Merge pull request containers#9240 from rhatdan/reset

Do not reset storage when running inside of a container

libpod/container_internal_linux.go

@@ -1627,7 +1627,7 @@ func (c *Container) makeBindMounts() error {
 
 	// Make .containerenv if it does not exist
 	if _, ok := c.state.BindMounts["/run/.containerenv"]; !ok {
-		var containerenv string
+		containerenv := c.runtime.graphRootMountedFlag(c.config.Spec.Mounts)
 		isRootless := 0
 		if rootless.IsRootless() {
 			isRootless = 1
@@ -1642,7 +1642,7 @@ id=%q
 image=%q
 imageid=%q
 rootless=%d
-`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless)
+%s`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless, containerenv)
 		}
 		containerenvPath, err := c.writeStringToRundir(".containerenv", containerenv)
 		if err != nil {

libpod/runtime.go

@@ -1,6 +1,7 @@
 package libpod
 
 import (
+	"bufio"
 	"context"
 	"fmt"
 	"os"
@@ -26,6 +27,7 @@ import (
 	"github.com/containers/storage"
 	"github.com/cri-o/ocicni/pkg/ocicni"
 	"github.com/docker/docker/pkg/namesgenerator"
+	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -622,9 +624,12 @@ func (r *Runtime) Shutdown(force bool) error {
 func (r *Runtime) refresh(alivePath string) error {
 	logrus.Debugf("Podman detected system restart - performing state refresh")
 
-	// First clear the state in the database
-	if err := r.state.Refresh(); err != nil {
-		return err
+	// Clear state of database if not running in container
+	if !graphRootMounted() {
+		// First clear the state in the database
+		if err := r.state.Refresh(); err != nil {
+			return err
+		}
 	}
 
 	// Next refresh the state of all containers to recreate dirs and
@@ -904,3 +909,29 @@ func (r *Runtime) getVolumePlugin(name string) (*plugin.VolumePlugin, error) {
 func (r *Runtime) GetSecretsStorageDir() string {
 	return filepath.Join(r.store.GraphRoot(), "secrets")
 }
+
+func graphRootMounted() bool {
+	f, err := os.OpenFile("/run/.containerenv", os.O_RDONLY, os.ModePerm)
+	if err != nil {
+		return false
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		if scanner.Text() == "graphRootMounted=1" {
+			return true
+		}
+	}
+	return false
+}
+
+func (r *Runtime) graphRootMountedFlag(mounts []spec.Mount) string {
+	root := r.store.GraphRoot()
+	for _, val := range mounts {
+		if strings.HasPrefix(root, val.Source) {
+			return "graphRootMounted=1"
+		}
+	}
+	return ""
+}

test/e2e/run_test.go

@@ -47,6 +47,29 @@ var _ = Describe("Podman run", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 	})
 
+	It("podman run check /run/.containerenv", func() {
+		session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/run/.containerenv"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal(""))
+
+		session = podmanTest.Podman([]string{"run", "--privileged", "--name=test1", ALPINE, "cat", "/run/.containerenv"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("name=\"test1\""))
+		Expect(session.OutputToString()).To(ContainSubstring("image=\"" + ALPINE + "\""))
+
+		session = podmanTest.Podman([]string{"run", "-v", "/:/host", ALPINE, "cat", "/run/.containerenv"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("graphRootMounted=1"))
+
+		session = podmanTest.Podman([]string{"run", "-v", "/:/host", "--privileged", ALPINE, "cat", "/run/.containerenv"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("graphRootMounted=1"))
+	})
+
 	It("podman run a container based on a complex local image name", func() {
 		imageName := strings.TrimPrefix(nginx, "quay.io/")
 		session := podmanTest.Podman([]string{"run", imageName, "ls"})