buildah icon indicating copy to clipboard operation
buildah copied to clipboard

Published 20 hours ago verified publisher icon containers

Add support for buildah run with chroot isolation

Open dfr opened this issue 3 years ago • 9 comments

What type of PR is this?

/kind feature

What this PR does / why we need it:

This adds support for running containers with chroot isolation. Internally, I actually use a jail instead of a real chroot since this is the only equivalent of the Linux UTS namespace. Large parts of the code are shared with Linux and I moved the shared functions to run_common.go in a similar way to the main run code.

[NO NEW TESTS NEEDED]

How to verify it

On a FreeBSD system, run:

c=$(sudo buildah from quay.io/dougrabson/freebsd-minimal:13.1)
sudo buildah run --isolation=chroot $c freebsd-version
sudo buildah rm $c

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

dfr avatar Aug 08 '22 09:08 dfr

@dfr cross-build is breaking because of https://github.com/containers/buildah/pull/4175, maybe you wanna wait and rebase after https://github.com/containers/buildah/pull/4175

flouthoc avatar Aug 08 '22 10:08 flouthoc

@dfr cross-build is breaking because of #4175, maybe you wanna wait and rebase after #4175

Makes sense, thanks for the pointer. There were a couple of other cross build breaks related to "freebsd && !cgo" which I fixed.

dfr avatar Aug 08 '22 10:08 dfr

The lint fail is due to my attempt to work around the fact that FreeBSD's struct rlimit contains signed members. I tried to hide this with a type alias but now lint complains on Linux about casting uint64 to uint64. Not sure how to address that yet :(.

dfr avatar Aug 08 '22 12:08 dfr

/hold till v1.27.0

flouthoc avatar Aug 08 '22 19:08 flouthoc

Rebased

dfr avatar Aug 10 '22 13:08 dfr

@flouthoc @nalind @giuseppe @vrothberg @umohnani8 @ashley-cui PTAL

rhatdan avatar Aug 10 '22 17:08 rhatdan

LGTM

rhatdan avatar Aug 10 '22 17:08 rhatdan

LGTM @flouthoc @nalind @vrothberg @giuseppe PTAL

rhatdan avatar Aug 14 '22 09:08 rhatdan

Rebased

dfr avatar Aug 19 '22 06:08 dfr

Rebased

dfr avatar Aug 23 '22 15:08 dfr

Rebased. I'm hoping this can be merged sometime soonish. I know its not particularly important given the existing support for isolation=oci but an ancestor of this code was used very early on to run simple container tests before I had an OCI runtime. This helped convince me that porting the containers stack to FreeBSD was viable and without that, I probably wouldn't be hassling you all today with podman PRs so it has some sentimental value :).

dfr avatar Aug 30 '22 07:08 dfr

/lgtm /hold cancel

rhatdan avatar Sep 01 '22 11:09 rhatdan

Rebased

dfr avatar Sep 01 '22 12:09 dfr

LGTM

TomSweeneyRedHat avatar Sep 02 '22 15:09 TomSweeneyRedHat

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dfr, flouthoc, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [flouthoc,rhatdan]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Sep 02 '22 16:09 openshift-ci[bot]