diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | RELEASE_NOTES.md | 35 | ||||
| -rw-r--r-- | changelog.txt | 101 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 3 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 2 | ||||
| -rw-r--r-- | docs/tutorials/podman_tutorial.md | 2 | ||||
| -rw-r--r-- | libpod/info.go | 2 | ||||
| -rw-r--r-- | libpod/networking_linux.go | 6 | ||||
| -rw-r--r-- | libpod/oci_linux.go | 3 | ||||
| -rw-r--r-- | seccomp.json | 33 | ||||
| -rw-r--r-- | version/version.go | 2 |
11 files changed, 182 insertions, 9 deletions
@@ -1,6 +1,6 @@ GO ?= go DESTDIR ?= / -EPOCH_TEST_COMMIT ?= 733cfe96819e1dc044e982b5321b3c902d1a47c6 +EPOCH_TEST_COMMIT ?= 921ccac10c47e0865ec5e4ba00ebb69a03d89473 HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 6c7bf1a8f..9cdf3faae 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,40 @@ # Release Notes +## 0.11.1 +### Features +- Added `--all` and `--latest` flags to `podman checkpoint` and `podman restore` +- Added `--max-workers` flag to all Podman commands that support operating in parallel, allowing the maximum number of parallel workers used to be specified +- Added `--all` flag to `podman restart` + +### Bugfixes +- Fixed a bug where `podman port -l` would segfault if no containers were present +- Fixed a bug where `podman stats -a` would error if containers were present but not running +- Fixed a bug where container status checks would sometimes leave zombie OCI runtime processes +- Fixed checkpoint and restore code to verify an appropriate version of `criu` is being used +- Fixed a bug where environment variables with no specified value (e.g. `-e FOO`) caused errors (they are now added as empty) +- Fixed a bug where rootless Podman would attempt to configure the system firewall, causing errors on some systems where iptables is not in the user's PATH +- Fixed a bug where rootless Podman was unable to successfully write the container ID to a file when `--cid-file` was specified to `podman run` +- Fixed a bug where `podman unmount` would refuse to unmount a container if it was running (the unmount will now be deferred until the container stops) +- Fixed a bug where rootless `podman attach` would fail to attach due to a too-long path name +- Fixed a bug where `podman info` was not properly reporting the Git commit Podman was built from +- Fixed a bug where `podman run --interactive` was not holding STDIN open when `-a` flag was specified +- Fixed a bug where Podman with the `cgroupfs` CGroup driver was sometimes not successfully removing pod CGroups +- Fixed a bug where rootless Podman was unable to run systemd containers (note that this also requires an update to systemd) +- Fixed a bug where `podman run` with the `--user` flag would fail if the container image did not contain `/etc/passwd` or `/etc/group` + +### Misc +- `podman rm`, `podman restart`, `podman kill`, `podman pause`, and `podman unpause` now operate in parallel, greatly improving speed when multiple containers are specified +- `podman create`, `podman run`, and `podman ps` have a number of improvements which should greatly increase their speed +- Greatly improved performance and reduced memory utilization of container status checks, which should improve the speed of most Podman commands +- Improve ability of `podman runlabel` to run commands that are not Podman +- Podman containers with an IP address now add their hostnames to `/etc/hosts` +- Changed default location of temporary libpod files in rootless Podman +- Updated the default Podman seccomp profile + +### Compatability +Several paths related to rootless Podman had their default values changed in this release. +If paths were not hardcoded in libpod.conf, your system may lose track of running containers and believe they are newly-created. + ## 0.10.1.3 ### Bugfixes - Fixed a bug where `podman build` would not work while any containers were running diff --git a/changelog.txt b/changelog.txt index ace41f1d9..9aaec0e74 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,104 @@ +- Changelog for v0.11.1 (2018-11-08) + * Update release notes for 0.11.1 + * update seccomp.json + * Touch up --log* options and daemons in man pages + * Fix run --hostname test that started failing post-merge + * move defer'd function declaration ahead of prepare error return + * Don't fail if /etc/passwd or /etc/group does not exists + * Print error status code if we fail to parse it + * Properly set Running state when starting containers + * Fix misspelling + * Retrieve container PID from conmon + * If a container ceases to exist in runc, set exit status + * EXPERIMENTAL: Do not call out to runc for sync + * Actually save changes from post-stop sync + * rootless: mount /sys/fs/cgroup/systemd from the host + * rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode + * Add hostname to /etc/hosts + * Temporarily fix the Python tests to fix some PRs + * Remove conmon cgroup before pod cgroup for cgroupfs + * Fix cleanup for "Pause a bunch of running containers" + * --interactive shall keep STDIN attached even when not explicitly called out + * Do never override podman with docker + * Make kill, pause, and unpause parallel. + * Fix long image name handling + * Make restart parallel and add --all + * Add ChangeAction to parse sub-options from --change + * replace quay.io/baude to quay.io/libpod + * Change humanize to use MB vs MiB. + * allow ppc64le to pass libpod integration tests + * Cirrus-CI: Add option to run system-tests + * Cirrus: Skip rebuilding images unless instructed + * Cirrus: Disable image build job abort on push + * Cirrus: Add a readme + * Ubuntu VM image build: try update twice + * Cirrus: Enable updating F28 image + * rootless: do not add an additional /run to runroot + * rootless: avoid hang on failed slirp4netns + * Fix setting of version information + * runtime: do not allow runroot longer than 50 characters + * attach: fix attach when cuid is too long + * truncate command output in ps by default + * Update the runc commit used for testing + * make various changes to ps output + * Sync default config with libpod.conf + * Use two spaces to pad PS fields + * unmount: fix error logic + * get user and group information using securejoin and runc's user library + * CONTRIBUTING.md: add section about describing changes + * Change to exported name in ParseDevice + * Vendor in latest containers/storage + * fix bug in rm -fa parallel deletes + * Ensure test container in running state + * Add tests for selinux labels + * Add --max-workers and heuristics for parallel operations + * Increase security and performance when looking up groups + * run prepare in parallel + * downgrade runc due a rootless bug + * runlabel: run any command + * Eat our own dogfood + * vendor: update containers/storage + * Add support for /usr/local installation + * create: fix writing cidfile when using rootless + * Explain the device format in man pages + * read conmon output and convert to json in two steps + * Cirrus: Use images w/ buildah fix + * Add --all and --latest to checkpoint/restore + * Use the newly added getAllOrLatestContainers() function + * Use the new checkAllAndLatest() function + * Also factor out getAllOrLatestContainers() function + * Add checkAllAndLatest() function + * Downgrade code to support python3.4 + * Allow containers/storage to handle on SELinux labeling + * Use more reliable check for rootless for firewall init + * Vendor in latest containers/storage opencontainers/selinux + * Make podman ps fast + * Support auth file environment variable in podman build + * fix environment variable parsing + * tests: use existing CRIU version check + * Use the CRIU version check in checkpoint/restore + * Add helper function to read out CRIU version + * vendor in go-criu and dependencies + * oci: cleanup process status + * Handle http/https in registry given to login/out + * re-enable f29 testing + * correct stats err with non-running containers + * Use restoreArtifacts to save time in integration tests + * Make rm faster + * Fix man page to show info on storage + * Move rootless directory handling to the libpod/pkg/util directory + * Fix podman port -l + * Fix trivial missing markup in manpage + * Cirrus: Install CRIU in test images + * Cirrus: Use different CNI_COMMIT for Fedora + * Fix Cirrus/Packer VM image building + * Revert "Cirrus: Enable debugging delay on non-zero exit" + * Cirrus: IRC message when cirrus testing successful + * cirrus: Add simple IRC messenger + * fix NOTIFY_SOCKET in e2e testfix NOTIFY_SOCKET in e2e tests + * Bump gitvalidation epoch + * Bump to v0.10.2-dev + - Changelog for v0.10.1.3 (2018-10-17) * Update release notes for 0.10.1.3 * Vendor in new new buildah/ci diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 2fa91258b..4a3efb8ff 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -106,7 +106,10 @@ ircmsg() { SCRIPT="$GOSRC/$SCRIPT_BASE/podbot.py" NICK="podbot_$CIRRUS_TASK_ID" NICK="${NICK:0:15}" # Any longer will break things + set +e $SCRIPT $NICK $1 + echo "Ignoring exit($?)" + set -e } # Run sudo in directory with GOPATH set diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index c2d8fc59d..f6ebfa148 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -39,7 +39,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 0.10.2 +Version: 0.11.2 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 152d65a59..d48df289f 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -77,7 +77,7 @@ $ sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-p ```console $ git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins $ cd $GOPATH/src/github.com/containernetworking/plugins -$ ./build.sh +$ ./build_linux.sh $ sudo mkdir -p /usr/libexec/cni $ sudo cp bin/* /usr/libexec/cni ``` diff --git a/libpod/info.go b/libpod/info.go index 4cbf3f734..5d8d160c8 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -12,6 +12,7 @@ import ( "strings" "time" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/utils" "github.com/containers/storage/pkg/system" "github.com/pkg/errors" @@ -30,6 +31,7 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) { info["os"] = runtime.GOOS info["arch"] = runtime.GOARCH info["cpus"] = runtime.NumCPU() + info["rootless"] = rootless.IsRootless() mi, err := system.ReadMemInfo() if err != nil { return nil, errors.Wrapf(err, "error reading memory info") diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 863a764e2..212485d8a 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -64,20 +64,20 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) ([]*cnitypes.Re } }() - networkStatus := make([]*cnitypes.Result, 1) + networkStatus := make([]*cnitypes.Result, 0) for idx, r := range results { logrus.Debugf("[%d] CNI result: %v", idx, r.String()) resultCurrent, err := cnitypes.GetResult(r) if err != nil { return nil, errors.Wrapf(err, "error parsing CNI plugin result %q: %v", r.String(), err) } - networkStatus = append(ctr.state.NetworkStatus, resultCurrent) + networkStatus = append(networkStatus, resultCurrent) } // Add firewall rules to ensure the container has network access. // Will not be necessary once CNI firewall plugin merges upstream. // https://github.com/containernetworking/plugins/pull/75 - for _, netStatus := range ctr.state.NetworkStatus { + for _, netStatus := range networkStatus { firewallConf := &firewall.FirewallNetConf{ PrevResult: netStatus, } diff --git a/libpod/oci_linux.go b/libpod/oci_linux.go index 0447670b3..e6b7cbe4f 100644 --- a/libpod/oci_linux.go +++ b/libpod/oci_linux.go @@ -74,7 +74,8 @@ func (r *OCIRuntime) createContainer(ctr *Container, cgroupParent string, restor defer wg.Done() runtime.LockOSThread() - fd, err := os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid())) + var fd *os.File + fd, err = os.Open(fmt.Sprintf("/proc/%d/task/%d/ns/mnt", os.Getpid(), unix.Gettid())) if err != nil { return } diff --git a/seccomp.json b/seccomp.json index 19fadb4bb..fd0681a86 100644 --- a/seccomp.json +++ b/seccomp.json @@ -322,13 +322,13 @@ "stat64", "statfs", "statfs64", + "statx", "symlink", "symlinkat", "sync", "sync_file_range", "syncfs", "sysinfo", - "syslog", "tee", "tgkill", "time", @@ -565,6 +565,7 @@ "setdomainname", "sethostname", "setns", + "syslog", "umount", "umount2", "unshare" @@ -750,6 +751,36 @@ ] }, "excludes": {} + }, + { + "names": [ + "get_mempolicy", + "mbind", + "set_mempolicy" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_NICE" + ] + }, + "excludes": {} + }, + { + "names": [ + "syslog" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYSLOG" + ] + }, + "excludes": {} } ] } diff --git a/version/version.go b/version/version.go index 0fd4e5aeb..01b9b7a8d 100644 --- a/version/version.go +++ b/version/version.go @@ -4,4 +4,4 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "0.10.2-dev" +const Version = "0.11.2-dev" |