Allow API to specify size and inode quota

Fixes: #11016 [NO NEW TESTS NEEDED] We have no easy way to tests this in CI/CD systems. Requires quota to be setup on directories to work. Fixes: #11016 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
containers · Oct 15, 2021 · 05be5d4 · 05be5d4
1 parent 171f7b8
commit 05be5d4
Show file tree

Hide file tree

Showing 75 changed files with 2,558 additions and 831 deletions.
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
@@ -291,7 +291,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
 		Rm:                cc.HostConfig.AutoRemove,
 		SecurityOpt:       cc.HostConfig.SecurityOpt,
 		StopSignal:        cc.Config.StopSignal,
-		StorageOpt:        stringMaptoArray(cc.HostConfig.StorageOpt),
+		StorageOpts:       stringMaptoArray(cc.HostConfig.StorageOpt),
 		Sysctl:            stringMaptoArray(cc.HostConfig.Sysctls),
 		Systemd:           "true", // podman default
 		TmpFS:             parsedTmp,

diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/containers/image/v5 v5.16.1
 	github.com/containers/ocicrypt v1.1.2
 	github.com/containers/psgo v1.7.1
-	github.com/containers/storage v1.37.0
+	github.com/containers/storage v1.37.1-0.20211014130921-5c5bf639ed01
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
 	github.com/cyphar/filepath-securejoin v0.2.3

diff --git a/go.sum b/go.sum
diff --git a/libpod/container_config.go b/libpod/container_config.go
@@ -153,6 +153,8 @@ type ContainerRootFSConfig struct {
 	Secrets []*ContainerSecret `json:"secrets,omitempty"`
 	// SecretPath is the secrets location in storage
 	SecretsPath string `json:"secretsPath"`
+	// StorageOpts to be used when creating rootfs
+	StorageOpts []string `json:"storageOpts"`
 	// Volatile specifies whether the container storage can be optimized
 	// at the cost of not syncing all the dirty files in memory.
 	Volatile bool `json:"volatile,omitempty"`

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -443,6 +443,18 @@ func (c *Container) setupStorage(ctx context.Context) error {
 		},
 		LabelOpts: c.config.LabelOpts,
 	}
+
+	nopts := len(c.config.StorageOpts)
+	if nopts > 0 {
+		options.StorageOpt = make(map[string]string, nopts)
+		for _, opt := range c.config.StorageOpts {
+			split2 := strings.SplitN(opt, "=", 2)
+			if len(split2) > 2 {
+				return errors.Wrapf(define.ErrInvalidArg, "invalid storage options %q for %s", opt, c.ID())
+			}
+			options.StorageOpt[split2[0]] = split2[1]
+		}
+	}
 	if c.restoreFromCheckpoint && !c.config.Privileged {
 		// If restoring from a checkpoint, the root file-system
 		// needs to be mounted with the same SELinux labels as

diff --git a/libpod/options.go b/libpod/options.go
@@ -310,6 +310,17 @@ func WithCDI(devices []string) CtrCreateOption {
 	}
 }
 
+// WithStorageOpts sets the devices to check for for CDI configuration.
+func WithStorageOpts(storageOpts []string) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+		ctr.config.StorageOpts = storageOpts
+		return nil
+	}
+}
+
 // WithDefaultMountsFile sets the file to look at for default mounts (mainly
 // secrets).
 // Note we are not saving this in the database as it is for testing purposes

diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
@@ -235,7 +235,7 @@ type ContainerCreateOptions struct {
 	SignaturePolicy   string
 	StopSignal        string
 	StopTimeout       uint
-	StorageOpt        []string
+	StorageOpts       []string
 	SubUIDName        string
 	SubGIDName        string
 	Sysctl            []string

diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
@@ -366,6 +366,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 	if s.Entrypoint != nil {
 		options = append(options, libpod.WithEntrypoint(s.Entrypoint))
 	}
+	if len(s.ContainerStorageConfig.StorageOpts) > 0 {
+		options = append(options, libpod.WithStorageOpts(s.StorageOpts))
+	}
 	// If the user did not specify a workdir on the CLI, let's extract it
 	// from the image.
 	if s.WorkDir == "" && imageData != nil {

diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
@@ -272,6 +272,9 @@ type ContainerStorageConfig struct {
 	// If unset, the default, /, will be used.
 	// Optional.
 	WorkDir string `json:"work_dir,omitempty"`
+	// StorageOpts is the container's storage options
+	// Optional.
+	StorageOpts []string `json:"storage_opts,omitempty"`
 	// RootfsPropagation is the rootfs propagation mode for the container.
 	// If not set, the default of rslave will be used.
 	// Optional.

diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
@@ -392,6 +392,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	}
 	s.Annotations = annotations
 
+	s.StorageOpts = c.StorageOpts
 	s.WorkDir = c.Workdir
 	if c.Entrypoint != nil {
 		entrypoint := []string{}

diff --git a/vendor/github.com/Microsoft/hcsshim/.gitignore b/vendor/github.com/Microsoft/hcsshim/.gitignore
diff --git a/vendor/github.com/Microsoft/hcsshim/README.md b/vendor/github.com/Microsoft/hcsshim/README.md
diff --git a/vendor/github.com/Microsoft/hcsshim/go.mod b/vendor/github.com/Microsoft/hcsshim/go.mod