podman/pull/19718
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This uses the same code as podman for slirp4netns, this means
- ipv6 is enabled by default
- slirp4netns options are read from contianers.conf
- slirp4netns options can now be set on the cli. This required some
small rework on where we parse the network string.
Lastly I updated the --network docs, to document the new slirp4netns
mode. That included fixing up buildah-from and buildah-run pages which
were incomplete in that regard. Now we show the same for all options.
Fixes#3968
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some tools depend on the hostname being present in /etc/hosts. I would
argue they are broken but its not like we can do anything about that.
This adds the hostname with the local host ip when the host network is
used. For private networking we already add the hostname.
We also now correctly force host networking in chroot mode, it was
silently ignored before thus causing extra confusion here.
Fixes#4446
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Restore SysProcAttr.Pdeathsig values for child processes that we start,
so that they get a SIGKILL when we exit for whatever reason. Lock the
calling goroutine to a native thread while that's happening, like we
should always have done.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
it is not safe to use prctl(PR_SET_PDEATHSIG) in a Go program since
the parent of the process is considered the *thread* that created the
child process, and the Go runtime can free a thread at any time. We
would either need to lock the thread, or simpler just not use it.
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/17918
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
`Buildkit` and `docker` accepts `required` flag as `true` in
`--mount=type=secret` so let do same for buildah.
Example usage
```Dockerfile
FROM docker.io/nginx:1.23.3
RUN --mount=type=secret,id=nginx-crt,dst=/nginx-repo.crt,required \
--mount=type=secret,id=nginx-key,dst=/nginx-repo.key,required \
set -x \
&& . /etc/os-release \
&& stat /nginx-repo.crt \
&& stat /nginx-repo.key
```
Closes: https://github.com/containers/podman/issues/18438
Signed-off-by: Aditya R <arajan@redhat.com>
It seems buildah was cleaning path after unmounting the content which
was added by `--mount`, however buildah should `remove` only if the path
it did not pre-exist otherwise it should just simply `unmount`.
Following behaviour aligns buildah to buildkit
Closes: https://github.com/containers/buildah/issues/4739
Signed-off-by: Aditya R <arajan@redhat.com>
Allow containers running under buildah to use
--group-add keep-groups, so that they can inherit
access to the users groups.
Also allow users to add supplimental groups to the container.
Fixes: https://github.com/containers/buildah/issues/4476
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
User may get confusing error messages were it is not clear that they are
related to the network setup, wrap the error to make it more clear that
some network setup failed.
[NO NEW TESTS NEEDED]
Fixescontainers/podman#16809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Jan Kaluza
openshift-merge-bot[bot]
Nalin Dahyabhai
Kir Kolyshkin
Eng Zer Jun
Paul Holzinger
Doug Rabson
Daniel J Walsh
Giuseppe Scrivano
Valentin Rothberg
Benjamin Schubert
Lokesh Mandvekar
guoguangwu
Aditya R