Skip to content

Instantly share code, notes, and snippets.

@protosam

protosam/hooking-podman.md

Created December 18, 2021 17:00
Show Gist options
  • Save protosam/05adf86b291efaa13f1f330e7acccf5a to your computer and use it in GitHub Desktop.
Save protosam/05adf86b291efaa13f1f330e7acccf5a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hooking-podman.md

Based on reading this, it's wrong about the path /etc/containers/oci/hooks.d. I assume /usr/share/containers/oci/hooks.d works because of output from podman --help but I'm testing this in the podman machine, which that path is read-only (that is why I'm testing the way I am).

Where

This is all being done inside the podman machine on a macbook.

$ podman machine init
$ podman machine start
$ podman machine ssh

Setup

Directories for hooks and executables.

mkdir -p  ~/.local/share/containers/oci/hooks.d/ ~/.local/share/containers/oci/hooks.bin/

Make podman hook.

cat <<EOF > ~/.local/share/containers/oci/hooks.d/testhook.json
{
  "version": "1.0.0",
  "hook": {
    "path": "${HOME}/.local/share/containers/oci/hooks.bin/oci-mount-fixer"
  },
  "when": {
    "always": true
  },
  "stages": ["createRuntime","prestart"]
}
EOF

Make executable to be ran by hook.

echo '#!/bin/bash
echo running mount-fixer
echo $0 > /var/home/core/.oci-mount-fixer
echo $@ >> /var/home/core/.oci-mount-fixer
echo env_below >> /var/home/core/.oci-mount-fixer
env >> ~/.oci-mount-fixer
' > ~/.local/share/containers/oci/hooks.bin/oci-mount-fixer

Ensure executable has execute perms.

chmod +x ~/.local/share/containers/oci/hooks.bin/oci-mount-fixer

Testing

So this hook executable isn't going to work, this is just something I'm using to collect data in testing. The data will be in ~/.oci-mount-fixer. Before beginning, I made sure prior tests are cleaned with the file not there. The file existing is how I know the execuable ran without enabling debug output.

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory

I run podman with my custom hooks dir. At this point the hook is working. GREAT!

[core@localhost ~]$ podman --hooks-dir ~/.local/share/containers/oci/hooks.d/ run --rm alpine sh -c 'echo hello world'
Error: OCI runtime error: error executing hook `/var/home/core/.local/share/containers/oci/hooks.bin/oci-mount-fixer` (exit code: 1)

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
-rw-r--r--. 1 core core 80 Dec 18 16:58 /var/home/core/.oci-mount-fixer

Clean up and check if it runs when adding volumes? This does not work. Podman is stating before running hooks. Not sure this is right.

[core@localhost ~]$ rm -rf ~/.oci-mount-fixer

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory

[core@localhost ~]$ podman --hooks-dir ~/.local/share/containers/oci/hooks.d/ run -v /does/not/exist:/usr/src --rm alpine sh -c 'echo hello world'
Error: statfs /does/not/exist: no such file or directory

[core@localhost ~]$ ls -lah ~/.oci-mount-fixer
ls: cannot access '/var/home/core/.oci-mount-fixer': No such file or directory
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment