diff options
75 files changed, 329 insertions, 93 deletions
@@ -1,4 +1,5 @@ export GO111MODULE=off +export GOPROXY=https://proxy.golang.org GO ?= go DESTDIR ?= diff --git a/contrib/cirrus/git_authors_to_irc_nicks.csv b/contrib/cirrus/git_authors_to_irc_nicks.csv new file mode 100644 index 000000000..4334b5cd2 --- /dev/null +++ b/contrib/cirrus/git_authors_to_irc_nicks.csv @@ -0,0 +1,8 @@ +# Comma separated mapping of author e-mail, to Freenode IRC nick. +# When no match is found here, the username portion of the e-mail is used. +# Sorting is done at runtime - first-found e-mail match wins. +# Comments (like this) and blank lines are ignored. + +rothberg@redhat.com,vrothberg +santiago@redhat.com,edsantiago +gscrivan@redhat.com,giuseppe diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index f66e63140..cd8b2ef61 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -28,11 +28,12 @@ CIRRUS_WORKING_DIR="${CIRRUS_WORKING_DIR:-$GOPATH/src/github.com/containers/libp export GOSRC="${GOSRC:-$CIRRUS_WORKING_DIR}" export PATH="$HOME/bin:$GOPATH/bin:/usr/local/bin:$PATH" export LD_LIBRARY_PATH="/usr/local/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}" -TIMESTAMPS_FILEPATH="${TIMESTAMPS_FILEPATH:-/var/tmp/timestamps}" -SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_complete}" # Saves typing / in case location ever moves SCRIPT_BASE=${SCRIPT_BASE:-./contrib/cirrus} PACKER_BASE=${PACKER_BASE:-./contrib/cirrus/packer} +# Important filepaths +SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_complete}" +AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv" cd $GOSRC if type -P git &> /dev/null diff --git a/contrib/cirrus/success.sh b/contrib/cirrus/success.sh index c4e150514..f2c9fbc7f 100755 --- a/contrib/cirrus/success.sh +++ b/contrib/cirrus/success.sh @@ -4,14 +4,52 @@ set -e source $(dirname $0)/lib.sh -req_env_var CIRRUS_BRANCH CIRRUS_BUILD_ID +req_env_var CIRRUS_BRANCH CIRRUS_BUILD_ID CIRRUS_REPO_FULL_NAME -REF=$(basename $CIRRUS_BRANCH) # PR number or branch named -URL="https://cirrus-ci.com/build/$CIRRUS_BUILD_ID" +cd $CIRRUS_WORKING_DIR if [[ "$CIRRUS_BRANCH" =~ "pull" ]] then - ircmsg "Cirrus-CI testing successful for PR #$REF: $URL" + echo "Finding commit authors for PR $CIRRUS_PR" + unset NICKS + if [[ -r "$AUTHOR_NICKS_FILEPATH" ]] + then + SHARANGE="${CIRRUS_BASE_SHA}..${CIRRUS_CHANGE_IN_REPO}" + EXCLUDE_RE='merge-robot' + AUTHOR_NICKS=$(egrep -v '(^[[:space:]]*$)|(^[[:space:]]*#)' "$AUTHOR_NICKS_FILEPATH" | sort -u) + # Depending on branch-state, it's possible SHARANGE could be _WAY_ too big + MAX_NICKS=10 + # newline separated + COMMIT_AUTHORS=$(git log --format='%ae' $SHARANGE | \ + sort -u | \ + egrep -v "$EXCLUDE_RE" | \ + tail -$MAX_NICKS) + + for c_email in $COMMIT_AUTHORS + do + echo -e "\tExamining $c_email" + NICK=$(echo "$AUTHOR_NICKS" | grep -m 1 "$c_email" | \ + awk --field-separator ',' '{print $2}' | tr -d '[[:blank:]]') + if [[ -n "$NICK" ]] + then + echo -e "\t\tFound $c_email -> $NICK in $(basename $AUTHOR_NICKS_FILEPATH)" + else + echo -e "\t\tNot found in $(basename $AUTHOR_NICKS_FILEPATH), using e-mail username." + NICK=$(echo "$c_email" | cut -d '@' -f 1) + fi + echo -e "\tUsing nick $NICK" + NICKS="${NICKS:+$NICKS, }$NICK" + done + fi + + unset MENTION_PREFIX + [[ -z "$NICKS" ]] || \ + MENTION_PREFIX="$NICKS: " + + URL="https://github.com/$CIRRUS_REPO_FULL_NAME/pull/$CIRRUS_PR" + PR_SUBJECT=$(echo "$CIRRUS_CHANGE_MESSAGE" | head -1) + ircmsg "${MENTION_PREFIX}Cirrus-CI testing successful for PR '$PR_SUBJECT': $URL" else - ircmsg "Cirrus-CI testing branch $REF successful: $URL" + URL="https://cirrus-ci.com/github/containers/libpod/$CIRRUS_BRANCH" + ircmsg "Cirrus-CI testing branch $(basename $CIRRUS_BRANCH) successful: $URL" fi diff --git a/docs/links/podman-container-umount.1 b/docs/links/podman-container-umount.1 index dadc63113..789dabbb0 100644 --- a/docs/links/podman-container-umount.1 +++ b/docs/links/podman-container-umount.1 @@ -1 +1 @@ -.so man1/podman-umount,.1 +.so man1/podman-umount.1 diff --git a/docs/links/podman-container-unmount.1 b/docs/links/podman-container-unmount.1 index dadc63113..789dabbb0 100644 --- a/docs/links/podman-container-unmount.1 +++ b/docs/links/podman-container-unmount.1 @@ -1 +1 @@ -.so man1/podman-umount,.1 +.so man1/podman-umount.1 diff --git a/docs/links/podman-image-rm.1 b/docs/links/podman-image-rm.1 index 6dfc6e98c..1007ad150 100644 --- a/docs/links/podman-image-rm.1 +++ b/docs/links/podman-image-rm.1 @@ -1 +1 @@ -.so man1/podman-rm.1 +.so man1/podman-rmi.1 diff --git a/docs/podman-attach.1.md b/docs/podman-attach.1.md index 4caa87792..cef01f0f6 100644 --- a/docs/podman-attach.1.md +++ b/docs/podman-attach.1.md @@ -6,6 +6,8 @@ podman\-attach - Attach to a running container ## SYNOPSIS **podman attach** [*options*] *container* +**podman container attach** [*options*] *container* + ## DESCRIPTION The attach command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively. diff --git a/docs/podman-build.1.md b/docs/podman-build.1.md index 8deb8811e..74c07ab73 100644 --- a/docs/podman-build.1.md +++ b/docs/podman-build.1.md @@ -6,6 +6,8 @@ podman\-build - Build a container image using a Dockerfile ## SYNOPSIS **podman build** [*options*] *context* +**podman image build** [*options*] *context* + ## DESCRIPTION **podman build** Builds an image using instructions from one or more Dockerfiles and a specified build context directory. diff --git a/docs/podman-commit.1.md b/docs/podman-commit.1.md index a269d0fae..5b0ba48aa 100644 --- a/docs/podman-commit.1.md +++ b/docs/podman-commit.1.md @@ -6,6 +6,8 @@ podman\-commit - Create new image based on the changed container ## SYNOPSIS **podman commit** [*options*] *container* *image* +**podman container commit** [*options*] *container* *image* + ## DESCRIPTION **podman commit** creates an image based on a changed container. The author of the image can be set using the `--author` flag. Various image instructions can be diff --git a/docs/podman-container-cleanup.1.md b/docs/podman-container-cleanup.1.md index f6bb84113..69e21ce9f 100644 --- a/docs/podman-container-cleanup.1.md +++ b/docs/podman-container-cleanup.1.md @@ -1,7 +1,7 @@ % podman-container-cleanup(1) ## NAME -podman\-container\-cleanup - Cleanup Container storage and networks +podman\-container\-cleanup - Cleanup the container's network and mountpoints ## SYNOPSIS **podman container cleanup** [*options*] *container* diff --git a/docs/podman-container-prune.1.md b/docs/podman-container-prune.1.md index 26c6b0b49..d8a4b7f4e 100644 --- a/docs/podman-container-prune.1.md +++ b/docs/podman-container-prune.1.md @@ -1,7 +1,7 @@ % podman-container-prune(1) ## NAME -podman-container-prune - Remove all stopped containers +podman-container-prune - Remove all stopped containers from local storage ## SYNOPSIS **podman container prune** [*options*] diff --git a/docs/podman-container-restore.1.md b/docs/podman-container-restore.1.md index a49cb7421..1d2cf0b3e 100644 --- a/docs/podman-container-restore.1.md +++ b/docs/podman-container-restore.1.md @@ -1,7 +1,7 @@ % podman-container-restore(1) ## NAME -podman\-container\-restore - Restores one or more running containers +podman\-container\-restore - Restores one or more containers from a checkpoint ## SYNOPSIS **podman container restore** [*options*] *container* ... diff --git a/docs/podman-container-runlabel.1.md b/docs/podman-container-runlabel.1.md index c16d8c3f4..8511dd5cd 100644 --- a/docs/podman-container-runlabel.1.md +++ b/docs/podman-container-runlabel.1.md @@ -1,10 +1,10 @@ % podman-container-runlabel(1) ## NAME -podman-container-runlabel - Execute Image Label Method +podman-container-runlabel - Executes a command as described by a container image label ## SYNOPSIS -**podman container runlabel** [*options*] *LABEL* *IMAGE* [ARG...] +**podman container runlabel** [*options*] *label* *image* [*arg...*] ## DESCRIPTION **podman container runlabel** reads the provided `LABEL` field in the container diff --git a/docs/podman-container.1.md b/docs/podman-container.1.md index eb53149bd..4ea7c7acc 100644 --- a/docs/podman-container.1.md +++ b/docs/podman-container.1.md @@ -14,8 +14,8 @@ The container command allows you to manage containers | Command | Man Page | Description | | --------- | --------------------------------------------------- | ---------------------------------------------------------------------------- | | attach | [podman-attach(1)](podman-attach.1.md) | Attach to a running container. | -| checkpoint | [podman-container-checkpoint(1)](podman-container-checkpoint.1.md) | Checkpoints one or more containers. | -| cleanup | [podman-container-cleanup(1)](podman-container-cleanup.1.md) | Cleanup containers network and mountpoints. | +| checkpoint | [podman-container-checkpoint(1)](podman-container-checkpoint.1.md) | Checkpoints one or more running containers. | +| cleanup | [podman-container-cleanup(1)](podman-container-cleanup.1.md) | Cleanup the container's network and mountpoints. | | commit | [podman-commit(1)](podman-commit.1.md) | Create new image based on the changed container. | | cp | [podman-cp(1)](podman-cp.1.md) | Copy files/folders between a container and the local filesystem. | | create | [podman-create(1)](podman-create.1.md) | Create a new container. | diff --git a/docs/podman-cp.1.md b/docs/podman-cp.1.md index 178a05018..e3d992b55 100644 --- a/docs/podman-cp.1.md +++ b/docs/podman-cp.1.md @@ -6,6 +6,8 @@ podman\-cp - Copy files/folders between a container and the local filesystem ## SYNOPSIS **podman cp** [*options*] [*container*:]*src_path* [*container*:]*dest_path* +**podman container cp** [*options*] [*container*:]*src_path* [*container*:]*dest_path* + ## DESCRIPTION Copies the contents of **src_path** to the **dest_path**. You can copy from the container's filesystem to the local machine or the reverse, from the local filesystem to the container. If - is specified for either the SRC_PATH or DEST_PATH, you can also stream a tar archive from STDIN or to STDOUT. diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index 7634408f5..cee9a1640 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -6,6 +6,8 @@ podman\-create - Create a new container ## SYNOPSIS **podman create** [*options*] *image* [*command* [*arg* ...]] +**podman container create** [*options*] *image* [*command* [*arg* ...]] + ## DESCRIPTION Creates a writable container layer over the specified image and prepares it for diff --git a/docs/podman-diff.1.md b/docs/podman-diff.1.md index 8d67ed82c..5b0434a07 100644 --- a/docs/podman-diff.1.md +++ b/docs/podman-diff.1.md @@ -6,6 +6,8 @@ podman\-diff - Inspect changes on a container or image's filesystem ## SYNOPSIS **podman diff** [*options*] *name* +**podman container diff** [*options*] *name* + ## DESCRIPTION Displays changes on a container or image's filesystem. The container or image will be compared to its parent layer diff --git a/docs/podman-exec.1.md b/docs/podman-exec.1.md index ab8d75626..f71b21126 100644 --- a/docs/podman-exec.1.md +++ b/docs/podman-exec.1.md @@ -6,6 +6,8 @@ podman\-exec - Execute a command in a running container ## SYNOPSIS **podman exec** [*options*] *container* [*command* [*arg* ...]] +**podman container exec** [*options*] *container* [*command* [*arg* ...]] + ## DESCRIPTION **podman exec** executes a command in a running container. diff --git a/docs/podman-export.1.md b/docs/podman-export.1.md index 3ccd783d8..4286d0e2f 100644 --- a/docs/podman-export.1.md +++ b/docs/podman-export.1.md @@ -6,6 +6,8 @@ podman\-export - Export a container's filesystem contents as a tar archive ## SYNOPSIS **podman export** [*options*] *container* +**podman container export** [*options*] *container* + ## DESCRIPTION **podman export** exports the filesystem of a container and saves it as a tarball on the local machine. **podman export** writes to STDOUT by default and can be diff --git a/docs/podman-generate-kube.1.md b/docs/podman-generate-kube.1.md index 93f746664..8f15e14ba 100644 --- a/docs/podman-generate-kube.1.md +++ b/docs/podman-generate-kube.1.md @@ -1,6 +1,6 @@ % podman-generate-kube(1) ## NAME -podman-generate-kube - Generate Kubernetes YAML +podman-generate-kube - Generate Kubernetes YAML based on a pod or container ## SYNOPSIS **podman generate kube** [*options*] *container* | *pod* diff --git a/docs/podman-generate-systemd.1.md b/docs/podman-generate-systemd.1.md index b4962f28b..b81e68a46 100644 --- a/docs/podman-generate-systemd.1.md +++ b/docs/podman-generate-systemd.1.md @@ -1,7 +1,7 @@ % podman-generate-systemd(1) ## NAME -podman-generate-systemd- Generate Systemd Unit file +podman\-generate\-systemd - Generate systemd unit file(s) for a container. Not supported for the remote client ## SYNOPSIS **podman generate systemd** [*options*] *container|pod* diff --git a/docs/podman-history.1.md b/docs/podman-history.1.md index 5ee87c185..a67cb0286 100644 --- a/docs/podman-history.1.md +++ b/docs/podman-history.1.md @@ -6,6 +6,8 @@ podman\-history - Show the history of an image ## SYNOPSIS **podman history** [*options*] *image*[:*tag*|@*digest*] +**podman image history** [*options*] *image*[:*tag*|@*digest*] + ## DESCRIPTION **podman history** displays the history of an image by printing out information about each layer used in the image. The information printed out for each layer diff --git a/docs/podman-image-prune.1.md b/docs/podman-image-prune.1.md index 52278746d..b844a9f63 100644 --- a/docs/podman-image-prune.1.md +++ b/docs/podman-image-prune.1.md @@ -1,7 +1,7 @@ % podman-image-prune(1) ## NAME -podman-image-prune - Remove all unused images +podman-image-prune - Remove all unused images from the local store ## SYNOPSIS **podman image prune** [*options*] diff --git a/docs/podman-image-trust.1.md b/docs/podman-image-trust.1.md index 7c5b70833..b35e883d7 100644 --- a/docs/podman-image-trust.1.md +++ b/docs/podman-image-trust.1.md @@ -5,7 +5,7 @@ podman\-image\-trust - Manage container registry image trust policy ## SYNOPSIS -**podman image trust** set|show [*options*] *REGISTRY[/REPOSITORY]* +**podman image trust** set|show [*options*] *registry[/repository]* ## DESCRIPTION Manages which registries you trust as a source of container images based on its location. The location is determined diff --git a/docs/podman-image.1.md b/docs/podman-image.1.md index 01cf08d62..339a531dd 100644 --- a/docs/podman-image.1.md +++ b/docs/podman-image.1.md @@ -25,10 +25,10 @@ The image command allows you to manage images | push | [podman-push(1)](podman-push.1.md) | Push an image from local storage to elsewhere. | | rm | [podman-rmi(1)](podman-rmi.1.md) | Removes one or more locally stored images. | | save | [podman-save(1)](podman-save.1.md) | Save an image to docker-archive or oci. | -| sign | [podman-image-sign(1)](podman-image-sign.1.md) | Sign an image. | +| sign | [podman-image-sign(1)](podman-image-sign.1.md) | Create a signature for an image. | | tag | [podman-tag(1)](podman-tag.1.md) | Add an additional name to a local image. | | tree | [podman-image-tree(1)](podman-image-tree.1.md) | Prints layer hierarchy of an image in a tree format. | -| trust | [podman-image-trust(1)](podman-image-trust.1.md)| Manage container image trust policy. | +| trust | [podman-image-trust(1)](podman-image-trust.1.md)| Manage container registry image trust policy. | ## SEE ALSO podman diff --git a/docs/podman-images.1.md b/docs/podman-images.1.md index 6360bf580..3ac07fc43 100644 --- a/docs/podman-images.1.md +++ b/docs/podman-images.1.md @@ -6,6 +6,10 @@ podman\-images - List images in local storage ## SYNOPSIS **podman images** [*options*] +**podman image list** [*options*] + +**podman image ls** [*options*] + ## DESCRIPTION Displays locally stored images, their names, and their IDs. diff --git a/docs/podman-import.1.md b/docs/podman-import.1.md index 6c625bc8d..5e57c1bcb 100644 --- a/docs/podman-import.1.md +++ b/docs/podman-import.1.md @@ -6,6 +6,8 @@ podman\-import - Import a tarball and save it as a filesystem image ## SYNOPSIS **podman import** [*options*] *path* [*reference*] +**podman image import** [*options*] *path* [*reference*] + ## DESCRIPTION **podman import** imports a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) and saves it as a filesystem image. Remote tarballs can be specified using a URL. diff --git a/docs/podman-info.1.md b/docs/podman-info.1.md index a7b259c95..9721755ef 100644 --- a/docs/podman-info.1.md +++ b/docs/podman-info.1.md @@ -1,12 +1,12 @@ % podman-info(1) ## NAME -podman\-system\-info - Display system information -podman\-info - Display system information +podman\-info - Displays Podman related system information ## SYNOPSIS **podman info** [*options*] +**podman system info** [*options*] ## DESCRIPTION diff --git a/docs/podman-init.1.md b/docs/podman-init.1.md index a6bb391ec..3b49cfb99 100644 --- a/docs/podman-init.1.md +++ b/docs/podman-init.1.md @@ -6,6 +6,8 @@ podman\-init - Initialize one or more containers ## SYNOPSIS **podman init** [*options*] *container* [*container*...] +**podman container init** [*options*] *container* [*container*...] + ## DESCRIPTION Initialize one or more containers. You may use container IDs or names as input. diff --git a/docs/podman-kill.1.md b/docs/podman-kill.1.md index 118246fdb..617d25b85 100644 --- a/docs/podman-kill.1.md +++ b/docs/podman-kill.1.md @@ -1,11 +1,13 @@ % podman-kill(1) ## NAME -podman\-kill - Kills one or more containers with a signal +podman\-kill - Kill the main process in one or more containers ## SYNOPSIS **podman kill** [*options*] [*container* ...] +**podman container kill** [*options*] [*container* ...] + ## DESCRIPTION The main process inside each container specified will be sent SIGKILL, or any signal specified with option --signal. diff --git a/docs/podman-load.1.md b/docs/podman-load.1.md index 6643538ce..deb4fb5ec 100644 --- a/docs/podman-load.1.md +++ b/docs/podman-load.1.md @@ -6,6 +6,8 @@ podman\-load - Load an image from a container image archive into container stora ## SYNOPSIS **podman load** [*options*] [*name*[:*tag*]] +**podman image load** [*options*] [*name*[:*tag*]] + ## DESCRIPTION **podman load** loads an image from either an **oci-archive** or **docker-archive** stored on the local machine into container storage. **podman load** reads from stdin by default or a file if the **input** option is set. You can also specify a name for the image if the archive does not contain a named reference, of if you want an additional name for the local image. diff --git a/docs/podman-logs.1.md b/docs/podman-logs.1.md index 310eff438..405f180d9 100644 --- a/docs/podman-logs.1.md +++ b/docs/podman-logs.1.md @@ -1,13 +1,13 @@ % podman-logs(1) ## NAME -podman\-container\-logs (podman\-logs) - Fetch the logs of one or more containers +podman\-logs - Display the logs of one or more containers ## SYNOPSIS -**podman container logs** [*options*] *container* [*container...*] - **podman logs** [*options*] *container* [*container...*] +**podman container logs** [*options*] *container* [*container...*] + ## DESCRIPTION The podman logs command batch-retrieves whatever logs are present for one or more containers at the time of execution. This does not guarantee execution order when combined with podman run (i.e. your run may not have generated diff --git a/docs/podman-mount.1.md b/docs/podman-mount.1.md index 2722f460c..8f4deeca6 100644 --- a/docs/podman-mount.1.md +++ b/docs/podman-mount.1.md @@ -1,11 +1,13 @@ % podman-mount(1) ## NAME -podman\-mount - Mount the specified working containers' root filesystem +podman\-mount - Mount a working container's root filesystem ## SYNOPSIS **podman mount** [*container* ...] +**podman container mount** [*container* ...] + ## DESCRIPTION Mounts the specified containers' root file system in a location which can be accessed from the host, and returns its location. diff --git a/docs/podman-network-inspect.1.md b/docs/podman-network-inspect.1.md index 576e61c79..dfa7e4b0c 100644 --- a/docs/podman-network-inspect.1.md +++ b/docs/podman-network-inspect.1.md @@ -1,7 +1,7 @@ % podman-network-inspect(1) ## NAME -podman\-network-inspect- Inspect one or more Podman networks +podman\-network\-inspect - Displays the raw CNI network configuration for one or more networks ## SYNOPSIS **podman network inspect** [*network* ...] diff --git a/docs/podman-network-ls.1.md b/docs/podman-network-ls.1.md index 725e07dbb..658b86c21 100644 --- a/docs/podman-network-ls.1.md +++ b/docs/podman-network-ls.1.md @@ -1,7 +1,7 @@ % podman-network-ls(1) ## NAME -podman\-network-ls- Display a summary of CNI networks +podman\-network\-ls - Display a summary of CNI networks ## SYNOPSIS **podman network ls** [*options*] diff --git a/docs/podman-network-rm.1.md b/docs/podman-network-rm.1.md index f72d6a694..c95c93cd8 100644 --- a/docs/podman-network-rm.1.md +++ b/docs/podman-network-rm.1.md @@ -1,7 +1,7 @@ % podman-network-rm(1) ## NAME -podman\-network-rm- Delete a Podman CNI network +podman\-network\-rm - Remove one or more CNI networks ## SYNOPSIS **podman network rm** [*network...*] diff --git a/docs/podman-network.1.md b/docs/podman-network.1.md index c01adc23e..c9f6725a3 100644 --- a/docs/podman-network.1.md +++ b/docs/podman-network.1.md @@ -1,7 +1,7 @@ % podman-network(1) ## NAME -podman\-network- Manage podman CNI networks +podman\-network - Manage Podman CNI networks ## SYNOPSIS **podman network** *subcommand* diff --git a/docs/podman-pause.1.md b/docs/podman-pause.1.md index 18080ec04..dfd4da416 100644 --- a/docs/podman-pause.1.md +++ b/docs/podman-pause.1.md @@ -6,6 +6,8 @@ podman\-pause - Pause one or more containers ## SYNOPSIS **podman pause** [*options*] [*container*...] +**podman container pause** [*options*] [*container*...] + ## DESCRIPTION Pauses all the processes in one or more containers. You may use container IDs or names as input. diff --git a/docs/podman-play-kube.1.md b/docs/podman-play-kube.1.md index 8b78c83d0..2ac860a32 100644 --- a/docs/podman-play-kube.1.md +++ b/docs/podman-play-kube.1.md @@ -4,7 +4,7 @@ podman-play-kube - Create pods and containers based on Kubernetes YAML ## SYNOPSIS -**podman play kube** [*options*] *file***.yml** +**podman play kube** [*options*] *file*__.yml__ ## DESCRIPTION **podman play kube** will read in a structured file of Kubernetes YAML. It will then recreate diff --git a/docs/podman-play.1.md b/docs/podman-play.1.md index f0bf8ea41..364baad60 100644 --- a/docs/podman-play.1.md +++ b/docs/podman-play.1.md @@ -14,7 +14,7 @@ file input. Containers will be automatically started. | Command | Man Page | Description | | ------- | --------------------------------------------------- | ---------------------------------------------------------------------------- | -| kube | [podman-play-kube(1)](podman-play-kube.1.md) | Recreate pods and containers based on Kubernetes YAML. | +| kube | [podman-play-kube(1)](podman-play-kube.1.md) | Create pods and containers based on Kubernetes YAML. | ## SEE ALSO podman, podman-pod(1), podman-container(1), podman-generate(1), podman-play(1), podman-play-kube(1) diff --git a/docs/podman-pod-kill.1.md b/docs/podman-pod-kill.1.md index 069db70d2..596e15cea 100644 --- a/docs/podman-pod-kill.1.md +++ b/docs/podman-pod-kill.1.md @@ -1,7 +1,7 @@ % podman-pod-kill(1) ## NAME -podman\-pod\-kill - Kills all containers in one or more pods with a signal +podman\-pod\-kill - Kill the main process of each container in one or more pods ## SYNOPSIS **podman pod kill** [*options*] *pod* ... diff --git a/docs/podman-pod-stats.1.md b/docs/podman-pod-stats.1.md index 12fc83cff..962edbda0 100644 --- a/docs/podman-pod-stats.1.md +++ b/docs/podman-pod-stats.1.md @@ -1,7 +1,7 @@ % podman-pod-stats(1) ## NAME -podman\-pod\-stats - Display a live stream of resource usage statistics for the containers in one or more pods +podman\-pod\-stats - Display a live stream of resource usage stats for containers in one or more pods ## SYNOPSIS **podman pod stats** [*options*] [*pod*] diff --git a/docs/podman-pod.1.md b/docs/podman-pod.1.md index d11614358..b3d002a06 100644 --- a/docs/podman-pod.1.md +++ b/docs/podman-pod.1.md @@ -1,7 +1,7 @@ % podman-pod(1) ## NAME -podman\-pod - Simple management tool for groups of containers, called pods. +podman\-pod - Management tool for groups of containers, called pods ## SYNOPSIS **podman pod** *subcommand* @@ -11,22 +11,22 @@ podman pod is a set of subcommands that manage pods, or groups of containers. ## SUBCOMMANDS -| Command | Man Page | Description | -| ------- | -------------------------------------------------------- | ------------------------------------------------------------------------------ | -| create | [podman-pod-create(1)](podman-pod-create.1.md) | Create a new pod. | -| exists | [podman-pod-exists(1)](podman-pod-exists.1.md) | Check if a pod exists in local storage. | -| inspect | [podman-pod-inspect(1)](podman-pod-inspect.1.md) | Displays information describing a pod. | -| kill | [podman-pod-kill(1)](podman-pod-kill.1.md) | Kill the main process of each container in pod. | -| pause | [podman-pod-pause(1)](podman-pod-pause.1.md) | Pause one or more pods. | -| prune | [podman-container-prune(1)](podman-container-prune.1.md) | Remove all stopped containers from local storage. | -| ps | [podman-pod-ps(1)](podman-pod-ps.1.md) | Prints out information about pods. | -| restart | [podman-pod-restart(1)](podman-pod-restart.1.md) | Restart one or more pods. | -| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more pods. | -| start | [podman-pod-start(1)](podman-pod-start.1.md) | Start one or more pods. | -| stats | [podman-pod-stats(1)](podman-pod-stats.1.md) | Display live stream resource usage stats for containers in one or more pods. | -| stop | [podman-pod-stop(1)](podman-pod-stop.1.md) | Stop one or more pods. | -| top | [podman-pod-top(1)](podman-pod-top.1.md) | Display the running processes of containers in a pod. | -| unpause | [podman-pod-unpause(1)](podman-pod-unpause.1.md) | Unpause one or more pods. | +| Command | Man Page | Description | +| ------- | ------------------------------------------------- | --------------------------------------------------------------------------------- | +| create | [podman-pod-create(1)](podman-pod-create.1.md) | Create a new pod. | +| exists | [podman-pod-exists(1)](podman-pod-exists.1.md) | Check if a pod exists in local storage. | +| inspect | [podman-pod-inspect(1)](podman-pod-inspect.1.md) | Displays information describing a pod. | +| kill | [podman-pod-kill(1)](podman-pod-kill.1.md) | Kill the main process of each container in one or more pods. | +| pause | [podman-pod-pause(1)](podman-pod-pause.1.md) | Pause one or more pods. | +| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods. | +| ps | [podman-pod-ps(1)](podman-pod-ps.1.md) | Prints out information about pods. | +| restart | [podman-pod-restart(1)](podman-pod-restart.1.md) | Restart one or more pods. | +| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more pods. | +| start | [podman-pod-start(1)](podman-pod-start.1.md) | Start one or more pods. | +| stats | [podman-pod-stats(1)](podman-pod-stats.1.md) | Display a live stream of resource usage stats for containers in one or more pods. | +| stop | [podman-pod-stop(1)](podman-pod-stop.1.md) | Stop one or more pods. | +| top | [podman-pod-top(1)](podman-pod-top.1.md) | Display the running processes of containers in a pod. | +| unpause | [podman-pod-unpause(1)](podman-pod-unpause.1.md) | Unpause one or more pods. | ## SEE ALSO podman(1) diff --git a/docs/podman-port.1.md b/docs/podman-port.1.md index bee15c881..c9833f447 100644 --- a/docs/podman-port.1.md +++ b/docs/podman-port.1.md @@ -6,6 +6,8 @@ podman\-port - List port mappings for a container ## SYNOPSIS **podman port** [*options*] *container* [*private-port*[/*proto*]] +**podman container port** [*options*] *container* [*private-port*[/*proto*]] + ## DESCRIPTION List port mappings for the *container* or lookup the public-facing port that is NAT-ed to the *private-port*. diff --git a/docs/podman-ps.1.md b/docs/podman-ps.1.md index e3aaf93e2..298de0b2b 100644 --- a/docs/podman-ps.1.md +++ b/docs/podman-ps.1.md @@ -6,6 +6,16 @@ podman\-ps - Prints out information about containers ## SYNOPSIS **podman ps** [*options*] +**podman container list** [*options*] + +**podman container ls** [*options*] + +**podman container ps** [*options*] + +**podman list** [*options*] + +**podman ls** [*options*] + ## DESCRIPTION **podman ps** lists the running containers on the system. Use the **--all** flag to view all the containers information. By default it lists: diff --git a/docs/podman-pull.1.md b/docs/podman-pull.1.md index 8774075e1..9976bc586 100644 --- a/docs/podman-pull.1.md +++ b/docs/podman-pull.1.md @@ -6,6 +6,8 @@ podman\-pull - Pull an image from a registry ## SYNOPSIS **podman pull** [*options*] *name*[:*tag*|@*digest*] +**podman image pull** [*options*] *name*[:*tag*|@*digest*] + ## DESCRIPTION Copies an image from a registry onto the local machine. **podman pull** pulls an image from Docker Hub if a registry is not specified in the command line argument. diff --git a/docs/podman-push.1.md b/docs/podman-push.1.md index 29e4044a3..1cf8fd1a6 100644 --- a/docs/podman-push.1.md +++ b/docs/podman-push.1.md @@ -6,6 +6,8 @@ podman\-push - Push an image from local storage to elsewhere ## SYNOPSIS **podman push** [*options*] *image* [*destination*] +**podman image push** [*options*] *image* [*destination*] + ## DESCRIPTION Pushes an image from local storage to a specified destination. Push is mainly used to push images to registries, however **podman push** diff --git a/docs/podman-restart.1.md b/docs/podman-restart.1.md index 643eb1b03..08fa29244 100644 --- a/docs/podman-restart.1.md +++ b/docs/podman-restart.1.md @@ -6,6 +6,8 @@ podman\-restart - Restart one or more containers ## SYNOPSIS **podman restart** [*options*] *container* ... +**podman container restart** [*options*] *container* ... + ## DESCRIPTION The restart command allows containers to be restarted using their ID or name. Containers will be stopped if they are running and then restarted. Stopped diff --git a/docs/podman-rm.1.md b/docs/podman-rm.1.md index 7f39c09ad..88339af16 100644 --- a/docs/podman-rm.1.md +++ b/docs/podman-rm.1.md @@ -1,13 +1,13 @@ % podman-rm(1) ## NAME -podman\-container\-rm (podman\-rm) - Remove one or more containers +podman\-rm - Remove one or more containers ## SYNOPSIS -**podman container rm** [*options*] *container* - **podman rm** [*options*] *container* +**podman container rm** [*options*] *container* + ## DESCRIPTION **podman rm** will remove one or more containers from the host. The container name or ID can be used. This does not remove images. Running containers will not be removed without the `-f` option diff --git a/docs/podman-rmi.1.md b/docs/podman-rmi.1.md index 6b242c94e..d911ee6cb 100644 --- a/docs/podman-rmi.1.md +++ b/docs/podman-rmi.1.md @@ -1,13 +1,13 @@ % podman-rmi(1) ## NAME -podman\-image\-rm (podman\-rmi) - Removes one or more images +podman\-rmi - Removes one or more locally stored images ## SYNOPSIS -**podman image rm** *image* [...] - **podman rmi** *image* [...] +**podman image rm** *image* [...] + ## DESCRIPTION Removes one or more locally stored images. diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 447d4f282..8fb7453fe 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -6,6 +6,8 @@ podman\-run - Run a command in a new container ## SYNOPSIS **podman run** [*options*] *image* [*command* [*arg* ...]] +**podman container run** [*options*] *image* [*command* [*arg* ...]] + ## DESCRIPTION Run a process in a new container. **podman run** starts a process with its own diff --git a/docs/podman-save.1.md b/docs/podman-save.1.md index 034d2696f..b2b0995d3 100644 --- a/docs/podman-save.1.md +++ b/docs/podman-save.1.md @@ -6,6 +6,8 @@ podman\-save - Save an image to a container archive ## SYNOPSIS **podman save** [*options*] *name*[:*tag*] +**podman image save** [*options*] *name*[:*tag*] + ## DESCRIPTION **podman save** saves an image to either **docker-archive**, **oci-archive**, **oci-dir** (directory with oci manifest type), or **docker-dir** (directory with v2s2 manifest type) on the local machine, default is **docker-archive**. **podman save** writes to STDOUT by default and can be redirected to a diff --git a/docs/podman-start.1.md b/docs/podman-start.1.md index 5ec6e2ea2..4c81d17bd 100644 --- a/docs/podman-start.1.md +++ b/docs/podman-start.1.md @@ -6,6 +6,8 @@ podman\-start - Start one or more containers ## SYNOPSIS **podman start** [*options*] *container* ... +**podman container start** [*options*] *container* ... + ## DESCRIPTION Start one or more containers. You may use container IDs or names as input. The *attach* and *interactive* options cannot be used to override the *--tty* and *--interactive* options from when the container diff --git a/docs/podman-stats.1.md b/docs/podman-stats.1.md index 2f604644f..e0cff0dc2 100644 --- a/docs/podman-stats.1.md +++ b/docs/podman-stats.1.md @@ -1,11 +1,13 @@ % podman-stats(1) ## NAME -podman\-stats - Display a live stream of 1 or more containers' resource usage statistics +podman\-stats - Display a live stream of one or more container's resource usage statistics ## SYNOPSIS **podman stats** [*options*] [*container*] +**podman container stats** [*options*] [*container*] + ## DESCRIPTION Display a live stream of one or more containers' resource usage statistics diff --git a/docs/podman-stop.1.md b/docs/podman-stop.1.md index e2c4e8b44..b5ea670b0 100644 --- a/docs/podman-stop.1.md +++ b/docs/podman-stop.1.md @@ -1,11 +1,13 @@ % podman-stop(1) ## NAME -podman\-stop - Stop one or more containers +podman\-stop - Stop one or more running containers ## SYNOPSIS **podman stop** [*options*] *container* ... +**podman container stop** [*options*] *container* ... + ## DESCRIPTION Stops one or more containers. You may use container IDs or names as input. The **--timeout** switch allows you to specify the number of seconds to wait before forcibly stopping the container after the stop command diff --git a/docs/podman-system-migrate.1.md b/docs/podman-system-migrate.1.md index 1efa779ce..d175d0344 100644 --- a/docs/podman-system-migrate.1.md +++ b/docs/podman-system-migrate.1.md @@ -1,7 +1,7 @@ % podman-system-migrate(1) ## NAME -podman\-system\-migrate - Migrate container to the latest version of podman +podman\-system\-migrate - Migrate existing containers to a new podman version ## SYNOPSIS ** podman system migrate** diff --git a/docs/podman-system-renumber.1.md b/docs/podman-system-renumber.1.md index af498f270..071eefe29 100644 --- a/docs/podman-system-renumber.1.md +++ b/docs/podman-system-renumber.1.md @@ -1,7 +1,7 @@ % podman-system-renumber(1) ## NAME -podman\-system\-renumber - Renumber container locks +podman\-system\-renumber - Migrate lock numbers to handle a change in maximum number of locks ## SYNOPSIS **podman system renumber** diff --git a/docs/podman-system.1.md b/docs/podman-system.1.md index d36715feb..bbd541066 100644 --- a/docs/podman-system.1.md +++ b/docs/podman-system.1.md @@ -15,7 +15,7 @@ The system command allows you to manage the podman systems | ------- | --------------------------------------------------- | ---------------------------------------------------------------------------- | | df | [podman-system-df(1)](podman-system-df.1.md) | Show podman disk usage. | | info | [podman-system-info(1)](podman-info.1.md) | Displays Podman related system information. | -| prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused data | +| prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused container, image and volume data | | renumber | [podman-system-renumber(1)](podman-system-renumber.1.md)| Migrate lock numbers to handle a change in maximum number of locks. | | migrate | [podman-system-migrate(1)](podman-system-migrate.1.md)| Migrate existing containers to a new podman version. | diff --git a/docs/podman-tag.1.md b/docs/podman-tag.1.md index f3851d8b6..291d95228 100644 --- a/docs/podman-tag.1.md +++ b/docs/podman-tag.1.md @@ -6,6 +6,7 @@ podman\-tag - Add an additional name to a local image ## SYNOPSIS **podman tag** *image*[:*tag*] *target-name*[:*tag*] [*options*] +**podman image tag** *image*[:*tag*] *target-name*[:*tag*] [*options*] ## DESCRIPTION Assigns a new alias to an image. An alias refers to the entire image name, including the optional diff --git a/docs/podman-top.1.md b/docs/podman-top.1.md index 564c2f067..1410aa651 100644 --- a/docs/podman-top.1.md +++ b/docs/podman-top.1.md @@ -6,6 +6,8 @@ podman\-top - Display the running processes of a container ## SYNOPSIS **podman top** [*options*] *container* [*format-descriptors*] +**podman container top** [*options*] *container* [*format-descriptors*] + ## DESCRIPTION Display the running processes of the container. The *format-descriptors* are ps (1) compatible AIX format descriptors but extended to print additional information, such as the seccomp mode or the effective capabilities of a given process. The descriptors can either be passed as separated arguments or as a single comma-separated argument. Note that you can also specify options and or flags of ps(1); in this case, Podman will fallback to executing ps with the specified arguments and flags in the container. diff --git a/docs/podman-umount.1.md b/docs/podman-umount.1.md index 8ef7b20ac..100c47b32 100644 --- a/docs/podman-umount.1.md +++ b/docs/podman-umount.1.md @@ -1,11 +1,17 @@ % podman-umount(1) ## NAME -podman\-umount - Unmount the specified working containers' root file system. +podman\-umount - Unmount a working container's root filesystem ## SYNOPSIS **podman umount** *container* [...] +**podman container umount** *container* [...] + +**podman container unmount** *container* [...] + +**podman unmount** *container* [...] + ## DESCRIPTION Unmounts the specified containers' root file system, if no other processes are using it. diff --git a/docs/podman-unpause.1.md b/docs/podman-unpause.1.md index ef8a4cdb6..f5538d6d5 100644 --- a/docs/podman-unpause.1.md +++ b/docs/podman-unpause.1.md @@ -6,6 +6,8 @@ podman\-unpause - Unpause one or more containers ## SYNOPSIS **podman unpause** [*options*]|[*container* ...] +**podman container unpause** [*options*]|[*container* ...] + ## DESCRIPTION Unpauses the processes in one or more containers. You may use container IDs or names as input. diff --git a/docs/podman-unshare.1.md b/docs/podman-unshare.1.md index d7fefb774..9052b97ab 100644 --- a/docs/podman-unshare.1.md +++ b/docs/podman-unshare.1.md @@ -1,10 +1,10 @@ % podman-unshare(1) ## NAME -podman\-unshare - Run a command inside of a modified user namespace. +podman\-unshare - Run a command inside of a modified user namespace ## SYNOPSIS -**podman unshare** [*options*] [**--**] [*command*] +**podman unshare** [*options*] [*--*] [*command*] ## DESCRIPTION Launches a process (by default, *$SHELL*) in a new user namespace. The user diff --git a/docs/podman-version.1.md b/docs/podman-version.1.md index cb0a3785f..4499f6338 100644 --- a/docs/podman-version.1.md +++ b/docs/podman-version.1.md @@ -1,7 +1,7 @@ % podman-version(1) ## NAME -podman\-version - Display the PODMAN Version Information +podman\-version - Display the Podman version information ## SYNOPSIS **podman version** [*options*] diff --git a/docs/podman-volume-inspect.1.md b/docs/podman-volume-inspect.1.md index b00c821bb..a6c99f6c8 100644 --- a/docs/podman-volume-inspect.1.md +++ b/docs/podman-volume-inspect.1.md @@ -1,7 +1,7 @@ % podman-volume-inspect(1) ## NAME -podman\-volume\-inspect - Inspect one or more volumes +podman\-volume\-inspect - Get detailed information on one or more volumes ## SYNOPSIS **podman volume inspect** [*options*] *volume* [...] diff --git a/docs/podman-volume-ls.1.md b/docs/podman-volume-ls.1.md index ef1582153..d431c7c6e 100644 --- a/docs/podman-volume-ls.1.md +++ b/docs/podman-volume-ls.1.md @@ -1,7 +1,7 @@ % podman-volume-ls(1) ## NAME -podman\-volume\-ls - List volumes +podman\-volume\-ls - List all the available volumes ## SYNOPSIS **podman volume ls** [*options*] diff --git a/docs/podman-volume.1.md b/docs/podman-volume.1.md index 77728b2b5..288e57b82 100644 --- a/docs/podman-volume.1.md +++ b/docs/podman-volume.1.md @@ -1,7 +1,7 @@ % podman-volume(1) ## NAME -podman\-volume - Simple management tool for volumes. +podman\-volume - Simple management tool for volumes ## SYNOPSIS **podman volume** *subcommand* diff --git a/docs/podman-wait.1.md b/docs/podman-wait.1.md index e1a810ff1..ce1c70a5f 100644 --- a/docs/podman-wait.1.md +++ b/docs/podman-wait.1.md @@ -6,6 +6,8 @@ podman\-wait - Wait on one or more containers to stop and print their exit codes ## SYNOPSIS **podman wait** [*options*] *container* +**podman container wait** [*options*] *container* + ## DESCRIPTION Waits on one or more containers to stop. The container can be referred to by its name or ID. In the case of multiple containers, podman will wait on each consecutively. diff --git a/docs/podman.1.md b/docs/podman.1.md index c643140a2..742d94bd5 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -153,15 +153,15 @@ the exit codes follow the `chroot` standard, see below: | [podman-images(1)](podman-images.1.md) | List images in local storage. | | [podman-import(1)](podman-import.1.md) | Import a tarball and save it as a filesystem image. | | [podman-info(1)](podman-info.1.md) | Displays Podman related system information. | -| [podman-init(1)](podman-init.1.md) | Initialize a container | +| [podman-init(1)](podman-init.1.md) | Initialize one or more containers | | [podman-inspect(1)](podman-inspect.1.md) | Display a container or image's configuration. | | [podman-kill(1)](podman-kill.1.md) | Kill the main process in one or more containers. | | [podman-load(1)](podman-load.1.md) | Load an image from a container image archive into container storage. | | [podman-login(1)](podman-login.1.md) | Login to a container registry. | | [podman-logout(1)](podman-logout.1.md) | Logout of a container registry. | -| [podman-logs(1)](podman-logs.1.md) | Display the logs of a container. | +| [podman-logs(1)](podman-logs.1.md) | Display the logs of one or more containers. | | [podman-mount(1)](podman-mount.1.md) | Mount a working container's root filesystem. | -| [podman-network(1)](podman-network.1.md) | Manage Podman CNI networks. | +| [podman-network(1)](podman-network.1.md) | Manage Podman CNI networks. | | [podman-pause(1)](podman-pause.1.md) | Pause one or more containers. | | [podman-play(1)](podman-play.1.md) | Play pods and containers based on a structured input file. | | [podman-pod(1)](podman-pod.1.md) | Management tool for groups of containers, called pods. | @@ -186,7 +186,7 @@ the exit codes follow the `chroot` standard, see below: | [podman-unshare(1)](podman-unshare.1.md) | Run a command inside of a modified user namespace. | | [podman-varlink(1)](podman-varlink.1.md) | Runs the varlink backend interface. | | [podman-version(1)](podman-version.1.md) | Display the Podman version information. | -| [podman-volume(1)](podman-volume.1.md) | Manage Volumes. | +| [podman-volume(1)](podman-volume.1.md) | Simple management tool for volumes. | | [podman-wait(1)](podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes. | ## FILES diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 92595dd02..91962fead 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -80,6 +80,36 @@ The Podman configuration files for root reside in /usr/share/containers with ove The default authorization file used by the `podman login` and `podman logout` commands reside in ${XDG\_RUNTIME\_DIR}/containers/auth.json. +## Systemd unit for rootless container + +``` +[Unit] +Description=nginx +Requires=user@1001.service +After=user@1001.service + +[Service] +Type=simple +KillMode=none +MemoryMax=200M +ExecStartPre=-/usr/bin/podman rm -f nginx +ExecStartPre=/usr/bin/podman pull nginx +ExecStart=/usr/bin/podman run --name=nginx -p 8080:80 -v /home/nginx/html:/usr/share/nginx/html:Z nginx +ExecStop=/usr/bin/podman stop nginx +Restart=always +User=nginx +Group=nginx + +[Install] +WantedBy=multi-user.target +``` + +This example unit will launch a nginx container using the existing user nginx with id 1001, serving static content from /home/nginx/html and limited to 200MB of RAM. + +You can use all the usual systemd flags to control the process, including capabilities and cgroup directives to limit memory or CPU. + +See #3866 for more details. + ## More information If you are still experiencing problems running Podman in a rootless environment, please refer to the [Shortcomings of Rootless Podman](https://github.com/containers/libpod/blob/master/rootless.md) page which lists known issues and solutions to known issues in this environment. diff --git a/hack/man-page-checker b/hack/man-page-checker index 8e9b5a50d..ab1921b86 100755 --- a/hack/man-page-checker +++ b/hack/man-page-checker @@ -39,8 +39,9 @@ done # Pass 2: compare descriptions. # # Make sure the descriptive text in podman-foo.1.md matches the one -# in the table in podman.1.md. -for md in *.1.md;do +# in the table in podman.1.md. podman-remote is not a podman subcommand, +# so it is excluded here. +for md in $(ls -1 *-*.1.md | grep -v remote);do desc=$(egrep -A1 '^#* NAME' $md|tail -1|sed -e 's/^podman[^ ]\+ - //') # podman.1.md has a two-column table; podman-*.1.md all have three. diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index 60d31d78e..32d8cb4de 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -4,6 +4,7 @@ package createconfig import ( "fmt" + "io/ioutil" "os" "path/filepath" "strings" @@ -98,6 +99,26 @@ func addDevice(g *generate.Generator, device string) error { if err != nil { return errors.Wrapf(err, "%s is not a valid device", src) } + if rootless.IsRootless() { + if _, err := os.Stat(src); err != nil { + if os.IsNotExist(err) { + return errors.Wrapf(err, "the specified device %s doesn't exist", src) + } + return errors.Wrapf(err, "stat device %s exist", src) + } + perm := "ro" + if strings.Contains(permissions, "w") { + perm = "rw" + } + devMnt := spec.Mount{ + Destination: dst, + Type: TypeBind, + Source: src, + Options: []string{"slave", "nosuid", "noexec", perm, "rbind"}, + } + g.Config.Mounts = append(g.Config.Mounts, devMnt) + return nil + } dev.Path = dst linuxdev := spec.LinuxDevice{ Path: dev.Path, @@ -113,8 +134,53 @@ func addDevice(g *generate.Generator, device string) error { return nil } +// based on getDevices from runc (libcontainer/devices/devices.go) +func getDevices(path string) ([]*configs.Device, error) { + files, err := ioutil.ReadDir(path) + if err != nil { + if rootless.IsRootless() && os.IsPermission(err) { + return nil, nil + } + return nil, err + } + out := []*configs.Device{} + for _, f := range files { + switch { + case f.IsDir(): + switch f.Name() { + // ".lxc" & ".lxd-mounts" added to address https://github.com/lxc/lxd/issues/2825 + case "pts", "shm", "fd", "mqueue", ".lxc", ".lxd-mounts": + continue + default: + sub, err := getDevices(filepath.Join(path, f.Name())) + if err != nil { + return nil, err + } + if sub != nil { + out = append(out, sub...) + } + continue + } + case f.Name() == "console": + continue + } + device, err := devices.DeviceFromPath(filepath.Join(path, f.Name()), "rwm") + if err != nil { + if err == devices.ErrNotADevice { + continue + } + if os.IsNotExist(err) { + continue + } + return nil, err + } + out = append(out, device) + } + return out, nil +} + func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { - hostDevices, err := devices.HostDevices() + hostDevices, err := getDevices("/dev") if err != nil { return err } @@ -153,15 +219,16 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { newMounts = append(newMounts, devMnt) } g.Config.Mounts = append(newMounts, g.Config.Mounts...) + g.Config.Linux.Resources.Devices = nil } else { for _, d := range hostDevices { g.AddDevice(Device(d)) } + // Add resources device - need to clear the existing one first. + g.Config.Linux.Resources.Devices = nil + g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") } - // Add resources device - need to clear the existing one first. - g.Config.Linux.Resources.Devices = nil - g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") return nil } diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index cf7ce9cdf..d3b4b0e32 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -35,44 +35,40 @@ var _ = Describe("Podman run device", func() { }) It("podman run bad device test", func() { - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/baddevice", ALPINE, "ls", "/dev/kmsg"}) + session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/baddevice", ALPINE, "true"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) It("podman run device test", func() { - SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"}) + session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("/dev/kmsg")) }) It("podman run device rename test", func() { - SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) + session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("/dev/kmsg1")) }) It("podman run device permission test", func() { - SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"}) + session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("/dev/kmsg")) }) It("podman run device rename and permission test", func() { - SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) + session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("/dev/kmsg1")) }) It("podman run device rename and bad permission test", func() { - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) + session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) diff --git a/troubleshooting.md b/troubleshooting.md index b88940dc8..9a5b38e01 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -391,3 +391,22 @@ Choose one of the following: * Install and configure fuse-overlayfs. * Install the fuse-overlayfs package for your Linux Distribution. * Add `mount_program = "/usr/bin/fuse-overlayfs` under `[storage.options]` in your `~/.config/containers/storage.conf` file. + +### 16) rhel7-init based images don't work with cgroups v2 + +The systemd version shipped in rhel7-init doesn't have support for cgroups v2. You'll need at least systemd 230. + +#### Symptom +```console + +sh# podman run --name test -d registry.access.redhat.com/rhel7-init:latest && sleep 10 && podman exec test systemctl status +c8567461948439bce72fad3076a91ececfb7b14d469bfa5fbc32c6403185beff +Failed to get D-Bus connection: Operation not permitted +Error: non zero exit code: 1: OCI runtime error +``` + +#### Solution +You'll need to either: + +* configure the host to use cgroups v1 +* update the image to use an updated version of systemd. |