diff --git a/cmd/podman/containers/container.go b/cmd/podman/containers/container.go index 2599f6aca1..4472642683 100644 --- a/cmd/podman/containers/container.go +++ b/cmd/podman/containers/container.go @@ -3,7 +3,6 @@ package containers import ( "github.com/containers/podman/v5/cmd/podman/registry" "github.com/containers/podman/v5/cmd/podman/validate" - "github.com/containers/podman/v5/pkg/util" "github.com/spf13/cobra" ) @@ -20,7 +19,7 @@ var ( RunE: validate.SubCommandExists, } - containerConfig = util.DefaultContainerConfig() + containerConfig = registry.PodmanConfig().ContainersConfDefaultsRO ) func init() { diff --git a/cmd/podman/generate/generate.go b/cmd/podman/generate/generate.go index 3e86bc6053..dbfc7a3799 100644 --- a/cmd/podman/generate/generate.go +++ b/cmd/podman/generate/generate.go @@ -3,7 +3,6 @@ package generate import ( "github.com/containers/podman/v5/cmd/podman/registry" "github.com/containers/podman/v5/cmd/podman/validate" - "github.com/containers/podman/v5/pkg/util" "github.com/spf13/cobra" ) @@ -15,7 +14,7 @@ var ( Long: "Generate structured data (e.g., Kubernetes YAML or systemd units) based on containers, pods or volumes.", RunE: validate.SubCommandExists, } - containerConfig = util.DefaultContainerConfig() + containerConfig = registry.PodmanConfig().ContainersConfDefaultsRO ) func init() { diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go index 6e8237d1d8..ae9dadb8f3 100644 --- a/cmd/podman/images/load.go +++ b/cmd/podman/images/load.go @@ -74,7 +74,7 @@ func load(cmd *cobra.Command, args []string) error { if len(loadOpts.Input) > 0 { // Download the input file if needed. if strings.HasPrefix(loadOpts.Input, "https://") || strings.HasPrefix(loadOpts.Input, "http://") { - tmpdir, err := util.DefaultContainerConfig().ImageCopyTmpDir() + tmpdir, err := registry.PodmanConfig().ContainersConfDefaultsRO.ImageCopyTmpDir() if err != nil { return err } diff --git a/cmd/podman/networks/network.go b/cmd/podman/networks/network.go index 7f96195cbd..2329a9f20a 100644 --- a/cmd/podman/networks/network.go +++ b/cmd/podman/networks/network.go @@ -3,7 +3,6 @@ package network import ( "github.com/containers/podman/v5/cmd/podman/registry" "github.com/containers/podman/v5/cmd/podman/validate" - "github.com/containers/podman/v5/pkg/util" "github.com/spf13/cobra" ) @@ -18,7 +17,7 @@ var ( Long: "Manage networks", RunE: validate.SubCommandExists, } - containerConfig = util.DefaultContainerConfig() + containerConfig = registry.PodmanConfig().ContainersConfDefaultsRO ) func init() { diff --git a/cmd/podman/pods/pod.go b/cmd/podman/pods/pod.go index 3653638466..47b520006f 100644 --- a/cmd/podman/pods/pod.go +++ b/cmd/podman/pods/pod.go @@ -3,7 +3,6 @@ package pods import ( "github.com/containers/podman/v5/cmd/podman/registry" "github.com/containers/podman/v5/cmd/podman/validate" - "github.com/containers/podman/v5/pkg/util" "github.com/spf13/cobra" ) @@ -18,7 +17,7 @@ var ( Long: "Pods are a group of one or more containers sharing the same network, pid and ipc namespaces.", RunE: validate.SubCommandExists, } - containerConfig = util.DefaultContainerConfig() + containerConfig = registry.PodmanConfig().ContainersConfDefaultsRO ) func init() { diff --git a/cmd/podman/volumes/volume.go b/cmd/podman/volumes/volume.go index eadbe60844..e42e2ac55e 100644 --- a/cmd/podman/volumes/volume.go +++ b/cmd/podman/volumes/volume.go @@ -3,7 +3,6 @@ package volumes import ( "github.com/containers/podman/v5/cmd/podman/registry" "github.com/containers/podman/v5/cmd/podman/validate" - "github.com/containers/podman/v5/pkg/util" "github.com/spf13/cobra" ) @@ -18,7 +17,7 @@ var ( Long: "Volumes are created in and can be shared between containers", RunE: validate.SubCommandExists, } - containerConfig = util.DefaultContainerConfig() + containerConfig = registry.PodmanConfig().ContainersConfDefaultsRO ) func init() { diff --git a/libpod/kube.go b/libpod/kube.go index 51f93e7fc2..7964109d58 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -577,6 +577,11 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po stopTimeout *uint ) + cfg, err := config.Default() + if err != nil { + return nil, err + } + // Let's sort the containers in order of created time // This will ensure that the init containers are defined in the correct order in the kube yaml sort.Slice(containers, func(i, j int) bool { return containers[i].CreatedTime().Before(containers[j].CreatedTime()) }) @@ -630,7 +635,7 @@ func (p *Pod) podWithContainers(ctx context.Context, containers []*Container, po // Pick the first container that has a stop-timeout set and use that value // Ignore podman's default - if ctr.config.StopTimeout != util.DefaultContainerConfig().Engine.StopTimeout && stopTimeout == nil { + if ctr.config.StopTimeout != cfg.Engine.StopTimeout && stopTimeout == nil { stopTimeout = &ctr.config.StopTimeout } @@ -736,6 +741,11 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta // simplePodWithV1Containers is a function used by inspect when kube yaml needs to be generated // for a single container. we "insert" that container description in a pod. func simplePodWithV1Containers(ctx context.Context, ctrs []*Container, getService, podmanOnly bool) (*v1.Pod, error) { + cfg, err := config.Default() + if err != nil { + return nil, err + } + kubeCtrs := make([]v1.Container, 0, len(ctrs)) kubeInitCtrs := []v1.Container{} kubeVolumes := make([]v1.Volume, 0) @@ -775,7 +785,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container, getServic // Pick the first container that has a stop-timeout set and use that value // Ignore podman's default - if ctr.config.StopTimeout != util.DefaultContainerConfig().Engine.StopTimeout && stopTimeout == nil { + if ctr.config.StopTimeout != cfg.Engine.StopTimeout && stopTimeout == nil { stopTimeout = &ctr.config.StopTimeout } @@ -786,7 +796,7 @@ func simplePodWithV1Containers(ctx context.Context, ctrs []*Container, getServic if ctr.config.Spec.Process != nil { var ulimitArr []string - defaultUlimits := util.DefaultContainerConfig().Ulimits() + defaultUlimits := cfg.Ulimits() for _, ulimit := range ctr.config.Spec.Process.Rlimits { finalUlimit := strings.ToLower(strings.ReplaceAll(ulimit.Type, "RLIMIT_", "")) + "=" + strconv.Itoa(int(ulimit.Soft)) + ":" + strconv.Itoa(int(ulimit.Hard)) // compare ulimit with default list so we don't add it twice diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 5d59b7abb0..31578bf1d7 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -643,7 +643,10 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { AuthFilePath: authfile, DockerAuthConfig: creds, } - utils.PossiblyEnforceDockerHub(r, systemContext) + if err := utils.PossiblyEnforceDockerHub(r, systemContext); err != nil { + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("checking to enforce DockerHub: %w", err)) + return + } if _, found := r.URL.Query()["tlsVerify"]; found { systemContext.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) diff --git a/pkg/api/handlers/libpod/generate.go b/pkg/api/handlers/libpod/generate.go index 5751369376..7a64141d70 100644 --- a/pkg/api/handlers/libpod/generate.go +++ b/pkg/api/handlers/libpod/generate.go @@ -6,18 +6,24 @@ import ( "fmt" "net/http" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v5/libpod" "github.com/containers/podman/v5/pkg/api/handlers/utils" api "github.com/containers/podman/v5/pkg/api/types" "github.com/containers/podman/v5/pkg/domain/entities" "github.com/containers/podman/v5/pkg/domain/infra/abi" - "github.com/containers/podman/v5/pkg/util" "github.com/gorilla/schema" ) func GenerateSystemd(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) + cfg, err := config.Default() + if err != nil { + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("reading containers.conf: %w", err)) + return + } + query := struct { Name bool `schema:"useName"` New bool `schema:"new"` @@ -36,7 +42,7 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) { AdditionalEnvVariables []string `schema:"additionalEnvVariables"` }{ StartTimeout: 0, - StopTimeout: util.DefaultContainerConfig().Engine.StopTimeout, + StopTimeout: cfg.Engine.StopTimeout, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go index f97f493972..a53fa59805 100644 --- a/pkg/api/handlers/utils/images.go +++ b/pkg/api/handlers/utils/images.go @@ -19,7 +19,6 @@ import ( "github.com/containers/podman/v5/libpod" api "github.com/containers/podman/v5/pkg/api/types" "github.com/containers/podman/v5/pkg/errorhandling" - "github.com/containers/podman/v5/pkg/util" "github.com/containers/storage" "github.com/docker/distribution/registry/api/errcode" "github.com/docker/docker/pkg/jsonmessage" @@ -30,7 +29,11 @@ import ( // request is for the compat API and if containers.conf set the specific mode. // If nameOrID is a (short) ID for a local image, the full ID will be returned. func NormalizeToDockerHub(r *http.Request, nameOrID string) (string, error) { - if IsLibpodRequest(r) || !util.DefaultContainerConfig().Engine.CompatAPIEnforceDockerHub { + cfg, err := config.Default() + if err != nil { + return "", err + } + if IsLibpodRequest(r) || !cfg.Engine.CompatAPIEnforceDockerHub { return nameOrID, nil } @@ -62,11 +65,16 @@ func NormalizeToDockerHub(r *http.Request, nameOrID string) (string, error) { // PossiblyEnforceDockerHub sets fields in the system context to enforce // resolving short names to Docker Hub if the request is for the compat API and // if containers.conf set the specific mode. -func PossiblyEnforceDockerHub(r *http.Request, sys *types.SystemContext) { - if IsLibpodRequest(r) || !util.DefaultContainerConfig().Engine.CompatAPIEnforceDockerHub { - return +func PossiblyEnforceDockerHub(r *http.Request, sys *types.SystemContext) error { + cfg, err := config.Default() + if err != nil { + return err + } + if IsLibpodRequest(r) || !cfg.Engine.CompatAPIEnforceDockerHub { + return nil } sys.PodmanOnlyShortNamesIgnoreRegistriesConfAndForceDockerHub = true + return nil } // IsRegistryReference checks if the specified name points to the "docker://" diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index ea3c4cbab1..609ec03d85 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -589,6 +589,11 @@ func (ic *ContainerEngine) playKubeJob(ctx context.Context, jobYAML *v1.Job, opt } func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podYAML *v1.PodTemplateSpec, options entities.PlayKubeOptions, ipIndex *int, annotations map[string]string, configMaps []v1.ConfigMap, serviceContainer *libpod.Container) (*entities.PlayKubeReport, []*notifyproxy.NotifyProxy, error) { + cfg, err := ic.Libpod.GetConfigNoCopy() + if err != nil { + return nil, nil, err + } + var ( writer io.Writer playKubePod entities.PlayKubePod @@ -831,7 +836,7 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } if podOpt.Infra { - infraImage := util.DefaultContainerConfig().Engine.InfraImage + infraImage := cfg.Engine.InfraImage infraOptions := entities.NewInfraContainerCreateOptions() infraOptions.Hostname = podSpec.PodSpecGen.PodBasicConfig.Hostname infraOptions.ReadOnly = true @@ -904,11 +909,6 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } } - cfg, err := ic.Libpod.GetConfigNoCopy() - if err != nil { - return nil, nil, err - } - var readOnly types.OptionalBool if cfg.Containers.ReadOnly { readOnly = types.NewOptionalBool(cfg.Containers.ReadOnly) diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index e5b99f89d9..13376b3ba6 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -9,6 +9,7 @@ import ( "github.com/containers/common/libnetwork/types" "github.com/containers/common/pkg/cgroups" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v5/libpod/define" "github.com/containers/podman/v5/pkg/namespaces" "github.com/containers/podman/v5/pkg/util" @@ -333,14 +334,18 @@ func ParseUserNamespace(ns string) (Namespace, error) { // If the input is nil or empty it will use the default setting from containers.conf func ParseNetworkFlag(networks []string) (Namespace, map[string]types.PerNetworkOptions, map[string][]string, error) { var networkOptions map[string][]string + toReturn := Namespace{} // by default we try to use the containers.conf setting // if we get at least one value use this instead - ns := containerConfig.Containers.NetNS + cfg, err := config.Default() + if err != nil { + return toReturn, nil, nil, err + } + ns := cfg.Containers.NetNS if len(networks) > 0 { ns = networks[0] } - toReturn := Namespace{} podmanNetworks := make(map[string]types.PerNetworkOptions) switch { diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go index 2f1c874ae8..551f9eb18a 100644 --- a/pkg/specgen/pod_validate.go +++ b/pkg/specgen/pod_validate.go @@ -3,15 +3,12 @@ package specgen import ( "errors" "fmt" - - "github.com/containers/podman/v5/pkg/util" ) var ( // ErrInvalidPodSpecConfig describes an error given when the podspecgenerator is invalid ErrInvalidPodSpecConfig = errors.New("invalid pod spec") // containerConfig has the default configurations defined in containers.conf - containerConfig = util.DefaultContainerConfig() ) func exclusivePodOptions(opt1, opt2 string) error { diff --git a/pkg/util/utils.go b/pkg/util/utils.go index b225005712..ddfda73d13 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -17,7 +17,6 @@ import ( "time" "github.com/BurntSushi/toml" - "github.com/containers/common/pkg/config" "github.com/containers/image/v5/types" "github.com/containers/podman/v5/libpod/define" "github.com/containers/podman/v5/pkg/errorhandling" @@ -43,17 +42,6 @@ type idMapFlags struct { GroupMap bool // The "g" flag } -var containerConfig *config.Config - -func init() { - var err error - containerConfig, err = config.Default() - if err != nil { - logrus.Error(err) - os.Exit(1) - } -} - // Helper function to determine the username/password passed // in the creds string. It could be either or both. func parseCreds(creds string) (string, string) { @@ -1225,10 +1213,6 @@ func ValidateSysctls(strSlice []string) (map[string]string, error) { return sysctl, nil } -func DefaultContainerConfig() *config.Config { - return containerConfig -} - func CreateIDFile(path string, id string) error { idFile, err := os.Create(path) if err != nil {