aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xAPI.md9
-rw-r--r--Makefile20
-rw-r--r--RELEASE_NOTES.md56
-rw-r--r--changelog.txt193
-rw-r--r--cmd/podman/cliconfig/config.go2
-rw-r--r--cmd/podman/exec.go2
-rw-r--r--cmd/podman/images.go81
-rw-r--r--cmd/podman/network_create.go11
-rw-r--r--cmd/podman/varlink/io.podman.varlink5
-rw-r--r--completions/bash/podman2
-rwxr-xr-xcontrib/build_rpm.sh1
-rw-r--r--contrib/spec/podman.spec.in9
-rw-r--r--docs/source/markdown/podman-build.1.md4
-rw-r--r--docs/source/markdown/podman-create.1.md4
-rw-r--r--docs/source/markdown/podman-exec.1.md4
-rw-r--r--docs/source/markdown/podman-info.1.md27
-rw-r--r--docs/source/markdown/podman-network-create.1.md17
-rw-r--r--docs/source/markdown/podman-pod-top.1.md48
-rw-r--r--docs/source/markdown/podman-run.1.md4
-rw-r--r--docs/source/markdown/podman-top.1.md4
-rw-r--r--go.mod6
-rw-r--r--go.sum6
-rwxr-xr-xhack/systemd_tag.sh7
-rw-r--r--install.md6
-rw-r--r--libpod/config/config.go94
-rw-r--r--libpod/container_api.go7
-rw-r--r--libpod/container_internal.go40
-rw-r--r--libpod/image/filters.go (renamed from cmd/podman/imagefilters/filters.go)83
-rw-r--r--libpod/image/image.go13
-rw-r--r--libpod/oci.go6
-rw-r--r--libpod/oci_conmon_linux.go22
-rw-r--r--libpod/oci_missing.go5
-rw-r--r--libpod/runtime.go20
-rw-r--r--pkg/adapter/containers.go2
-rw-r--r--pkg/adapter/network.go51
-rw-r--r--pkg/adapter/runtime.go15
-rw-r--r--pkg/adapter/runtime_remote.go22
-rw-r--r--pkg/network/config.go16
-rw-r--r--pkg/network/netconflist.go12
-rw-r--r--pkg/registries/registries.go7
-rw-r--r--pkg/varlinkapi/images.go34
-rw-r--r--test/e2e/e2e.coverprofile11
-rw-r--r--troubleshooting.md43
-rw-r--r--vendor/github.com/containers/psgo/README.md2
-rw-r--r--vendor/github.com/containers/psgo/internal/process/process.go23
-rw-r--r--vendor/github.com/containers/psgo/psgo.go14
-rw-r--r--vendor/github.com/containers/storage/VERSION2
-rw-r--r--vendor/github.com/containers/storage/drivers/overlay/overlay.go9
-rw-r--r--vendor/github.com/containers/storage/layers.go6
-rw-r--r--vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go16
-rw-r--r--vendor/github.com/containers/storage/store.go11
-rw-r--r--vendor/github.com/uber/jaeger-client-go/CHANGELOG.md10
-rw-r--r--vendor/github.com/uber/jaeger-client-go/config/config.go34
-rw-r--r--vendor/github.com/uber/jaeger-client-go/constants.go2
-rw-r--r--vendor/github.com/uber/jaeger-client-go/sampler.go3
-rw-r--r--vendor/github.com/uber/jaeger-client-go/sampler_remote.go3
-rw-r--r--vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go48
-rw-r--r--vendor/modules.txt6
-rw-r--r--version/version.go2
59 files changed, 925 insertions, 297 deletions
diff --git a/API.md b/API.md
index 3a66db83b..695f374d8 100755
--- a/API.md
+++ b/API.md
@@ -123,6 +123,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[func ListImages() Image](#ListImages)
+[func ListImagesWithFilters(filters: []string) Image](#ListImagesWithFilters)
+
[func ListPods() ListPodData](#ListPods)
[func LoadImage(name: string, inputFile: string, quiet: bool, deleteFile: bool) MoreResponse](#LoadImage)
@@ -892,6 +894,13 @@ See also [GetContainer](#GetContainer).
method ListImages() [Image](#Image)</div>
ListImages returns information about the images that are currently in storage.
See also [InspectImage](#InspectImage).
+### <a name="ListImagesWithFilters"></a>func ListImagesWithFilters
+<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
+
+method ListImagesWithFilters(filters: [[]string](#[]string)) [Image](#Image)</div>
+ListImagesWithFilters returns information about the images that are currently in storage
+after one or more filters has been applied.
+See also [InspectImage](#InspectImage).
### <a name="ListPods"></a>func ListPods
<div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;">
diff --git a/Makefile b/Makefile
index 3f8820780..fb6e48585 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ export GOPROXY=https://proxy.golang.org
GO ?= go
DESTDIR ?=
-EPOCH_TEST_COMMIT ?= ac73fd3fe5dcbf2647d589f9c9f37fe9531ed663
+EPOCH_TEST_COMMIT ?= 11541aec80c0fc588f675decd0ce759a4e353684
HEAD ?= HEAD
CHANGELOG_BASE ?= HEAD~
CHANGELOG_TARGET ?= HEAD
@@ -45,7 +45,7 @@ endif
ifeq (,$(findstring systemd,$(BUILDTAGS)))
$(warning \
Podman is being compiled without the systemd build tag.\
- Install libsystemd for journald support)
+ Install libsystemd on Ubuntu or systemd-devel on rpm based distro for journald support)
endif
BUILDTAGS_CROSS ?= containers_image_openpgp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay
@@ -73,11 +73,12 @@ endif
LIBPOD := ${PROJECT}/libpod
GCFLAGS ?= all=-trimpath=${PWD}
ASMFLAGS ?= all=-trimpath=${PWD}
-LDFLAGS_PODMAN ?= $(LDFLAGS) \
+LDFLAGS_PODMAN ?= \
-X $(LIBPOD)/define.gitCommit=$(GIT_COMMIT) \
-X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \
-X $(LIBPOD)/config._installPrefix=$(PREFIX) \
- -X $(LIBPOD)/config._etcDir=$(ETCDIR)
+ -X $(LIBPOD)/config._etcDir=$(ETCDIR) \
+ -extldflags "$(LDFLAGS)"
#Update to LIBSECCOMP_COMMIT should reflect in Dockerfile too.
LIBSECCOMP_COMMIT := release-2.3
# Rarely if ever should integration tests take more than 50min,
@@ -158,10 +159,10 @@ gofmt: ## Verify the source code gofmt
git diff --exit-code
test/checkseccomp/checkseccomp: .gopathok $(wildcard test/checkseccomp/*.go)
- $(GO_BUILD) -ldflags '$(LDFLAGS)' -tags "$(BUILDTAGS)" -o $@ $(PROJECT)/test/checkseccomp
+ $(GO_BUILD) -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o $@ $(PROJECT)/test/checkseccomp
test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go)
- $(GO_BUILD) -ldflags '$(LDFLAGS)' -o $@ $(PROJECT)/test/goecho
+ $(GO_BUILD) -ldflags '$(LDFLAGS_PODMAN)' -o $@ $(PROJECT)/test/goecho
podman: .gopathok $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman
$(GO_BUILD) $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o bin/$@ $(PROJECT)/cmd/podman
@@ -240,6 +241,7 @@ testunit: libpodimage ## Run unittest on the built image
localunit: test/goecho/goecho varlink_generate
ginkgo \
-r \
+ $(TESTFLAGS) \
--skipPackage test/e2e,pkg/apparmor,test/endpoint \
--cover \
--covermode atomic \
@@ -247,13 +249,13 @@ localunit: test/goecho/goecho varlink_generate
--succinct
ginkgo:
- ginkgo -v -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/.
+ ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -nodes 3 -debug test/e2e/.
ginkgo-remote:
- ginkgo -v -tags "$(BUILDTAGS) remoteclient" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/.
+ ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS) remoteclient" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor test/e2e/.
endpoint:
- ginkgo -v -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/.
+ ginkgo -v $(TESTFLAGS) -tags "$(BUILDTAGS)" $(GINKGOTIMEOUT) -cover -flakeAttempts 3 -progress -trace -noColor -debug test/endpoint/.
localintegration: varlink_generate test-binaries ginkgo
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index c16be818a..c8dac9ee0 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,61 @@
# Release Notes
+## 1.7.0
+### Features
+- Added support for setting a static MAC address for containers
+- Added support for creating `macvlan` networks with `podman network create`, allowing Podman containers to be attached directly to networks the host is connected to
+- The `podman image prune` and `podman container prune` commands now support the `--filter` flag to filter what will be pruned, and now prompts for confirmation when run without `--force` ([#4410](https://github.com/containers/libpod/issues/4410) and [#4411](https://github.com/containers/libpod/issues/4411))
+- Podman now creates CGroup namespaces by default on systems using CGroups v2 ([#4363](https://github.com/containers/libpod/issues/4363))
+- Added the `podman system reset` command to remove all Podman files and perform a factory reset of the Podman installation
+- Added the `--history` flag to `podman images` to display previous names used by images ([#4566](https://github.com/containers/libpod/issues/4566))
+- Added the `--ignore` flag to `podman rm` and `podman stop` to not error when requested containers no longer exist
+- Added the `--cidfile` flag to `podman rm` and `podman stop` to read the IDs of containers to be removed or stopped from a file
+- The `podman play kube` command now honors Seccomp annotations ([#3111](https://github.com/containers/libpod/issues/3111))
+- The `podman play kube` command now honors `RunAsUser`, `RunAsGroup`, and `selinuxOptions`
+- The output format of the `podman version` command has been changed to better match `docker version` when using the `--format` flag
+- Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled ([#4591](https://github.com/containers/libpod/issues/4591))
+- Added `tmpcopyup` and `notmpcopyup` options to the `--tmpfs` and `--mount type=tmpfs` flags to `podman create` and `podman run` to control whether the content of directories are copied into tmpfs filesystems mounted over them
+- Added support for disabling detaching from containers by setting empty detach keys via `--detach-keys=""`
+- The `podman build` command now supports the `--pull` and `--pull-never` flags to control when images are pulled during a build
+
+### Bugfixes
+- Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly
+- Fixed a bug where the `--change` flag to `podman import` and `podman commit` was not being parsed properly in many cases
+- Fixed a bug where detach keys specified in `libpod.conf` were not used by the `podman attach` and `podman exec` commands, which always used the global default `ctrl-p,ctrl-q` key combination ([#4556](https://github.com/containers/libpod/issues/4556))
+- Fixed a bug where rootless Podman was not able to run `podman pod stats` even on CGroups v2 enabled systems ([#4634](https://github.com/containers/libpod/issues/4634))
+- Fixed a bug where rootless Podman would fail on kernels without the `renameat2` syscall ([#4570](https://github.com/containers/libpod/issues/4570))
+- Fixed a bug where containers with chained network namespace dependencies (IE, container A using `--net container=B` and container B using `--net container=C`) would not properly mount `/etc/hosts` and `/etc/resolv.conf` into the container ([#4626](https://github.com/containers/libpod/issues/4626))
+- Fixed a bug where `podman run` with the `--rm` flag and without `-d` could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited
+- Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume ([#4605](https://github.com/containers/libpod/issues/4605) and [#4621](https://github.com/containers/libpod/issues/4621))
+- Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the `podman rm --storage` command to complete removal ([#3906](https://github.com/containers/libpod/issues/3906))
+- Fixed a bug where checkpointing containers started with `--rm` was allowed when `--export` was not specified (the container, and checkpoint, would be removed after checkpointing was complete by `--rm`) ([#3774](https://github.com/containers/libpod/issues/3774))
+- Fixed a bug where the `podman pod prune` command would fail if containers were present in the pods and the `--force` flag was not passed ([#4346](https://github.com/containers/libpod/issues/4346))
+- Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network ([#4500](https://github.com/containers/libpod/issues/4500))
+- Fixed a bug where `podman system renumber` would always throw an error if a container was mounted when it was run
+- Fixed a bug where `podman container restore` would fail with containers using a user namespace
+- Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed
+- Fixed a bug where `podman history` would sometimes not properly identify the IDs of layers in an image ([#3359](https://github.com/containers/libpod/issues/3359))
+- Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used
+- Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container
+- Fixed a bug where containers in pods did not function properly with the Kata OCI runtime ([#4353](https://github.com/containers/libpod/issues/4353))
+- Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output ([#4391](https://github.com/containers/libpod/issues/4391))
+- Fixed a bug where Podman would not verify if files passed to `--authfile` existed ([#4328](https://github.com/containers/libpod/issues/4328))
+- Fixed a bug where `podman images --digest` would not always print digests when they were available
+- Fixed a bug where rootless `podman run` could hang due to a race with reading and writing events
+- Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so ([#4456](https://github.com/containers/libpod/issues/4456))
+- Fixed a bug where `podman pull` would attempt to fetch from remote registries when pulling an unqualified image using the `docker-daemon` transport ([#4434](https://github.com/containers/libpod/issues/4434))
+- Fixed a bug where `podman cp` would not work if STDIN was a pipe
+- Fixed a bug where `podman exec` could stop accepting input if anything was typed between the command being run and the exec session starting ([#4397](https://github.com/containers/libpod/issues/4397))
+- Fixed a bug where `podman logs --tail 0` would print all lines of a container's logs, instead of no lines ([#4396](https://github.com/containers/libpod/issues/4396))
+- Fixed a bug where the timeout for `slirp4netns` was incorrectly set, resulting in an extremely long timeout ([#4344](https://github.com/containers/libpod/issues/4344))
+- Fixed a bug where the `podman stats` command would print CPU utilizations figures incorrectly ([#4409](https://github.com/containers/libpod/issues/4409))
+
+### Misc
+- The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running
+- Updated vendored Buildah to v1.11.6
+- Updated vendored containers/storage library to v1.15.3
+- Kata Containers runtimes (`kata-runtime`, `kata-qemu`, and `kata-fc`) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system
+
## 1.6.3
### Features
- Handling of the `libpod.conf` configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
diff --git a/changelog.txt b/changelog.txt
index 615e2a135..a19c23934 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,196 @@
+- Changelog for v1.7.0-rc1 (2019-12-11)
+ * Update release notes for 1.7.0
+ * docs: update podman-{pod-,}top man pages
+ * build(deps): bump github.com/containers/psgo from 1.3.2 to 1.4.0
+ * Update containers/storage to v1.15.3
+ * move image filters under libpod/images
+ * Re-add Fedora 31 migration code.
+ * macvlan networks
+ * Return empty runtime directory if we're not rootless
+ * build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2
+ * Use terminal detach keys sequence specified in the config file
+ * Add ONBUILD support to --change
+ * Move Commit() to new parsing for --change
+ * test for #3920 (improper caching of tarballs in build)
+ * Enable multi-platform rpm building
+ * Completely rework --change parsing
+ * Avoid git warnings by using detach on checkout
+ * Improve hack/get_release_info.sh
+ * Bump Buildah to v1.11.6
+ * rootless: enable stats test on cgroup v2
+ * Improve dnf tests inside build_rpm.sh
+ * libpod: fix stats for rootless pods
+ * rootless: add fallback for renameat2 at runtime
+ * Attempt to install go-md2man only if missing
+ * Quick grammar touchup in rootless.md
+ * Allow chained network namespace containers
+ * Ensure volumes reacquire locks on state refresh
+ * Ignore ErrCtrRemoved when removing a container
+ * Add comment on rootless containers creating device nodes
+ * Updates on making doc building and debug optional
+ * troubleshooting: warn about secure boot
+ * libpod: fix case for executable file not found errors
+ * build: improved main makefile
+ * build: improved prepare.sh
+ * Fix podman-remote version to print client and server
+ * man page updated with examples of filter option
+ * install.md: added slirp4netns dependency to ubuntu
+ * Add podman system reset command
+ * fix commands.go to get links from correct directory
+ * Do not initialize store on rootless podman
+ * filter added to container prune command
+ * Disable checkpointing of containers started with --rm
+ * Make doc building in spec optional
+ * Donot install btrfs in RHEL/CentOS-8
+ * oci: print only matching part for the errors
+ * command output fixed as per docker equivalent
+ * Detect Python executable in Makefile
+ * Improved build_rpm.sh
+ * Add support for image name history
+ * Remove containers when pruning a stopped pod.
+ * Allow --ip and --mac to be set when joining a CNI net
+ * Document other bind options on --volumes flag
+ * podman {pod,} rm/stop: add --ignore flag
+ * Discard errors from Shutdown in `system renumber`
+ * e2e/prune: run two top containers
+ * build(deps): bump github.com/containers/storage from 1.13.5 to 1.14.0
+ * build(deps): bump gopkg.in/yaml.v2 from 2.2.5 to 2.2.7
+ * build(deps): bump github.com/pkg/profile from 1.3.0 to 1.4.0
+ * document updated for filter and until options
+ * filter added to image pruge command.
+ * config: use EventsLogger=file without systemd
+ * Error on netns not exist only when ctr is running
+ * Add ContainerStateRemoving
+ * play kube: handle seccomp labels
+ * podman rm/stop --cidfile
+ * container-restore: Fix restore with user namespace
+ * Add new test suite for build
+ * Also delete winsz fifo
+ * use pause image for check all
+ * timestamp related functions added
+ * Bump to Buildah v1.11.5
+ * container create: os/arch check
+ * history: rewrite mappings
+ * codespell: spelling corrections
+ * Cirrus: Use branch-specific container tags
+ * warning added before image prune command
+ * create a separate install target for seccomp
+ * Add annotations in play kube
+ * Add pod annotations to container
+ * Add missing information to podman.1 man page
+ * Add support for make vendor-in-container
+ * Split up create config handling of namespaces and security
+ * test: add tests for --mac-address
+ * mount: add new options nocopyup|copyup for tmpfs
+ * Bump github.com/uber/jaeger-client-go
+ * libpod/config: default: use `crun` on Cgroups v2
+ * podman images --digest: always list a digest
+ * events: make sure the write channel is always closed
+ * Add support for RunAsUser and RunAsGroup
+ * cni: enable tuning plugin
+ * podman: add support for specifying MAC
+ * vendor: updated ocicni for MAC address
+ * Makefile: add vendor-in-container
+ * rootless: provide workaround for missing renameat2
+ * rootless: use SYS_renameat2 instead of __NR_renameat2
+ * Add Kata Containers runtimes to libpod.conf
+ * help message: don't parse the config for cgroup-manager default
+ * fix bug check nonexist authfile
+ * Allow users to disable detach keys
+ * namespaces: by default create cgroupns on cgroups v2
+ * Update installation - Ubuntu. [skip ci]
+ * pulling unqualified reference: make sure it's a docker reference
+ * Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.5
+ * Set SELinux labels based on the security context in the kube.yaml
+ * Add links to readthedocs on docs/readme
+ * Bump development version to 1.6.4-dev
+ * Bump version in README to v1.6.3
+ * Add release notes for v1.6.3
+ * slirp4netns: fix timeout
+ * docs: Update "podman container rm -v" description
+ * logo: correct light source reflection
+ * stats: fix calculation for the CPU time
+ * [docs] Ensure we include section 5 documentation
+ * [Makefile] Fix docker documentation install and generation
+ * Fixed the JSON go template format for the 'info' action
+ * runtime: Fix typo
+ * Update link to Commands documentation
+ * cgroups: read correctly the CPU stats
+ * [CI:DOCS] make docs only prs
+ * Update rootless shortcomings with cgroup V2 information
+ * Bump github.com/onsi/gomega from 1.7.0 to 1.7.1
+ * Validate contextdir on build
+ * Vendor in latest containers/buildah
+ * Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.3
+ * Refactor test to prevent panic
+ * logs: support --tail 0
+ * Update document formatting and packaging code
+ * Restructure documentation dir
+ * add libpod/config
+ * Switch to bufio Reader for exec streams
+ * container start: fix regression when using name
+ * Fix selinux test for exec
+ * Cirrus: Disable F29 testing
+ * Wait for `mount` command to finish when mounting volume
+ * Cirrus: Fix upload_release_archive on branch or tag
+ * Fix cp from pipe
+ * libpod, rootless: create cgroup for conmon
+ * Bump github.com/json-iterator/go from 1.1.7 to 1.1.8
+ * seccomp: use github.com/seccomp/containers-golang
+ * build: drop support for ostree
+ * stale action: add exempt-issue-label
+ * Processes execed into container should match container label
+ * Set default seccomp.json file for podman play kube
+ * images: distinguish between tags and digests
+ * API: report multiple digests for images
+ * pull/create: add --override-arch/--override-os flags
+ * image: don't get confused by lists
+ * Add e2e tests for manifest list support
+ * bump containers/image to v5.0.0, buildah to v1.11.4
+ * goland autocorrections
+ * Makefile: fix embedding gitCommit
+ * Cirrus: Fix minor python deprecation warning
+ * Cirrus: Only upload tagged releases
+ * Fix spelling mistakes
+ * libpod: if slirp4netns fails, return its output
+ * update conmon to v2.0.2 in in_podman image
+ * bump cirrus images
+ * require conmon v2.0.1
+ * require conmon v2.0.0
+ * GitHub stale action
+ * enable dnsplugin for network create
+ * Add ensureState helper for checking container state
+ * Cleanup man pages
+ * Log warn instead of error for removing nonexistant container
+ * systemd: mask /sys/fs/cgroup/systemd/release_agent
+ * Add multiple networks explanation to docs
+ * rootless: raise an error with --network=
+ * Initial dump of man pages and first menus
+ * Return a better error for volume name conflicts
+ * Add documentation on options to volume create manpage
+ * Image volumes should not be mounted noexec
+ * stats: list all running containers unless specified otherwise
+ * rootless: detect no system session with --cgroup-manager=systemd
+ * add pip requirements file for rtd
+ * Initial checking for readthedocs
+ * Fix sig-proxy=false test and use image cache
+ * Add parsing for UID, GID in volume "o" option
+ * exec: remove unused var
+ * Rewrite backend for remote 'volume inspect'
+ * rootless: write storage overrides to the conf file
+ * Markdown Formatting Fixes
+ * Show volume options in 'volume inspect'
+ * System tests: make sure exec pid hash w/o leaking
+ * Bump gitvalidation epoch
+ * Bump to v1.6.3-dev
+ * check existing bridge names when creating networks
+ * Add support for anonymous volumes to `podman run -v`
+ * troubleshooting.md: document lingering mode
+ * rootless: do not enable lingering mode
+ * Add ability to redirect bash for run -i
+ * play kube: Container->Ctr
+ * play kube: refactor test suite
+
- Changelog for v1.6.2 (2019-10-17)
* Finalize release notes for v1.6.2
* rootless: drop dependency on docker
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go
index c15ce8829..e81756808 100644
--- a/cmd/podman/cliconfig/config.go
+++ b/cmd/podman/cliconfig/config.go
@@ -128,6 +128,7 @@ type ExecValues struct {
PodmanCommand
DetachKeys string
Env []string
+ EnvFile []string
Privileged bool
Interactive bool
Tty bool
@@ -278,6 +279,7 @@ type NetworkCreateValues struct {
IPRange net.IPNet
IPV6 bool
Network net.IPNet
+ MacVLAN string
}
type NetworkListValues struct {
diff --git a/cmd/podman/exec.go b/cmd/podman/exec.go
index 8dcec24ce..6e5799396 100644
--- a/cmd/podman/exec.go
+++ b/cmd/podman/exec.go
@@ -40,6 +40,7 @@ func init() {
// priority
execCommand.DetachKeys = ""
flags.StringArrayVarP(&execCommand.Env, "env", "e", []string{}, "Set environment variables")
+ flags.StringSliceVar(&execCommand.EnvFile, "env-file", []string{}, "Read in a file of environment variables")
flags.BoolVarP(&execCommand.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
flags.BoolVarP(&execCommand.Latest, "latest", "l", false, "Act on the latest container podman is aware of")
flags.BoolVar(&execCommand.Privileged, "privileged", false, "Give the process extended Linux capabilities inside the container. The default is false")
@@ -48,6 +49,7 @@ func init() {
flags.IntVar(&execCommand.PreserveFDs, "preserve-fds", 0, "Pass N additional file descriptors to the container")
flags.StringVarP(&execCommand.Workdir, "workdir", "w", "", "Working directory inside the container")
+ markFlagHiddenForRemoteClient("env-file", flags)
markFlagHiddenForRemoteClient("latest", flags)
markFlagHiddenForRemoteClient("preserve-fds", flags)
}
diff --git a/cmd/podman/images.go b/cmd/podman/images.go
index 6b16272f4..e42546a55 100644
--- a/cmd/podman/images.go
+++ b/cmd/podman/images.go
@@ -5,14 +5,12 @@ import (
"fmt"
"reflect"
"sort"
- "strconv"
"strings"
"time"
"unicode"
"github.com/containers/buildah/pkg/formats"
"github.com/containers/libpod/cmd/podman/cliconfig"
- "github.com/containers/libpod/cmd/podman/imagefilters"
"github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/adapter"
"github.com/docker/go-units"
@@ -138,10 +136,10 @@ func init() {
func imagesCmd(c *cliconfig.ImagesValues) error {
var (
- filterFuncs []imagefilters.ResultFilter
- image string
+ image string
)
+ ctx := getContext()
runtime, err := adapter.GetRuntime(getContext(), &c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "Could not get runtime")
@@ -156,15 +154,9 @@ func imagesCmd(c *cliconfig.ImagesValues) error {
if len(c.Filter) > 0 && image != "" {
return errors.New("can not specify an image and a filter")
}
- ctx := getContext()
-
- if len(c.Filter) > 0 {
- filterFuncs, err = CreateFilterFuncs(ctx, runtime, c.Filter, nil)
- } else {
- filterFuncs, err = CreateFilterFuncs(ctx, runtime, []string{fmt.Sprintf("reference=%s", image)}, nil)
- }
- if err != nil {
- return err
+ filters := c.Filter
+ if len(filters) < 1 {
+ filters = append(filters, fmt.Sprintf("reference=%s", image))
}
opts := imagesOptions{
@@ -179,26 +171,17 @@ func imagesCmd(c *cliconfig.ImagesValues) error {
}
opts.outputformat = opts.setOutputFormat()
- images, err := runtime.GetImages()
+ filteredImages, err := runtime.GetFilteredImages(filters, false)
if err != nil {
return errors.Wrapf(err, "unable to get images")
}
- for _, image := range images {
+ for _, image := range filteredImages {
if image.IsReadOnly() {
opts.outputformat += "{{.ReadOnly}}\t"
break
}
}
-
- var filteredImages []*adapter.ContainerImage
- //filter the images
- if len(c.Filter) > 0 || len(c.InputArgs) == 1 {
- filteredImages = imagefilters.FilterImages(images, filterFuncs)
- } else {
- filteredImages = images
- }
-
return generateImagesOutput(ctx, filteredImages, opts)
}
@@ -392,53 +375,3 @@ func GenImageOutputMap() map[string]string {
}
return values
}
-
-// CreateFilterFuncs returns an array of filter functions based on the user inputs
-// and is later used to filter images for output
-func CreateFilterFuncs(ctx context.Context, r *adapter.LocalRuntime, filters []string, img *adapter.ContainerImage) ([]imagefilters.ResultFilter, error) {
- var filterFuncs []imagefilters.ResultFilter
- for _, filter := range filters {
- splitFilter := strings.Split(filter, "=")
- if len(splitFilter) < 2 {
- return nil, errors.Errorf("invalid filter syntax %s", filter)
- }
- switch splitFilter[0] {
- case "before":
- before, err := r.NewImageFromLocal(splitFilter[1])
- if err != nil {
- return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1])
- }
- filterFuncs = append(filterFuncs, imagefilters.CreatedBeforeFilter(before.Created()))
- case "after":
- after, err := r.NewImageFromLocal(splitFilter[1])
- if err != nil {
- return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1])
- }
- filterFuncs = append(filterFuncs, imagefilters.CreatedAfterFilter(after.Created()))
- case "readonly":
- readonly, err := strconv.ParseBool(splitFilter[1])
- if err != nil {
- return nil, errors.Wrapf(err, "invalid filter readonly=%s", splitFilter[1])
- }
- filterFuncs = append(filterFuncs, imagefilters.ReadOnlyFilter(readonly))
- case "dangling":
- danglingImages, err := strconv.ParseBool(splitFilter[1])
- if err != nil {
- return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1])
- }
- filterFuncs = append(filterFuncs, imagefilters.DanglingFilter(danglingImages))
- case "label":
- labelFilter := strings.Join(splitFilter[1:], "=")
- filterFuncs = append(filterFuncs, imagefilters.LabelFilter(ctx, labelFilter))
- case "reference":
- referenceFilter := strings.Join(splitFilter[1:], "=")
- filterFuncs = append(filterFuncs, imagefilters.ReferenceFilter(ctx, referenceFilter))
- default:
- return nil, errors.Errorf("invalid filter %s ", splitFilter[0])
- }
- }
- if img != nil {
- filterFuncs = append(filterFuncs, imagefilters.OutputImageFilter(img))
- }
- return filterFuncs, nil
-}
diff --git a/cmd/podman/network_create.go b/cmd/podman/network_create.go
index 6710883ae..886607885 100644
--- a/cmd/podman/network_create.go
+++ b/cmd/podman/network_create.go
@@ -41,6 +41,7 @@ func init() {
flags.IPVar(&networkCreateCommand.Gateway, "gateway", nil, "IPv4 or IPv6 gateway for the subnet")
flags.BoolVar(&networkCreateCommand.Internal, "internal", false, "restrict external access from this network")
flags.IPNetVar(&networkCreateCommand.IPRange, "ip-range", net.IPNet{}, "allocate container IP from range")
+ flags.StringVar(&networkCreateCommand.MacVLAN, "macvlan", "", "create a Macvlan connection based on this device")
// TODO not supported yet
//flags.StringVar(&networkCreateCommand.IPamDriver, "ipam-driver", "", "IP Address Management Driver")
// TODO enable when IPv6 is working
@@ -50,6 +51,10 @@ func init() {
}
func networkcreateCmd(c *cliconfig.NetworkCreateValues) error {
+ var (
+ fileName string
+ err error
+ )
if err := network.IsSupportedDriver(c.Driver); err != nil {
return err
}
@@ -66,7 +71,11 @@ func networkcreateCmd(c *cliconfig.NetworkCreateValues) error {
if err != nil {
return err
}
- fileName, err := runtime.NetworkCreate(c)
+ if len(c.MacVLAN) > 0 {
+ fileName, err = runtime.NetworkCreateMacVLAN(c)
+ } else {
+ fileName, err = runtime.NetworkCreateBridge(c)
+ }
if err == nil {
fmt.Println(fileName)
}
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index a3fd27ed6..2251050c3 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -784,6 +784,11 @@ method DeleteStoppedContainers() -> (containers: []string)
# See also [InspectImage](#InspectImage).
method ListImages() -> (images: []Image)
+# ListImagesWithFilters returns information about the images that are currently in storage
+# after one or more filters has been applied.
+# See also [InspectImage](#InspectImage).
+method ListImagesWithFilters(filters: []string) -> (images: []Image)
+
# GetImage returns information about a single image in storage.
# If the image caGetImage returns be found, [ImageNotFound](#ImageNotFound) will be returned.
method GetImage(id: string) -> (image: Image)
diff --git a/completions/bash/podman b/completions/bash/podman
index 18e2460ec..40be0018b 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -980,6 +980,7 @@ _podman_network_create() {
--driver
--gateway
--ip-range
+ --macvlan
--subnet
"
local boolean_options="
@@ -1358,6 +1359,7 @@ _podman_exec() {
--detach-keys
-e
--env
+ --env-file
--user
-u
--workdir
diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh
index e41763fa7..088d8b7a5 100755
--- a/contrib/build_rpm.sh
+++ b/contrib/build_rpm.sh
@@ -26,6 +26,7 @@ declare -a PKGS=(device-mapper-devel \
make \
rpm-build \
go-compilers-golang-compiler \
+ systemd-devel \
)
if [[ $pkg_manager == *dnf ]]; then
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 4a3704811..9676a3fb4 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -22,6 +22,9 @@
%define gobuild(o:) go build -tags="$BUILDTAGS" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n')" -a -v -x %{?**};
#% endif
+# libpod hack directory
+%define hackdir %{_builddir}/%{repo}-%{shortcommit0}
+
%global provider github
%global provider_tld com
%global project containers
@@ -40,7 +43,7 @@
%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7})
Name: podman
-Version: 1.6.4
+Version: 1.7.0
Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
Summary: Manage Pods, Containers and Container Images
License: ASL 2.0
@@ -384,7 +387,7 @@ ln -s ../../../../ src/%{import_path}
popd
ln -s vendor src
export GOPATH=$(pwd)/_build:$(pwd):$(pwd):%{gopath}
-export BUILDTAGS="varlink selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) exclude_graphdriver_devicemapper"
+export BUILDTAGS="varlink selinux seccomp $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh) $(%{hackdir}/hack/libdm_tag.sh) exclude_graphdriver_devicemapper"
GOPATH=$GOPATH go generate ./cmd/podman/varlink/...
@@ -402,7 +405,7 @@ mkdir -p src/%{provider}.%{provider_tld}/{containers,opencontainers}
ln -s $(dirs +1 -l) src/%{import_path_conmon}
popd
-export BUILDTAGS="selinux seccomp $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
+export BUILDTAGS="selinux seccomp $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh)"
BUILDTAGS=$BUILDTAGS make
popd
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 6c8f239a6..fac8296ad 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -176,6 +176,10 @@ value can be entered. The password is entered without echo.
Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
+Note: if the user only has access rights via a group then accessing the device
+from inside a rootless container will fail. The `crun` runtime offers a
+workaround for this by adding the option `--annotation io.crun.keep_original_groups=1`.
+
**--disable-compression, -D**
Don't compress filesystem layers when building the image unless it is required
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 82d2e8f6a..85aa81553 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -204,6 +204,10 @@ Specify the key sequence for detaching a container. Format is a single character
Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
+Note: if the user only has access rights via a group then accessing the device
+from inside a rootless container will fail. The `crun` runtime offers a
+workaround for this by adding the option `--annotation io.crun.keep_original_groups=1`.
+
**--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
diff --git a/docs/source/markdown/podman-exec.1.md b/docs/source/markdown/podman-exec.1.md
index 9624425dc..d46427c91 100644
--- a/docs/source/markdown/podman-exec.1.md
+++ b/docs/source/markdown/podman-exec.1.md
@@ -22,6 +22,10 @@ Specify the key sequence for detaching a container. Format is a single character
You may specify arbitrary environment variables that are available for the
command to be executed.
+**--env-file**=*file*
+
+Read in a line delimited file of environment variables.
+
**--interactive**, **-i**=*true|false*
When set to true, keep stdin open even if not attached. The default is *false*.
diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md
index 9721755ef..b539f1d3c 100644
--- a/docs/source/markdown/podman-info.1.md
+++ b/docs/source/markdown/podman-info.1.md
@@ -53,13 +53,26 @@ host:
os: linux
uptime: 218h 49m 33.66s (Approximately 9.08 days)
registries:
- blocked: null
- insecure: null
- search:
- - quay.io
- - registry.fedoraproject.org
- - docker.io
- - registry.redhat.io
+ docker.io:
+ Blocked: true
+ Insecure: true
+ Location: docker.io
+ MirrorByDigestOnly: false
+ Mirrors:
+ - Insecure: true
+ Location: example2.io/example/ubi8-minimal
+ Prefix: docker.io
+ redhat.com:
+ Blocked: false
+ Insecure: false
+ Location: registry.access.redhat.com/ubi8
+ MirrorByDigestOnly: true
+ Mirrors:
+ - Insecure: false
+ Location: example.io/example/ubi8-minimal
+ - Insecure: true
+ Location: example3.io/example/ubi8-minimal
+ Prefix: redhat.com
store:
ConfigFile: /etc/containers/storage.conf
ContainerStore:
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index c281d50d9..2eca93adb 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -7,8 +7,10 @@ podman\-network-create - Create a Podman CNI network
**podman network create** [*options*] name
## DESCRIPTION
-Create a CNI-network configuration for use with Podman. At the time of this writing, the only network
-type that can be created is a *bridge* network.
+Create a CNI-network configuration for use with Podman. By default, Podman creates a bridge connection. A
+*Macvlan* connection can be created with the *macvlan* option. In the case of *Macvlan* connections, the
+CNI *dhcp* plugin needs to be activated or the container image must have a DHCP client to interact
+with the host network's DHCP server.
If no options are provided, Podman will assign a free subnet and name for your network.
@@ -38,6 +40,11 @@ Restrict external access of this network
Allocate container IP from a range. The range must be a complete subnet and in CIDR notation. The *ip-range* option
must be used with a *subnet* option.
+**--macvlan**
+
+Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the
+Macvlan connection.
+
**--subnet**
The subnet in CIDR notation.
@@ -68,6 +75,12 @@ Create a network that uses a *192.168.55.0/24** subnet and has an IP address ran
/etc/cni/net.d/cni-podman-5.conflist
```
+Create a Macvlan based network using the host interface eth0
+```
+# podman network create --macvlan eth0 newnet
+/etc/cni/net.d/newnet.conflist
+```
+
## SEE ALSO
podman(1), podman-network(1), podman-network-inspect(1)
diff --git a/docs/source/markdown/podman-pod-top.1.md b/docs/source/markdown/podman-pod-top.1.md
index 48f10055a..6a1fa8c42 100644
--- a/docs/source/markdown/podman-pod-top.1.md
+++ b/docs/source/markdown/podman-pod-top.1.md
@@ -23,53 +23,11 @@ The latest option is not supported on the remote client.
## FORMAT DESCRIPTORS
-The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1):
-
-**args**, **capbnd**, **capeff**, **capinh**, **capprm**, **comm**, **etime**, **group**, **hgroup**, **hpid**, **huser**, **label**, **nice**, **pcpu**, **pgid**, **pid**, **ppid**, **rgroup**, **ruser**, **seccomp**, **state**, **time**, **tty**, **user**, **vsz**
-
-**capbnd**
-
- Set of bounding capabilities. See capabilities (7) for more information.
-
-**capeff**
-
- Set of effective capabilities. See capabilities (7) for more information.
-
-**capinh**
-
- Set of inheritable capabilities. See capabilities (7) for more information.
-
-**capprm**
-
- Set of permitted capabilities. See capabilities (7) for more information.
-
-**hgroup**
-
- The corresponding effective group of a container process on the host.
-
-**hpid**
-
- The corresponding host PID of a container process.
-
-**huser**
-
- The corresponding effective user of a container process on the host.
-
-**label**
-
- Current security attributes of the process.
-
-**seccomp**
-
- Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.
-
-**state**
-
- Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information.
+Please refer to podman-top(1) for a full list of available descriptors.
## EXAMPLES
-By default, `podman-top` prints data similar to `ps -ef`:
+By default, `podman-pod-top` prints data similar to `ps -ef`:
```
$ podman pod top b031293491cc
@@ -88,7 +46,7 @@ PID SECCOMP COMMAND %CPU
```
## SEE ALSO
-podman-pod(1), ps(1), seccomp(2), proc(5), capabilities(7)
+podman-pod(1), podman-top(1), ps(1), seccomp(2), proc(5), capabilities(7)
## HISTORY
August 2018, Originally compiled by Peter Hunt <pehunt@redhat.com>
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index e1177cb34..e8744de35 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -210,6 +210,10 @@ Specify the key sequence for detaching a container. Format is a single character
Add a host device to the container. The format is `<device-on-host>[:<device-on-container>][:<permissions>]` (e.g. --device=/dev/sdc:/dev/xvdc:rwm)
+Note: if the user only has access rights via a group then accessing the device
+from inside a rootless container will fail. The `crun` runtime offers a
+workaround for this by adding the option `--annotation io.crun.keep_original_groups=1`.
+
**--device-read-bps**=*path*
Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)
diff --git a/docs/source/markdown/podman-top.1.md b/docs/source/markdown/podman-top.1.md
index 1410aa651..6a04ab91a 100644
--- a/docs/source/markdown/podman-top.1.md
+++ b/docs/source/markdown/podman-top.1.md
@@ -70,6 +70,10 @@ The following descriptors are supported in addition to the AIX format descriptor
Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information.
+**stime**
+
+ Process start time (e.g, "2019-12-09 10:50:36 +0100 CET).
+
## EXAMPLES
By default, `podman-top` prints data similar to `ps -ef`:
diff --git a/go.mod b/go.mod
index 82be38291..82649bda6 100644
--- a/go.mod
+++ b/go.mod
@@ -13,8 +13,8 @@ require (
github.com/containers/buildah v1.11.6
github.com/containers/conmon v2.0.2+incompatible // indirect
github.com/containers/image/v5 v5.0.0
- github.com/containers/psgo v1.3.2
- github.com/containers/storage v1.15.2
+ github.com/containers/psgo v1.4.0
+ github.com/containers/storage v1.15.3
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
github.com/cri-o/ocicni v0.1.1-0.20190920040751-deac903fd99b
@@ -59,7 +59,7 @@ require (
github.com/stretchr/testify v1.4.0
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
github.com/uber-go/atomic v1.4.0 // indirect
- github.com/uber/jaeger-client-go v2.20.0+incompatible
+ github.com/uber/jaeger-client-go v2.20.1+incompatible
github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5 // indirect
github.com/varlink/go v0.0.0-20190502142041-0f1d566d194b
github.com/vishvananda/netlink v1.0.0
diff --git a/go.sum b/go.sum
index b166b9976..2db8cce4a 100644
--- a/go.sum
+++ b/go.sum
@@ -88,6 +88,8 @@ github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDpl
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
github.com/containers/psgo v1.3.2 h1:jYfppPih3S/j2Yi5O14AXjd8GfCx1ph9L3YsoK3adko=
github.com/containers/psgo v1.3.2/go.mod h1:ENXXLQ5E1At4K0EUsGogXBJi/C28gwqkONWeLPI9fJ8=
+github.com/containers/psgo v1.4.0 h1:D8B4fZCCZhYgc8hDyMPCiShOinmOB1TP1qe46sSC19k=
+github.com/containers/psgo v1.4.0/go.mod h1:ENXXLQ5E1At4K0EUsGogXBJi/C28gwqkONWeLPI9fJ8=
github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaBV5GA=
github.com/containers/storage v1.13.4/go.mod h1:6D8nK2sU9V7nEmAraINRs88ZEscM5C5DK+8Npp27GeA=
github.com/containers/storage v1.13.5 h1:/SUzGeOP2HDijpF7Yur21Ch6WTZC1BNeZF917CWcp5c=
@@ -98,6 +100,8 @@ github.com/containers/storage v1.15.0 h1:QNW7jJ94ccGcAbFIOSMHUAsUxvHceb71ecLye9E
github.com/containers/storage v1.15.0/go.mod h1:qGPsti/qC1xxX+xcpHfiTMT+8ThVE2Jf83wFHHqkDAY=
github.com/containers/storage v1.15.2 h1:hLgafU4tuyQk/smMkXZfHTS8FtAQsqQvfWCp4bsgjuw=
github.com/containers/storage v1.15.2/go.mod h1:v0lq/3f+cXH3Y/HiDaFYRR0zilwDve7I4W7U5xQxvF8=
+github.com/containers/storage v1.15.3 h1:+lFSQZnnKUFyUEtguIgdoQLJfWSuYz+j/wg5GxLtsN4=
+github.com/containers/storage v1.15.3/go.mod h1:v0lq/3f+cXH3Y/HiDaFYRR0zilwDve7I4W7U5xQxvF8=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-iptables v0.4.2 h1:KH0EwId05JwWIfb96gWvkiT2cbuOu8ygqUaB+yPAwIg=
@@ -462,6 +466,8 @@ github.com/uber/jaeger-client-go v2.19.0+incompatible h1:pbwbYfHUoaase0oPQOdZ1Gc
github.com/uber/jaeger-client-go v2.19.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
github.com/uber/jaeger-client-go v2.20.0+incompatible h1:ttG9wKdl2ikV/BGOtu+eb+VPp+R7jMeuM177Ihs5Fdc=
github.com/uber/jaeger-client-go v2.20.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-client-go v2.20.1+incompatible h1:HgqpYBng0n7tLJIlyT4kPCIv5XgCsF+kai1NnnrJzEU=
+github.com/uber/jaeger-client-go v2.20.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5 h1:CwmGyzHTzCqCdZJkWR0A7ucZXgrCY7spRcpvm7ci//s=
github.com/uber/jaeger-lib v0.0.0-20190122222657-d036253de8f5/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
diff --git a/hack/systemd_tag.sh b/hack/systemd_tag.sh
index c59cad559..19a7bf6a6 100755
--- a/hack/systemd_tag.sh
+++ b/hack/systemd_tag.sh
@@ -1,4 +1,7 @@
#!/usr/bin/env bash
-if pkg-config --exists libsystemd; then
- echo systemd
+cc -E - > /dev/null 2> /dev/null << EOF
+#include <systemd/sd-daemon.h>
+EOF
+if test $? -eq 0 ; then
+ echo systemd
fi
diff --git a/install.md b/install.md
index 218994587..5771fff45 100644
--- a/install.md
+++ b/install.md
@@ -149,6 +149,12 @@ sudo apt-get install \
uidmap
```
+On openSUSE Leap 15.x and Tumbleweed:
+
+```bash
+sudo zypper -n in libseccomp-devel libgpgme-devel
+```
+
On Manjaro (and maybe other Linux distributions):
Make sure that the Linux kernel supports user namespaces:
diff --git a/libpod/config/config.go b/libpod/config/config.go
index f1fa70fbc..6240bccb0 100644
--- a/libpod/config/config.go
+++ b/libpod/config/config.go
@@ -12,6 +12,7 @@ import (
"github.com/BurntSushi/toml"
"github.com/containers/libpod/libpod/define"
+ "github.com/containers/libpod/pkg/cgroups"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/util"
"github.com/containers/storage"
@@ -137,11 +138,11 @@ type Config struct {
// VolumePath is the default location that named volumes will be created
// under. This convention is followed by the default volume driver, but
// may not be by other drivers.
- VolumePath string `toml:"volume_path"`
+ VolumePath string `toml:"volume_path,omitempty"`
// ImageDefaultTransport is the default transport method used to fetch
// images.
- ImageDefaultTransport string `toml:"image_default_transport"`
+ ImageDefaultTransport string `toml:"image_default_transport,omitempty"`
// SignaturePolicyPath is the path to a signature policy to use for
// validating images. If left empty, the containers/image default signature
@@ -149,61 +150,61 @@ type Config struct {
SignaturePolicyPath string `toml:"signature_policy_path,omitempty"`
// OCIRuntime is the OCI runtime to use.
- OCIRuntime string `toml:"runtime"`
+ OCIRuntime string `toml:"runtime,omitempty"`
// OCIRuntimes are the set of configured OCI runtimes (default is runc).
- OCIRuntimes map[string][]string `toml:"runtimes"`
+ OCIRuntimes map[string][]string `toml:"runtimes,omitempty"`
// RuntimeSupportsJSON is the list of the OCI runtimes that support
// --format=json.
- RuntimeSupportsJSON []string `toml:"runtime_supports_json"`
+ RuntimeSupportsJSON []string `toml:"runtime_supports_json,omitempty"`
// RuntimeSupportsNoCgroups is a list of OCI runtimes that support
// running containers without CGroups.
- RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroups"`
+ RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroups,omitempty"`
// RuntimePath is the path to OCI runtime binary for launching containers.
// The first path pointing to a valid file will be used This is used only
// when there are no OCIRuntime/OCIRuntimes defined. It is used only to be
// backward compatible with older versions of Podman.
- RuntimePath []string `toml:"runtime_path"`
+ RuntimePath []string `toml:"runtime_path,omitempty"`
// ConmonPath is the path to the Conmon binary used for managing containers.
// The first path pointing to a valid file will be used.
- ConmonPath []string `toml:"conmon_path"`
+ ConmonPath []string `toml:"conmon_path,omitempty"`
// ConmonEnvVars are environment variables to pass to the Conmon binary
// when it is launched.
- ConmonEnvVars []string `toml:"conmon_env_vars"`
+ ConmonEnvVars []string `toml:"conmon_env_vars,omitempty"`
// CGroupManager is the CGroup Manager to use Valid values are "cgroupfs"
// and "systemd".
- CgroupManager string `toml:"cgroup_manager"`
+ CgroupManager string `toml:"cgroup_manager,omitempty"`
// InitPath is the path to the container-init binary.
- InitPath string `toml:"init_path"`
+ InitPath string `toml:"init_path,omitempty"`
// StaticDir is the path to a persistent directory to store container
// files.
- StaticDir string `toml:"static_dir"`
+ StaticDir string `toml:"static_dir,omitempty"`
// TmpDir is the path to a temporary directory to store per-boot container
// files. Must be stored in a tmpfs.
- TmpDir string `toml:"tmp_dir"`
+ TmpDir string `toml:"tmp_dir,omitempty"`
// MaxLogSize is the maximum size of container logfiles.
MaxLogSize int64 `toml:"max_log_size,omitempty"`
// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
- NoPivotRoot bool `toml:"no_pivot_root"`
+ NoPivotRoot bool `toml:"no_pivot_root,omitempty"`
// CNIConfigDir sets the directory where CNI configuration files are
// stored.
- CNIConfigDir string `toml:"cni_config_dir"`
+ CNIConfigDir string `toml:"cni_config_dir,omitempty"`
// CNIPluginDir sets a number of directories where the CNI network
// plugins can be located.
- CNIPluginDir []string `toml:"cni_plugin_dir"`
+ CNIPluginDir []string `toml:"cni_plugin_dir,omitempty"`
// CNIDefaultNetwork is the network name of the default CNI network
// to attach pods to.
@@ -213,7 +214,7 @@ type Config struct {
// configuration files. When the same filename is present in in
// multiple directories, the file in the directory listed last in
// this slice takes precedence.
- HooksDir []string `toml:"hooks_dir"`
+ HooksDir []string `toml:"hooks_dir,omitempty"`
// DefaultMountsFile is the path to the default mounts file for testing
// purposes only.
@@ -229,10 +230,10 @@ type Config struct {
// InfraImage is the image a pod infra container will use to manage
// namespaces.
- InfraImage string `toml:"infra_image"`
+ InfraImage string `toml:"infra_image,omitempty"`
// InfraCommand is the command run to start up a pod infra container.
- InfraCommand string `toml:"infra_command"`
+ InfraCommand string `toml:"infra_command,omitempty"`
// EnablePortReservation determines whether libpod will reserve ports on the
// host when they are forwarded to containers. When enabled, when ports are
@@ -241,13 +242,13 @@ type Config struct {
// programs on the host. However, this can cause significant memory usage if
// a container has many ports forwarded to it. Disabling this can save
// memory.
- EnablePortReservation bool `toml:"enable_port_reservation"`
+ EnablePortReservation bool `toml:"enable_port_reservation,omitempty"`
// EnableLabeling indicates whether libpod will support container labeling.
- EnableLabeling bool `toml:"label"`
+ EnableLabeling bool `toml:"label,omitempty"`
// NetworkCmdPath is the path to the slirp4netns binary.
- NetworkCmdPath string `toml:"network_cmd_path"`
+ NetworkCmdPath string `toml:"network_cmd_path,omitempty"`
// NumLocks is the number of locks to make available for containers and
// pods.
@@ -257,17 +258,21 @@ type Config struct {
LockType string `toml:"lock_type,omitempty"`
// EventsLogger determines where events should be logged.
- EventsLogger string `toml:"events_logger"`
+ EventsLogger string `toml:"events_logger,omitempty"`
// EventsLogFilePath is where the events log is stored.
- EventsLogFilePath string `toml:"events_logfile_path"`
+ EventsLogFilePath string `toml:"events_logfile_path,omitempty"`
//DetachKeys is the sequence of keys used to detach a container.
- DetachKeys string `toml:"detach_keys"`
+ DetachKeys string `toml:"detach_keys,omitempty"`
// SDNotify tells Libpod to allow containers to notify the host systemd of
// readiness using the SD_NOTIFY mechanism.
- SDNotify bool
+ SDNotify bool `toml:",omitempty"`
+
+ // CgroupCheck indicates the configuration has been rewritten after an
+ // upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2.
+ CgroupCheck bool `toml:"cgroup_check,omitempty"`
}
// DBConfig is a set of Libpod runtime configuration settings that are saved in
@@ -449,11 +454,21 @@ func NewConfig(userConfigPath string) (*Config, error) {
if configs, err := systemConfigs(); err != nil {
return nil, errors.Wrapf(err, "error finding config on system")
} else {
+ migrated := false
for _, path := range configs {
systemConfig, err := readConfigFromFile(path)
if err != nil {
return nil, errors.Wrapf(err, "error reading system config %q", path)
}
+ // Handle CGroups v2 configuration migration.
+ // Migrate only the first config, and do it before
+ // merging.
+ if !migrated {
+ if err := cgroupV2Check(path, systemConfig); err != nil {
+ return nil, errors.Wrapf(err, "error rewriting configuration file %s", userConfigPath)
+ }
+ migrated = true
+ }
// Merge the it into the config. Any unset field in config will be
// over-written by the systemConfig.
if err := config.mergeConfig(systemConfig); err != nil {
@@ -550,3 +565,30 @@ func (c *Config) checkCgroupsAndLogger() {
c.EventsLogger = "file"
}
}
+
+// Since runc does not currently support cgroupV2
+// Change to default crun on first running of libpod.conf
+// TODO Once runc has support for cgroups, this function should be removed.
+func cgroupV2Check(configPath string, tmpConfig *Config) error {
+ if !tmpConfig.CgroupCheck && rootless.IsRootless() {
+ logrus.Debugf("Rewriting %s for CGroup v2 upgrade", configPath)
+ cgroupsV2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return err
+ }
+ if cgroupsV2 {
+ path, err := exec.LookPath("crun")
+ if err != nil {
+ logrus.Warnf("Can not find crun package on the host, containers might fail to run on cgroup V2 systems without crun: %q", err)
+ // Can't find crun path so do nothing
+ return nil
+ }
+ tmpConfig.CgroupCheck = true
+ tmpConfig.OCIRuntime = path
+ if err := tmpConfig.Write(configPath); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
diff --git a/libpod/container_api.go b/libpod/container_api.go
index 153a1d628..5168dbc68 100644
--- a/libpod/container_api.go
+++ b/libpod/container_api.go
@@ -594,7 +594,12 @@ func (c *Container) Cleanup(ctx context.Context) error {
// If we didn't restart, we perform a normal cleanup
- // Check if we have active exec sessions
+ // Reap exec sessions first.
+ if err := c.reapExecSessions(); err != nil {
+ return err
+ }
+
+ // Check if we have active exec sessions after reaping.
if len(c.state.ExecSessions) != 0 {
return errors.Wrapf(define.ErrCtrStateInvalid, "container %s has active exec sessions, refusing to clean up", c.ID())
}
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 1e8a8a580..37801162a 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1749,6 +1749,11 @@ func (c *Container) checkReadyForRemoval() error {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot remove container %s as it is %s - running or paused containers cannot be removed without force", c.ID(), c.state.State.String())
}
+ // Reap exec sessions
+ if err := c.reapExecSessions(); err != nil {
+ return err
+ }
+
if len(c.state.ExecSessions) != 0 {
return errors.Wrapf(define.ErrCtrStateInvalid, "cannot remove container %s as it has active exec sessions", c.ID())
}
@@ -1855,3 +1860,38 @@ func (c *Container) checkExitFile() error {
// Read the exit file to get our stopped time and exit code.
return c.handleExitFile(exitFile, info)
}
+
+// Reap dead exec sessions
+func (c *Container) reapExecSessions() error {
+ // Instead of saving once per iteration, use a defer to do it once at
+ // the end.
+ var lastErr error
+ needSave := false
+ for id := range c.state.ExecSessions {
+ alive, err := c.ociRuntime.ExecUpdateStatus(c, id)
+ if err != nil {
+ if lastErr != nil {
+ logrus.Errorf("Error reaping exec sessions for container %s: %v", c.ID(), lastErr)
+ }
+ lastErr = err
+ continue
+ }
+ if !alive {
+ // Clean up lingering files and remove the exec session
+ if err := c.ociRuntime.ExecContainerCleanup(c, id); err != nil {
+ return errors.Wrapf(err, "error cleaning up container %s exec session %s files", c.ID(), id)
+ }
+ delete(c.state.ExecSessions, id)
+ needSave = true
+ }
+ }
+ if needSave {
+ if err := c.save(); err != nil {
+ if lastErr != nil {
+ logrus.Errorf("Error reaping exec sessions for container %s: %v", c.ID(), lastErr)
+ }
+ lastErr = err
+ }
+ }
+ return lastErr
+}
diff --git a/cmd/podman/imagefilters/filters.go b/libpod/image/filters.go
index 0b08314ce..d545f1bfc 100644
--- a/cmd/podman/imagefilters/filters.go
+++ b/libpod/image/filters.go
@@ -1,29 +1,30 @@
-package imagefilters
+package image
import (
"context"
"fmt"
+ "github.com/pkg/errors"
"path/filepath"
+ "strconv"
"strings"
"time"
- "github.com/containers/libpod/pkg/adapter"
"github.com/containers/libpod/pkg/inspect"
"github.com/sirupsen/logrus"
)
// ResultFilter is a mock function for image filtering
-type ResultFilter func(*adapter.ContainerImage) bool
+type ResultFilter func(*Image) bool
// Filter is a function to determine whether an image is included in
// command output. Images to be outputted are tested using the function. A true
// return will include the image, a false return will exclude it.
-type Filter func(*adapter.ContainerImage, *inspect.ImageData) bool
+type Filter func(*Image, *inspect.ImageData) bool
// CreatedBeforeFilter allows you to filter on images created before
// the given time.Time
func CreatedBeforeFilter(createTime time.Time) ResultFilter {
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
return i.Created().Before(createTime)
}
}
@@ -31,14 +32,14 @@ func CreatedBeforeFilter(createTime time.Time) ResultFilter {
// CreatedAfterFilter allows you to filter on images created after
// the given time.Time
func CreatedAfterFilter(createTime time.Time) ResultFilter {
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
return i.Created().After(createTime)
}
}
// DanglingFilter allows you to filter images for dangling images
func DanglingFilter(danglingImages bool) ResultFilter {
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
if danglingImages {
return i.Dangling()
}
@@ -48,7 +49,7 @@ func DanglingFilter(danglingImages bool) ResultFilter {
// ReadOnlyFilter allows you to filter images based on read/only and read/write
func ReadOnlyFilter(readOnly bool) ResultFilter {
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
if readOnly {
return i.IsReadOnly()
}
@@ -59,7 +60,7 @@ func ReadOnlyFilter(readOnly bool) ResultFilter {
// LabelFilter allows you to filter by images labels key and/or value
func LabelFilter(ctx context.Context, labelfilter string) ResultFilter {
// We need to handle both label=key and label=key=value
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
var value string
splitFilter := strings.Split(labelfilter, "=")
key := splitFilter[0]
@@ -83,7 +84,10 @@ func LabelFilter(ctx context.Context, labelfilter string) ResultFilter {
func ReferenceFilter(ctx context.Context, referenceFilter string) ResultFilter {
filter := fmt.Sprintf("*%s*", referenceFilter)
filter = strings.Replace(filter, "/", "|", -1)
- return func(i *adapter.ContainerImage) bool {
+ return func(i *Image) bool {
+ if len(referenceFilter) < 1 {
+ return true
+ }
for _, name := range i.Names() {
newName := strings.Replace(name, "/", "|", -1)
match, err := filepath.Match(filter, newName)
@@ -99,15 +103,15 @@ func ReferenceFilter(ctx context.Context, referenceFilter string) ResultFilter {
}
// OutputImageFilter allows you to filter by an a specific image name
-func OutputImageFilter(userImage *adapter.ContainerImage) ResultFilter {
- return func(i *adapter.ContainerImage) bool {
+func OutputImageFilter(userImage *Image) ResultFilter {
+ return func(i *Image) bool {
return userImage.ID() == i.ID()
}
}
// FilterImages filters images using a set of predefined filter funcs
-func FilterImages(images []*adapter.ContainerImage, filters []ResultFilter) []*adapter.ContainerImage {
- var filteredImages []*adapter.ContainerImage
+func FilterImages(images []*Image, filters []ResultFilter) []*Image {
+ var filteredImages []*Image
for _, image := range images {
include := true
for _, filter := range filters {
@@ -119,3 +123,54 @@ func FilterImages(images []*adapter.ContainerImage, filters []ResultFilter) []*a
}
return filteredImages
}
+
+// createFilterFuncs returns an array of filter functions based on the user inputs
+// and is later used to filter images for output
+func (ir *Runtime) createFilterFuncs(filters []string, img *Image) ([]ResultFilter, error) {
+ var filterFuncs []ResultFilter
+ ctx := context.Background()
+ for _, filter := range filters {
+ splitFilter := strings.Split(filter, "=")
+ if len(splitFilter) < 2 {
+ return nil, errors.Errorf("invalid filter syntax %s", filter)
+ }
+ switch splitFilter[0] {
+ case "before":
+ before, err := ir.NewFromLocal(splitFilter[1])
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1])
+ }
+ filterFuncs = append(filterFuncs, CreatedBeforeFilter(before.Created()))
+ case "after":
+ after, err := ir.NewFromLocal(splitFilter[1])
+ if err != nil {
+ return nil, errors.Wrapf(err, "unable to find image %s in local stores", splitFilter[1])
+ }
+ filterFuncs = append(filterFuncs, CreatedAfterFilter(after.Created()))
+ case "readonly":
+ readonly, err := strconv.ParseBool(splitFilter[1])
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid filter readonly=%s", splitFilter[1])
+ }
+ filterFuncs = append(filterFuncs, ReadOnlyFilter(readonly))
+ case "dangling":
+ danglingImages, err := strconv.ParseBool(splitFilter[1])
+ if err != nil {
+ return nil, errors.Wrapf(err, "invalid filter dangling=%s", splitFilter[1])
+ }
+ filterFuncs = append(filterFuncs, DanglingFilter(danglingImages))
+ case "label":
+ labelFilter := strings.Join(splitFilter[1:], "=")
+ filterFuncs = append(filterFuncs, LabelFilter(ctx, labelFilter))
+ case "reference":
+ referenceFilter := strings.Join(splitFilter[1:], "=")
+ filterFuncs = append(filterFuncs, ReferenceFilter(ctx, referenceFilter))
+ default:
+ return nil, errors.Errorf("invalid filter %s ", splitFilter[0])
+ }
+ }
+ if img != nil {
+ filterFuncs = append(filterFuncs, OutputImageFilter(img))
+ }
+ return filterFuncs, nil
+}
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 129ccd376..c8583a1c5 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -216,6 +216,19 @@ func (ir *Runtime) Shutdown(force bool) error {
return err
}
+// GetImagesWithFilters gets images with a series of filters applied
+func (ir *Runtime) GetImagesWithFilters(filters []string) ([]*Image, error) {
+ filterFuncs, err := ir.createFilterFuncs(filters, nil)
+ if err != nil {
+ return nil, err
+ }
+ images, err := ir.GetImages()
+ if err != nil {
+ return nil, err
+ }
+ return FilterImages(images, filterFuncs), nil
+}
+
func (i *Image) reloadImage() error {
newImage, err := i.imageruntime.getImage(i.ID())
if err != nil {
diff --git a/libpod/oci.go b/libpod/oci.go
index 9e761788e..05a2f37db 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -23,9 +23,6 @@ type OCIRuntime interface {
// CreateContainer creates the container in the OCI runtime.
CreateContainer(ctr *Container, restoreOptions *ContainerCheckpointOptions) error
// UpdateContainerStatus updates the status of the given container.
- // It includes a switch for whether to perform a hard query of the
- // runtime. If unset, the exit file (if supported by the implementation)
- // will be used.
UpdateContainerStatus(ctr *Container) error
// StartContainer starts the given container.
StartContainer(ctr *Container) error
@@ -59,6 +56,9 @@ type OCIRuntime interface {
// If timeout is 0, SIGKILL will be sent immediately, and SIGTERM will
// be omitted.
ExecStopContainer(ctr *Container, sessionID string, timeout uint) error
+ // ExecUpdateStatus checks the status of a given exec session.
+ // Returns true if the session is still running, or false if it exited.
+ ExecUpdateStatus(ctr *Container, sessionID string) (bool, error)
// ExecContainerCleanup cleans up after an exec session exits.
// It removes any files left by the exec session that are no longer
// needed, including the attach socket.
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 026b13129..37aa71cbb 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -687,6 +687,28 @@ func (r *ConmonOCIRuntime) ExecStopContainer(ctr *Container, sessionID string, t
return nil
}
+// ExecUpdateStatus checks if the given exec session is still running.
+func (r *ConmonOCIRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) {
+ session, ok := ctr.state.ExecSessions[sessionID]
+ if !ok {
+ // TODO This should probably be a separate error
+ return false, errors.Wrapf(define.ErrInvalidArg, "no exec session with ID %s found in container %s", sessionID, ctr.ID())
+ }
+
+ logrus.Debugf("Checking status of container %s exec session %s", ctr.ID(), sessionID)
+
+ // Is the session dead?
+ // Ping the PID with signal 0 to see if it still exists.
+ if err := unix.Kill(session.PID, 0); err != nil {
+ if err == unix.ESRCH {
+ return false, nil
+ }
+ return false, errors.Wrapf(err, "error pinging container %s exec session %s PID %d with signal 0", ctr.ID(), sessionID, session.PID)
+ }
+
+ return true, nil
+}
+
// ExecCleanupContainer cleans up files created when a command is run via
// ExecContainer. This includes the attach socket for the exec session.
func (r *ConmonOCIRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error {
diff --git a/libpod/oci_missing.go b/libpod/oci_missing.go
index d4524cd34..0faa1805b 100644
--- a/libpod/oci_missing.go
+++ b/libpod/oci_missing.go
@@ -120,6 +120,11 @@ func (r *MissingRuntime) ExecStopContainer(ctr *Container, sessionID string, tim
return r.printError()
}
+// ExecUpdateStatus is not available as the runtime is missing.
+func (r *MissingRuntime) ExecUpdateStatus(ctr *Container, sessionID string) (bool, error) {
+ return false, r.printError()
+}
+
// ExecContainerCleanup is not available as the runtime is missing
func (r *MissingRuntime) ExecContainerCleanup(ctr *Container, sessionID string) error {
return r.printError()
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 3873079ce..001d850b0 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -691,24 +691,22 @@ func (r *Runtime) Info() ([]define.InfoData, error) {
}
info = append(info, define.InfoData{Type: "store", Data: storeInfo})
- reg, err := sysreg.GetRegistries()
- if err != nil {
- return nil, errors.Wrapf(err, "error getting registries")
- }
registries := make(map[string]interface{})
- registries["search"] = reg
-
- ireg, err := sysreg.GetInsecureRegistries()
+ data, err := sysreg.GetRegistriesData()
if err != nil {
return nil, errors.Wrapf(err, "error getting registries")
}
- registries["insecure"] = ireg
-
- breg, err := sysreg.GetBlockedRegistries()
+ for _, reg := range data {
+ registries[reg.Prefix] = reg
+ }
+ regs, err := sysreg.GetRegistries()
if err != nil {
return nil, errors.Wrapf(err, "error getting registries")
}
- registries["blocked"] = breg
+ if len(regs) > 0 {
+ registries["search"] = regs
+ }
+
info = append(info, define.InfoData{Type: "registries", Data: registries})
return info, nil
}
diff --git a/pkg/adapter/containers.go b/pkg/adapter/containers.go
index 6d139d0bf..3334e9fa1 100644
--- a/pkg/adapter/containers.go
+++ b/pkg/adapter/containers.go
@@ -1024,7 +1024,7 @@ func (r *LocalRuntime) ExecContainer(ctx context.Context, cli *cliconfig.ExecVal
// Validate given environment variables
env := map[string]string{}
- if err := parse.ReadKVStrings(env, []string{}, cli.Env); err != nil {
+ if err := parse.ReadKVStrings(env, cli.EnvFile, cli.Env); err != nil {
return ec, errors.Wrapf(err, "unable to process environment variables")
}
diff --git a/pkg/adapter/network.go b/pkg/adapter/network.go
index 9659ae339..160e334e9 100644
--- a/pkg/adapter/network.go
+++ b/pkg/adapter/network.go
@@ -153,8 +153,8 @@ func (r *LocalRuntime) removeNetwork(ctx context.Context, name string, container
return nil
}
-// NetworkCreate creates a CNI network
-func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string, error) {
+// NetworkCreateBridge creates a CNI network
+func (r *LocalRuntime) NetworkCreateBridge(cli *cliconfig.NetworkCreateValues) (string, error) {
isGateway := true
ipMasq := true
subnet := &cli.Network
@@ -262,3 +262,50 @@ func (r *LocalRuntime) NetworkCreate(cli *cliconfig.NetworkCreateValues) (string
err = ioutil.WriteFile(cniPathName, b, 0644)
return cniPathName, err
}
+
+// NetworkCreateMacVLAN creates a CNI network
+func (r *LocalRuntime) NetworkCreateMacVLAN(cli *cliconfig.NetworkCreateValues) (string, error) {
+ var (
+ name string
+ plugins []network.CNIPlugins
+ )
+ liveNetNames, err := network.GetLiveNetworkNames()
+ if err != nil {
+ return "", err
+ }
+ // Make sure the host-device exists
+ if !util.StringInSlice(cli.MacVLAN, liveNetNames) {
+ return "", errors.Errorf("failed to find network interface %q", cli.MacVLAN)
+ }
+ if len(cli.InputArgs) > 0 {
+ name = cli.InputArgs[0]
+ netNames, err := network.GetNetworkNamesFromFileSystem()
+ if err != nil {
+ return "", err
+ }
+ if util.StringInSlice(name, netNames) {
+ return "", errors.Errorf("the network name %s is already used", name)
+ }
+ }
+ if len(name) < 1 {
+ name, err = network.GetFreeDeviceName()
+ if err != nil {
+ return "", err
+ }
+ }
+ ncList := network.NewNcList(name, cniversion.Current())
+ macvlan := network.NewMacVLANPlugin(cli.MacVLAN)
+ plugins = append(plugins, macvlan)
+ ncList["plugins"] = plugins
+ b, err := json.MarshalIndent(ncList, "", " ")
+ if err != nil {
+ return "", err
+ }
+ cniConfigPath, err := getCNIConfDir(r)
+ if err != nil {
+ return "", err
+ }
+ cniPathName := filepath.Join(cniConfigPath, fmt.Sprintf("%s.conflist", name))
+ err = ioutil.WriteFile(cniPathName, b, 0644)
+ return cniPathName, err
+}
diff --git a/pkg/adapter/runtime.go b/pkg/adapter/runtime.go
index 069283bde..ac843b655 100644
--- a/pkg/adapter/runtime.go
+++ b/pkg/adapter/runtime.go
@@ -84,6 +84,15 @@ func getRuntime(runtime *libpod.Runtime) (*LocalRuntime, error) {
}, nil
}
+// GetFilterImages returns a slice of images in containerimages that are "filtered"
+func (r *LocalRuntime) GetFilteredImages(filters []string, rwOnly bool) ([]*ContainerImage, error) {
+ images, err := r.ImageRuntime().GetImagesWithFilters(filters)
+ if err != nil {
+ return nil, err
+ }
+ return r.ImagestoContainerImages(images, rwOnly)
+}
+
// GetImages returns a slice of images in containerimages
func (r *LocalRuntime) GetImages() ([]*ContainerImage, error) {
return r.getImages(false)
@@ -95,11 +104,15 @@ func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) {
}
func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) {
- var containerImages []*ContainerImage
images, err := r.Runtime.ImageRuntime().GetImages()
if err != nil {
return nil, err
}
+ return r.ImagestoContainerImages(images, rwOnly)
+}
+
+func (r *LocalRuntime) ImagestoContainerImages(images []*image.Image, rwOnly bool) ([]*ContainerImage, error) {
+ var containerImages []*ContainerImage
for _, i := range images {
if rwOnly && i.IsReadOnly() {
continue
diff --git a/pkg/adapter/runtime_remote.go b/pkg/adapter/runtime_remote.go
index f9232897c..87b4999ce 100644
--- a/pkg/adapter/runtime_remote.go
+++ b/pkg/adapter/runtime_remote.go
@@ -200,6 +200,28 @@ func (r *LocalRuntime) GetRWImages() ([]*ContainerImage, error) {
return r.getImages(true)
}
+func (r *LocalRuntime) GetFilteredImages(filters []string, rwOnly bool) ([]*ContainerImage, error) {
+ var newImages []*ContainerImage
+ images, err := iopodman.ListImagesWithFilters().Call(r.Conn, filters)
+ if err != nil {
+ return nil, err
+ }
+ for _, i := range images {
+ if rwOnly && i.ReadOnly {
+ continue
+ }
+ name := i.Id
+ if len(i.RepoTags) > 1 {
+ name = i.RepoTags[0]
+ }
+ newImage, err := imageInListToContainerImage(i, name, r)
+ if err != nil {
+ return nil, err
+ }
+ newImages = append(newImages, newImage)
+ }
+ return newImages, nil
+}
func (r *LocalRuntime) getImages(rwOnly bool) ([]*ContainerImage, error) {
var newImages []*ContainerImage
images, err := iopodman.ListImages().Call(r.Conn)
diff --git a/pkg/network/config.go b/pkg/network/config.go
index 37eb0dd64..e47b16143 100644
--- a/pkg/network/config.go
+++ b/pkg/network/config.go
@@ -90,6 +90,22 @@ func (p PortMapConfig) Bytes() ([]byte, error) {
return json.MarshalIndent(p, "", "\t")
}
+type IPAMDHCP struct {
+ DHCP string `json:"type"`
+}
+
+// MacVLANConfig describes the macvlan config
+type MacVLANConfig struct {
+ PluginType string `json:"type"`
+ Master string `json:"master"`
+ IPAM IPAMDHCP `json:"ipam"`
+}
+
+// Bytes outputs the configuration as []byte
+func (p MacVLANConfig) Bytes() ([]byte, error) {
+ return json.MarshalIndent(p, "", "\t")
+}
+
// FirewallConfig describes the firewall plugin
type FirewallConfig struct {
PluginType string `json:"type"`
diff --git a/pkg/network/netconflist.go b/pkg/network/netconflist.go
index e19051b88..a8217097a 100644
--- a/pkg/network/netconflist.go
+++ b/pkg/network/netconflist.go
@@ -132,3 +132,15 @@ func HasDNSNamePlugin(paths []string) bool {
}
return false
}
+
+// NewMacVLANPlugin creates a macvlanconfig with a given device name
+func NewMacVLANPlugin(device string) MacVLANConfig {
+ i := IPAMDHCP{DHCP: "dhcp"}
+
+ m := MacVLANConfig{
+ PluginType: "macvlan",
+ Master: device,
+ IPAM: i,
+ }
+ return m
+}
diff --git a/pkg/registries/registries.go b/pkg/registries/registries.go
index 9643c947f..ba7de7cf9 100644
--- a/pkg/registries/registries.go
+++ b/pkg/registries/registries.go
@@ -34,7 +34,8 @@ func SystemRegistriesConfPath() string {
return ""
}
-func getRegistries() ([]sysregistriesv2.Registry, error) {
+// GetRegistriesData obtains the list of registries
+func GetRegistriesData() ([]sysregistriesv2.Registry, error) {
registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: SystemRegistriesConfPath()})
if err != nil {
return nil, errors.Wrapf(err, "unable to parse the registries.conf file")
@@ -50,7 +51,7 @@ func GetRegistries() ([]string, error) {
// GetBlockedRegistries obtains the list of blocked registries defined in the global registries file.
func GetBlockedRegistries() ([]string, error) {
var blockedRegistries []string
- registries, err := getRegistries()
+ registries, err := GetRegistriesData()
if err != nil {
return nil, err
}
@@ -65,7 +66,7 @@ func GetBlockedRegistries() ([]string, error) {
// GetInsecureRegistries obtains the list of insecure registries from the global registration file.
func GetInsecureRegistries() ([]string, error) {
var insecureRegistries []string
- registries, err := getRegistries()
+ registries, err := GetRegistriesData()
if err != nil {
return nil, err
}
diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 604a455a5..1d46c5b71 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -35,26 +35,34 @@ import (
"github.com/sirupsen/logrus"
)
-// ListImages lists all the images in the store
-// It requires no inputs.
-func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error {
- images, err := i.Runtime.ImageRuntime().GetImages()
+// ListImagesWithFilters returns a list of images that have been filtered
+func (i *LibpodAPI) ListImagesWithFilters(call iopodman.VarlinkCall, filters []string) error {
+ images, err := i.Runtime.ImageRuntime().GetImagesWithFilters(filters)
if err != nil {
return call.ReplyErrorOccurred(fmt.Sprintf("unable to get list of images %q", err))
}
+ imageList, err := imagesToImageList(images)
+ if err != nil {
+ return call.ReplyErrorOccurred(fmt.Sprintf("unable to parse response", err))
+ }
+ return call.ReplyListImagesWithFilters(imageList)
+}
+
+// imagesToImageList converts a slice of Images to an imagelist for varlink responses
+func imagesToImageList(images []*image.Image) ([]iopodman.Image, error) {
var imageList []iopodman.Image
for _, image := range images {
labels, _ := image.Labels(getContext())
containers, _ := image.Containers()
repoDigests, err := image.RepoDigests()
if err != nil {
- return err
+ return nil, err
}
size, _ := image.Size(getContext())
isParent, err := image.IsParent(context.TODO())
if err != nil {
- return call.ReplyErrorOccurred(err.Error())
+ return nil, err
}
i := iopodman.Image{
@@ -74,6 +82,20 @@ func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error {
}
imageList = append(imageList, i)
}
+ return imageList, nil
+}
+
+// ListImages lists all the images in the store
+// It requires no inputs.
+func (i *LibpodAPI) ListImages(call iopodman.VarlinkCall) error {
+ images, err := i.Runtime.ImageRuntime().GetImages()
+ if err != nil {
+ return call.ReplyErrorOccurred(fmt.Sprintf("unable to get list of images %q", err))
+ }
+ imageList, err := imagesToImageList(images)
+ if err != nil {
+ return call.ReplyErrorOccurred(fmt.Sprintf("unable to parse response", err))
+ }
return call.ReplyListImages(imageList)
}
diff --git a/test/e2e/e2e.coverprofile b/test/e2e/e2e.coverprofile
deleted file mode 100644
index d413679ea..000000000
--- a/test/e2e/e2e.coverprofile
+++ /dev/null
@@ -1,11 +0,0 @@
-mode: atomic
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:14.46,21.20 2 3
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.2,32.19 1 3
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.2,39.53 1 3
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.2,66.52 1 3
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:21.20,23.17 2 6
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:26.3,29.36 4 6
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:23.17,25.4 1 0
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.19,37.3 3 6
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.53,64.3 20 3
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.52,91.3 20 3 \ No newline at end of file
diff --git a/troubleshooting.md b/troubleshooting.md
index 9def0e08b..d122983d7 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -442,3 +442,46 @@ Attempts to run podman result in
#### Solution
One workaround is to disable Secure Boot in your BIOS.
+
+### 19) error creating libpod runtime: there might not be enough IDs available in the namespace
+
+Unable to pull images
+
+#### Symptom
+
+```console
+$ podman unshare cat /proc/self/uid_map
+ 0 1000 1
+```
+
+#### Solution
+
+```console
+$ podman system migrate
+```
+
+Original command now returns
+
+```
+$ podman unshare cat /proc/self/uid_map
+ 0 1000 1
+ 1 100000 65536
+```
+
+Reference [subuid](http://man7.org/linux/man-pages/man5/subuid.5.html) and [subgid](http://man7.org/linux/man-pages/man5/subgid.5.html) man pages for more detail.
+
+### 20) Passed-in device can't be accessed in rootless container
+
+As a non-root user you have group access rights to a device that you want to
+pass into a rootless container with `--device=...`.
+
+#### Symptom
+
+Any access inside the container is rejected with "Permission denied".
+
+#### Solution
+
+The runtime uses `setgroups(2)` hence the process looses all additional groups
+the non-root user has. If you use the `crun` runtime, 0.10.4 or newer,
+then you can enable a workaround by adding `--annotation io.crun.keep_original_groups=1`
+to the `podman` command line.
diff --git a/vendor/github.com/containers/psgo/README.md b/vendor/github.com/containers/psgo/README.md
index 55cb73a71..fed42c683 100644
--- a/vendor/github.com/containers/psgo/README.md
+++ b/vendor/github.com/containers/psgo/README.md
@@ -85,6 +85,8 @@ The ps library is compatible with all AIX format descriptors of the ps command-l
- Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp(2) for more information.
- **state**
- Process state codes (e.g, **R** for *running*, **S** for *sleeping*). See proc(5) for more information.
+- **stime**
+ - Process start time (e.g, "2019-12-09 10:50:36 +0100 CET).
We can try out different format descriptors with the psgo binary:
diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go
index 20e40163f..a936cc4ef 100644
--- a/vendor/github.com/containers/psgo/internal/process/process.go
+++ b/vendor/github.com/containers/psgo/internal/process/process.go
@@ -188,23 +188,30 @@ func (p *Process) SetHostData() error {
// ElapsedTime returns the time.Duration since process p was created.
func (p *Process) ElapsedTime() (time.Duration, error) {
- sinceBoot, err := strconv.ParseInt(p.Stat.Starttime, 10, 64)
+ startTime, err := p.StartTime()
if err != nil {
return 0, err
}
+ return (time.Now()).Sub(startTime), nil
+}
+
+// StarTime returns the time.Time when process p was started.
+func (p *Process) StartTime() (time.Time, error) {
+ sinceBoot, err := strconv.ParseInt(p.Stat.Starttime, 10, 64)
+ if err != nil {
+ return time.Time{}, err
+ }
clockTicks, err := host.ClockTicks()
if err != nil {
- return 0, err
+ return time.Time{}, err
}
-
- sinceBoot = sinceBoot / clockTicks
-
bootTime, err := host.BootTime()
if err != nil {
- return 0, err
+ return time.Time{}, err
}
- created := time.Unix(sinceBoot+bootTime, 0)
- return (time.Now()).Sub(created), nil
+
+ sinceBoot = sinceBoot / clockTicks
+ return time.Unix(sinceBoot+bootTime, 0), nil
}
// CPUTime returns the cumlative CPU time of process p as a time.Duration.
diff --git a/vendor/github.com/containers/psgo/psgo.go b/vendor/github.com/containers/psgo/psgo.go
index 4986c9c71..30b8b74ce 100644
--- a/vendor/github.com/containers/psgo/psgo.go
+++ b/vendor/github.com/containers/psgo/psgo.go
@@ -310,6 +310,11 @@ var (
header: "STATE",
procFn: processState,
},
+ {
+ normal: "stime",
+ header: "STIME",
+ procFn: processStartTime,
+ },
}
)
@@ -715,6 +720,15 @@ func processTIME(p *process.Process, ctx *psContext) (string, error) {
return fmt.Sprintf("%v", cpu), nil
}
+// processStartTime returns the start time of process p.
+func processStartTime(p *process.Process, ctx *psContext) (string, error) {
+ sTime, err := p.StartTime()
+ if err != nil {
+ return "", err
+ }
+ return fmt.Sprintf("%v", sTime), nil
+}
+
// processTTY returns the controlling tty (terminal) of process p.
func processTTY(p *process.Process, ctx *psContext) (string, error) {
ttyNr, err := strconv.ParseUint(p.Stat.TtyNr, 10, 64)
diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION
index 42cf0675c..f2380cc7a 100644
--- a/vendor/github.com/containers/storage/VERSION
+++ b/vendor/github.com/containers/storage/VERSION
@@ -1 +1 @@
-1.15.2
+1.15.3
diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
index 13cd65fa5..16549e88b 100644
--- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go
+++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go
@@ -676,9 +676,6 @@ func (d *Driver) getLower(parent string) (string, error) {
parentLowers := strings.Split(string(parentLower), ":")
lowers = append(lowers, parentLowers...)
}
- if len(lowers) > maxDepth {
- return "", errors.New("max depth exceeded")
- }
return strings.Join(lowers, ":"), nil
}
@@ -828,6 +825,10 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
if err != nil && !os.IsNotExist(err) {
return "", err
}
+ splitLowers := strings.Split(string(lowers), ":")
+ if len(splitLowers) > maxDepth {
+ return "", errors.New("max depth exceeded")
+ }
// absLowers is the list of lowers as absolute paths, which works well with additional stores.
absLowers := []string{}
@@ -851,7 +852,7 @@ func (d *Driver) get(id string, disableShifting bool, options graphdriver.MountO
// For each lower, resolve its path, and append it and any additional diffN
// directories to the lowers list.
- for _, l := range strings.Split(string(lowers), ":") {
+ for _, l := range splitLowers {
if l == "" {
continue
}
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index ac905b0b4..3db94e880 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -475,7 +475,7 @@ func (r *layerStore) saveMounts() error {
return r.loadMounts()
}
-func newLayerStore(rundir string, layerdir string, driver drivers.Driver, uidMap, gidMap []idtools.IDMap) (LayerStore, error) {
+func (s *store) newLayerStore(rundir string, layerdir string, driver drivers.Driver) (LayerStore, error) {
if err := os.MkdirAll(rundir, 0700); err != nil {
return nil, err
}
@@ -501,8 +501,8 @@ func newLayerStore(rundir string, layerdir string, driver drivers.Driver, uidMap
byid: make(map[string]*Layer),
bymount: make(map[string]*Layer),
byname: make(map[string]*Layer),
- uidMap: copyIDMap(uidMap),
- gidMap: copyIDMap(gidMap),
+ uidMap: copyIDMap(s.uidMap),
+ gidMap: copyIDMap(s.gidMap),
}
if err := rlstore.Load(); err != nil {
return nil, err
diff --git a/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go b/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go
index c6985d757..26cd8504c 100644
--- a/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go
+++ b/vendor/github.com/containers/storage/pkg/tarlog/tarlogger.go
@@ -11,7 +11,6 @@ import (
type tarLogger struct {
writer *io.PipeWriter
closeMutex *sync.Mutex
- stateMutex *sync.Mutex
closed bool
}
@@ -22,7 +21,6 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) {
t := &tarLogger{
writer: writer,
closeMutex: new(sync.Mutex),
- stateMutex: new(sync.Mutex),
closed: false,
}
tr := tar.NewReader(reader)
@@ -35,12 +33,9 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) {
}
// Make sure to avoid writes after the reader has been closed.
- t.stateMutex.Lock()
- t.closed = true
if err := reader.Close(); err != nil {
logrus.Errorf("error closing tarlogger reader: %v", err)
}
- t.stateMutex.Unlock()
// Unblock the Close().
t.closeMutex.Unlock()
}()
@@ -48,16 +43,19 @@ func NewLogger(logger func(*tar.Header)) (io.WriteCloser, error) {
}
func (t *tarLogger) Write(b []byte) (int, error) {
- t.stateMutex.Lock()
if t.closed {
// We cannot use os.Pipe() as this alters the tar's digest. Using
// io.Pipe() requires this workaround as it does not allow for writes
// after close.
- t.stateMutex.Unlock()
return len(b), nil
}
- t.stateMutex.Unlock()
- return t.writer.Write(b)
+ n, err := t.writer.Write(b)
+ if err == io.ErrClosedPipe {
+ // The pipe got closed. Track it and avoid to call Write in future.
+ t.closed = true
+ return len(b), nil
+ }
+ return n, err
}
func (t *tarLogger) Close() error {
diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go
index 654e86880..65808b8a0 100644
--- a/vendor/github.com/containers/storage/store.go
+++ b/vendor/github.com/containers/storage/store.go
@@ -667,15 +667,6 @@ func (s *store) load() error {
s.graphDriverName = driver.String()
driverPrefix := s.graphDriverName + "-"
- rls, err := s.LayerStore()
- if err != nil {
- return err
- }
- s.layerStore = rls
- if _, err := s.ROLayerStores(); err != nil {
- return err
- }
-
gipath := filepath.Join(s.graphRoot, driverPrefix+"images")
if err := os.MkdirAll(gipath, 0700); err != nil {
return err
@@ -774,7 +765,7 @@ func (s *store) LayerStore() (LayerStore, error) {
if err := os.MkdirAll(glpath, 0700); err != nil {
return nil, err
}
- rls, err := newLayerStore(rlpath, glpath, driver, s.uidMap, s.gidMap)
+ rls, err := s.newLayerStore(rlpath, glpath, driver)
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md b/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md
index c4590bf93..5e7e9d5e5 100644
--- a/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md
+++ b/vendor/github.com/uber/jaeger-client-go/CHANGELOG.md
@@ -1,6 +1,16 @@
Changes by Version
==================
+2.20.1 (2019-11-08)
+-------------------
+
+Minor patch via https://github.com/jaegertracing/jaeger-client-go/pull/468
+
+- Make `AdaptiveSamplerUpdater` usable with default values; Resolves #467
+- Create `OperationNameLateBinding` sampler option and config option
+- Make `SamplerOptions` var of public type, so that its functions are discoverable via godoc
+
+
2.20.0 (2019-11-06)
-------------------
diff --git a/vendor/github.com/uber/jaeger-client-go/config/config.go b/vendor/github.com/uber/jaeger-client-go/config/config.go
index 965f7c3ee..a0c32d804 100644
--- a/vendor/github.com/uber/jaeger-client-go/config/config.go
+++ b/vendor/github.com/uber/jaeger-client-go/config/config.go
@@ -76,17 +76,26 @@ type SamplerConfig struct {
// Can be set by exporting an environment variable named JAEGER_SAMPLER_MANAGER_HOST_PORT
SamplingServerURL string `yaml:"samplingServerURL"`
- // MaxOperations is the maximum number of operations that the sampler
- // will keep track of. If an operation is not tracked, a default probabilistic
- // sampler will be used rather than the per operation specific sampler.
- // Can be set by exporting an environment variable named JAEGER_SAMPLER_MAX_OPERATIONS
- MaxOperations int `yaml:"maxOperations"`
-
// SamplingRefreshInterval controls how often the remotely controlled sampler will poll
// jaeger-agent for the appropriate sampling strategy.
// Can be set by exporting an environment variable named JAEGER_SAMPLER_REFRESH_INTERVAL
SamplingRefreshInterval time.Duration `yaml:"samplingRefreshInterval"`
+ // MaxOperations is the maximum number of operations that the PerOperationSampler
+ // will keep track of. If an operation is not tracked, a default probabilistic
+ // sampler will be used rather than the per operation specific sampler.
+ // Can be set by exporting an environment variable named JAEGER_SAMPLER_MAX_OPERATIONS.
+ MaxOperations int `yaml:"maxOperations"`
+
+ // Opt-in feature for applications that require late binding of span name via explicit
+ // call to SetOperationName when using PerOperationSampler. When this feature is enabled,
+ // the sampler will return retryable=true from OnCreateSpan(), thus leaving the sampling
+ // decision as non-final (and the span as writeable). This may lead to degraded performance
+ // in applications that always provide the correct span name on trace creation.
+ //
+ // For backwards compatibility this option is off by default.
+ OperationNameLateBinding bool `yaml:"operationNameLateBinding"`
+
// Options can be used to programmatically pass additional options to the Remote sampler.
Options []jaeger.SamplerOption
}
@@ -335,7 +344,7 @@ func (sc *SamplerConfig) NewSampler(
return jaeger.NewProbabilisticSampler(sc.Param)
}
return nil, fmt.Errorf(
- "Invalid Param for probabilistic sampler: %v. Expecting value between 0 and 1",
+ "invalid Param for probabilistic sampler; expecting value between 0 and 1, received %v",
sc.Param,
)
}
@@ -353,17 +362,14 @@ func (sc *SamplerConfig) NewSampler(
jaeger.SamplerOptions.Metrics(metrics),
jaeger.SamplerOptions.InitialSampler(initSampler),
jaeger.SamplerOptions.SamplingServerURL(sc.SamplingServerURL),
- }
- if sc.MaxOperations != 0 {
- options = append(options, jaeger.SamplerOptions.MaxOperations(sc.MaxOperations))
- }
- if sc.SamplingRefreshInterval != 0 {
- options = append(options, jaeger.SamplerOptions.SamplingRefreshInterval(sc.SamplingRefreshInterval))
+ jaeger.SamplerOptions.MaxOperations(sc.MaxOperations),
+ jaeger.SamplerOptions.OperationNameLateBinding(sc.OperationNameLateBinding),
+ jaeger.SamplerOptions.SamplingRefreshInterval(sc.SamplingRefreshInterval),
}
options = append(options, sc.Options...)
return jaeger.NewRemotelyControlledSampler(serviceName, options...), nil
}
- return nil, fmt.Errorf("Unknown sampler type %v", sc.Type)
+ return nil, fmt.Errorf("unknown sampler type (%s)", sc.Type)
}
// NewReporter instantiates a new reporter that submits spans to the collector
diff --git a/vendor/github.com/uber/jaeger-client-go/constants.go b/vendor/github.com/uber/jaeger-client-go/constants.go
index 0da47b02f..5d27b628d 100644
--- a/vendor/github.com/uber/jaeger-client-go/constants.go
+++ b/vendor/github.com/uber/jaeger-client-go/constants.go
@@ -22,7 +22,7 @@ import (
const (
// JaegerClientVersion is the version of the client library reported as Span tag.
- JaegerClientVersion = "Go-2.20.0"
+ JaegerClientVersion = "Go-2.20.1"
// JaegerClientVersionTagKey is the name of the tag used to report client version.
JaegerClientVersionTagKey = "jaeger.version"
diff --git a/vendor/github.com/uber/jaeger-client-go/sampler.go b/vendor/github.com/uber/jaeger-client-go/sampler.go
index 6195d59c5..f47004b1f 100644
--- a/vendor/github.com/uber/jaeger-client-go/sampler.go
+++ b/vendor/github.com/uber/jaeger-client-go/sampler.go
@@ -363,6 +363,9 @@ type PerOperationSamplerParams struct {
// NewPerOperationSampler returns a new PerOperationSampler.
func NewPerOperationSampler(params PerOperationSamplerParams) *PerOperationSampler {
+ if params.MaxOperations <= 0 {
+ params.MaxOperations = defaultMaxOperations
+ }
samplers := make(map[string]*GuaranteedThroughputProbabilisticSampler)
for _, strategy := range params.Strategies.PerOperationStrategies {
sampler := newGuaranteedThroughputProbabilisticSampler(
diff --git a/vendor/github.com/uber/jaeger-client-go/sampler_remote.go b/vendor/github.com/uber/jaeger-client-go/sampler_remote.go
index 9bd0c9822..4448b8f64 100644
--- a/vendor/github.com/uber/jaeger-client-go/sampler_remote.go
+++ b/vendor/github.com/uber/jaeger-client-go/sampler_remote.go
@@ -258,8 +258,9 @@ func (u *RateLimitingSamplerUpdater) Update(sampler SamplerV2, strategy interfac
// -----------------------
// AdaptiveSamplerUpdater is used by RemotelyControlledSampler to parse sampling configuration.
+// Fields have the same meaning as in PerOperationSamplerParams.
type AdaptiveSamplerUpdater struct {
- MaxOperations int // required
+ MaxOperations int
OperationNameLateBinding bool
}
diff --git a/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go b/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go
index 7a292effc..3b5c6aa9c 100644
--- a/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go
+++ b/vendor/github.com/uber/jaeger-client-go/sampler_remote_options.go
@@ -23,12 +23,17 @@ import (
// SamplerOption is a function that sets some option on the sampler
type SamplerOption func(options *samplerOptions)
-// SamplerOptions is a factory for all available SamplerOption's
-var SamplerOptions samplerOptions
+// SamplerOptions is a factory for all available SamplerOption's.
+var SamplerOptions SamplerOptionsFactory
+
+// SamplerOptionsFactory is a factory for all available SamplerOption's.
+// The type acts as a namespace for factory functions. It is public to
+// make the functions discoverable via godoc. Recommended to be used
+// via global SamplerOptions variable.
+type SamplerOptionsFactory struct{}
type samplerOptions struct {
metrics *Metrics
- maxOperations int
sampler SamplerV2
logger Logger
samplingServerURL string
@@ -36,11 +41,12 @@ type samplerOptions struct {
samplingFetcher SamplingStrategyFetcher
samplingParser SamplingStrategyParser
updaters []SamplerUpdater
+ posParams PerOperationSamplerParams
}
// Metrics creates a SamplerOption that initializes Metrics on the sampler,
// which is used to emit statistics.
-func (samplerOptions) Metrics(m *Metrics) SamplerOption {
+func (SamplerOptionsFactory) Metrics(m *Metrics) SamplerOption {
return func(o *samplerOptions) {
o.metrics = m
}
@@ -48,22 +54,30 @@ func (samplerOptions) Metrics(m *Metrics) SamplerOption {
// MaxOperations creates a SamplerOption that sets the maximum number of
// operations the sampler will keep track of.
-func (samplerOptions) MaxOperations(maxOperations int) SamplerOption {
+func (SamplerOptionsFactory) MaxOperations(maxOperations int) SamplerOption {
+ return func(o *samplerOptions) {
+ o.posParams.MaxOperations = maxOperations
+ }
+}
+
+// OperationNameLateBinding creates a SamplerOption that sets the respective
+// field in the PerOperationSamplerParams.
+func (SamplerOptionsFactory) OperationNameLateBinding(enable bool) SamplerOption {
return func(o *samplerOptions) {
- o.maxOperations = maxOperations
+ o.posParams.OperationNameLateBinding = enable
}
}
// InitialSampler creates a SamplerOption that sets the initial sampler
// to use before a remote sampler is created and used.
-func (samplerOptions) InitialSampler(sampler Sampler) SamplerOption {
+func (SamplerOptionsFactory) InitialSampler(sampler Sampler) SamplerOption {
return func(o *samplerOptions) {
o.sampler = samplerV1toV2(sampler)
}
}
// Logger creates a SamplerOption that sets the logger used by the sampler.
-func (samplerOptions) Logger(logger Logger) SamplerOption {
+func (SamplerOptionsFactory) Logger(logger Logger) SamplerOption {
return func(o *samplerOptions) {
o.logger = logger
}
@@ -71,7 +85,7 @@ func (samplerOptions) Logger(logger Logger) SamplerOption {
// SamplingServerURL creates a SamplerOption that sets the sampling server url
// of the local agent that contains the sampling strategies.
-func (samplerOptions) SamplingServerURL(samplingServerURL string) SamplerOption {
+func (SamplerOptionsFactory) SamplingServerURL(samplingServerURL string) SamplerOption {
return func(o *samplerOptions) {
o.samplingServerURL = samplingServerURL
}
@@ -79,28 +93,28 @@ func (samplerOptions) SamplingServerURL(samplingServerURL string) SamplerOption
// SamplingRefreshInterval creates a SamplerOption that sets how often the
// sampler will poll local agent for the appropriate sampling strategy.
-func (samplerOptions) SamplingRefreshInterval(samplingRefreshInterval time.Duration) SamplerOption {
+func (SamplerOptionsFactory) SamplingRefreshInterval(samplingRefreshInterval time.Duration) SamplerOption {
return func(o *samplerOptions) {
o.samplingRefreshInterval = samplingRefreshInterval
}
}
// SamplingStrategyFetcher creates a SamplerOption that initializes sampling strategy fetcher.
-func (samplerOptions) SamplingStrategyFetcher(fetcher SamplingStrategyFetcher) SamplerOption {
+func (SamplerOptionsFactory) SamplingStrategyFetcher(fetcher SamplingStrategyFetcher) SamplerOption {
return func(o *samplerOptions) {
o.samplingFetcher = fetcher
}
}
// SamplingStrategyParser creates a SamplerOption that initializes sampling strategy parser.
-func (samplerOptions) SamplingStrategyParser(parser SamplingStrategyParser) SamplerOption {
+func (SamplerOptionsFactory) SamplingStrategyParser(parser SamplingStrategyParser) SamplerOption {
return func(o *samplerOptions) {
o.samplingParser = parser
}
}
// Updaters creates a SamplerOption that initializes sampler updaters.
-func (samplerOptions) Updaters(updaters ...SamplerUpdater) SamplerOption {
+func (SamplerOptionsFactory) Updaters(updaters ...SamplerUpdater) SamplerOption {
return func(o *samplerOptions) {
o.updaters = updaters
}
@@ -116,9 +130,6 @@ func (o *samplerOptions) applyOptionsAndDefaults(opts ...SamplerOption) *sampler
if o.logger == nil {
o.logger = log.NullLogger
}
- if o.maxOperations <= 0 {
- o.maxOperations = defaultMaxOperations
- }
if o.samplingServerURL == "" {
o.samplingServerURL = DefaultSamplingServerURL
}
@@ -139,7 +150,10 @@ func (o *samplerOptions) applyOptionsAndDefaults(opts ...SamplerOption) *sampler
}
if o.updaters == nil {
o.updaters = []SamplerUpdater{
- &AdaptiveSamplerUpdater{MaxOperations: o.maxOperations},
+ &AdaptiveSamplerUpdater{
+ MaxOperations: o.posParams.MaxOperations,
+ OperationNameLateBinding: o.posParams.OperationNameLateBinding,
+ },
new(ProbabilisticSamplerUpdater),
new(RateLimitingSamplerUpdater),
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5a17ebd78..ba692e089 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -117,7 +117,7 @@ github.com/containers/image/v5/types
github.com/containers/image/v5/version
# github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b
github.com/containers/libtrust
-# github.com/containers/psgo v1.3.2
+# github.com/containers/psgo v1.4.0
github.com/containers/psgo
github.com/containers/psgo/internal/capabilities
github.com/containers/psgo/internal/cgroups
@@ -125,7 +125,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.15.2
+# github.com/containers/storage v1.15.3
github.com/containers/storage
github.com/containers/storage/drivers
github.com/containers/storage/drivers/aufs
@@ -451,7 +451,7 @@ github.com/stretchr/testify/require
github.com/syndtr/gocapability/capability
# github.com/tchap/go-patricia v2.3.0+incompatible
github.com/tchap/go-patricia/patricia
-# github.com/uber/jaeger-client-go v2.20.0+incompatible
+# github.com/uber/jaeger-client-go v2.20.1+incompatible
github.com/uber/jaeger-client-go
github.com/uber/jaeger-client-go/config
github.com/uber/jaeger-client-go/internal/baggage
diff --git a/version/version.go b/version/version.go
index 129a2cd4b..e75d1e713 100644
--- a/version/version.go
+++ b/version/version.go
@@ -4,7 +4,7 @@ package version
// NOTE: remember to bump the version at the top
// of the top-level README.md file when this is
// bumped.
-const Version = "1.6.4-dev"
+const Version = "1.7.0-dev"
// RemoteAPIVersion is the version for the remote
// client API. It is used to determine compatibility