Support setting image_volume_mode in containers.conf

Begins to fix containers/podman#14230 Signed-off-by: Daniel J Walsh <[email protected]>
containers · May 18, 2022 · 0859235 · 0859235
1 parent 5895cde
commit 0859235
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 44 deletions.
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -487,6 +487,14 @@ Default transport method for pulling and pushing images.
 Maximum number of image layers to be copied (pulled/pushed) simultaneously.
 Not setting this field will fall back to containers/image defaults. (6)
 
+**image_volume_mode**="bind"
+
+Tells container engines how to handle the builtin image volumes.
+
+* bind: An anonymous named volume will be  created  and  mounted into the container.
+* tmpfs:  The  volume  is mounted onto the container as a tmpfs, which allows the users to create content that disappears  when the container is stopped.
+* ignore: All volumes are just ignored and no action is taken.
+
 **infra_command**="/pause"
 
 Infra (pause) container image command for pod infra containers. When running a

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -13,6 +13,7 @@ import (
 	"github.com/BurntSushi/toml"
 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/capabilities"
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/storage/pkg/unshare"
 	units "github.com/docker/go-units"
 	selinux "github.com/opencontainers/selinux/go-selinux"
@@ -46,6 +47,8 @@ const (
 	BoltDBStateStore RuntimeStateStore = iota
 )
 
+var validImageVolumeModes = []string{"bind", "tmpfs", "ignore"}
+
 // ProxyEnv is a list of Proxy Environment variables
 var ProxyEnv = []string{
 	"http_proxy",
@@ -293,6 +296,10 @@ type EngineConfig struct {
 	// Building/committing defaults to OCI.
 	ImageDefaultFormat string `toml:"image_default_format,omitempty"`
 
+	// ImageVolumeMode Tells container engines how to handle the builtin
+	// image volumes. Values bind, tmpfs, ignore.
+	ImageVolumeMode string `toml:"image_volume_mode,omitempty"`
+
 	// InfraCommand is the command run to start up a pod infra container.
 	InfraCommand string `toml:"infra_command,omitempty"`
 
@@ -820,6 +827,9 @@ func (c *EngineConfig) Validate() error {
 		return err
 	}
 
+	if err := ValidateImageVolumeMode(c.ImageVolumeMode); err != nil {
+		return err
+	}
 	// Check if the pullPolicy from containers.conf is valid
 	// if it is invalid returns the error
 	pullPolicy := strings.ToLower(c.PullPolicy)
@@ -1304,3 +1314,14 @@ func (e eventsLogMaxSize) MarshalText() ([]byte, error) {
 	}
 	return []byte(fmt.Sprintf("%d", e)), nil
 }
+
+func ValidateImageVolumeMode(mode string) error {
+	if mode == "" {
+		return nil
+	}
+	if util.StringInSlice(mode, validImageVolumeModes) {
+		return nil
+	}
+
+	return fmt.Errorf("invalid image volume mode %q required value: %s", mode, strings.Join(validImageVolumeModes, ", "))
+}
diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -33,6 +33,7 @@ var _ = Describe("Config", func() {
 			gomega.Expect(defaultConfig.NetNS()).To(gomega.BeEquivalentTo("private"))
 			gomega.Expect(defaultConfig.IPCNS()).To(gomega.BeEquivalentTo("shareable"))
 			gomega.Expect(defaultConfig.Engine.InfraImage).To(gomega.BeEquivalentTo(""))
+			gomega.Expect(defaultConfig.Engine.ImageVolumeMode).To(gomega.BeEquivalentTo("bind"))
 			path, err := defaultConfig.ImageCopyTmpDir()
 			gomega.Expect(err).To(gomega.BeNil())
 			gomega.Expect(path).To(gomega.BeEquivalentTo("/var/tmp"))
@@ -378,6 +379,7 @@ image_copy_tmp_dir="storage"`
 			gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
 			gomega.Expect(config.Containers.BaseHostsFile).To(gomega.BeEquivalentTo("/etc/hosts2"))
 			gomega.Expect(config.Containers.HostContainersInternalIP).To(gomega.BeEquivalentTo("1.2.3.4"))
+			gomega.Expect(config.Engine.ImageVolumeMode).To(gomega.BeEquivalentTo("tmpfs"))
 		})
 
 		It("contents of passed-in file should override others", func() {
@@ -812,4 +814,13 @@ env=["foo=bar"]`
 		gomega.Expect(string(b)).To(gomega.
 			Equal("[containers]\n\n[engine]\n\n[machine]\n\n[network]\n\n[secrets]\n\n[configmaps]\n"))
 	})
+
+	It("validate ImageVolumeMode", func() {
+		for _, mode := range append(validImageVolumeModes, "") {
+			err := ValidateImageVolumeMode(mode)
+			gomega.Expect(err).ToNot(gomega.HaveOccurred())
+		}
+		err := ValidateImageVolumeMode("bogus")
+		gomega.Expect(err).To(gomega.HaveOccurred())
+	})
 })
diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
@@ -434,6 +434,16 @@ default_sysctls = [
 #
 #image_parallel_copies = 0
 
+# Tells container engines how to handle the builtin image volumes.
+#   * bind: An anonymous named volume will be created and mounted
+#     into the container.
+#   * tmpfs:  The volume is mounted onto the container as a tmpfs,
+#     which allows users to create content that disappears when
+#     the container is stopped.
+#   * ignore: All volumes are just ignored and no action is taken.
+#
+#image_volume_mode = ""
+
 # Default command to run the infra container
 #
 #infra_command = "/pause"