Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rootfull -> Rootful #13995

Merged
merged 2 commits into from
Apr 25, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 2 additions & 13 deletions cmd/podman/machine/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"github.com/containers/podman/v4/pkg/machine"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)

var (
Expand Down Expand Up @@ -107,18 +106,8 @@ func init() {
flags.StringVar(&initOpts.IgnitionPath, IgnitionPathFlagName, "", "Path to ignition file")
_ = initCmd.RegisterFlagCompletionFunc(IgnitionPathFlagName, completion.AutocompleteDefault)

rootfullFlagName := "rootfull"
flags.BoolVar(&initOpts.Rootfull, rootfullFlagName, false, "Whether this machine should prefer rootfull container execution")
flags.SetNormalizeFunc(aliasFlags)
}

// aliasFlags is a function to handle backwards compatibility with old flags
func aliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName {
switch name {
case "rootful":
name = "rootfull"
}
return pflag.NormalizedName(name)
rootfulFlagName := "rootful"
flags.BoolVar(&initOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution")
}

// TODO should we allow for a users to append to the qemu cmdline?
Expand Down
7 changes: 3 additions & 4 deletions cmd/podman/machine/set.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ var (
Long: "Sets an updatable virtual machine setting",
RunE: setMachine,
Args: cobra.MaximumNArgs(1),
Example: `podman machine set --rootfull=false`,
Example: `podman machine set --rootful=false`,
ValidArgsFunction: completion.AutocompleteNone,
}
)
Expand All @@ -33,9 +33,8 @@ func init() {
})
flags := setCmd.Flags()

rootfullFlagName := "rootfull"
flags.BoolVar(&setOpts.Rootfull, rootfullFlagName, false, "Whether this machine should prefer rootfull container execution")
flags.SetNormalizeFunc(aliasFlags)
rootfulFlagName := "rootful"
flags.BoolVar(&setOpts.Rootful, rootfulFlagName, false, "Whether this machine should prefer rootful container execution")
}

func setMachine(cmd *cobra.Command, args []string) error {
Expand Down
2 changes: 1 addition & 1 deletion contrib/cirrus/logformatter
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ END_HTML

print { $out_fh } "<pre> <!-- begin processed output -->\n";

# Assume rootfull prompt, check for rootless (here and in log itself, below)
# Assume rootful prompt, check for rootless (here and in log itself, below)
my $Prompt = '#';
$Prompt = '$' if $test_name =~ /rootless/;

Expand Down
2 changes: 1 addition & 1 deletion contrib/podmanimage/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,4 @@ file to `/etc/modules.load.d`. See `man modules-load.d` for more details.

### Blog Post with Details

Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container). In it, he details how to use these images as a rootfull and as a rootless user. Please refer to this blog for more detailed information.
Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container). In it, he details how to use these images as a rootful and as a rootless user. Please refer to this blog for more detailed information.
2 changes: 1 addition & 1 deletion contrib/remote/containers.conf
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@
# Default Remote URI to access the Podman service.
# Examples:
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://[email protected]:22/run/podman/podman.sock
# remote rootful ssh://[email protected]:22/run/podman/podman.sock
# remote_uri= ""
6 changes: 3 additions & 3 deletions docs/source/markdown/podman-build.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -429,7 +429,7 @@ container full access to local system services such as D-bus and is therefore
considered insecure.
- **ns:**_path_: path to a network namespace to join.
- **private**: create a new namespace for the container (default)
- **\<network name|ID\>**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootfull users.
- **\<network name|ID\>**: Join the network with the given name or ID, e.g. use `--network mynet` to join the network with the name mynet. Only supported for rootful users.

#### **--no-cache**

Expand Down Expand Up @@ -685,7 +685,7 @@ suitable group name to use as the default setting for this option.

**NOTE:** When this option is specified by a rootless user, the specified
mappings are relative to the rootless user namespace in the container, rather
than being relative to the host as it would be when run rootfull.
than being relative to the host as it would be when run rootful.

#### **--userns-uid-map**=*mapping*

Expand Down Expand Up @@ -721,7 +721,7 @@ suitable user name to use as the default setting for this option.

**NOTE:** When this option is specified by a rootless user, the specified
mappings are relative to the rootless user namespace in the container, rather
than being relative to the host as it would be when run rootfull.
than being relative to the host as it would be when run rootful.

#### **--uts**=*how*

Expand Down
8 changes: 4 additions & 4 deletions docs/source/markdown/podman-create.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -704,7 +704,7 @@ Set the network mode for the container. Invalid if using **--dns**, **--dns-opt*

Valid _mode_ values are:

- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootfull containers. It is possible to specify these additional options:
- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
Expand All @@ -717,7 +717,7 @@ Valid _mode_ values are:
- **container:**_id_: Reuse another container's network stack.
- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
- **ns:**_path_: Path to a network namespace to join.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
Expand Down Expand Up @@ -1118,8 +1118,8 @@ option conflicts with the **--userns** and **--subuidname** options. This
option provides a way to map host UIDs to container UIDs. It can be passed
several times to map different ranges.

The _from_uid_ value is based upon the user running the command, either rootfull or rootless users.
* rootfull user: *container_uid*:*host_uid*:*amount*
The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
* rootful user: *container_uid*:*host_uid*:*amount*
* rootless user: *container_uid*:*intermediate_uid*:*amount*

When **podman create** is called by a privileged user, the option **--uidmap**
Expand Down
2 changes: 1 addition & 1 deletion docs/source/markdown/podman-image-scp.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ podman-image-scp - Securely copy an image from one host to another

## DESCRIPTION
**podman image scp** copies container images between hosts on a network. You can load to the remote host or from the remote host as well as in between two remote hosts.
Note: `::` is used to specify the image name depending on if you are saving or loading. Images can also be transferred from rootfull to rootless storage on the same machine without using sshd. This feature is not supported on the remote client, including Mac and Windows (excluding WSL2) machines.
Note: `::` is used to specify the image name depending on if you are saving or loading. Images can also be transferred from rootful to rootless storage on the same machine without using sshd. This feature is not supported on the remote client, including Mac and Windows (excluding WSL2) machines.

**podman image scp [GLOBAL OPTIONS]**

Expand Down
6 changes: 3 additions & 3 deletions docs/source/markdown/podman-machine-init.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,9 @@ Memory (in MB).

Start the virtual machine immediately after it has been initialized.

#### **--rootfull**=*true|false*
#### **--rootful**=*true|false*

Whether this machine should prefer rootfull (`true`) or rootless (`false`)
Whether this machine should prefer rootful (`true`) or rootless (`false`)
container execution. This option will also determine the remote connection default
if there is no existing remote connection configurations.

Expand Down Expand Up @@ -95,7 +95,7 @@ Driver to use for mounting volumes from the host, such as `virtfs`.
```
$ podman machine init
$ podman machine init myvm
$ podman machine init --rootfull
$ podman machine init --rootful
$ podman machine init --disk-size 50
$ podman machine init --memory=1024 myvm
$ podman machine init -v /Users:/mnt/Users
Expand Down
20 changes: 10 additions & 10 deletions docs/source/markdown/podman-machine-set.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,39 +19,39 @@ subset can be changed after machine initialization.

Print usage statement.

#### **--rootfull**=*true|false*
#### **--rootful**=*true|false*

Whether this machine should prefer rootfull (`true`) or rootless (`false`)
Whether this machine should prefer rootful (`true`) or rootless (`false`)
container execution. This option will also update the current podman
remote connection default if it is currently pointing at the specified
machine name (or `podman-machine-default` if no name is specified).

Unlike [**podman system connection default**](podman-system-connection-default.1.md)
this option will also make the API socket, if available, forward to the rootfull/rootless
this option will also make the API socket, if available, forward to the rootful/rootless
socket in the VM.

## EXAMPLES

To switch the default VM `podman-machine-default` from rootless to rootfull:
To switch the default VM `podman-machine-default` from rootless to rootful:

```
$ podman machine set --rootfull
$ podman machine set --rootful
```

or more explicitly:

```
$ podman machine set --rootfull=true
$ podman machine set --rootful=true
```

To switch the default VM `podman-machine-default` from rootfull to rootless:
To switch the default VM `podman-machine-default` from rootful to rootless:
```
$ podman machine set --rootfull=false
$ podman machine set --rootful=false
```

To switch the VM `myvm` from rootless to rootfull:
To switch the VM `myvm` from rootless to rootful:
```
$ podman machine set --rootfull myvm
$ podman machine set --rootful myvm
```

## SEE ALSO
Expand Down
2 changes: 1 addition & 1 deletion docs/source/markdown/podman-network-reload.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ podman\-network\-reload - Reload network configuration for containers
## DESCRIPTION
Reload one or more container network configurations.

Rootfull Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted,
Rootful Podman relies on iptables rules in order to provide network connectivity. If the iptables rules are deleted,
this happens for example with `firewall-cmd --reload`, the container loses network connectivity. This command restores
the network connectivity.

Expand Down
4 changes: 2 additions & 2 deletions docs/source/markdown/podman-play-kube.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ Note: When joining multiple networks you should use the **--network name:mac=\<m
Change the network mode of the pod. The host network mode should be configured in the YAML file.
Valid _mode_ values are:

- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootfull containers. It is possible to specify these additional options:
- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
Expand All @@ -200,7 +200,7 @@ Valid _mode_ values are:
- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity.
- **container:**_id_: Reuse another container's network stack.
- **ns:**_path_: Path to a network namespace to join.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
Expand Down
4 changes: 2 additions & 2 deletions docs/source/markdown/podman-pod-create.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ Set the network mode for the pod. Invalid if using **--dns**, **--dns-opt**, or

Valid _mode_ values are:

- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootfull containers. It is possible to specify these additional options:
- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
Expand All @@ -169,7 +169,7 @@ Valid _mode_ values are:
- **container:**_id_: Reuse another container's network stack.
- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
- **ns:**_path_: Path to a network namespace to join.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
Expand Down
2 changes: 1 addition & 1 deletion docs/source/markdown/podman-pull.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ Using short names is subject to the risk of hitting squatted registry namespaces
While it is highly recommended to always use fully-qualified image references, existing deployments using short names may not be easily changed. To circumvent the aforementioned ambiguity, so called short-name aliases can be configured that point to a fully-qualified image reference. Distributions often ship a default shortnames.conf expansion file in /etc/containers/registries.conf.d/ directory. Administrators can use this directory to add their own local short-name expansion files.

When pulling an image, if the user does not specify the complete registry, container engines attempt to expand the short-name into a full name. If the command is executed with a tty, the user will be prompted to select a registry from the
default list unqualified registries defined in registries.conf. The user's selection is then stored in a cache file to be used in all future short-name expansions. Rootfull short-names are stored in /var/cache/containers/short-name-aliases.conf. Rootless short-names are stored in the $HOME/.cache/containers/short-name-aliases.conf file.
default list unqualified registries defined in registries.conf. The user's selection is then stored in a cache file to be used in all future short-name expansions. Rootful short-names are stored in /var/cache/containers/short-name-aliases.conf. Rootless short-names are stored in the $HOME/.cache/containers/short-name-aliases.conf file.

For more information on short-names, see `containers-registries.conf(5)`

Expand Down
8 changes: 4 additions & 4 deletions docs/source/markdown/podman-run.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -730,7 +730,7 @@ Set the network mode for the container. Invalid if using **--dns**, **--dns-opt*

Valid _mode_ values are:

- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootfull containers. It is possible to specify these additional options:
- **bridge[:OPTIONS,...]**: Create a network stack on the default bridge. This is the default for rootful containers. It is possible to specify these additional options:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
Expand All @@ -743,7 +743,7 @@ Valid _mode_ values are:
- **container:**_id_: Reuse another container's network stack.
- **host**: Do not create a network namespace, the container will use the host's network. Note: The host mode gives the container full access to local system services such as D-bus and is therefore considered insecure.
- **ns:**_path_: Path to a network namespace to join.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones.
- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootful containers and **slirp4netns** for rootless ones.
- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options, they can also be set with `network_cmd_options` in containers.conf:
- **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`). Default is false.
- **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`).
Expand Down Expand Up @@ -1185,8 +1185,8 @@ option conflicts with the **--userns** and **--subuidname** options. This
option provides a way to map host UIDs to container UIDs. It can be passed
several times to map different ranges.

The _from_uid_ value is based upon the user running the command, either rootfull or rootless users.
* rootfull user: *container_uid*:*host_uid*:*amount*
The _from_uid_ value is based upon the user running the command, either rootful or rootless users.
* rootful user: *container_uid*:*host_uid*:*amount*
* rootless user: *container_uid*:*intermediate_uid*:*amount*

When **podman run** is called by a privileged user, the option **--uidmap**
Expand Down
2 changes: 1 addition & 1 deletion docs/source/markdown/podman-system-service.1.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ podman\-system\-service - Run an API service
## DESCRIPTION
The **podman system service** command creates a listening service that will answer API calls for Podman. You may
optionally provide an endpoint for the API in URI form. For example, *unix:///tmp/foobar.sock* or *tcp:localhost:8080*.
If no endpoint is provided, defaults will be used. The default endpoint for a rootfull
If no endpoint is provided, defaults will be used. The default endpoint for a rootful
service is *unix:///run/podman/podman.sock* and rootless is *unix://$XDG_RUNTIME_DIR/podman/podman.sock* (for
example *unix:///run/user/1000/podman/podman.sock*)

Expand Down
Loading