diff options
181 files changed, 1715 insertions, 7588 deletions
@@ -258,7 +258,7 @@ test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go) .PHONY: codespell codespell: - codespell -S bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist,ether -w + codespell -S bin,vendor,.git,go.sum,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.ps1,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" -L uint,iff,od,seeked,splitted,marge,ERRO,hist,ether -w .PHONY: validate validate: gofmt lint .gitvalidation validate.completions man-page-check swagger-check tests-included tests-expect-exit @@ -469,17 +469,6 @@ swagger: pkg/api/swagger.yaml docker-docs: docs (cd docs; ./dckrman.sh ./build/man/*.1) -.PHONY: changelog -changelog: ## Generate updated changelog.txt from git logs - @echo "Creating changelog from $(CHANGELOG_BASE) to $(CHANGELOG_TARGET)" - $(eval TMPFILE := $(shell mktemp podman_tmp_XXXX)) - $(shell cat changelog.txt > $(TMPFILE)) - $(shell echo "- Changelog for $(CHANGELOG_TARGET) ($(ISODATE)):" > changelog.txt) - $(shell git log --no-merges --format=" * %s" $(CHANGELOG_BASE)..$(CHANGELOG_TARGET) >> changelog.txt) - $(shell echo "" >> changelog.txt) - $(shell cat $(TMPFILE) >> changelog.txt) - $(shell rm $(TMPFILE)) - # Workaround vim syntax highlighting bug: " ### @@ -5,7 +5,7 @@ Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes. -* [Latest Version: 3.3.0](https://github.com/containers/podman/releases/latest) +* [Latest Version: 3.3.1](https://github.com/containers/podman/releases/latest) * Latest Remote client for Windows * Latest Remote client for macOS * Latest Static Remote client for Linux diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 9649e7abb..b9b94dbb3 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,17 @@ # Release Notes +## 3.3.1 +### Bugfixes +- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)). +- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances. +- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)). +- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. +- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)). +- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)). + +### API +- A large number of potential file descriptor leaks from improperly closing client connections have been fixed. + ## 3.3.0 ### Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. diff --git a/RELEASE_PROCESS.md b/RELEASE_PROCESS.md index e063fa617..bdf8aca88 100644 --- a/RELEASE_PROCESS.md +++ b/RELEASE_PROCESS.md @@ -164,10 +164,6 @@ spelled with complete minutiae. `git checkout -b bump_vX.Y.Z`. 1. Lookup the *COMMIT ID* of the last release, `git log -1 $(git tag | sort -V | tail -1)`. - 1. Run `make changelog CHANGELOG_BASE=`*COMMIT ID*. This will modify the - `changelog.txt` file. Manually edit it to change the first line - (“Changelog for …”) to include the current (new) release version number. - For example, `- Changelog for v2.1.0 (2020-09-22):`. 1. Edit `version/version.go` and bump the `Version` value to the new release version. If there were API changes, also bump `APIVersion` value. 1. Commit this and sign the commit (`git commit -a -s -S`). The commit message diff --git a/changelog.txt b/changelog.txt deleted file mode 100644 index b1c4b4756..000000000 --- a/changelog.txt +++ /dev/null @@ -1,6837 +0,0 @@ -- Changelog for v3.2.0-rc1 (2021-05-05) - * migrate Podman to containers/common/libimage - * add --mac-address to podman play kube - * compat api: Networks must be empty instead of null - * System tests: honor $OCI_RUNTIME (for CI) - * is this a bug? - * system test image: add arm64v8 image - * Fix troubleshooting documentation on handling sublemental groups. - * Add --all to podman start - * Fix variable reference typo. in multi-arch image action - * cgroup: always honor --cgroup-parent with cgroupfs - * Bump github.com/uber/jaeger-client-go - * Don't require tests for github-actions & metadata - * Detect if in podman machine virtual vm - * Fix multi-arch image workflow typo - * [CI:DOCS] Add titles to remote docs (windows) - * Remove unused VolumeList* structs - * Cirrus: Update F34beta -> F34 - * Update container image docs + fix unstable execution - * Bump github.com/containers/storage from 1.30.0 to 1.30.1 - * TODO complete - * Docker returns 'die' status rather then 'died' status - * Check if another VM is running on machine start - * [CI:DOCS] Improve titles of command HTML pages - * system tests: networking: fix another race condition - * Use seccomp_profile as default profile if defined in containers.conf - * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 - * Vendored - * Autoupdate local label functional - * System tests: fix two race conditions - * Add more documentation on conmon - * Allow docker volume create API to pass without name - * Cirrus: Update Ubuntu images to 21.04 - * Skip blkio-weight test when no kernel BFQ support - * rootless: Tell the user what was led to the error, not just what it is - * Add troubleshooting advice about the --userns option. - * Fix images prune filter until - * Fix logic for pushing stable multi-arch images - * Fixes generate kube incorrect when bind-mounting "/" and "/root" - * libpod/image: unit tests: don't use system's registries.conf.d - * runtime: create userns when CAP_SYS_ADMIN is not present - * rootless: attempt to copy current mappings first - * [CI:DOCS] Restore missing content to manpages - * [CI:DOCS] Fix Markdown layout bugs - * Fix podman ps --filter ancestor to match exact ImageName/ImageID - * Add machine-enabled to containers.conf for machine - * Several multi-arch image build/push fixes - * Add podman run --timeout option - * Parse slirp4netns net options with compat api - * Fix rootlesskit port forwarder with custom slirp cidr - * Fix removal race condition in ListContainers - * Add github-action workflow to build/push multi-arch - * rootless: if root is not sub?id raise a debug message - * Bump github.com/containers/common from 0.36.0 to 0.37.0 - * Add go template shell completion for --format - * Add --group-add keep-groups: suplimentary groups into container - * Fixes from make codespell - * Typo fix to usage text of --compress option - * corrupt-image test: fix an oops - * Add --noheading flag to all list commands - * Bump github.com/containers/storage from 1.29.0 to 1.30.0 - * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 - * [CI:DOCS] Fix Markdown table layout bugs - * podman-remote should show podman.sock info - * rmi: don't break when the image is missing a manifest - * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md - * Add support for CDI device configuration - * [CI:DOCS] Add missing dash to verbose option - * Bump github.com/uber/jaeger-client-go - * Remove an advanced layer diff function - * Ensure mount destination is clean, no trailing slash - * add it for inspect pidfile - * [CI:DOCS] Fix introduction page typo - * support pidfile on container restore - * fix start it - * skip pidfile test on remote - * improve document - * set pidfile default value int containerconfig - * add pidfile in inspection - * add pidfile it for container start - * skip pidfile it on remote - * Modify according to comments - * WIP: drop test requirement - * runtime: bump required conmon version - * runtime: return findConmon to libpod - * oci: drop ExecContainerCleanup - * oci: use `--full-path` option for conmon - * use AttachSocketPath when removing conmon files - * hide conmon-pidfile flag on remote mode - * Fix possible panic in libpod/image/prune.go - * add --ip to podman play kube - * add flag autocomplete - * add ut - * add flag "--pidfile" for podman create/run - * Add network bindings tests: remove and list - * Fix build with GO111MODULE=off - * system tests: build --pull-never: deal with flakes - * compose test: diagnose flakes v3 - * podman play kube apply correct log driver - * Fixes podman-remote save to directories does not work - * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 - * Update documentation of podman-run to reflect volume "U" option - * Fix flake on failed podman-remote build : try 2 - * compose test: ongoing efforts to diagnose flakes - * Test that we don't error out on advertised --log-level values - * At trace log level, print error text using %+v instead of %v - * pkg/errorhandling.JoinErrors: don't throw away context for lone errors - * Recognize --log-level=trace - * Fix flake on failed podman-remote build - * System tests: fix racy podman-inspect - * Fixes invalid expression in save command - * Bump github.com/containers/common from 0.35.4 to 0.36.0 - * Update nix pin with `make nixpkgs` - * compose test: try to get useful data from flakes - * Remove in-memory state implementation - * Fix message about runtime to show only the actual runtime - * System tests: setup: better cleanup of stray images - * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 - * Reflect current state of prune implementation in docs - * Do not delete container twice - * [CI:DOCS] Correct status code for /pods/create - * vendor in containers/storage v1.29.0 - * cgroup: do not set cgroup parent when rootless and cgroupfs - * Overhaul Makefile binary and release worflows - * Reorganize Makefile with sections and guide - * Simplify Makefile help target - * Don't shell to obtain current directory - * Remove unnecessary/not-needed release.txt target - * Fix incorrect version number output - * Exclude .gitignore from test req. - * Fix handling of $NAME and $IMAGE in runlabel - * Update podman image Dockerfile to support Podman in container - * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 - * Fix slashes in socket URLs - * Add network prune filters support to bindings - * Add support for play/generate kube volumes - * Update manifest API endpoints - * Fix panic when not giving a machine name for ssh - * cgroups: force 64 bits to ParseUint - * Bump k8s.io/api from 0.20.5 to 0.21.0 - * [CI:DOCS] Fix formatting of podman-build man page - * buildah-bud tests: simplify - * Add missing return - * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 - * speed up CI handling of images - * Volumes prune endpoint should use only prune filters - * Cirrus: Use Fedora 34beta images - * Bump go.sum + Makefile for golang 1.16 - * Exempt Makefile changes from test requirements - * Adjust libpod API Container Wait documentation to the code - * [CI:DOCS] Update swagger definition of inspect manifest - * use updated ubuntu images - * podman unshare: add --rootless-cni to join the ns - * Update swagger-check - * swagger: remove name wildcards - * Update buildah-bud diffs - * Handle podman-remote --arch, --platform, --os - * buildah-bud tests: handle go pseudoversions, plus... - * Fix flaking rootless compose test - * rootless cni add /usr/sbin to PATH if not present - * System tests: special case for RHEL: require runc - * Add --requires flag to podman run/create - * [CI:DOCS] swagger-check: compare operations - * [CI:DOCS] Polish swagger OpertionIDs - * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` - * Ensure that `--userns=keep-id` sets user in config - * [CI:DOCS] Set all operation id to be compatibile - * Move operationIds to swagger:operation line - * swagger: add operationIds that match with docker - * Cirrus: Make use of shared get_ci_vm container - * Don't relabel volumes if running in a privileged container - * Allow users to override default storage opts with --storage-opt - * Add support for podman --context default - * Verify existence of auth file if specified - * fix machine naming conventions - * Initial network bindings tests - * Update release notes to indicate CVE fix - * Move socket activation check into init() and set global condition. - * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 - * Http api tests for network prune with until filter - * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns - * Fix typos --uidmapping and --gidmapping - * Add transport and destination info to manifest doc - * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 - * Add default template functions - * Fix missing podman-remote build options - * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 - * Add ssh connection to root user - * Add rootless docker-compose test to the CI - * Use the slrip4netns dns in the rootless cni ns - * Cleanup the rootless cni namespace - * Add new docker-compose test for two networks - * Make the docker-compose test work rootless - * Remove unused rootless-cni-infra container files - * Only use rootless RLK when the container has ports - * Fix dnsname test - * Enable rootless network connect/disconnect - * Move slirp4netns functions into an extra file - * Fix pod infra container cni network setup - * Add rootless support for cni and --uidmap - * rootless cni without infra container - * Recreate until container prune tests for bindings - * Remove --execute from podman machine ssh - * Fixed podman-remote --network flag - * Makefile: introduce install.docker-full - * Makefile: ensure install.docker creates BINDIR - * Fix unmount doc reference in image.rst - * Should send the OCI runtime path not just the name to buildah - * podman machine shell completion - * Fix handling of remove --log-rusage param - * Fix bindings prune containers flaky test - * [CI:DOCS] Add local html build info to docs/README.md - * Add podman machine list - * Trim white space from /top endpoint results - * Remove semantic version suffices from API calls - * podman machine init --ignition-path - * Document --volume from podman-remote run/create client - * Update main branch to reflect the release of v3.1.0 - * Silence podman network reload errors with iptables-nft - * Containers prune endpoint should use only prune filters - * resolve proper aarch64 image names - * APIv2 basic test: relax APIVersion check - * Add machine support for qemu-system-aarch64 - * podman machine init user input - * manpage xref: helpful diagnostic for unescaped dash-dash - * Bump to v3.2.0-dev - * swagger: update system version response body - * buildah-bud tests: reenable pull-never test - * [NO TESTS NEEDED] Shrink the size of podman-remote - * Add powershell completions - * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted - * Fix long option format on docs.podman.io - * system tests: friendier messages for 2-arg is() - * service: use LISTEN_FDS - * man pages: correct seccomp-policy label - * rootless: use is_fd_inherited - * podman generate systemd --new do not duplicate params - * play kube: add support for env vars defined from secrets - * play kube: support optional/mandatory env var from config map - * play kube: prepare supporting other env source than config maps - * Add machine support for more Linux distros - * [NO TESTS NEEDED] Use same function podman-remote rmi as podman - * Podman machine enhancements - * Add problematic volume name to kube play error messages - * Fix podman build --pull-never - * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS - * [NO TESTS NEEDED] Turn on podman-remote build --isolation - * Fix list pods filter handling in libpod api - * Remove resize race condition - * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 - * Use TMPDIR when commiting images - * Add RequiresMountsFor= to systemd generate - * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 - * Fix swapped dimensions from terminal.GetSize - * Rename podman machine create to init and clean up - * Correct json field name - * system tests: new interactive tests - * Improvements for machine - * libpod/image: unit tests: use a `registries.conf` for aliases - * libpod/image: unit tests: defer cleanup - * libpod/image: unit tests: use `require.NoError` - * Add --execute flag to podman machine ssh - * introduce podman machine - * Podman machine CLI and interface stub - * Support multi doc yaml for generate/play kube - * Fix filters in image http compat/libpod api endpoints - * Bump github.com/containers/common from 0.35.3 to 0.35.4 - * Bump github.com/containers/storage from 1.28.0 to 1.28.1 - * Check if stdin is a term in --interactive --tty mode - * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot - * [NO TESTS NEEDED] Fix rootless volume plugins - * Ensure manually-created volumes have correct ownership - * Bump github.com/rootless-containers/rootlesskit - * Unification of until filter across list/prune endpoints - * Unification of label filter across list/prune endpoints - * fixup - * fix: build endpoint for compat API - * [CI:DOCS] Add note to mappings for user/group userns in build - * Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0 - * Bump k8s.io/api from 0.20.1 to 0.20.5 - * Validate passed in timezone from tz option - * Fix system prune cmd user message with options - * WIP: run buildah bud tests using podman - * Fix containers list/prune http api filter behaviour - * System tests: reenable a bunch of skipped tests - * Generate Kubernetes PersistentVolumeClaims from named volumes - * Cleanup /libpod/images/load handler - * vendor: drop replace for github.com/syndtr/gocapability - * security: use the bounding caps with --privileged - * Bump github.com/containers/common from 0.35.0 to 0.35.3 - * Bump k8s.io/apimachinery from 0.20.4 to 0.20.5 - * Fix volumes and networks list/prune filters in http api - * Bump github.com/containers/storage from 1.25.0 to 1.28.0 - * add a dependabot config to automate vendoring - * Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 - * network prune filters for http compat and libpod api - * test: check for io.stat existence on cgroup v2 - * test: fix test for last crun/runc - * test: simplify cgroup path - * Latest crun/runc should handle blkio-weight test - * fix user message image prune --all - * Docs: removing secrets is safe for in-use secrets - * Downgrade github.com/coreos/go-systemd/v22 - * pkg/bindings/images.Build(): fix a race condition in error reporting - * Switch all builds to pull-never - * System test cleanup - * Fix for volumes prune in http compat api - * Fix remote client timezone test - * Do not leak libpod package into the remote client - * Split libpod/network package - * fix use with localhost (testing) - * add /auth for docker compatibility - * create endpoint for querying libpod networks - * Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 - * sdnotify tests: try real hard to kill socat processes - * Fix array instead of one elem network http api - * Delete all containers and pods between tests - * apiv2 tests: finally fix POST as originally intended - * Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables - * Removing a non existing container API should return 404 - * Docs: Add docs to access APIs inside container - * options: append CLI graph driver options - * podman load: fix error handling - * podman cp: evaluate symlink correctly when copying from container - * rm pkg/api/handlers/libpod/copy.go - * podman cp: fix copying to a non-existent dir - * podman cp: fix ownership - * podman cp: ignore EPERMs in rootless mode - * vendor buildah@v1.19.8 - * apiv2 tests: add helpers to start/stop a local registry - * Bump to v3.1.0-dev - * allow the removal of storage images - * podman-remote build does not support volumes - * Update nix pin with `make nixpkgs` - * Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0 - * [Compat API] Also print successfully tagging images in /build endpoint - -- Changelog for v3.1.0-rc1 (2021-03-08) - * Compat API: Avoid trying to create volumes if they already exist - * Bump github.com/onsi/gomega from 1.10.5 to 1.11.0 - * Allow users to generate a kubernetes yaml off non running containers - * Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1 - * turn hidden --trace into a NOP - * pkg/terminal: use c/storage/pkg/homedir - * build-arg - * Handle podman build --dns-search - * podman build --build-arg should fall back to environment - * Add support for podman build --ignorefile - * replace local mount consts with libpod/define - * separate file with mount consts in libpod/define - * Correct compat images/{name}/push response - * [NO TESTS NEEDED] Bump pre-commit-hooks version - * [ci skip] Bad formatting fix in build documentation - * Bump github.com/containernetworking/plugins to v0.9.1 - * podman-remote stop -time 0 does not work - * Do not return from c.stop() before re-locking - * Fix for podman network rm (-f) workflow - * Bump github.com/containers/buildah from 1.19.6 to 1.19.7 - * Add tests for selinux kvm/init labels - * Respect NanoCpus in Compat Create - * podman cp: support copying on tmpfs mounts - * image removal: ignore unknown-layer errors - * Fix cni teardown errors - * Use version package to track all versions - * Check for supportsKVM based on basename of the runtime - * Compat API: create volume source dirs on the host - * Makefile: add install.docker-docs-nobuild for packaging use - * Add /sys/fs/cgroup as readonly path in docs - * Add network summary to compat ps - * Fix possible panic with podman build --iidfile - * Add version field to secret compat list/inspect api - * Tidy duplicate log tests - * Fix support for podman build --timestamp - * Rewrite Rename backend in a more atomic fashion - * Use functions and defines from checkpointctl - * Move checkpoint/restore code to pkg/checkpoint/crutils - * Vendor in checkpointctl - * Support label type dict on compat build - * Makefile: install systemd services conditionally - * podman-system-service.1.md: fix timeout example - * swagger: update the libpodPutArchive operation verb - * Makefile: split install.docker-docs from install.docker - * Bump RootlessKit v0.14.0-beta.0 - * Compat api containers/json Ports field is null - * Bump github.com/cri-o/ocicni to latest master - * Refactor python tests to run against python3.9 - * APIv2 tests: make more maintainable - * [CI:DOCS] Improve release process docs - * podman rmi: handle corrupted storage better - * Enable cgroupsv2 rw mount via security-opt unmask - * podman-image-sign.1.md: typo fix - * compat api network ls accept both format options - * Enable no_hosts from containers.conf - * Correct compat images/create?fromImage response - * Fix parsing of Tmpfs field in compat create - * prune remotecommand dependency - * system test image: build it multiarch - * Updated based on Jhonce comments - * updated common to 0.35.0 - * Refactored file - * swagger: removes the schema type for PodSpecGenerator $ref - * podman-system-connection.1.md: fix copy/paste error - * Add dns search domains from cni response to resolv.conf - * Network connect error if net mode is not bridge - * Sort CapDrop in inspect to guarantee order - * podman upgrade tests - * test: ignore named hierarchies for cgroups=split - * container removal: handle already removed containers - * Bump github.com/rootless-containers/rootlesskit from 0.13.1 to 0.13.2 - * Bump k8s.io/apimachinery from 0.20.3 to 0.20.4 - * Add U volume flag to chown source volumes - * Replace Labels and Options nulls with {} in NetworkResource - * Cirrus: Temp. disable prior-fedora (F32) testing - * podman cp: test /dev/stdin correctly - * podman cp: treat /dev/stdout correctly - * cgroup: change cgroup deletion logic on v1 - * Fix podman network IDs handling - * pr-should-include-tests: recognized "renamed" tests - * --no-header flag implementation for generate systemd - * [NO TESTS NEEDED] Make binding util internal - * Two variations of --new flag added to e2e - * swagger: add missing schema properties - * bump go module to v3 - * Fix 'storage.options' indent - * Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0 - * Bump github.com/containers/buildah from 1.19.4 to 1.19.6 - * Turn on journald and k8s file logging tests - * Allow podman play kube to read yaml file from stdin - * Log working dir when chdir fails - * Fix segfault in run with memory-swap - * leak fix in rootless_linux.c fcn can_use_shortcut - * Fix journald logs with more than 1 container - * Fix journald logs --follow - * Fix journald logs --since - * fix journald logs --tail 0 - * [CI:DOCS]basic networking guide - * cp: treat "." and "/." correctly - * [CI:DOCS] [NO TESTS NEEDED] Update swagger doc for libpod container wait - * Bump k8s.io/apimachinery from 0.20.2 to 0.20.3 - * Don't switch on a single case - * Quote URL - * bindings: support simple types that implement fmt.Stringer interface - * API: fix libpod's container wait endpoint condition conversion - * Change source path resolution for volume copy-up - * podman ps --format '{{ .Size }}' requires --size option - * infra: downgrade warning to debug - * Ignore entrypoint=[\"\"] - * Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1 - * Add missing early returns in compat API - * Do not reset storage when running inside of a container - * podman kill should report rawInput not container id - * Fix an issue where copyup could fail with ENOENT - * do not set empty $HOME - * images/create: always pull image - * Fix panic in pod creation - * Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1 - * podman build: pass runtime to buildah - * correct startup error message - * Add missing params for podman-remote build - * Fix typo podman run doc in flag -pid=mode "efault" - * When stopping a container, print rawInput - * fix create container: handle empty host port - * Don't chown workdir if it already exists - * Fix broken podman generate systemd --new with pods - * fix dns resolution on ubuntu - * e2e: fix network alias test - * fix failing image e2e test - * Update troubleshooting.md - * [NO TESTS NEEDED] Refactor generated code - * Fix superfluous response.WriteHeader call in WaitContainerLibpod() - * change ps Created to unix - * Enable more golangci-lint linters - * make layer-tree lookup errors non-fatal - * Enable whitespace linter - * Enable golint linter - * Enable stylecheck linter - * Update Master to reflect the 3.0 release - * utils: takes the longest path on cgroup v1 - * container ps json format miscue - * Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 - * utils: create parent cgroups - * utils: ignore unified on cgroupv1 if not present - * utils: skip empty lines - * Correct compat network prune response - * Display correct value for unlimited ulimit - * apiv2: handle docker-java clients pulling - * Rewrite copy-up to use buildah Copier - * bump to v3.1.0-dev - * [NO TESTS NEEDED] Update linter - * Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 - * Add shell completion tests for secrets - * Docker APIv2 push sends digest in response body - * Fix compat networks endpoint for a empty result - * hardening flags for fedora rpmbuilds - * [CI:DOCS]First pass at release process - * Restart service when CONTAINERS_CONF changes - * Support annotations from containers.conf - * vendor github.com/containers/image v5.10.2 - * APIv2 tests: lots of cleanup - * Fix Docker APIv2 push endpoint - * generate kube: support --privileged - * Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0 - * Implement Secrets - * Bump containers/buildah to v1.19.4 - * Allow path completion for podman create/run --rootfs - * Cirrus: Send cirrus-cron report e-mail to list. - * make `podman rmi` more robust - * Implement missing arguments for podman build - * vendor latest containers/common - * add network prune - * fix logic when not creating a workdir - * Bump remote API version to 3.0.0 - * play kube selinux test case - * Fix podman network disconnect wrong NetworkStatus number - * Fix per review request - * generate kube: handle entrypoint - * play kube selinux test case - * Increase timeouts in some tests - * Add test for Docker APIv2 wait - * Implement Docker wait conditions - * Improve ContainerEngine.ContainerWait() - * Improve container libpod.Wait*() functions - * Cirrus: Collect ginkgo node logs artifacts - * Bump github.com/containers/storage from 1.24.5 to 1.25.0 - * Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1 - * bindings: attach: warn correct error - * Fix invalid wait condition on kill - * Makefile: make bin/* real targets! - * typo - * Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 - * Update nix pin with `make nixpkgs` - * System test for #9096 (truncated stdout) - * play kube selinux label test case - * Gating tests: diff test: workaround for RHEL8 failure - * [NO TESTS NEEDED] style: indendation - * [NO TESTS NEEDED] fixup: remove debug code - * Report StatusConflict on Pod opt partial failures - * Honor network options for macvlan networks - * Make slirp MTU configurable (network_cmd_options) - * [NO TESTS NEEDED] Generated files - * [NO TESTS NEEDED] Improve generator - * play kube selinux label issue - * Makefile: refactor ginkgo * ginkgo-remote - * Allow pods to use --net=none - * Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 - * Update release notes for v3.0.0 - * New 'make completions' target - * add macvlan as a supported network driver - * Fix podman generate systemd --new special char handling - * Bump github.com/rootless-containers/rootlesskit from 0.12.0 to 0.13.0 - * Endpoint that lists containers does not return correct Status value - * Fix --network parsing for podman pod create - * list volumes before pruning - * Docker ignores mount flags that begin with constency - * podman generate kube ignores --network=host - * Switch podman stop/kill/wait handlers to use abi - * [CI:DOCS]build instructions for macOS - * Vendor in containers/buildah v1.19.3 - * Honor custom DNS in play|generate kube - * Podman-remote push can support --format - * Bump github.com/containers/image/v5 from 5.10.0 to 5.10.1 - * Cirrus: Build static podman-remote - * podman build --pull: refine help message and docs - * Revert "podman build --pull: use correct policy" - * Bump github.com/containers/image/v5 from 5.9.0 to 5.10.0 - * Cleanup bindings for image pull - * Don't fail if one of the cgroups is not setup - * Add support for rootless network-aliases - * Allow static ip and mac with rootless cni network - * podman build --pull: use correct policy - * Cirrus: Fix running Validate task on branches - * Fix static build cache by using cachix - * Switch podman image push handlers to use abi - * e2e tests: synchronize test results - * podman-remote ps --external --pod --sort do not work. - * Fix podman history --no-trunc for the CREATED BY field - * remote exec: write conmon error on hijacked connection - * Fix #9100 Change console mode message to debug - * Add default net info in container inspect - * Ensure the Volumes field in Compat Create is honored - * [CI:DOCS]update state of restful service - * workdir presence checks - * libpod: add (*Container).ResolvePath() - * Fixup search - * Pass DefaultMountsFile to podman build - * Ensure shutdown handler access is syncronized - * System tests: cover gaps from the last month - * Fix --arch and --os flags to work correctly - * Bump github.com/google/uuid from 1.1.5 to 1.2.0 - * Fix typo - * disable dnsname when --internal - * swagger.go: Fix compilation error - * Fix fish completion issue if the command is prefixed with a space - * Bump golang.org/x/crypto - * networking: lookup child IP in networks - * Small API test improvement for compatibility search endpoint - * podman manifest exists - * Accept and ignore 'null' as value for X-Registry-Auth - * Turn on some remote test - * Add a notice to remove pod before starting service - * libpod: move slirp magic IPs to consts - * rootlessport: set source IP to slirp4netns device - * vendor: update rootlesskit to v0.12.0 - * api: fix import image swagger definition - * podman volume exists - * Cirrus: Upload swagger YAML in every context - * [CI:DOCS] Cirrus: Skip smoke task on branch-push - * Move the cni lock file into the cni config dir - * Use random network names in the e2e tests - * [CI:DOCS] Update project name in Code of Conduct - * Set log driver for compatability containers - * Make generate systemd --new robust against double curly braces - * Fix man page for fuse-overlayfs config in rootless mode - * Cirrus: add bindings checks - * Fix handling of container remove - * make bindings generation explicit - * make bindings generation more robuts - * Revert "ginkgo: install on demand via `go get -u`" - * [CI:DOCS] fix go-md2man HTMLSpan warnings - * CI: smoke test: insist on adding tests on PRs - * podman network exists - * ginkgo: install on demand via `go get -u` - * runner.sh : deal with bash 'set -e' - * Add binding options for container|pod exists - * [CI:DOCS]Do not run compose tests with CI:DOCS - * simplify bindings generation - * make: generate bindings: use vendor - * hack/install_golangci.sh: smarter install - * golangci-lint: install to ./bin - * Create release notes for V3.0.0 - * Rename AutocompletePortCommand func - * Allow podman push to push manifest lists - * [CI:DOCS]Add README.md for golang bindings - * Turn on podman pod stats test for rootless cgroup v2 - * Fix missing podman-container-rename man page link - * Container rename bindings - * Bump to containers/buildah 1.9.2 - * Bump github.com/google/uuid from 1.1.4 to 1.1.5 - * specgen: improve heuristic for /sys bind mount - * Initial implementation of renaming containers - * Add tests for volume plugins - * Initial implementation of volume plugins - * [CI:DOCS] Add hook-script example to get_ci_vm.sh - * Makefile: add target to generate bindings - * container stop: release lock before calling the runtime - * Bump github.com/cri-o/ocicni to latest master - * Cirrus: Upd. ext. service check host list - * Bump k8s.io/apimachinery from 0.20.1 to 0.20.2 - * Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 - * Cirrus: Utilize $GOPATH cache for alt_build task - * Add more information and examples on podman and pipes - * Vendor in common 0.33.1 - * CI: fix broken diagnostic message for -dev check - * test: use stringid.GenerateNonCryptoID() in more tests - * network: disallow CNI networks with user namespaces - * Reduce general binding binary size - * play kube: set entrypoint when interpreting Command - * Fxes /etc/hosts duplicated every time after container restarted in a pod - * Add 'MemUsageBytes' format option - * Remove the ability to use [name:tag] in podman load command - * More /var/run -> /run - * More /var/run -> /run - * Exorcise Driver code from libpod/define - * Fix problems reported by staticcheck - * Expose security attribute errors with their own messages - * oci: use /proc/self/fd/FD to open unix socket - * Use HTTPProxy settings from containers.conf - * Cirrus: Add cross-compile test for alternative arches - * image list: ignore bare manifest list - * Ensure that `podman play kube` actually reports errors - * Bump github.com/containers/storage from 1.24.4 to 1.24.5 - * oci: keep LC_ env variables to conmon - * Better test and idomatic code. - * add pre checkpoint - * podman build --force-rm defaults to true in code - * Adding json formatting to `--list-tags` option in `podman search` command. - * Use abi PodPs implementation for libpod/pods/json endpoint - * Add Networks format placeholder to podman ps and pod ps - * Add network filter for podman ps and pod ps - * Improve error message when the the podman service is not enabled - * Restore compatible API for prune endpoints - * Cirrus: Skip most tests on tag-push - * Add mips architecture to the cross build target - * Fix build for mips architecture follow-up - * Handle podman exec capabilities correctly - * Containers should not get inheritable caps by default - * Make podman generate systemd --new flag parsing more robust - * Switch references of /var/run -> /run - * rootless: automatically split userns ranges - * rootless: add function to retrieve uid mappings - * rootless: add function to retrieve gid mappings - * test: Add checkpoint/restore with volumes - * Include named volumes in container migration - * Use Options as CRImportCheckpoint() argument - * Use Options as exportCheckpoint() argument - * Fix podman logs read partial log lines - * Revert e6fbc15f26b2a609936dfc11732037c70ee14cba - * Cirrus: Update Fedora & Ubuntu images - * Ensure that user-specified HOSTNAME is honored - * generate systemd: do not set `KillMode` - * Bump github.com/google/uuid from 1.1.3 to 1.1.4 - * vendor containers/psgo@v1.5.2 - * Add default sysctls for pod infra containers - * Ensure we do not edit container config in Exec - * close journald when reading - * libpod API: pull: fix channel race - * Allow image errors to bubble up from lower level functions. - * test: fix variable name - * systemd: make rundir always accessible - * podman-remote fix sending tar content - * fix: disable seccomp by default when privileged. - * Compat api containers/json add support for filters - * Bump github.com/google/uuid from 1.1.2 to 1.1.3 - * Expose Height/Width fields to decoder - * Rework pruning to report reclaimed space - * Add support for Gentoo file to package query - * The slirp4netns sandbox requires pivot_root - * Update nix pin with `make nixpkgs` - * readme: Remove broken link - * Fix e2e test for `podman build --logfile` - * test: fix variables name - * exec: honor --privileged - * libpod: change function to accept ExecOptions - * Consolidate filter logic to pkg subdirectory - * sort api endpoints in documentation - * libpod: handle single user mapped as root - * Refactor kube.ToSpecGen parameters to struct - * re-open container log files - * Set NetNS mode instead of value - * add --cidfile to container kill - * Document uid/gidmap are based on subuid/gid mapping - * Bump github.com/containers/storage from 1.24.3 to 1.24.4 - * Fix podman build --logfile - * Fix missing options in volumes display while setting uid and gid - * Spelling - * play kube: fix args/command handling - * Pass down EnableKeyring from containers.conf to conmon - * Prefer read/write images over read/only images - * add pod filter for ps - * Add Security information to podman info - * Add volume filters to system prune - * podman v3 container bindings - * Fix build for mips architecture - * Bump k8s.io/apimachinery from 0.20.0 to 0.20.1 - * Update nix pin with `make nixpkgs` - * Document location of backend events file - * Fix support for rpmbuild < 4.12.0. - * system tests: set PODMAN_TIMEOUT to 120 - * remote copy - * Bump github.com/containers/common from 0.31.0 to 0.31.1 - * podman v3 pod bindings - * [CI:DOCS] Bump version on readme - * misc bindings to podman v3 - * Docker compat API - /images/search returns wrong structure (#7857) - * Close the stdin/tty when using podman as a restAPI. - * Add support for pacman package version query - * Don't accidently remove XDG_RUNTIME_DIR when reseting storage - * Always add the default gateway to the cni config file - * System tests: better diagnostics in completion test - * Bump github.com/opencontainers/selinux from 1.7.0 to 1.8.0 - * podman.service should be an exec service not a notify service - * Fix: unpause not supported for CGv1 rootless - * Disable incompatible rootless + CGroupsV1 tests - * Disable rootless pod stats tests w/ CgroupV1 - * Disable CGv1 pod stats on net=host post - * Disable pod stats tests in containerized Fedora w/ CGroupsV1 - * Disable blkio.weight test on Ubuntu - * Cirrus: Add support for Ubuntu 20.x - * Add LogSize to container inspect - * Podman image bindings for 3.0 - * contrib: drop mirror.chpc.utah.edu:443 - * libpod, conmon: change log level for rootless - * Clean up temporary file. - * Allow users to specify TMPDIR in containers.conf - * system tests: the catch-up game - * RHEL gating tests: more journald exceptions - * Add volume prune --filter support - * shell completion for the network flag - * podman events allow future time for --until - * Sign multi-arch images - * add compose test descriptions - * test-compose: rewrite to new subdir form - * add compose regression to ci - * WIP: test docker-compose - * podman: drop checking valid rootless UID - * Cleanup CNI Networks on reboot - * Fix some network compat api problems - * Fix Wrong image tag is used when creating a container from an image with multiple tags - * Handle --rm when starting a container - * Refine public key usage when remote - * podman logs honor stderr correctly - * Bindings refactor - * Ignore containers.conf sysctls when sharing namespaces - * Fix panic in libpod images exists endpoint - * Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0 - * Add --filter to podman system prune - * Fix storage.conf to define driver in the VM - * Bump github.com/containers/storage from 1.24.1 to 1.24.3 - * Properly handle --cap-add all when running with a --user flag - * security: honor systempaths=unconfined for ro paths - * Add system test for shell completion - * Bump github.com/onsi/gomega from 1.10.3 to 1.10.4 - * Honor the --layers flag - * pkg/copy: introduce a Copier - * Repeat system pruning until there is nothing removed - * Bump k8s.io/apimachinery from 0.19.4 to 0.20.0 - * Bump github.com/opencontainers/selinux from 1.6.0 to 1.7.0 - * auto updates: document systemd unit and timer - * archive: move stat-header handling into copy package - * Fix spelling mistakes - * pkg/copy: add parsing API - * make podman play use ENVs from image - * Correct port range logic for port generation - * Make `podman stats` slirp check more robust - * Add systempaths=unconfined option - * Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0 - * Restore json format for fields as well as whole structs - * Do not pull if image domain is localhost - * pass full NetworkMode to ParseNetworkNamespace - * Fix network ls --filter invalid value flake - * Implement pod-network-reload - * generate kube on multiple containers - * Change name of imageVolumes in container config JSON - * Do not error on installing duplicate shutdown handler - * image sign using per user registries.d - * container cgroup path - * add comment to #8558 regression test - * Docker compat API - containers create ignores the name - * Add APIv2 test for containers-prune - * container create: do not clear image name - * Add saschagrunert and zhangguanzhang to OWNERS - * Bump github.com/containers/common from 0.30.0 to 0.31.0 - * update website link for install instructions - * Jira RUN-1106 System handlers updates - * enable short-name aliasing - * Jira RUN-1106 Volumes handlers updates - * Jira RUN-1106 Network handlers updates - * Do not mount sysfs as rootless in more cases - * Add ability to set system wide options for slirp4netns - * Vendor in containers/common v0.30.0 - * Clarify uid range requirements - * Close image rawSource when each loop ends - * Use PasswordCallback instead of Password for ssh - * More docker compat API fixes - * rewrite podman-cp - * e2e: bump pull timeout to 240 seconds - * add @Luap99 to OWNERS file - * Support Unix timestamps for `podman logs --since` - * Fix some nit - * Jira RUN-1106 Image handlers updates - * Jira RUN-1106 Container handlers updates - * Add containerenv information to /run/.containerenv - * Correct which network commands can be run as rootless - * Drop default log-level from error to warn - * podman, exec: move conmon to the correct cgroup - * Support --network=default as if it was private - * Change bindings to stop two API calls for ping - * hack/podman-socat captures the API stream - * BATS: add new load test - * Add mask and unmask option to --security-opt - * Use Libpod tmpdir for pause path - * Fix `podman images...` missing headers in table templates - * add commas between mount options - * Do not pass name argument to Load API - * target is not tag - * Fix shell completion for ps --filter ancestor - * Add support for network ids - * Validate that the bridge option is supported - * Add integration test for the bridge options - * Add podman network create option for bridge vlan - * Add podman network create option for bridge mtu - * Do not use "true" after "syslog" in exit commands - * Fix typo in tests - * Fix potential race condition in testing - * compat create should use bindings - * Add API for communicating with Docker volume plugins - * BATS: add ping test - * Document volume mounts of source directories do NOT get created - * Revert the custom cobra vendor - * Bump version in README to v2.2.0 - * network connect disconnect on non-running containers - * Bump master to v3.0.0-dev - * Update release notes for v2.2.0 - * Fix extra quotation mark in manpages. - * Fix option names --subuidname and --subgidname - * Do not ignore infra command from config files - * Revert "Allow multiple --network flags for podman run/create" - * Add APIv2 tests for kube generate - * Document docker transport is the only supported remote transport - * podman network label support - * runtime: set XDG_* env variables if missing - * Add support for persistent volume claims in kube files - * Prepare support in kube play for other volume types than hostPath - * Remove varlink support from Podman - * Fix problems with network remove - * Switch from pkg/secrets to pkg/subscriptions - * Do not validate the volume source path in specgen - * Add support for --platform - * REST API v2 - ping - fix typo in header - * REST API v2 - ping - remove newline from response to improve Docker compatibility - * squash - * Not use local image create/add manifest - * [CI:DOCS] fix misleading save/load usage - * [tutorials:mac-win-client] Fix command ensuring sshd is enabled - * Fix custom mac address with a custom cni network - * Bump to v2.2.0-dev - * Handle ps container created field as a time.Time - * test resource cleanup - * more tests - * not forcing unmount - * few more tests - * add test - * add comment - * fix: unmount container without force - * style: wsl - * fix lint - * Implement containers/{id or name}/archive - * Ensure that --net=host/pod/container/none warn with -p - -- Changelog for HEAD (2020-11-24): - * Set PATH env in systemd timer. - * Docker compat API fixes - * shell completions: remove usage of ShellCompDirectiveError - * more shell completion improvements - * Fix ip-range for classless subnet masks - * Bump github.com/containers/common from 0.27.0 to 0.29.0 - * Add podman container ps command - * clarify ps(1) fallback of `podman top` - * APIv2 - create container sets wrong entrypoint - * Enable remote shell completion without a running endpoint - * Specify what the replace flag replaces in help text - * APIv2 - strip CAP_ prefix from capabilities in json - * Make c.networks() list include the default network - * Allow containers to --restart on-failure with --rm - * REST API v2 - list of images - mandatory Created attribute - * Allow multiple --network flags for podman run/create - * fix container cgroup lookup - * Make podman service log events - * vendor in containers/storage v1.24.1 containers/image v5.8.1 - * Document containers.conf settings for remote connections - * Shell completion for podman ps and podman pod ps --filter - * Add alias for podman network rm -> remove - * add network connect|disconnect compat endpoints - * Fix sed regex to update version in version/version.go - * Github-Actions: Send e-mail on Cirrus cron failure - * Align the podman pod ps --filter behavior with podman ps - * podman-remote network rm --force is broken - * Remove build \!remote flags from test - -- Changelog for v2.2.0-rc1 (2020-11-18): - * Add release notes for v2.2.0-RC1 - * correct numbering typo - * Align the podman ps --filter behavior with docker - * Fix podman pod inspect show wrong MAC string - * Fix example for manifest push - * add network connect|disconnect compat endpoints - * Rename e2e test files to include _test.go suffix - * Client call to /play/kube incorrectly set tlsVerify - * Add an option to control if play kube should start the pod - * Swap out json-iterator for golang default - * Fix missing headers in `network ls` - * [CI:DOCS] fix an apostrophe nit in man page - * remove contrib/gate - * Remove some more excessive wrapping and stuttering - * Cleanup tutorials - * use container cgroups path - * Explain the relation between --pod and --network - * Make sure /etc/hosts populated correctly with networks - * logformatter: highlight timing results - * Bump Buildah to v1.18.0, c/storage to v1.24.0 - * Cirrus: Invalidate static cache on VM image update - * Improve the shell completion api - * use lookaside storage for remote tests - * Bump k8s.io/apimachinery from 0.19.3 to 0.19.4 - * Wrap missing container errors with container ID - * system tests: various - * Add support for volume ls --filter label=key=value - * Podman-remote build is getting ID twice - * [CI:DOCS] Touch up Podman description in man page menu - * Fix markdown tables on docs.podman.io - * short-name aliasing - * Set podman-auto-update.service Type=oneshot - * test for buildah version in container images. - * Add missing --now in systemctl start command - * Change podman build --pull=true to PullIfMissing - * Fix namespace flag parsing for podman build - * Add podman build --net alias for --network - * Refactor to use DockerClient vs APIClient - * Maintain consistent order of short and long flag names in docs - * Fix issues found with codespell - * Bump github.com/rootless-containers/rootlesskit from 0.11.0 to 0.11.1 - * Install the new shell completion logic - * Add shell completion with cobra - * Vendor in some cobra PRs to improve the completion experience. - * Add support for network connect / disconnect to DB - * Ensure we do not double-lock the same volume in create - * Cleanup error reporting - * Cirrus: update VMs - * [CI:DOCS] Restore man page cross-checker - * Cirrus: Run validation tests in CI:DOCS mode - * Add podman(1) to the list of man pages on docs.podman.io - * Set default network driver for APIv2 networks - * Add tests to make sure podman-remote logs works correctly. - * Add anchors for flag names on docs.podman.io - * migrate play kube to spec gen - * Add example of fuse-overlay to podman system reset - * Bump github.com/containers/common from 0.26.3 to 0.27.0 - * skip ipv6 e2e tests on rootless - * add e2e test for network with same subnet - * enable ipv6 network configuration options - * make network name uniq for dnsname tests - * network aliases for container creation - * system tests: skip journald tests on RHEL8 - * Update podman build man page to match buildah bud man page - * Cirrus: Detailed CPU/Memory/Time runner.sh stats - * podman-pull.1.md: add example for pulling an image by hash - * podman-import.1.md: fix paragraph formatting - * podman-import.1.md: fix shell syntax - * Update CI tests to run python docker library against API - * Stop binding layer from changing line endings - * Add support for podman search --format json - * Add --log-driver to play kube - * Show error on bad name filter in podman ps - * Use CPP, CC and flags in dep check scripts - * Fix link to point at correct content - * fix: allow volume creation when the _data directory already exists - * rootless container creation settings - * fix: podman-system-service doc time is seconds - * Bump github.com/rootless-containers/rootlesskit from 0.10.1 to 0.11.0 - * Update nix pin with `make nixpkgs` - * Use /tmp/podman-run-* for backup XDG_RUNTIME_DIR - * Only use container/storage/pkg/homedir.Get() - * Add support for mounting external containers - * Cirrus: Use F33beta VM image - * Cirrus: Simplify artifact collection - * Use ping from alpine - * Bump github.com/containers/storage from 1.23.8 to 1.23.9 - * add a PR template - * Use regex for "pod ps" name filter to match "ps" behavior - * Add tip re. typical root cause of "Exec format error" to troubleshooting.md - * Add tests for network aliases - * Make volume filters inclusive - * [CI:DOCS]Add Urvashi to podman OWNERS - * Improve error messages from failing tests - * fedora rootless cpu settings - * Test $HOME when it's parent is bind mounted with --userns=keep-id - * Update README.md - * docs: Mention mounts.conf location for non-root users - * Add test/apiv2/rest_api tests to make target - * specgen: keep capabilities with --userns=keep-id - * specgen: fix check for root user - * specgen: add support for ambient capabilities - * Add better support for unbindable volume mounts - * Bump github.com/containers/storage from 1.23.7 to 1.23.8 - * Use osusergo build tag for static build - * Change http ConnState actions between new and active - * Match build pull functionality with Docker's - * Centralize cores and period/quota conversion code - * specgen, cgroup2: check whether memory swap is enabled - * Fix dnsname when joining a different network namespace in a pod - * Bump Buildah to v1.17.0 - * manifest list inspect single image - * Remove search limit since pagination support - * spec: protect against segfault - * [CI:DOCS] Fix broken CI readme links - * Improve setupSystemd, grab mount options from the host - * specgen: split cgroup v1 and cgroup v2 code - * specgen: fix error message - * When container stops, drop sig-proxy errors to infos - * Cirrus: Workaround F32 BFQ Kernel bug - * Stop excessive wrapping of errors - * Pod's that share the IPC Namespace need to share /dev/shm - * Fix the `--pull` flag to `podman build` to match Docker - * Restore --format table header support - * Create the default root API address path - * new "image" mount type - * Cirrus: Simplify setting/passing env. vars. - * Podman often reports OCI Runtime does not exist, even if it does - * rootless: improve error message if cannot join namespaces - * NewFromLocal can return multiple images - * libpod: clean paths before check - * move from docker.io - * Cirrus: Use google mirror for docker.io - * Cirrus: Always record runc/crun versions - * Ensure that attach ready channel does not block - * Add a way to retrieve all network aliases for a ctr - * Add pod, volume, network to inspect package - * Add network aliases for containers to DB - * Add test cases to cover podman volume - * Document how to enable CPU limit delegation - * Add more details about how CPU limits work - * set resources only when specified - * Improve the journal event reading - * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.3 - * Support hashed hostnames in the known_hosts file - * image list: check for all errors - * Yet another iteration on PR title plugin - * System tests: cleanup, make more robust - * pr update action: fix errors on master branch - * The cidfile should be created when the container is created - * auto update: mark it as non-experimental - * Add support for host keys for non-22 ports - * fix: podman-cp respects "--extract" flag - * add GitHub action to add non-main branch to PR title - * filter events by labels - * Bump github.com/spf13/cobra from 1.1.0 to 1.1.1 - * Bump github.com/containers/buildah from 1.16.4 to 1.16.5 - * src: nil check - * Don't error if resolv.conf does not exists - * src: add nil checks - * replace net_raw with setuid - * fix: /image/{name}/json returns RootFS layers - * APIv2 compatibility network connect|disconnect - * Tests: Check different log driver can work with podman logs - * podman create doesn't support creating detached containers - * Fix pull method selection - * set compat network driver default - * Add hostname to /etc/hosts for --net=none - * Add a Degraded state to pods - * Refactor podman to use c/common/pkg/report - * container create: record correct image name - * Add EOL to compat container logs - * save image remove signatures - * Switch use of Flags to Options - * Bump k8s.io/apimachinery from 0.19.2 to 0.19.3 - * Fix handling and documentation of podman wait --interval - * Podman build should default to not usins stdin - * Tests: Fix common flakes, and improve apiv2 test log - * Retrieve network inspect info from dependency container - * refactor api compatibility container creation to specgen - * Fix ps port output - * Ensure that hostname is added to hosts with net=host - * Add a system test to verify --runtime is preserved - * Use runtime names instead of paths in E2E tests - * Re-create OCI runtimes by path when it is missing - * When given OCI runtime by path, use path as name - * fix: neutral value for MemorySwappiness - * Make invalid image name error more specific - * System tests: remove some misleading 'run's - * --tls-verify and --authfile should work for all remote commands - * Fix host to container port mapping for simple ranges - * Always add the dnsname plugin to the config for rootless - * Make man page headings more consistent - * Update podman-remote start --attach to handle detach keys - * Update podman-remote run to handle detach keys - * Bump github.com/containers/common from 0.24.0 to 0.26.0 - * Fix panic when runlabel is missing - * Fix podman image trust show --raw output - * Fix podman-run man page heading - * Fix sorting issues in completions - * Add support for external container - * fix podman container exists and diff for storage containers - * Fix possible panic in libpod container restore - * Bump github.com/spf13/cobra from 1.0.0 to 1.1.0 - * System test additions - * Setup HOME environment when using --userns=keep-id - * Setup HOME environment when using --userns=keep-id - * Fix indentation for `podman pod inspect` - * Cirrus: Execute docker-py tests on a VM - * Restore --format table support - * Convert Split() calls with an equal sign to SplitN() - * Bump github.com/onsi/gomega from 1.10.2 to 1.10.3 - * Restore indent on JSON from `podman inspect` - * Enforce LIFO ordering for shutdown handlers - * alter compat no such image message - * Cirrus: Restore APIv2 Testing - * Cirrus: Ability to skip most tests for docs updates - * Restore --format: stats & pod ps - * Enable masking stop signals within container creation - * APIv2 tests: try again to fix them - * Add a shutdown handler package - * System tests: run with local podman, not remote - * Remove a note that the HTTP API is not yet stable. - * APIv2 tests: get them passing again - * Add support for resource limits to play kube - * Resolve #7860 - add time.RFC3339Nano into ContainerJSONBase - * Add more APIv2 tests for images: push, tag, untag, rmi and image tree. - * Include CNI networks in inspect output when not running - * Monitor for client closing stream - * pkg/spec: fix a confusing error message - * Search repository tags using --list-tags - * Fix the "err: cause" order of OCI runtime errors - * tests/e2e: Add Toolbox-specific test cases - * This PR allows users to remove external containers directly - * Fix documentation link and typo - * Restore --format table... - * Add support for resource cpu limit to generate kube - * Port V1 --format table to V2 podman - * BlobInfoCacheDir is set incorrectly when copying images - * Store cgroup manager on a per-container basis - * --format updates for images/diff.go - * add compatibility endpoint for exporting multiple images - * Restore --format 'table...' to commands - * Ports given only by number should have random host port - * Update nix pin with `make nixpkgs` - * add prerequisite section before building binaries - * newlines on all container detaches - * Cirrus: Fix obtaining a CI VM - * APIv2 compatibility rootless network fix - * Port commands to V2 --format 'table...' - * system tests: cleanup, and add more tests - * prevent unpredictable results with network create|remove - * Enable k8s configmaps as flags for play kube - * Attempt to turn on some more remote tests - * Use WaitWithDefaultTimeout in cleanup - * Move pod jobs to parallel execution - * Populate /etc/hosts file when run in a user namespace - * Cirrus: Fix running shellcheck locally - * Cirrus CI runner: refactor - * fix apiv2 /containers/$name/json return wrong value in `.Config.StopSignal` - * pkg/cgroups/createCgroupv2Path: nits - * Lowercase some errors - * Remove excessive error wrapping - * Support max_size logoptions - * Fixes remote attach and exec to signal IdleTracker - * Cirrus: Skip deep testing on branches - * logformatter: run on system tests & bindings - * Fix handling of CheckRootlessUIDRange - * Cirrus: Fix branch-validation failure - * Add TODO for adding CPU limit support - * Add support for resource memory limit to generate kube - * Fix podman-remote ps --ns broken - * fix closed the remote connection on pull causes service panic - * Add SELinux support for pods - * Cirrus: Implement podman automation 2.0 - * compat: images/create: fix tag parsing - * Fix Podman logs reading journald - * Restore "table" --format from V1 - * --rm option shold conflicts with --restart - * Bump github.com/containers/common from 0.23.0 to 0.24.0 - * libpod: check the gid is present before adding it - * podman-remote does not support most of the global flags - * Correct to latest version - * Bump github.com/containers/buildah from 1.16.2 to 1.16.4 - * image prune: remove all candidates - * spec: open fuse with --device .*/fuse - * rootless: use sync.Once for GetAvailableGids() - * rootless: move GetAvailableGids to the rootless pkg - * logformatter: add Synopsis at top of each page - * Podman containers/pods prune should throw an error if user adds args - * fix compat api privileged and entrypoint code - * Migrate container images to automation_images - * system test: untag all test - * remote: fix name and ID collisions of containers and pods - * Add additionalGIDs from users in rootless mode - * Fix some flakes in the e2e network tests. - * Update rootless_tutorial.md - * Volume prune should not pass down the force flag - * Support --http-proxy for remote builds - * fix: The container created by APIV2 has an incorrect Env and WorkDir - * misc fixes for f33 integration tests - * fix allowing inspect manifest of non-local image - * Distinguish userns vs containerized tests - * Don't disable Go modules when generating varlink - * Use local image if input image is a manifest list - * image look up: consult registries.conf - * pkg/registries: add a retiring note - * Attempt to test all Broken SkipIfRootless FIXME - * Make the e2e test network cleanup more robust. - * Fix ubuntu exec_test - * capabilities: always set ambient and inheritable - * libpod: bump up rootless-cni-infra to v3 - * rootless-cni-infra v3: fix cleaning up DNS entries - * fix remote untag - * Make all Skips specify a reason - * Fix handling of remove of bogus volumes, networks and Pods - * We already set container=podman environment variable - * Refactor IdleTracker to handle StateIdle transitions - * System tests: add podman run --tz - * System tests: corner case for run --pull - * healthchecks: return systemd-run error - * Add X-Registry-Config support - * Gating-test fix: deal with new crun error msg - * Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0 - * Apply suggestions from code review - * Adds missing . to README.md file. - * Ignore containers.conf sysctl when namespaces set to host - * System tests: reenable some skipped tests - * Journald log driver test - * fix for compatibility volume creation - * Add section about current differences - * Fix network remove for the podman remote client - * Fix podman network rm --force when network is used by a pod - * Remove SkipIfRootless if possible, document other calls - * Properly handle podman run --pull command - * Updating on supported restart policy - * Add support for slirp network for pods - * rootless: fix hang when newidmap is not installed - * Remove some SkipIfRootess flags from tests - * Bump github.com/containers/common from 0.22.0 to 0.23.0 - * HTTP Attach: Wait until both STDIN and STDOUT finish - * build: honor --runtime setting - * remote load: check if input is directory - * stats: break out CLI options - * new endpoint: /libpod/containers/stats - * apiv2 container limit differ from docker-api - * system tests: helpers: safer parse_table - * system tests: new test for run --log-driver - * set interactive mode with compat create endpoint - * Allow filtering on pod label values - * Remove final v2remotefail failures - * Fix a bug where log-driver json-file was made no logs - * e2e tests: SkipIfRemote(): add a reason - * stats refactor - * Systemd should be able to run as rootless - * Bump github.com/containers/buildah from 1.16.1 to 1.16.2 - * Examine all SkipIfRemote functions - * fix build with varlink - * Bump version in README to v2.1.0 - * Include cgroup manager in `podman info` output - * Add Server header to API service responses - * Bump to v2.2.0-dev - * podman save: fix redirect of multi-images - * pkg/hooks: support all hooks - * Print nice error message when python is not installed - * add missing return for compat kill - * system tests: new tests - * Evict containers before removing via V2 API - * Cirrus: Add gpg2 to Ubuntu images - * Fix mismatch between log messages and behavior of libpod.LabelVolumePath. - -- Changelog for v2.1.0 (2020-09-22): - * Update release notes for v2.1.0 Final Release - * Fix up attach tests for podman remote - * update stale bot - * [CI:DOCS] Add 'In Progress' note to CONTRIBUTING.md - * Restore 'id' stanza in pull results - * Fix podman image unmount to only report images unmounted - * libpod: bumps up rootless-cni-infra to 2 - * stats: log errors instead of sending 500 - * Fix incorrect parsing of create/run --volumes-from - * rootless-cni-infra: fix flakiness during bringing up lo interface - * Fix handling of podman-remote stop --ignore - * Refactor version handling in cmd tree - * Preserve groups in exec sessions in ctrs with --user - * Install bats as root - * Makefile: Fix broken libpodimage targets - * stats: detect closed client connection - * stats endpoint: write OK header once - * handle the play kube and generate kube for with restartPolicy - * fix the .Path and .Args when use the infra-command - * Update nix pin with `make nixpkgs` - * fix a typo of login.1.md - * Bump github.com/rootless-containers/rootlesskit from 0.10.0 to 0.10.1 - * enable --iidfile for podman-remote build - * update github.com/docker/docker and relevant deps - * Make Go builds more consistent - * dependabot-dance: new tool for managing revendor PRs - * WIP: Fix remote logs - -- Changelog for v2.1.0-rc2 (2020-09-17) - * Update release notes for Podman v2.1.0-RC2 - * Fix play_kube_test deployment template - * fix missing completion in podman run - * Bump k8s.io/apimachinery from 0.19.1 to 0.19.2 - * image list: return all associated names - * Add labels to a pod created via play kube - * Refactor remote pull to provide progress - * --mount: support arbitrary mount-argument order - * Fix podman pod create --infra-command and --infra-image - * Fix "rootless-cni-infra + runc fails with ENODEV" - * podman version and --version: fix format, exit - * Supports import&run--signature-policy - * Fix CI breakage due to PR collision - * [CI:DOCS]update owners file - * Refactor API version values - * Fix --systemd=always regression - * Correct HTTP methods for /containers/{id}/archive - * events endpoint: header: do not wait for events - * run/create: record raw image - * rootless CNI: extract env and cmd from image - * libpod: rootless CNI image: use quay - * move `rootless-cni-infra` image to quay.io - * vendor github.com/containers/image/v5@v5.6.0 - * podman wait accept args > 1 - * Usability: prevent "-l" with arguments - * Document the connection path for podman --remote - * Refactor API build endpoint to be more compliant - * pull types allow initial caps - * Determine if resolv.conf points to systemd-resolved - * Bump to v2.1.0-dev - * Fix completions for namespaces - -- Changelog for v2.1.0-rc1 (2020-09-11) - * Add release notes for Podman v2.1.0-RC1 - * Vendor in containers/buildah 1.16.1 - * Vendor in containers/common v0.22.0 - * system df: fix image-size calculations - * add @edsantiago to OWNERS file - * sort OWNERS file - * remote run: fix error checks - * Fix up errors found by codespell - * Document --read-only --rootfs requirements - * Force Attach() to send a SIGWINCH and redraw - * run_networking e2e test: add cleanup to some tests - * play/generate: support shareProcessNamespace - * system tests: cleanup - * allowed underscores to remain in name for YAML - * Add read-only mount to play kube - * Add auth.json(5) link to login/logout docs - * libpod: read mappings when joining a container userns - * Make an entry in /etc/group when we modify /etc/passwd - * podman container runlabel should pull the image if it does not exist - * Bump k8s.io/apimachinery from 0.19.0 to 0.19.1 - * vendor containers/storage v1.23.5 - * remote run: consult events for exit code - * Cirrus: Obsolete CI:IMG process & related files - * Fix podman container runlabel --display - * Make oom-score-adj actually work - * compat kill: only wait for 0 signal and sigkill - * remote kill: don't wait for the container to stop - * Fix podman ps -l - * generate systemd: catch `--name=foo` - * Fix podman build --logfile - * fix APIv2 pods top of non-exist pod gets two response value - * Extend bash completion to cover new flags - * Update man page of `manifest add` - * manifest push: handle cert-dir flag - * Extend flags of `manifest add` - * Show c/storage (Buildah/CRI-O) containers in ps - * rootless: support `podman network create` (CNI-in-slirp4netns) - * add contrib/rootless-cni-infra - * [CI:DOCS] Update remote tutorials - * Don't setup the Image/ContainerEngine when calling a cmd with subcmds - * Makefile: add cross compile targets for more arches - * Migrate away from docker.io - * podman stop: do not cleanup for auto-removal - * Bump github.com/onsi/gomega from 1.10.1 to 1.10.2 - * support multi-image (docker) archives - * Fix typo in the remove network api doc - * APIv2 Add network list filtering - * Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1 - * make image parent check more robust - * Fix unconfined AppArmor profile usage for unsupported systems - * Bump github.com/containers/storage from 1.23.2 to 1.23.4 - * Add global options --runtime-flags - * [CI:DOCS] Add macos build to ci - * Fix system df inconsistent - * [CI:DOCS] Add note on run image fuse problem - try 2 - * WIP: update VM images - * APIv2 add generate systemd endpoint - * We should not be mounting /run as noexec when run with --systemd - * Bump github.com/gorilla/mux from 1.7.4 to 1.8.0 - * Don't create ~/.config after removing storage.conf - * Update master with release notes for v2.0.6 - * APIv2 test: add more tests for containers - * Ensure rootless containers without a passwd can start - * use crio runc on CICID ubuntu - * bindings: reenable flaky(?) pause/unpause test - * handle play kube with pod.spec.hostAliases - * Bump github.com/google/uuid from 1.1.1 to 1.1.2 - * Bump k8s.io/api from 0.18.8 to 0.19.0 - * play kube: handle Socket HostPath type - * Small tweaks to readme scope section - * Update Master to reflect v2.0.5 release - * fix panic when checking len on nil object - * Add support for variant when pulling images - * Document override-arch and override-os - * Delete prior /dev/shm/* - * Don't remove config files with podman system reset - * Just use `rm` for helper command to remove storage - * Bump github.com/containernetworking/plugins from 0.8.6 to 0.8.7 - * Fix log level case regression - * Use environment from containers.conf - * Bump github.com/containers/conmon - * Bump github.com/gorilla/schema from 1.1.0 to 1.2.0 - * Bump k8s.io/apimachinery from 0.18.8 to 0.19.0 - * abi: trim init command - * [CI:DOCS] Switch more references from libpod to podman - * Switch to containers/common for seccomp - * Fix up some error messages - * Ensure pod REST API endpoints include ctr errors - * Update c/storage to v1.23.2 - * BATS: fix corner case in --userns=keep-id test - * [CI:DOCS] Update podman-remote docs - * Send HTTP Hijack headers after successful attach - * fix podman generate kube with HostAliases - * [CI:DOCS] Making docs build on mac - * Remove test comment for now succeeding tests - * Update vendor of buildah to latest code - * fix apiv2 will create containers with incorrect commands - * [CI:DOCS] fix swagger api docs - * Add missing autocomplete - * Update nix pin with `make nixpkgs` - * podman: add option --cgroup-conf - * vendor: update opencontainers/runtime-spec - * In podman 1.* regression on --cap-add - * error when adding container to pod with network information - * fix /libpod/pods/json returns null when there are no pods - * fix pod creation with "new:" syntax followup + allow hostname - * [CI:DOCS] Include Go bindings tutorial - * Unmount c/storage containers before removing them - * Cirrus: special-case CI colon-IMG and colon-DOCS only in subject - * Add support for --connection - * system tests: enable more remote tests; cleanup - * Note port publishing needs in pods for create/run - * Cirrus: Increase integration-testing timeout - * Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2 - * generate systemd: quote arguments with whitespace - * Ensure DefaultEnvVariables is used in Specgen - * Support sighup reload configuration files - * fix podman version output to include git commit and builttime - * Don't limit the size on /run for systemd based containers - * abi: fix detection for systemd - * fix podman create/run UTS NS docs - * Remove help/usage from --remote pre-check - * flake fix: podman image trust - * e2e tests: use actual temp dirs, not "/tmp/dir" - * Re-disable sdnotify tests to try to fix CI - * Clean up pods before returning from Pod Stop API call - * Use `bash` binary from env instead of /bin/bash for scripts - * Wait for reexec to finish when fileOutput is nil - * Bump k8s.io/api from 0.18.6 to 0.18.8 - * Bump github.com/containers/storage from 1.21.2 to 1.23.0 - * podman support for IPv6 networks - * Add pointer to troubleshooting in issue template - * Bump k8s.io/apimachinery from 0.18.6 to 0.18.8 - * system tests: enable sdnotify tests - * Ensure pod infra containers have an exit command - * podman.service: use sdnotiy - * run, create: add new security-opt proc-opts - * Add support for setting the CIDR when using slirp4netns - * add event for image build - * podman-remote fixes for msi and client - * podman save use named pipe - * Change /sys/fs/cgroup/systemd mount to rprivate - * Add parameter verification for api creation network - * add xz as a recommended pkg - * Makefile: use full path for ginkgo - * Replace deepcopy on history results - * Fix hang when `path` doesn't exist - * Cross-reference *.rst files too - * Ensure correct propagation for cgroupsv1 systemd cgroup - * Man pages: assert that subcommands are in order - * Use set for systemd commands - * Enable systemd mode for /usr/local/sbin/init - * Allow specifying seccomp profiles for privileged containers - * Update nix pin with `make nixpkgs` - * Add the Status field in the ps --format=json - * Add missing pages for docs.podman.io - * Align images with Buildah - * Error pass through for more accurate error reporting - * remove --latest for all remote commands - * Remove TEST_REMOTE_CLIENT from RCLI - * Fix handling of working dir - * Default .Repository and .Tag values to <none> - * generate systemd: fix error handling - * Do not use image CMD if user gave ENTRYPOINT - * Unconditionally retrieve pod names via API - * system tests: podman-remote, image tree - * [CI:DOCS] BZ1860126 - Fix userns defaults in run man page - * changes to support outbound-addr - * image list: speed up - * fix podman logs --tail when log is bigger than pagesize - * [CI:DOCS] Update podmanimages README.md - * Ensure that exec errors write exit codes to the DB - * podman-remote send name and tag - * Refactor parsing to not require --remote to be first - * Handle podman-remote run --rm - * correct go-binding key for volumes - * HACK HACK try debugging build - * Retry pulling image - * fix bug podman sign storage path - * validate fds --preserve-fds - * Remove duplicated code - * Improve error message when creating a pod/ctr with the same name - * podman: support --mount type=devpts - * rootless: system service joins immediately the namespaces - * docker-compose uses application/tar - * Missing return after early exit - * Ensure WORKDIR from images is created - * Bump to Buildah 1.16.0-dev in upstream - * Do not set host IP on ports when 0.0.0.0 requested - * Reenable remote system tests - * implement the exitcode when start a container with attach - * Install auto-update services for users - * Fix test failure regarding unpackaged files. - * Install auto-update systemd service and timer. - * podman.service: drop install section - * Remove some unnecessary []byte to string conversions - * Speedup static build by utilizing CI cache on `/nix` folder - * API returns 500 in case network is not found instead of 404 - * Change recommended systemd unit path for root. - * Update master README and release notes for v2.0.4 - * Ensure libpod/define does not include libpod/image - * Fix podman service --valink timeout - * Add versioned _ping endpoint - * fix pod creation with "new:" syntax - * Cirrus: Utilize freshly built images - * Cirrus: Install golang 1.14 on Ubuntu - * Cirrus: Add python packages to images - * Make `search --no-trunc` work for podman remote - * API: Fix 'podman image search` missing description - * Add test case for description being present in search result - * Fix close fds of exec --preserve-fds - * volumes: do not recurse when chowning - * Handle single character images - * rootless: add a check for the host id included in the range - * fix swapped mem_usage/percent fields - * rootless: child exits immediately on userns errors - * rootless: do not ignore errors if mappings are specified - * add {{.RunningFor}} placeholder in ps --format - * fix close fds of run --preserve-fds - * fix podman system df format error - * Ensure that 'rmi --force' evicts Podman containers - * System tests: new system-df and passwd tests - * Binding the same container port to >1 host port is OK - * Return NamesHistory when returning remote images - * Don't crash when giving bogus format commands - * bindings: skip flaky pause/unpause test - * logformatter: more libpod-podman fallout - * [CI:DOCS] apiv2 fix volumes not inculded field - * Fix `podman image search` missing description - * Specifying --ipc=host --pid=host is broken - * Fix building from http or '-' options - * System tests: add environment, volume tests - * Add podman image mount - * Switch all references to github.com/containers/libpod -> podman - * compat/info.go: TrimPrefix(CGroupsVersion, "v") - * Bump github.com/rootless-containers/rootlesskit from 0.9.5 to 0.10.0 - * add newline to output in error message - * Cleanup handling of podman mount/unmount - * Corrects typo in the name of the Linux package shadow-utils. - * When chowning we should not follow symbolic link - * Update transfer doc - * test/apiv2: add a simple events test - * API events: fix parsing error - * CI - various fixes - * Remove 'experimental' from API doc - * replace the html/template package with text/template - * update configuration for rootless podman - * Fix exit code example in podman-run.1.md - * Make changes to /etc/passwd on disk for non-read only - * Update release notes and README on master for v2.0.3 - * Update system.rst - * The `podman start --attach` command should not print ID - * Refactor container config - * Fix typos on documentation 'What is Podman' page - * CI: fix rootless permission error - * Bump github.com/containers/common from 0.17.0 to 0.18.0 - * [WIP] Refactor podman system connection - * Publish IP from YAML (podman play kube) - * Turn on a bunch more remote tests - * logformatter: handle podman-remote - * Cirrus: Switch to freshly built image - * Cirrus: Add packages that provide htpasswd - * Cirrus: Ensure GOPATH is properly set during image-builds - * CI: attempt to fix flake in login test - * Support default profile for apparmor - * Bump github.com/containers/storage from 1.21.1 to 1.21.2 - * Bump github.com/containers/common from 0.16.0 to 0.17.0 - * Enable a bunch of remote tests - * Enable --remote flag - * Add --umask flag for create, run - * fix play kube doesn't override dockerfile ENTRYPOINT - * Do not print an error message on non-0 exec exit code - * Document proxy env var precedence - * BATS help-message test: improve diagnostics - * Add noop function disable-content-trust - * Fix Generate API title/description - * docs: Clarify how env var overriding works - * Update the README to reflect the libpod move - * make localunit: record coverage - * unit tests: root check - * docs: Fix formatting mistake - * logformatter: update MAGIC BLOB string - * Switch references from libpod.conf to containers.conf - * BATS tests: more resilient remove_same_dev_warning - * Add support for overlay volume mounts in podman. - * Re-enable a generate kube test that failed on Ubuntu - * events endpoint: backwards compat to old type - * podman.service: set type to simple - * podman.service: set doc to podman-system-service - * podman.service: use default registries.conf - * podman.service: use default killmode - * podman.service: remove stop timeout - * events endpoint: fix panic and race condition - * systemd: symlink user->system - * fix: system df error when an image has no name - * document CAP_SYS_ADMIN required for systemd PrivateNetwork - * Cleanup nix derivation for static builds - * Used reference package with errors for parsing tag - * abi: set default umask and rlimits - * docs: document the new slirp4netns options - * network, slirp4netns: add option to allow host loopback - * libpod: pass down network options - * The compat create endpoint should 404 on no such image - * Bump github.com/containers/common from 0.15.2 to 0.16.0 - * Bump k8s.io/api from 0.18.5 to 0.18.6 - * Bump k8s.io/apimachinery from 0.18.5 to 0.18.6 - * Bump github.com/containers/conmon - * vendor golang.org/x/text@v0.3.3 - * Fix `podman system connection` panic - * Preserve passwd on container restart - * Fix & add notes regarding problematic language in codebase - * Error on rootless mac and ip addresses - * allow switching of port-forward approaches in rootless/using slirp4netns - * Fix "Error: unrecognized protocol \"TCP\" in port mapping" - * APIv2 tests: fix race condition causing CI flake - * system tests: check for masked-device leaks - * system tests: new tests for run, exec - * Bump github.com/uber/jaeger-client-go - * Bump github.com/containers/storage from 1.21.0 to 1.21.1 - * Fix lint - * Add SystemdMode to inspect for containers - * play-kube: add suport for "IfNotPresent" pull type - * Mask out /sys/dev to prevent information leak from the host - * Fix handling of entrypoint - * docs: user namespace can't be shared in pods - * When determining systemd mode, use full command - * Populate remaining unused fields in `pod inspect` - * Include infra container information in `pod inspect` - * [CI:DOCS]Do not copy policy.json into gating image - * Fix systemd pid 1 test - * Remove outdated seccomp policy - * Correctly print STDOUT on non-terminal remote exec - * Pids-limit should only be set if the user set it - * Don't setup AppArmor provile for privileged pods - * Ensure sig-proxy default is propagated in start - * Fix container and pod create commands for remote create - * version/info: format: allow more json variants - * Bump github.com/containers/storage from 1.20.2 to 1.21.0 - * Fix: Correct connection counters for hijacked connections - * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics - * Remove hijacked connections from active connections list - * Remove all instances of named return "err" from Libpod - * Vendor in new version of Buildah - * Remove dependency on github.com/opencontainers/libpod/configs - * logs: enable e2e tests - * log API: add context to allow for cancelling - * Fix saving in oci format - * APIv2:fix: Get volumes from `Binds` when creating - * fix API: Create container with an invalid configuration - * Update release notes on Master for v2.0.2 - * Minor: Remove two inaccurate comments - * Cirrus: Rotate keys post repo. rename - * fix race condition in `libpod.GetEvents(...)` - * Add username to /etc/passwd inside of container if --userns keep-id - * Add support for Filter query parameter to list images api - * Disable mount tests as rootless - * Change buildtag for remoteclient to remote for testing - * BATS system tests for new sdnotify - * Implement --sdnotify cmdline option to control sd-notify behavior - * Fix bug where `podman mount` didn't error as rootless - * move go module to v2 - * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0 - * auto-update: clarify systemd-unit requirements - * podman ps truncate the command - * Set engine env from common config - * Fix issue #6803 Container inspect endpoint returns null for NetworkSettings/Ports - * Bump imagebuilder to v1.1.6 in upstream - * Add --tz flag to create, run - * Print errors from individual containers in pods - * stop podman service in e2e tests - * Fix `system service` panic from early hangup in events - * Bump github.com/opentracing/opentracing-go from 1.1.0 to 1.2.0 - * APIv2:fix: Handle docker volume force as expected - * APIv2: Add docker compatible volume endpoints - * Bump k8s.io/api from 0.18.4 to 0.18.5 - * test.apiv2: add testing for container initializing - * Bump github.com/containers/common from 0.14.3 to 0.15.1 - * Created timestamp returned by imagelist should be in unix format - * APIv2 tests: usability: better test logging - * docs: recommend alternatives to podman inspect - * utils: fix parsing of cgroup with : in the name - * Bump k8s.io/apimachinery from 0.18.4 to 0.18.5 - * Set TMPDIR to /var/tmp by default if not set - * fix: Don't override entrypoint if it's `nil` - * Add a note on the APIs supported by `system service` - * test: add tests for --user and volumes - * container: move volume chown after spec generation - * libpod: volume copyup honors namespace mappings - * Set console mode for windows - * systemd system test: run auto-update - * Allow empty host port in --publish flag - * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil - * Fixes --remote flag issues - * Ensure umask is set appropriately for 'system service' - * system tests: add pod, inspect testing - * specgen: fix order for setting rlimits - * Revert sending --remote flag to containers - * vendor github.com/containers/common@v0.14.3 - * podman: add new cgroup mode split - * systemd generate: allow manual restart of container units in pods - * e2e inspect: HostConfig.SecurityOpt - * generate systemd: improve pod-flags filter - * Print port mappings in `ps` for ctrs sharing network - * Fix python dockerpy tests - * Add support for dangling filter to volumes - * Friendly amendment for pr 6751 - * Set syslog for exit commands on log-level=debug - * Add containers.conf default file for windows and MAC Installs - * Docs: consistency between man / --help - * utils: drop default mapping when running uid!=0 - * podman run/create: support all transports - * Fix inspect to display multiple label: changes - * podman untag: error if tag doesn't exist - * Set stop signal to 15 when not explicitly set - * libpod: specify mappings to the storage - * APIv2: Return `StatusCreated` from volume creation - * APIv2:fix: Remove `/json` from compat network EPs - * Fix ssh-agent support - * APIv2:doc: Fix swagger doc to refer to volumes - * BATS tests: new too-many-arguments test - * Reformat inspect network settings - * Add podman network to bash command completions - * Fix typo in manpage for `podman auto update`. - * Add tests for --privileged with other flags - * Add JSON output field for ps - * V2 podman system connection - * wip - * system tests: invoke with abs path to podman - * image load: no args required - * system tests: new rm, build tests - * Fix conflicts between privileged and other flags - * Re-add PODMAN_USERNS environment variable - * libpod/containers/json: alias last -> limit - * Bump required go version to 1.13 - * Makefile: allow customizable GO_BUILD - * Add explicit command to alpine container in test case. - * "pod" was being truncated to "po" in the names of the generated systemd unit files. - * Use POLL_DURATION for timer - * rootless_linux: improve error message - * Stop following logs using timers - * Add container name to the /etc/hosts within the container - * Update release notes for v2.0.0 - * Update README to reflect that v2.0.0 has been released - * Bump master to v2.1.0-dev following release of v2.0 - * Fixes #6670 - * Correct logic for demux'ing channels - * Account for non-default port number in image name - * correct the absolute path of `rm` executable - * Poll on events for file reading - * Add --preservefds to podman run - * podman images --format json: pretty print - * Fix podman build handling of --http-proxy flag - * search: allow wildcards - * CI: force registry:2.6 - * Fix remote docs - * Allow recursive dependency start with Init() - * Bump k8s.io/apimachinery from 0.18.3 to 0.18.4 - * unflake rmi tests - * Bump k8s.io/api from 0.18.3 to 0.18.4 - * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5 - * Podman system service is no longer experimental - * Handle dropping capabilties correctly when running as non root user - * Don't ignore --user flag in rootless --userns keepid - * Bump to v2.0.0-dev - * Makefile: install.varlink needs to create dirs - * Do not share container log driver for exec - -- Changelog for v2.0.0-rc7 (2020-06-17) - * Bump Buildah to v1.15.0 - * Move logs functionality to separate file for APIv2 - * generate systemd: `ExecStopPost` for all units - * Revert #6591 to fix issue with failed tests - * vendor github.com/containers/image/v5@v5.5.1 - * Add support for the unless-stopped restart policy - * fix misc remote build issues - * "streaming output" logs test: fix flake - * Fix handling of old oci hooks - * [CI:DOCS] Fixes #6548 - * Re-add resource limit warnings to Specgen - * Add <return> to lines returen in podman-remote logs - * Vendor containers/common v0.14.0 - * Show Anon, GID, UID in v2 volumes - * Fix podman inspect on overlapping/missing objects - * Fix --init and --init-path - * Fix podman-remote images - * Revert "Change Varlink systemd unit to use `system service`" - * Bump github.com/containers/conmon - * handlers/compat: fix lint error - * auto-update: use image's arch - * APIv2 tests: Add some tests for podman pods - * Add deprecated message to varlink command - * Handle errors on attach properly - * fix podman cp can create an extra directory level - * Remove redundant break in for loop. - * Bump to v2.0.0-dev - * generate systemd: `--replace` on named containers/pods - * pod create --replace - * {create,run} --replace - * Bump github.com/uber/jaeger-client-go - * Bump github.com/onsi/ginkgo from 1.12.3 to 1.13.0 - * Adds more docker py test - * The string field of Built was missing from server - * Add some additional fields to imageinspect - * Do not print error message when container does not exist - * Changed from t.StopAtEOF() to t.Stop() and added error check - * Fix -f logs to stop when a container exits - * Add the missing return - * Fix -f logs follow with stopped container - -- Changelog for v2.0.0-rc6 (2020-06-15) - * Change Varlink systemd unit to use `system service` - * Turn on More linters - * Do not default WorkingDir to / on client side - * Reassemble filters on the server side - * Bump github.com/containers/common from 0.13.0 to 0.13.1 - * [CI:DOCS] Fix carriage returns in API v2 header - * Fix missing code during in_podman build - * update document login see config.json as valid - * [CI:DOCS] Add quick start directions to APIv2 Dock - * Fix builds for RDO - * podman: create scope only if --cgroup-manager=systemd - * libpod: fix check for slirp4netns netns - * e2e: sanity check --infra-conmon-pidfile - * generate systemd: wrap pod/ctr lookup errors - * docs: create/run fix --pod-id-file description - * generate systemd: create pod template - * generate systemd: refactor - * add (*Pod).CreateCommand() - * generate systemd: rename source files - * generate systemd: rephrase lookup error - * pod create: add `--infra-conmon-pidfile` - * generate systemd: rename "cid" to "ctr-id" - * container-{create,run}: add `--pod-id-file` - * podman-pod{rm,start,stop}: support --pod-id-file - * systemd/generate: remove unused infra container field - * pod config: add a `CreateCommand` field - * Fixed bug where 'podman log <container>' would truncate some lines. - * Enable IPv6 port binding - * Bump to v2.0.0-dev - * container: do not set hostname when joining uts - * container: make resolv.conf and hosts accessible in userns - * WIP: Enable (and disable) remote testing - * fix api fails with 'strconv.ParseUint: parsing "tcp": invalid syntax' - * Fix play kube report printing when no containers are created - * Fix missing doc for field in PlayKubePod - * Update comment related to seccomp profiles in play kube - * Consistent Yaml convention througout play kube tests - * Fix podman generate tests that relied on play kube - * Add tests for Deployment Kind and minor fix for play kube output - * Fix existing tests - * Modify PlayKubeReport to preserve pod->container mapping - * supporting k8s Deployment objects - -- Changelog for v2.0.0-rc5 (2020-06-10) - * Fix Id->ID where possible for lint - * Fixup issues found by golint - * podman-events: clarify streaming behaviour - * Cirrus: Include packages for containers/conmon CI - * Ensure signal validation happens first in pod kill - * Bump github.com/json-iterator/go from 1.1.9 to 1.1.10 - * Bump github.com/containers/common from 0.12.0 to 0.13.0 - * Improve swagger+CORS metadata docs - * Ensure Conmon is alive before waiting for exit file - * Bump github.com/stretchr/testify from 1.6.0 to 1.6.1 - * e2e: disable checkpoint test on Ubuntu - * force bats version to v1.1.0 - * Enable Ubuntu tests in CI - * Modify py test to start stop system service for each test - * Add parallel operation to `podman stop` - * Fix handling of systemd. - * Add parallel execution code for container operations - * Fix handling of ThrottleWriteIOPSDevice - * Bump github.com/seccomp/containers-golang from 0.4.1 to 0.5.0 - * Strip defaults from namespace flags - * Ensure that containers in pods properly set hostname - * Adds docker py regression test. - * Turn on the podman-commands script to verify man pages - * Attempt to turn on special_testing_in_podman tests - * Bump to v2.0.0-dev - -- Changelog for v2.0.0-rc4 (2020-06-04) - * /images/.../json: fix port parsing - * BATS and APIv2: more tests and tweaks - * Vendor in container/storage v1.20.2 - * add socket information to podman info - * Namespace fields were set with bogus values - * When stopping containers locally, ensure cleanup runs - * Remove use of ABISupport buildtag - * fix remote test --ignore & turn on more tests - * Ensure that image/container inspect are specialized - * turn on remote stop_test - * V2 Add support for ssh authentication methods - * Add a few CVE entries to changelog.txt - * Add more Remote tests - * RHEL8 and Centos8 don't have oci-runtime yet - * test.apiv2: add test cases for committing an image from a container - * Turn on remote rm_test --cidfile - * Properly follow linked namespace container for stats - * Fix a segfault in `podman inspect -l` w/ no containers - * Remove reference to "upcoming" RHEL 7.7 - * Bump Conmon in COPR spec - * Enable detached exec for remote - * check --user range for rootless containers - * images --no-trunc: fix ID formatting - * make env handling os dependent - * Bump github.com/containers/conmon - * Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3 - * Update vendor containers/psgo - * Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90 - * Bump github.com/coreos/go-systemd/v22 from 22.0.0 to 22.1.0 - * Combine the code of dealing with 'readonly' and 'ro'. - * Add bindings for exec and enable attached remote - * Add information on detach-keys - * system tests : more tests - * Add support for format {{.Label}} - * turn on remote testing for images. podman-remote build now works. - * Add invalid value to error message - * Fix leak of empty tarball - * Update man pages for --ip with CNI networks - * [CI:DOCS] update httpd location in tutorial - * default build without `varlink` tag - * Bump to v2.0.0-dev - * compat handlers: add X-Registry-Auth header support - * Don't build code on remoteclient - * v2 copy endpoints - * Bump github.com/rootless-containers/rootlesskit from 0.9.4 to 0.9.5 - * system tests: enable skopeo REGISTRY_AUTH_FILE - -- Changelog for v2.0.0-rc3 (2020-05-29) - * Bump github.com/stretchr/testify from 1.5.1 to 1.6.0 - * V2 verify JSON output is consistent and doesn't drift - * Vendor in containers/common v0.12.0 - * Ensure that signal names can be parsed on Windows - * fix `ps --last=N` - * test.apiv2: add testing for image and deal with API returning binary - * specgen: fix segfault - * Add streaming ability to endpoint - * Fix builds on 32 bit arches - * v2 libpod push: correct docs - * container stats: fix --no-stream race - * Add --format to pod inspect - * Add support for `readonly` option to --mount - * docs: fix typo - * V2 Fix interface nil checks - * [CI:DOCS] Tweak casing in rootless doc - * podman-registry: many unrelated fixes - * Fix Dockerfile - * Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2 - * podman-registry helper script: handle errors - * Makefile: customizable $REMOTETAGS - * add section on rootless volumes - * [CI:DOCS] Prepare image to turn on podman-commands test - * Vendor in latest containers/buildah - * Turn on Fedora testing - * [CI:DOCS] Fix readthedocs link - * [CI:DOCS]add crun to gating image - * network compatibility endpoints for API - * Add MethodNotAllowedHandler() to add in debugging - * Follow up PR to fix issues found in #6341 - * Bump to v2.0.0-dev - * [CI:DOCS]Add conmon to gating image - * Attempt to turn on build_without_cgo tests - * Attempt to turn on additional build tests - * Added new flags to 'podman generate systemd' to change the unit name prefix - * Enable rootless tests for podman remote - * V2 enable remote logs and testing - -- Changelog for v2.0.0-rc2 (2020-05-22) - * Attempt to turn on integration tests - * Removes remote system reset functionality. skip e2e test for remote. - * Attempt to turn on special_testing_endpoing tests - * Attempt to turn on varlink tests - * Attempt to turn on rpmbuild tests - * Bump github.com/containers/common from 0.11.2 to 0.11.4 - * Enables iidfile test as issue fixed now - * [CI:DOCS] Docs revamp. - * Fix podman-remote start tests - * podman version --format ... was not working - * Display human build date in podman info - * remote manifest test - * Turn on more remote tests - * v2 podman-remote build - * Fix podman-remote stop --all to handle not running containers - * Enable rmi test - * Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0 - * Remove github.com/libpod/libpod from cmd/pkg/podman - * Start testing with cross compilation - * Fixes podman pod create --pod-id-file #6292 - * remote untag test - * Get proper exit code when running or starting a container. - * vendor: update seccomp/containers-golang to v0.4.1 - * Bump github.com/containers/storage from 1.19.2 to 1.20.1 - * Bump github.com/onsi/ginkgo from 1.12.0 to 1.12.2 - * Handle filters correctly for podman prune - * Fix remote handling of podman images calls - * Bump k8s.io/api from 0.18.2 to 0.18.3 - * Bump github.com/onsi/gomega from 1.10.0 to 1.10.1 - * Enable system prune test remote client - * Fix build on OS X - * Update Derivative API tutorial to reflect the HTTP API - * Turn off 'noexec' option by default for named volumes - * enable remote integration tests for init - * Add a test for detached exec - * Update manpage for `podman exec` to include detach flag - * Enable cleanup processes for detached exec - * Add ability to clean up exec sessions with cleanup - * Add CLI frontend for detached exec - * Add backend code for detached exec - * Add exit commands to exec sessions - * enable pod_create remote integration tests - * Fix remote integration for healthchecks - * Fix create_test for remote integration - * govern remote attach and start - * Test fixes for remote integration - * V2 API Version Support - * Print container state when erroring that it is improper - * system tests: more podman-pod tests - * don't skip log tests unless remote - * [CI:DOCS] Image tree endpoint should return 404 - * oci conmon: tell conmon to log container name - * add go-bindings for `hack/podman-registry` - * New tool: hack/podman-registry, manages local registry - * Testcase added for network commands - * format option added to network inspect command. - * filter option added to network ls command. - * Fix mountpont in SecretMountsWithUIDGID - * Update troubleshoot page - * v2 enable remote integration tests - * Get MAC, Windows and Linux podman-remote from latest version links. - * V2 Implement terminal handling in bindings attach - * Fix EOM for SendFile - * Bump to v2.0.0-dev - * Give `auto-update` ability to use per-container authfile specified by label. - * system tests: small fixes for rawhide+cgroups v1 - * Add HairpinMode to our CNI configs - -- Changelog for v2.0.0-rc1 (2020-05-18) - * v2endpoint remove image path correction - * Drop APIv2 resize endpoint - * Drop a debug line which could print very large messages - * v2 podman remote attach, start, and run - * Fix lint - * Remove duplicated exec handling code - * Fix lint - * Update API documentation for Inspect - * Parameters for ExecStart are body, not query - * Prune stale exec sessions on inspect - * Remove exec sessions on container restart - * Fix start order for APIv2 exec start endpoint - * Don't fail when saving exec status fails on removed ctr - * Add APIv2 handler for resizing exec sessions - * Ensure that Streams are set to defaults for HTTP attach - * Wire in endpoint for ExecStart - * Add an initial implementation of HTTP-forwarded exec - * Make convenience boxed true/false easier to use - * Use the libpod.conf cni_config_dir option for inspect and delete - * Cirrus: Refresh VM Images, Add Ubuntu 20 LTS - * Cirrus: Fix image-name hints - * Cirrus: Update Ubuntu 18 to 20 - * fix bug --format {{json.}} of events - * V2 Update attach bindings to use Readers/Writers vs chan - * Ensure that cleanup runs before we set Removing state - * Fix two coverity issues (unchecked null return) - * Fix REMOTETAGS - * Cleanup OCI runtime before storage - * Default podman.spec to use crun - * Fix checkpoint --leave-running - * Bump github.com/containers/storage from 1.19.1 to 1.19.2 - * Bump github.com/containernetworking/plugins from 0.8.5 to 0.8.6 - * Update release notes and version on master - * WIP V2 attach bindings and test - * [CI:DOCS]remove libpod.conf from spec - * enable remote image tree - * Bump github.com/containers/conmon - * Bump gopkg.in/yaml.v2 from 2.2.8 to 2.3.0 - * system tests: add volume tests - * cgroup: skip unified if we are using v1 - * enable podman v2 networking for remote client - * Remove libpod.conf from repo - * add podman remote system df - * vendor crio/ocicni@v0.2.0 - * test: enable networking test for rootless - * rootless: do not set pids limits with cgroupfs - * auto-update: support authfiles - * Add netgo build tag to static binary - * Adds tunnel routes for system reset. - * add port to podman remote command - * Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4 - * Bump github.com/containers/common from 0.11.1 to 0.11.2 - * Some BATS cleanup: run and systemd tests - * v2podman image sign - * shm_lock_test: add nil check - * Add podman static build - * enable rootless mount tests - * spec: fix order for setting rlimits - * enable rootless integration testing - * [CI:DOCS] Add Security Policy - * V2 Impliment tunnelled podman version - * Ensure `podman inspect` output for NetworkMode is right - * Fix bug where pods would unintentionally share cgroupns - * bindings tests for container remove and inspect - * Add remaining annotations for `podman inspect` - * v2 podman unshare command - * Update the Podman readme - * v2 podman search rootless - * Fix `podman pod create --infra=false` - * default to tunnel without ABISupport tag - * abi: do not attempt to setup rootless if euid==0 - * fix pod stats flake - * set binding tests to required - * Fix handling of overridden paths from database - * Fix typo in path - * Makefile: fix a dependency issue - * Fixed typo on podman network create man - * fix and enable systemd system tests - * Bump github.com/onsi/gomega from 1.9.0 to 1.10.0 - * auto-update - * set --conmon-pidfile - * Fix parsing of --network for `podman pod create` - * Add podman-remote-static target - * podman: split env variables in env and overrides - * v2trust set and show - * container runlabel - * enable login/logut unspecified args - * [CI:DOCS] Add link to Tutorials to docs homepage - * Enables port test - * CI:DOCS: Document API docs + CORS maintenance - * Update manpages for image volumes and MAC address - * Updated heading from 5 to 6 in link. - * add {generate,play} kube - * Manifest remove, push - * Reenable systemd E2E tests - * Revert commit 016a91 already accepted. - * Updated heading from 5 to 6 in the link. - * Add small fixes for 'podman run' from diffing inspect - * manifest annotate - * Bump k8s.io/api from 0.17.4 to 0.18.2 - * Bump github.com/containers/storage from 1.19.0 to 1.19.1 - * Eliminate race condition on podman info - * v2 system subcommand - * v2 podman stats - * BATS help test: check usage string - * Rework port parsing to support --expose and -P - * [CI:DOC] Add linger to troubleshooting - * Fix errors found when comparing podman v1 --help versus V2 - * Updated the broken links for the docs. - * Updated the broken links for the docs. - * image removal: refactor part 2 - * build(deps): bump github.com/uber/jaeger-client-go - * Bump github.com/sirupsen/logrus from 1.5.0 to 1.6.0 - * [CI:DOC]Use full repo name in podmanimage Dockerfiles - * Fix errors found in coverity scan - * Remove skip on containers.conf tests - * cgroupsns was not following containers.conf - * Properly handle default capabilities listed in containers.conf - * Properly handle containers.conf devices - * [CI:DOCS] Bring README.md up to date - * And system prune feature for v2. - * Fix errors found in coverity scan - * check --get-login when login - * search --limit compatible with docker - * add provided cni networks to spec gen - * fix commands without input - * System tests: help messages: check required-arg - * v2networking enable commands - * V2 Commands that require ParentNS (rootful) are report error - * Cirrus: Utilize new cache images - * Cirrus: Utilize new base images - * cirrus: Update to Fedora 32 proper - * Enable prune integration test. Fixes container prune. - * test: enable start tests - * podman, start: propagate back the raw input - * test: enable remaining run tests - * test: enable entrypoint tests - * test: enable create tests - * cmd, podman: do not override entrypoint if unset - * cmd, podman: use String instead of variable+StringVar - * cmd, podman: handle --pod new:POD - * create: propagate override-arch and override-os - * testv2: enable attach test - * V2 enable ps tests - * enable final system test - * V2 restore podman -v command - * V2 Restore images list tests - * enable search tests - * pull/search options: tls verify -> skip - * test: enable cp tests - * login system test: enable "push ok" - * enable the push e2e tests - * push: fix --tls-verify - * push: simplify cmd - * rootlessport: use two different channels - * specgen: honor slirp4netns - * rootless: move ns open before fork - * push: fix push with one argument - * enable inspect tests - * generate systemd - * Update release notes and README for 1.9.1 release - * Update podmanimage files to adjust perms on containers.conf for rootless - * User specified environment happen after other environments are set - * system tests must pass - * Fixes podman save fails when specifying an image using a digest #5234 - * Fix typos in rm messages - * check image media/manifest type for healthchecks - * test: enable exec tests - * pkg, specgen: do not hardcode user=0 in the config if not specified - * specgen: remove dead code - * cmd: set correct parent for container exec - * Set up ulimits for rootless containers. - * enable build tests - * enable volume integration tests - * separate healthcheck and container log paths - * install.md: Fix typo - * Improve Entrypoint and Command support - * Add support for volumes-from, image volumes, init - * Fix NewSpecGenerator args in pkg/bindings/test - * enable load integration tests - * test: enable all pod tests - * libpod: set hostname from joined container - * namespaces: accept pod namespace - * pkg, ps: add namespaces methods - * enable integration tests for restart - * Make podman container list == podman ps - * test: enable pod rm tests - * pkg, pods: report pod rm errors - * pkg, pods: pod rm honors --ignore - * test: enable pod restart tests - * pkg, pods: not lose pod start/restart errors - * test: enable pod stop tests - * pkg, pods: honor --ignore for pod stop - * test: enable pod create tests - * specgen: relax test to accept default network - * spec, pod: honor --dns - * spec: propagate --no-hosts to specgen - * sort .gitignore - * .gitignore: add pkg/api/swagger.yaml - * build(deps): bump github.com/rootless-containers/rootlesskit - * implement pod stats - * test: fix check for pause on cgroup v2 - * test: fix pause tests - * cmd, ps: add .Status as synonym for .State - * test: enable healthcheck tests - * podman: handle --no-healthcheck - * specgen: read healthchecks from the image - * podman: special case health-cmd none - * Enable pod inspect integration test - * Enable pod prune integration test - * enable run_restart integration tests - * enable run_ns integration tests - * enable run_signal integration tests - * Enable these tests - * Enable container inspect integration tests - * Enable pod ps integration tests - * Cleanup man pages for pull and push - * Adding system prune for podman v2 - * V2 tests: enables commit tests - * Add --os to manifest add - * containers, init: skip invalid state errors with --all - * podman: assume user namespace if there are mappings - * Do not join pod namespaces without an infra ctr - * podman: implement userns=keep-id - * Cirrus: Utilize new VM images - * Cirrus: Unify package installation - * test: enable cgroup parent tests - * podman: fix --log-opt=path=%s - * podman: fix --http-proxy - * podman: fix podman --group-add - * test: fix --host-env test - * podman: fix --cgroups=disabled - * test: enable some run_test.go tests that pass now - * podman: add support for --rootfs - * Bump github.com/containers/common from 0.9.4 to 0.9.5 - * specgen: fix error message - * create: move validate after setting default ns - * remove blank line - * set bigfilestemporarydir for pull - * Fix SELinux functions names to not be repetitive - * foo: delete spurious file - * Makefile: include -nobuild install targets - * podman: handle namespaces specified on the CLI - * specgen: do not always set shmsize - * pkg: fix shmsize error message - * Stop wrapping pull messages - * manifest create,add,inspect - * V2 Restore rmi tests - * V2 restore libpod.Shutdown() when exiting podman commands - * Turn on version.go except for -v check - * Fix podman push and podman pull to check for authfile - * Enable basic volumes support in Podmanv2 - * Move selinux labeling support from pkg/util to pkg/selinux - * Fix integration tests for untag - * Instrumentation to answer #5765 - * test rootless_storage_path from strorage.conf - * V2 Restore exists E2E tests - * Fix podman rm to have correct exit codes - * Fix v2 test podman info - * Fix handling of --cidfile on create/run - * vendor in containers/common v0.9.4 - * Handle hostname flag from client - * Add support for devices from command line - * Fix handling of CGroupsParent and CGroupsMode - * Throw error on IPv6 ip addresses - * Force integration tests to pass - * Modify namespace generation code for specgen - * Bump to github.com/containers/common to v0.9.2 - * my bad - * Provide a json variable pointing to a configured json API - * podmanv2 cp - * gate/README.md Fix link to .cirrus.yml and reword - * add entrypoint from image where needed - * Makefile: fix broken chcon for podman-remote - * podmanv2 container subcommands - * v2podman port - * v2: implement log{in,out} - * Move Fedora dependencies for building podman into separate file - * v2, podman: plug --userns=auto - * podman: do not set empty cgroup limit blocks - * Handle annotations passed in via the client - * Need to set the Entrypoint - * Fix podman inspect to return errors on failure - * pkg: implement rlimits - * podman rmi: refactor logic - * Add support for containers.conf to podmanimages - * Update podman to use containers.conf - * Fix podman inspect to accept -l and -s fields - * Handle Linux Capabilities correctly - * Add functions to return image informations - * V2 Rmove existing unix domain socket on startup - * Cirrus: Add support for Fedora 32 - * Cirrus: More Ubuntu 19 + Fedora 31 - * V2 podman image tree - * V2 Fix --latest for podman diff commands - * rootless: move join namespace inside child process - * rootless: skip looking up parent user ns - * common: setting cgroup resources correctly - * Update pod inspect report to hold current pod status. - * Pull images when doing podman create - * Return labes in API (fixes #5882) - * Make `find` ignore dot files - * Cleanup network option parsing - * enable integration testing - * V2 Fix support for tcp://[::]<port> connections - * Add pod prune for api v2. - * We were not handling the user option on create - * Fixes for system tests - * Enable some testing - * Log formatter: add BATS summary line - * Bump github.com/containers/psgo from 1.4.0 to 1.5.0 - * podmanV2: implement build - * Fix bug where two configurations had been created - * Podman V2 birth - * V2 Enable rootless - * Add SELinux volume information to troubleshoot.md - * podman v2 remove bloat v2 - * allow filters to work when listing containers - * Update podman-generate-systemd man page - * .gitignore: ignore v2 remote - * Bump github.com/containers/common from 0.9.0 to 0.9.1 - * Add version to podman info command - * Add basic structure of output for APIv2 pod inspect - * v2 bloat pruning phase 2 - * Add support for selecting kvm and systemd labels - * Fix up SELinux labeling - * podmanv2 fix runtime assignment - * Cirrus: Fix gate container build failure - * logformat: handle apiv2 results, add anchor links - * Update README to reflect that latest version is v1.9.0 - * Ability to prune container in api V2 - * Bump to v2.0.0-dev - * podmanv2 events - * test case added for image prune cache image - * note for skipping cache image added. - * image prune skips images with child images. - * swagger-check: new CI tool to cross-check swagger - * auto update: skip non-image policies - * build(deps): bump github.com/containers/common from 0.8.1 to 0.9.0 - * logformat: handle apiv2 results, add anchor links - * If possible use the pod name when creating a network - -- Changelog for v1.9.0 (2020-04-15) - * podmanV2: fix nil deref - * v2specgen prune libpod - * More system test fixes on regressions - * Add support for the global flags and config files - * Bump to v1.9.0-dev - -- Changelog for v1.9.0-rc2 (2020-04-14) - * Update release notes for v1.9.0-RC2 - * v2podman ps revert structure changes - * podmanv2 mount and umount - * Fix invalid container path comparison for pid cgroup - * v2podman add container init - * Need to set security options even if user does not specify options - * podmanv2 version format variable name change - * Fixes for load and other system tests - * Improve APIv2 support for Attach - * Refactor service idle support - * podmanv2 history and image remove templates - * Bump to v1.9.0-dev - * rootless: use snprintf - * podmanV2: implement search - -- Changelog for v1.9.0-rc1 (2020-04-13) - * build(deps): bump github.com/containers/buildah from 1.14.7 to 1.14.8 - * Update release notes for v1.9.0-RC1 - * v2podman container cleanup - * podmanV2: implement logs - * test: enable preserve fds test for crun - * test: fix exec preserve-fds test - * Set exit codes on errors. - * Run (make vendor) - * Fix (make vendor) - * update the latest version to 1.8.2 - * add tests for kill and exists - * v2podman ps alter formats - * run/create were processing options after the image name - * V2 podman system service - * man page: add note about issue with SELinux - * Bump Buildah to v1.14.7 - * Bump containers/image to v5.4.3 - * V2 podman diff(changes) support - * podman info needs to be run within the user namespace - * podmanv2 images user format - * podmanv2 info - * vendor c/image v5.4.2 - * Do not error on pids.current stats if ctr.path is empty - * fix rootless login/logout tests - * v2podman run - * refactor info - * podmanv2 ps - * userns: support --userns=auto - * podmanv2 start - * build(deps): bump github.com/containers/common from 0.8.0 to 0.8.1 - * build(deps): bump github.com/containers/storage from 1.18.1 to 1.18.2 - * build(deps): bump github.com/opencontainers/selinux from 1.4.0 to 1.5.0 - * v2podman attach and exec - * v2podman container create - * Cleanup whether to enter user namespace for rootless commands - * podmanv2 save image - * podmanv2 version - * checkpoint: handle XDG_RUNTIME_DIR - * checkpoint: change runtime checkpoint support test - * Pass path environment down to the OCI runtime - * podmanv2 checkpoint and restore - * Bump github.com/containers/common from 0.6.1 to 0.8.0 - * test/e2e/run_volume_test: use unique mount point - * test/e2e/run_volume_test.go: mv dockerfile decl - * test/e2e/run_volume_test: only create dir once - * Fix environment handling from containers.conf - * podmanV2: implement push - * pkg/spec.InitFSMounts: optimize - * utils: delete dead code - * attach: skip shutdown on errors - * attach: fix hang if control path is deleted - * pkg/spec.InitFSMounts: fix mount opts in place - * podmanv2 export - * podmanv2 import - * podmanv2-retry - new helper for testing v2 - * podmanv2 load - * podmanv2 pod inspect - * V2 podman inspect - * Fix repos for CentOS 7 RPM build - * podman v2 image tag and untag - * podmanv2 pod ps - * Touch up mailing list address in README.md - * add systemd build tag to podman builds - * Bump github.com/rootless-containers/rootlesskit from 0.9.2 to 0.9.3 - * Switch to using --time as opposed to --timeout to better match Docker. - * podmanV2: implement pull - * pkg/spec/initFSMounts: fix - * Cirrus: Remove darwin/windows builds in gate-job - * Cirrus: Update VM Images - * Cirrus: Minor docs update - * Revert "Default CPUShares in Inspect are 1024" - * fix more swagger inconsistencies - * V2 Move varlink home - * Bump github.com/containers/conmon - * Bump github.com/spf13/cobra from 0.0.6 to 0.0.7 - * rootless: make cgroup ownership detection not fatal - * podmanv2 enable healthcheck run - * Update vendor of boltdb and containers/image - * swagger: top: remove "Docker" from the identifiers - * podmanv2: implement pod top - * v2 api: implement pods top endpoint - * podmanv2 commit - * Bump to buildah v1.14.5 (Edit 2020-06-03: Addresses CVE-2020-10696) - * Add support for containers.conf - * API v2 tests: usability improvements - * Sanitize port parsing for pods in play kube - * podmanv2 pod create using podspecgen - * use `pause:3.2` image for infra containers - * Add support for specifying CNI networks in podman play kube - * Fix typo in pod create - * podmanV2: implement top - * Fix Markdown typo in podman-create.1.md - * V2 podman image prune - * Support label filters for podman pod ps. - * podmanv2 container inspect - * podmanv2 pod subcommands - * Add bindings for Container Exec Create + Inspect - * apiv2 add default network in specgen - * slirp: enable seccomp filter - * V2 podman image rm | podman rmi [IMAGE] - * V2 podman image - * podmanv2 add pre-run to each commmand - * Ensure that exec sends resize events - * enable linting on v2 - * Bump github.com/rootless-containers/rootlesskit from 0.8.0 to 0.9.2 - * Bump github.com/containers/storage from 1.16.5 to 1.16.6 - * V2 podman images/image list - * podmanv2 volumes - * Combine GlobalFlags and EngineFlags into EngineOptions - * Complete podmanV2 history command - * rootlessport: use x/sys/unix instead of syscall - * podmanv2 exit code - * Bump github.com/sirupsen/logrus from 1.4.2 to 1.5.0 - * Correctly document libpod commit endpoint - * Implement APIv2 Exec Create and Inspect Endpoints - * apiv2 container commit for libpod - * Add image signing with GPG tutorial - * podmanv2 add core container commands - * Improved readability in image json output - * podmanv2 volume create - * Add stubs for cmd/podman in non-Linux local mode - * Make libpod/lock/shm completely Linux-only - * Add stubs for pkg/adapter/terminal_linux.go - * Add a stub for libpod.Container.Top - * Make cmd/podman/shared.GenerateCommand tests Linux-only - * Fix the libpod.LabelVolumePath stub - * Only run TestGetImageConfigStopSignal on Linux - * Fix the pkg/specgen/SpecGenerator.getSeccompConfig stub - * podmanv2 pod exists - * when removing networks for tests, force should be used - * Add basic structure of a spec generator for pods - * [CI:DOCS]fix type issue in pod binding test - * podmanv2 enable remote wait - * fix remote connection use of context - * use boolreport for containerexists response - * podmanv2 container exists|wait - * Add APIV2 service files - * Attempt manual removal of CNI IP allocations on refresh - * Implemented --iidfile for podman commit - * Add guildline for writing podman V2 CLI commands - * Use creds form PullImage remote - * Fix docker man page links - * Bump to v1.8.3-dev - * [CI:DOCS]remove podmanv2 binary - * Cirrus: Update VM images - * Cirrus-CI: Fix source path of vendor task - * Cirrus: Enable future installing buildah packages - * Cirrus: Include packages for buildah CI - * Cirrus: Update Ubuntu base images - * Cirrus: Use opensuse open build Ubuntu packages - * Update release notes for v1.8.2 final release - * rootlessport: handle SIGPIPE - * apiv2 add bindings for logs|events - * Bump github.com/containers/common from 0.5.0 to 0.6.1 - * Add inspect for exec sessions - * Add structure for new exec session tracking to DB - * Populate ExecSession with all required fields - * Fix path of tmp_dir - * Cirrus: Disable non-docs release processing - * container prune remove state created, configured - * Cirrus: Log libseccomp package version - * docs: mention that "podman version" prints out Remote API Version - -- Changelog for v1.8.2 (2020-03-19) - * fix reported compat issues - * Don't include SUBDIR in windows.zip - * rootless: fix usage with hidepid=1 - * V2 podman command - * serve swagger when present - * swagger: more consistency fixes - * Vendor in containers/buildah v1.14.3 - * Reduce CPU usage when --timeout=0 - * New test: man page cross-ref against --help - * podman: avoid conmon zombie on exec - * Filter pods through pod list api - * Bump to v1.8.2-dev - * Fix vendoring on master - * fix timeout file flake - * auto updates - * pkg/systemd: add dbus support - -- Changelog for v1.8.2-rc1 (2020-03-17) - * Update release notes for v1.8.2-rc1 - * Fix vendoring on master - * Update containers/storage to v1.16.5 - * config: make warning clearer - * Four small CI fixes: - * fix systemd generate tests - * apiv2 addition of manifests - * add os|arch attributes when building - * Missing double quotes in troubleshooting guide. - * force run container detached if container CreateCommand missing the detach param - * Bump github.com/containers/common from 0.4.2 to 0.5.0 - * Bump k8s.io/api from 0.17.3 to 0.17.4 - * Bump github.com/fsnotify/fsnotify from 1.4.7 to 1.4.9 - * eat signal 23 in signal proxy - * add apiv2 healthcheck code - * turn off color-mode for bindings - * remove imagefilter for varlink remote client - * Bump github.com/containers/storage from 1.16.2 to 1.16.3 - * run --rmi test: make it work - * rootlessport: detect rootless-child exit - * create: do not calculate image size - * Follow up changes from #5244 - * man page cross-reference fixes: part 2 - * Update version in README to v1.8.1 - * [CI:DOCS]Add libpod event endpoint - * Bump to v1.8.2-dev - * Update start stop api to use pod status function. - * Fix bug podman reset to not remove $XDG_RUNTIME_DIR - -- Changelog for v1.8.1 (2020-03-11) - * man pages: fix inconsistencies - * Update release notes for v1.8.1 final release - * build for amd64|arm|ppc64le - * update systemd & dbus dependencies - * Refactor handler packages - * Remove nonexistent --set arg from runlabel documentation - * hide --trace flag - * podman --help: mention defaults of bools - * docs: clarify that --syslog expects an argument - * Bump to v1.8.1-dev - * commands: rename file and add likns to readthedocs - -- Changelog for v1.8.1-rc4 (2020-03-09) - * Revert "exec: get the exit code from sync pipe instead of file" - * Revert "Exec: use ErrorConmonRead" - * Revert "exec: fix error code when conmon fails" - * rootles tutorial: remove systemd unit example - * generate systemd: add `default.target` to INSTALL - * Bump github.com/containers/storage from 1.16.1 to 1.16.2 - * use storage/pkg/ioutils - * use storage/pkg/homedir - * Fix spelling mistakes in code found by codespell - * add default network for apiv2 create - * Bump to v1.8.1-dev - * Allow users to set TMPDIR environment - * Fix upstream dockerfile and add 'by hand' ctrfile - * Cirrus: Fix fedora-minimal mirroring - * fix security-opt generate kube - -- Changelog for v1.8.1-rc3 (2020-03-06) - * Update release notes for v1.8.1-RC3 - * Part 2: try to clean up the long image instance names - * WIP: Try renaming long cirrus job names - * vendor: update github.com/containernetworking/cni to v0.7.2-0.20200304161608-4fae32b84921 - * Removed extraneous comments and defaults plus amended variable declaration - * Removed the unnecessary code - * Implemented size parameter on GetContainer - * Implement size parameter on ListContainers - * Map configured status to created to match docker API states - * Fix to remove null entry from end of images json - * Register handlers without version to align with docker API - * golangci: enable goimports - * generate systemd: remove leading slashes - * exec: fix error code when conmon fails - * Vendor buildah 1.14.2 - * env: don't set "container" env - * Fix podman image sign help output - * avoid adding to nil map - * Exec: use ErrorConmonRead - * exec: get the exit code from sync pipe instead of file - * generate systemd: add network dependencies - * Bump to Buildah v1.14.1 - * APIv2 tests: add tests for stop - * Add the rmi flag to podman-run to delete container image - * consolidate env handling into pkg/env - * CI: format cirrus logs - * Update docs/source/markdown/podman-build.1.md - * Allow devs to set labels in container images for default capabilities. - * CI: add API v2 tests - * more swagger fixes - * Bump github.com/opencontainers/selinux from 1.3.2 to 1.3.3 - * Add validate() for containers - * Cirrus: Fix gate image & false-positive exits - * Update pod bindings and Add test to validate prune pod apiv2 binding. - * Fix wrong condition in bindings test - * Ensure that exec sessions inherit supplemental groups - * Cirrus: Update VM images - * Cirrus: Force runc use in F30 - * rework apiv2 wait endpoint|binding - * build: specify input fd to buildah - * Cirrus: Remove unnecessary handle_crun workaround - * Cirrus: Print env. vars at end of setup. - * Cirrus: Fix not growing Fedora root - * network create should use firewall plugin - * add firewall plugin (no backend) to default cni config - * binding tests for volumes - * Bump to v1.8.1-dev - * container Exists: fix URL - * CI: package_versions: include hostinfo, kernel - * Review comments - * [WIP] Add cmd flag to show container name in log - -- Changelog for v1.8.1-rc2 (2020-02-27) - * Update release notes for v1.8.1-rc2 - * Vendor in latest containers/buildah - * kill test: clean up warnings; document better - * curb flakes in integration tests - * spec: allow container alias name in lookup - * add epoch for specfile - * fix trivial typo - * Add support for multiple CNI networks in podman inspect - * Remove 1 sec delay - * Temp. skip "remove pause by id" bindings test - * Fix kill test obtaining CID - * System Tests: Force default signal handlers - * Fix cgroupsv2 run test, unexpected output - * Cirrus: SELinux Enforcing for F31 w/ CGv2 - * Cirrus: collect podman system info - * Cirrus: F31: Force systemd cgroup mgr - * Cirrus: Temp. disable F31 p-in-p testing - * Cirrus: Handle runc->crun when both are possible - * Cirrus: Use deadline elevator in F31 - * Cirrus: Support testing with F31 - * rootless: become root only if the pause file is specified - * rootless: fix segfault when open fd >= FD_SETSIZE - * apiv2 tests: add more pod tests, timing check - * Update vendor of buildah and containers/common - * build: move initialization after SetXdgDirs - * utils: relax check for directory to use - * add apiv2 tests for podman pause and stop - * always run the docs task on post-merge - * Fixed build_rpm.sh script for Fedora 30 - * Add basic deadlock detection for container start/remove - * Friendly amendment: tests, and a help message - * fix port list by container with port - * more image binding tests - * docs: symlink to host device is resolved - * Add --no-healthcheck command to create/run - * enable ci on go binding tests - * add more image tests for go bindings - * Bump to v1.8.1-dev - * build(deps): bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 - -- Changelog for v1.8.1-rc1 (2020-02-21) - * Update release notes for v1.8.1 - * disable generation of cni firewall plugin - * search endpoint failure correction - * Remove ImageVolumes from database - * Upgrade make package-install for fedora31 - * Flake fix: race condition in same-IP test - * Add support for ssh:// and unix:// podman clients - * search test on fedora registry: retry 5 times - * Swagger: yet more fixes - * Login test: use --password-stdin - * implement reverse reader for log reads - * podman images: add --filter=since=XX - * populate resolv.conf with dnsname responses when in usernamespace - * Beautify podman bridge CNI config - * build(deps): bump github.com/spf13/cobra from 0.0.5 to 0.0.6 - * Warn user about --password cli option in login - * build(deps): bump github.com/stretchr/testify from 1.5.0 to 1.5.1 - * Swagger: fix one incorrect comment - * apiv2 container create using specgen - * Add test to validate the pod bindings api - * Update to the latest version of buildah - * New login and push tests - * Add network options to podman pod create - * Fixed syscall.Signal not convertable by decoder - * Fixed typo in KillContainer - * build(deps): bump github.com/containers/storage from 1.15.8 to 1.16.0 - * build(deps): bump github.com/stretchr/testify from 1.4.0 to 1.5.0 - * libpod.conf: clarify `label` description - * set process labels in pkg/spec - * libpod/config: use built-in TOML instead of manually merging - * Fixed CreateImageFromImage not respecting supplied Tag parameter - * Add installation of pre-commit to Makefile - * fix mandatory parameter in login/logout - * adds missing query struct tags and exports the fields - * Swagger: fix inconsistencies (try #2) - * Update mux rules to allow slashes in image names - * rootless: fix a regression when using -d - * Misc typo fixes - * Use cleaned destination path for indexing image volumes - * Add ability for pods to use the host network - * stats: Expose CPU usage in API - * rootless: check if the conmon process is valid - * apiv2: Fixup /containers/json filters documentation - * apiv2: Enable filtering images by ID - * Fix handler and systemd activation errors - * podman-ps: support image IDs - * Refactor image tree for API usage - * Update documentation of commit command to show image reference is optional - * Rework label parsing - * add caching for binding tests - * apiv2 libpod container logs - * add pkg/signal - * add pkg/capabilities - * build(deps): bump github.com/rootless-containers/rootlesskit - * Fix SELinux labels of volumes - * podman(1): fixes - * fix bug "" disable detach keys - * Fixed a bug about bash automatically complete - * Enhance fuse-overlayfs instructions. - * README: fix docs links - * Fix up play kube to use image data - * build(deps): bump k8s.io/api from 0.17.2 to 0.17.3 - * Only set --all when a status filter is given to ps - * use quay.io/libpod/fedora-minimal for reliability - * filtering behavior correction - * support device-cgroup-rule - * rootlessport: drop Pdeathsig in favor of Kill - * rootlessport: fix potential hang - * add pkg/seccomp - * Do not copy up when volume is not empty (Edit 2020-06-03: Addresses CVE-2020-1726) - * api: pull: fix reference parsing - * cmd/podman/pull: refactor code - * stats: add SystemUsage - * build(deps): bump k8s.io/apimachinery from 0.17.2 to 0.17.3 - * build(deps): bump github.com/gorilla/mux from 1.7.3 to 1.7.4 - * HTTP 304 (NotModified) is not an error! - * API v2 tests: catch up to moving target - * api: fix the CPU stats reported - * apiv2 stream events - * Fix container filters - * API v2: pods: fix two incorrect return codes - * Rewire ListContainers for APIv2 libpod - * podman build -f completions - * swagger: fix /libpod/images/{import,load,pull} - * Make: s/uname -o/uname -s/ - * container create: relax os/arch checks - * replace prow images test - * Remove incorrect validation of --change for commit - * [CI:DOCS] Update Code of Conduct to Containers variant - * Add test cases to validate remove and list images api. - * images --format compatible with docker - * bash-completions: Add missing subcommands in 'podman system' - * doc: Fix examples for 'podman system service' - * v2 api: /libpod/images/import - * v2 api: /libpod/images/load - * v2 api: /libpod/images/pull - * docs: add workaround for --device with rootless containers (II) - * Fix varlink code generation target. - * Modify Runtime.getImage to return a storage.Image - * Document an aspect of newFromStorage behavior - * Introduce a Runtime.newImage constructor - * Move Image.getLocalImage to Runtime.getLocalImage - * Remove the getLocalImage() call from Image.Size - * Use Runtime.NewFromLocal instead of open-coded copies - * Trivial simplification - * Create two separate newImage instances in Runtime.New - * Call NewImageRuntimeFromStore from NewImageRuntimeFromOptions - * Update readme to 1.8.0 release - * Refactor runtime functions to pass options structure - * build(deps): bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - * LibpodAPI.BuildImage: don't require a name for the new image - * Bump to v1.8.1-dev - * Cirrus: Never run prune on other branches - * Add dockerfile to mirror fedora-minimal - * Add /swagger/ endpoint to serve swagger yaml to clients - * Add backend code for pod network options - -- Changelog for v1.8.0 (2020-02-06) - * [CI:DOCS]update contrib systemd user - * [CI:DOCS]fix systemd files for apiv2 - * Update release notes for final release of v1.8.0 - * Move podman-service to podman-system-service - * Only modify conmon cgroup if we have running containers - * fix swagger docs and make sure docs validation runs - * Special case memory-swap=-1 - * vendor github.com/mtrmac/gpgme@v0.1.2 - * vendor github.com/containers/image/v5@v5.2.0 - * Add Containerfile location e2e test - * [CI:DOCS]addition of specgen package - * {CI:DOCS] run gofmt before lint - * build(deps): bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0 - * Close tarSource when finished using it - * Force --all when --filter is passed to podman ps - * Initial implementation of a spec generator package - * Fix wrong Containerfile location on build - * Wrap error for failing ImageSize calls - * swagger: v2: libpod/images/{import,load,pull} - * seperate container create network options - * Cirrus: Fix gate task + make lint|validate - * Add a binding test to check image tag and list commands. - * Update /_ping support - * [CI:DOCS]add apiv2 endpoints for exec - * build(deps): bump github.com/containers/storage from 1.15.7 to 1.15.8 - * build(deps): bump github.com/onsi/gomega from 1.8.1 to 1.9.0 - * Tear down network when restarting containers - * Move install.md to podman.io, leave link page - * Update XML to not embed quote in PATH on windows - * Bump to v1.8.0-dev - -- Changelog for v1.8.0-rc1 (2020-01-31) - * Fix a syntax error in hack/release.sh - * Minor update to release notes - * sigproxy: return after closing the channel - * fix longname handling for bindings - * Update release notes for v1.8.0 - * compat container names begin with / - * Assure validate includes lint - * make image reference for commit optional - * adjusts install.md (Ubuntu): replaces ${NAME} with hard-encoded Ubuntu to support all *buntu flavors - * adjusts install.md (Ubuntu): registries.conf setup is now in containers-image package - * markdown: fix erroneous asterisk markup for options - * speed up Makefile - * Makefile: systemd: echo instead of warn - * Makefile: remove redundant BUILDFLAGS - * Makefile: consistent PHONY use - * Makefile: remove dead vagrant target - * Makefile: move systemd buildtag check - * rootless: enable shortcut only for podman - * test: honor TEMPDIR variable - * Cirrus: Set EPOCH_TEST_COMMIT during gate task - * Deprecate & remove IsCtrSpecific in favor of IsAnon - * apiv2 binding test fixes - * history: fix size computing - * run `varlink_generate` on Linux only - * display file name of bad cni conf - * Throw error on invalid sort value - * rootless login/logout tests fail - * Update remote client bridge documentation. - * honor pull policy in play kube - * docs: replace '~' with $HOME in markdown as '~' isn't rendered properly - * install.md: registries.conf setup in containers-image package - * [CI:DOCS]Binding overhauls - * docs: fix incomplete heading underlining in network.rst - * build(deps): bump github.com/rootless-containers/rootlesskit - * docs: add missing hyphen for '-t' option, command '$' prompts - * build(deps): bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1 - * [CI:DOCS]rootless exec cannot join root namespace - * expose --arch-override option for pull - * Add link from docker.sock to podman.sock - * inspect image healthchecks - * [CI:DOCS]Add copr link to fedora install page - * Hidden remote flags can be nil - * docs: add boolean values and defaults to "man podman-history" options - * docs: remove reference to "sudo" in "podman exists" examples - * docs: fix system-prune markdown; reword for clarity - * docs: clean up "man podman-rm", "man podman-rmi" - * install.md: mention availability of OpenEmbedded recipes - * Cleanup man pages exit code descriptions - * APIv2 review corrections #3 - * camelcase: fix lint reports - * fork fatih/camelcase - * Refactor time parsing to be more liberal in accepted values - * apparmor: allow receiving of signals from 'podman kill' - * Add query parameter converters for complex types - * Review corrections pass #2 - * build(deps): bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - * Default CPUShares in Inspect are 1024 - * markdown: fix grammar/formatting, standardize on markdown - * build(deps): bump k8s.io/api from 0.17.0 to 0.17.2 - * build(deps): bump github.com/pkg/errors from 0.9.0 to 0.9.1 - * build(deps): bump github.com/containers/conmon - * build(deps): bump github.com/json-iterator/go from 1.1.8 to 1.1.9 - * build(deps): bump github.com/uber/jaeger-client-go - * build(deps): bump github.com/containernetworking/plugins - * seccomp policy: expect profile in config label - * build(deps): bump github.com/vishvananda/netlink from 1.0.0 to 1.1.0 - * build(deps): bump github.com/containers/storage from 1.15.5 to 1.15.7 - * Update README.md to reference latest version - * Enable swagger validation for each PR - * Fix example format in system df man - * markdown: fix formatting of commands at bottom of podman-exec - * markdown: reword 'podman-inspect' to properly explain '--size' - * correct search-and-replace error - * Update release script to not manage epoch - * markdown: remove extraneous backquote from "podman rmi" - * markdown: fix formatting/content typos in migrate man page - * Update RELEASE_NOTES for v1.7.1 - * Add service endpoint - * Cirrus: Fix logic typo - * Update build images - * Cirrus: No upload snap for docs job - * [CI:DOCS]First pass at review comments - * go.mod: fix parse error - * Use cgroupv2 super magic from golang.org/x/sys/unix - * Disable go mods on varlink builds in spec - * [CI:DOCS] Add logo and dev statement - * rootless: set C variables also on shortcut - * [CI:DOCS]static files end up in _static on rtd - * [CI:DOCS] Correct link syntax - * [CI:DOCS]Connect API docs and RTD - * post-process swagger yaml for publish - * Tests for API v2 - * Minor: Bugfix in upload image - * Update `tag` documentation regarding 'alias' usage - * update install instructions for Debian, Raspbian and Ubuntu - * oci_conmon: do not create a cgroup under systemd - * Add an API for Attach over HTTP API - * systemdgen: specify --cgroups=disabled-conmon for --new - * podman: add new option --cgroups=no-conmon - * systemdgen: add --ignore flag to generic services - * e2e/run_signal_test.go: make it more robust - * hack/install_golangci.sh: check env vars - * Remove c.String(net) - * make binaries: include service - * service: don't block sigterm - * Cirrus: remove workaround for cleaning /go/bin - * [CI:DOCS]swagger cleanup and left-hand nav - * Add APIv2 CLI example POC - * api: stats: fix typo - * api: utils: add an `IsLibpodRequest` handler - * refactor top code - * top: use a separate pipe for the error stream - * v2 api: top improvements - * v2: stats: drop redundant sleep when streaming - * v2: stats: libpod: use generic handler - * v2: stats: rigorous error checks - * v2: stats: fix errors - * v2: stats: do not ignore errors - * v2: stats: remove windows-specific fields - * make .install.golangci-lint: force specific version - * Makefile: remove gometalinter - * contrib/gate/Dockerfile: bump to F31 - * [CI:DOCS]swagger corrections - * Bump to Buildah v1.13.1 - * oci_conmon: not make accessible dirs if not needed - * Enable pre-commit tool linting - * .gitignore: ingore *.coverprofile from unit tests - * make lint: include unit tests - * .golangci.yml: move swagger.go from Makefile - * make lint: include docs/ - * make lint: include pkg/tracing - * revert accidental change from codespell pr. - * swagger documentation updates - * Do not configure CNI when slirp4netns is requested - * clarify container prune --force - * more BATS tests - * gating: clean /go/bin to install fresh tools - * make lint: enable gocritic - * linter: blacklist linters instead of whitelisting - * bump golangci-lint to 1.18.0 - * rm contrib/perftest - * remove `.tool/lint` - * docs: --privileged docs completeness, consistency - * [Makefile] Ensure .gopathok dependency is met for varlink - * Add codespell to validate spelling mistakes in code. - * libpod: fix --userns=keep-id with big UIDs - * fix e2e test failure - * Cirrus: Fix libpod base images going stale - * address review comments before merge - * [CI:DOCS]update apiv2 documentation with swagger goods - * Initial commit on compatible API - * cp: drop check for rootless - * test: fix error message - * log: support --log-opt tag= - * Fix Makefile ref libseccomp branch as a commit - * policy for seccomp-profile selection - * podman-generate-systemd --new - * shared/create.go: s/data/imageData/ - * rootlessport: honor ctr.runtime.config.TmpDir - * rootlessport: remove state dir on exit - * Usage messages: show possible option values - * Update podmanimage build process - * exec: fix pipes - * fix lint - pkg/varlinkapi/virtwriter - * fix lint - pkg/util: func comment - * fix lint - pkg/spec - * fix lint in pkg/rootless - * fix lint - pkg/network: comment exported types - * fix lint - pkg/adapter: comment exported API - * fix lint - ignore image.ImageDeleteResponse definition - * fix lint - drop else block - * fix lint: add comment for NameRegex and error - * fix lint: correct func identifier in comment - * fix lint: "guarantess" is a misspelling of "guarantees" - * rootless: use RootlessKit port forwarder - * Add `untag` sub-command - * Update demo for the inspect command - * Fix podman-remote info to show registry data - * packaging: validate installed rpms - * github stale workflow: rephrase and bump close time - * Don't show PASS on success for gitvalidate - * Bump gitvalidation epoch - * Bump to v1.7.1-dev - * play kube: make seccomp handling better conform to k8s - * fix bug copy from container directory - * Add history names to image inspect data - -- Changelog for v1.7.0 (2020-01-06) - * (minor) fix broken links to container-policy.json.5 - * Generate binaries only if they are changes in src code. - * Fix presentation of man page tables - * Bump gitvalidation epoch - * Bump to v1.7.0-dev - -- Changelog for v1.7.0-rc2 (2020-01-02) - * Update release notes with further changes from 1.7.0 - * refactor network commands - * Fix race condition in kill test leading to hang - * Ensure 'make uninstall' remove bin and conf files. - * Add the pod name when we use `podman ps -p` - * Ensure SizeRw is shown when a user does 'inspect --size -t container'. - * signal parsing - better input validation - * The --quiet flag does not conflict with templates in ps - * add struct response for removal of images - * Update containers/storage to v1.15.4 - * Update containers/storage to v1.15.4 - * zsh completion: ignore multi-line output in Flags - * build(deps): bump github.com/containers/image/v5 from 5.0.0 to 5.1.0 - * if container is not in a pid namespace, stop all processes - * update c/buildah to v1.12.0 - * Remove volumes after containers in pod remove - * libpod: drop arbitrary memory limit of 4M - * docs: add workaround for --device with rootless containers - * install.md: openSUSE dependencies - * Use systemd/sd-daemon.h headers for systemd presence - * Allow the injection of TESTFLAGS - * Remove coverprofile from the repository - * troubleshooting.md: rebased master and bumped 18 to 19 - * Fix F30-F31 migration for Podman 1.7.0 - * runtime.go: show registries data and search table - * container config: add CreateCommand - * Fixed the path of hack scripts in spec file - * runtime.go: show search table in podman info - * podman info man: example update - * podman: mirror information - * Reap exec sessions on cleanup and removal - * [Makefile] `LDFLAGS` is reserved for the GCC linker - * podman images history test - clean up - * Bump gitvalidation epoch - * Bump to v1.7.0-dev - * allow exec to read files of environment variables - * Correctly export the root file-system changes - * build(deps): bump github.com/uber/jaeger-client-go - -- Changelog for v1.7.0-rc1 (2019-12-11) - * Update release notes for 1.7.0 - * docs: update podman-{pod-,}top man pages - * build(deps): bump github.com/containers/psgo from 1.3.2 to 1.4.0 - * Update containers/storage to v1.15.3 - * move image filters under libpod/images - * Re-add Fedora 31 migration code. - * macvlan networks - * Return empty runtime directory if we're not rootless - * build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2 - * Use terminal detach keys sequence specified in the config file - * Add ONBUILD support to --change - * Move Commit() to new parsing for --change - * test for #3920 (improper caching of tarballs in build) - * Enable multi-platform rpm building - * Completely rework --change parsing - * Avoid git warnings by using detach on checkout - * Improve hack/get_release_info.sh - * Bump Buildah to v1.11.6 - * rootless: enable stats test on cgroup v2 - * Improve dnf tests inside build_rpm.sh - * libpod: fix stats for rootless pods - * rootless: add fallback for renameat2 at runtime - * Attempt to install go-md2man only if missing - * Quick grammar touchup in rootless.md - * Allow chained network namespace containers - * Ensure volumes reacquire locks on state refresh - * Ignore ErrCtrRemoved when removing a container - * Add comment on rootless containers creating device nodes - * Updates on making doc building and debug optional - * troubleshooting: warn about secure boot - * libpod: fix case for executable file not found errors - * build: improved main makefile - * build: improved prepare.sh - * Fix podman-remote version to print client and server - * man page updated with examples of filter option - * install.md: added slirp4netns dependency to ubuntu - * Add podman system reset command - * fix commands.go to get links from correct directory - * Do not initialize store on rootless podman - * filter added to container prune command - * Disable checkpointing of containers started with --rm - * Make doc building in spec optional - * Donot install btrfs in RHEL/CentOS-8 - * oci: print only matching part for the errors - * command output fixed as per docker equivalent - * Detect Python executable in Makefile - * Improved build_rpm.sh - * Add support for image name history - * Remove containers when pruning a stopped pod. - * Allow --ip and --mac to be set when joining a CNI net - * Document other bind options on --volumes flag - * podman {pod,} rm/stop: add --ignore flag - * Discard errors from Shutdown in `system renumber` - * e2e/prune: run two top containers - * build(deps): bump github.com/containers/storage from 1.13.5 to 1.14.0 - * build(deps): bump gopkg.in/yaml.v2 from 2.2.5 to 2.2.7 - * build(deps): bump github.com/pkg/profile from 1.3.0 to 1.4.0 - * document updated for filter and until options - * filter added to image pruge command. - * config: use EventsLogger=file without systemd - * Error on netns not exist only when ctr is running - * Add ContainerStateRemoving - * play kube: handle seccomp labels - * podman rm/stop --cidfile - * container-restore: Fix restore with user namespace - * Add new test suite for build - * Also delete winsz fifo - * use pause image for check all - * timestamp related functions added - * Bump to Buildah v1.11.5 - * container create: os/arch check - * history: rewrite mappings - * codespell: spelling corrections - * Cirrus: Use branch-specific container tags - * warning added before image prune command - * create a separate install target for seccomp - * Add annotations in play kube - * Add pod annotations to container - * Add missing information to podman.1 man page - * Add support for make vendor-in-container - * Split up create config handling of namespaces and security - * test: add tests for --mac-address - * mount: add new options nocopyup|copyup for tmpfs - * Bump github.com/uber/jaeger-client-go - * libpod/config: default: use `crun` on Cgroups v2 - * podman images --digest: always list a digest - * events: make sure the write channel is always closed - * Add support for RunAsUser and RunAsGroup - * cni: enable tuning plugin - * podman: add support for specifying MAC - * vendor: updated ocicni for MAC address - * Makefile: add vendor-in-container - * rootless: provide workaround for missing renameat2 - * rootless: use SYS_renameat2 instead of __NR_renameat2 - * Add Kata Containers runtimes to libpod.conf - * help message: don't parse the config for cgroup-manager default - * fix bug check nonexist authfile - * Allow users to disable detach keys - * namespaces: by default create cgroupns on cgroups v2 - * Update installation - Ubuntu. [skip ci] - * pulling unqualified reference: make sure it's a docker reference - * Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.5 - * Set SELinux labels based on the security context in the kube.yaml - * Add links to readthedocs on docs/readme - * Bump development version to 1.6.4-dev - * Bump version in README to v1.6.3 - * Add release notes for v1.6.3 - * slirp4netns: fix timeout - * docs: Update "podman container rm -v" description - * logo: correct light source reflection - * stats: fix calculation for the CPU time - * [docs] Ensure we include section 5 documentation - * [Makefile] Fix docker documentation install and generation - * Fixed the JSON go template format for the 'info' action - * runtime: Fix typo - * Update link to Commands documentation - * cgroups: read correctly the CPU stats - * [CI:DOCS] make docs only prs - * Update rootless shortcomings with cgroup V2 information - * Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 - * Validate contextdir on build - * Vendor in latest containers/buildah - * Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.3 - * Refactor test to prevent panic - * logs: support --tail 0 - * Update document formatting and packaging code - * Restructure documentation dir - * add libpod/config - * Switch to bufio Reader for exec streams - * container start: fix regression when using name - * Fix selinux test for exec - * Cirrus: Disable F29 testing - * Wait for `mount` command to finish when mounting volume - * Cirrus: Fix upload_release_archive on branch or tag - * Fix cp from pipe - * libpod, rootless: create cgroup for conmon - * Bump github.com/json-iterator/go from 1.1.7 to 1.1.8 - * seccomp: use github.com/seccomp/containers-golang - * build: drop support for ostree - * stale action: add exempt-issue-label - * Processes execed into container should match container label - * Set default seccomp.json file for podman play kube - * images: distinguish between tags and digests - * API: report multiple digests for images - * pull/create: add --override-arch/--override-os flags - * image: don't get confused by lists - * Add e2e tests for manifest list support - * bump containers/image to v5.0.0, buildah to v1.11.4 - * goland autocorrections - * Makefile: fix embedding gitCommit - * Cirrus: Fix minor python deprecation warning - * Cirrus: Only upload tagged releases - * Fix spelling mistakes - * libpod: if slirp4netns fails, return its output - * update conmon to v2.0.2 in in_podman image - * bump cirrus images - * require conmon v2.0.1 - * require conmon v2.0.0 - * GitHub stale action - * enable dnsplugin for network create - * Add ensureState helper for checking container state - * Cleanup man pages - * Log warn instead of error for removing nonexistant container - * systemd: mask /sys/fs/cgroup/systemd/release_agent - * Add multiple networks explanation to docs - * rootless: raise an error with --network= - * Initial dump of man pages and first menus - * Return a better error for volume name conflicts - * Add documentation on options to volume create manpage - * Image volumes should not be mounted noexec - * stats: list all running containers unless specified otherwise - * rootless: detect no system session with --cgroup-manager=systemd - * add pip requirements file for rtd - * Initial checking for readthedocs - * Fix sig-proxy=false test and use image cache - * Add parsing for UID, GID in volume "o" option - * exec: remove unused var - * Rewrite backend for remote 'volume inspect' - * rootless: write storage overrides to the conf file - * Markdown Formatting Fixes - * Show volume options in 'volume inspect' - * System tests: make sure exec pid hash w/o leaking - * Bump gitvalidation epoch - * Bump to v1.6.3-dev - * check existing bridge names when creating networks - * Add support for anonymous volumes to `podman run -v` - * troubleshooting.md: document lingering mode - * rootless: do not enable lingering mode - * Add ability to redirect bash for run -i - * play kube: Container->Ctr - * play kube: refactor test suite - -- Changelog for v1.6.2 (2019-10-17) - * Finalize release notes for v1.6.2 - * rootless: drop dependency on docker - * Bump gitvalidation epoch - * Bump to v1.6.2-dev - * Refactor tests when checking for error exit codes - * Attach stdin to container at start if it was created with --interactive - -- Changelog for v1.6.2-rc1 (2019-10-16) - * Add release notes for Podman 1.6.2 - * start: print full container ID - * Add a MissingRuntime implementation - * rootless v2 cannot collect network stats - * inspect: rename ImageID go field to Image - * systemd: accept also /sbin/init - * Unwrap errors before comparing them - * vendor github.com/containers/storage@v1.13.5 - * Ensure volumes can be removed when they fail to unmount - * Fix sample's JSON syntax error in oci-hooks.5.md - * change error wording when conmon fails without logs - * images: empty list is valid json with --format=json - * Allow giving path to Podman for cleanup command - * Touch up bad math in run man page - * Add squash-all, fix squash option in build - * tests: enable ps --size tests for rootless - * container: initialize results list - * Make user io.podman.service unit WantedBy=default.target - * rootless: do not set PIDs limit if --cgroup-manager=cgroupfs - * Update build man page with latest Buildah changes - * Fix default path for auth.json - * When restoring containers, reset cgroup path - * Migrate can move containers to a new runtime - * Move OCI runtime implementation behind an interface - * show uid_map in podman info - * cli: support --systemd=always - * systemd: expect full path /usr/sbin/init - * catch runc v2 error - * Respect --sig-proxy flag with podman start --attach - * rootless: automatically recreate the pause.pid file - * rootless: do not close files twice - * refresh: do not access network ns if not in the namespace - * Cirrus: Produce and collect varlink output - * io.podman.socket: drop Also=multi-user.target - * Cirrus: Remove broken/failing testing_crun task - * Cirrus: Use new VM cache images - * Cirrus: Install conmon in Fedora VMs - * vendor c/psgo@v1.3.2 - * troubleshooting: fix useradd no-log-init argument - * Setup a reasonable default for pids-limit 4096 - * Update c/image to v4.0.1 and buildah to 1.11.3 - * When evicting containers, perform a normal remove first - * Bump gopkg.in/yaml.v2 from 2.2.3 to 2.2.4 - * podman network create: validate user input - * Cirrus: Simplify package NVR logging - * Docs: Update links, add links to latest - * Cirrus: Fix log URIs & add optional $ALSO_FILENAME - * Raise start_test polling interval - * system tests: info: deal with hyphen in username - * Bump gitvalidation epoch - * Bump to v1.6.2-dev - * Apply changes also to the windows implementation - * System-tests: Use bash explicitly - * Podman 1.6.0 has been released, update the README - * Add api link to tutorials - * Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.3 - * Allow setting default parameters with env vars - * Avoid hard-coding path to varlink and podman - * Allow changing IdentityFile and to IgnoreHosts - * rm: add containers eviction with `rm --force` - -- Changelog for v1.6.1 (2019-10-02) - * Update release notes for v1.6.1 - * Bump gitvalidation epoch - * Bump to v1.6.1-dev - * rootless: allow cgroupfs manager on cgroups v2 - * system tests: reenable skipped tests - -- Changelog for v1.6.1-rc1 (2019-10-02) - * rootless: set DBUS_SESSION_BUS_ADDRESS if it is not set - * install.md: add libbtrfs-dev for Debian build - * Bump github.com/onsi/gomega from 1.5.0 to 1.7.0 - * Cirrus: Show names/versions of critical packages - * network: add workaround for slirp4netns --enable-sandbox issue - * rootless: do not attempt a CNI refresh - * Bump github.com/containernetworking/plugins from 0.8.1 to 0.8.2 - * network: hide EPERM warning when rootless - * networking: fix segfault when slirp4netns is missing - * Bump gitvalidation epoch - * Bump to v1.6.1-dev - * Move derivitive doc so it won't be treated as a manpage - * catatonit: clone and build - * bump catatonit to v0.1.4 - -- Changelog for v1.6.0 (2019-09-30) - * info: add cgroups2 - * Finalize release notes for 1.6.0 final - * Bump github.com/onsi/ginkgo from 1.8.0 to 1.10.1 - * Bump github.com/docker/docker-credential-helpers from 0.6.2 to 0.6.3 - * Bump github.com/stretchr/testify from 1.3.0 to 1.4.0 - * Bump github.com/uber/jaeger-client-go - * Bump github.com/spf13/pflag from 1.0.3 to 1.0.5 - * update c/storage to v1.13.4 - * Cirrus: Minor, fix env. var. intention - * new examples added updated two examples with supported CMD and ENTRYPOINT syntax. - * new testcase for podman import --change added - * syntax updated for podman import --change - * Correct use of reexec.Init() - * Add a missing escape in the Makefile - * Change ginkgo Wait() to Eventually() test - * Set log-level immediately, before rootless setup - * Cirrus: Implement newly built VM images - * Add README note about security reporting process. - * Cirrus: Disable boottime Ubuntu package update - * Move noCache logic lower in stack - * cirrus: Add bash-completion support - * Add an error for pods without a name - * Make links relative in Tutorial README - * docs/podman-derivative-api.md: New file - * fix cp none exists dest path ends with '/' - * Dockerfile.fedora: install packages to build catatonit - * README: add Communications section - * drop OWNERS link for CONTRIBUTING.md - * Bump gitvalidation epoch - * Bump to v1.6.0-dev - * Handle conflict between volumes and --read-only-tmpfs - * Cirrus: Upload windows MSI release file - * conditionally send stdin on remote run - * Cirrus: VM Image accounting doc update - * Force a CNI Delete on refreshing containers - * Document the required varlink build args - * Update mac_client link - * Cirrus: Fail early on CI script unit test - * Unconditionally remove conmon files before starting - -- Changelog for v1.6.0-rc2 (2019-09-24) - * Add release notes for new-in-RC2 changes - * system tests: run test: reenable and fix - * play kube: Only support pod kind in k8s yaml - * runtime: fix logic to disable SDNotify - * add list mount tests - * Make netns bind mount shared - * Add Kata Containers support - * rootless: Rearrange setup of rootless containers - * Document the 'system' event types for 'podman events' - * Cirrus: Add upload_snap to success dependencies - * Cirrus: Add snapcraft credentials - * Cirrus: Upload snap only on merges to master - * Cirrus: Push snap continuously - * exec: set HOME also with exec sessions - * execuser: look at the source for /etc/{passwd,group} overrides - * We need to convert libpod.conf files in user homedir for cgroupv2 - * Cirrus: Temporarily disable testing on Ubuntu 19 - * Cirrus: disable Evil Units in base-images - * Cirrus: Add latest ubuntu - * Cirrus: More podbot/success improvements - * Cirrus: Fix success script - * Cirrus: Update podbot credentials - * container: make sure $HOME is always set - * Move rootless and Mac to Tutorials page - * fix trivial type for event logger - * Support podman-remote help on windows - * Clean destination paths during mount generation - * tests: use crun package - * Add a note on systemd shortcomings in rootless containers - * support non-standard ssh port for remote-client - * Add links to the Mac tutorial in the main tutorial - * Vendor c/storage 1.13.3 - * System-test: Temporarily disable 030-run - * Fix exit code failure - * exec: fix --preserve-fds - * networking: use --enable-sandbox if available - * Add 'relabel' to --mount options - * Bump Gitvalidation epoch - * Bump to v1.6.0-dev - * Unmounting a container that is already unmounted is OK - * Check for rootless before checking cgroups version in spec_test. - * Skip spec_test for rootless envs without cgroup v2. - * fix unit test to use Expect - * Cirrus: Prevent resident pollution - -- Changelog for v1.6.0-rc1 (2019-09-16) - * Fix default to pause in podman cp - * Update release notes for v1.6.0 - * Vendor Bulidah 1.11.2 - * get runtime for podman-remote push earlier - * rootless: report the correct error - * Report errors when trying to pause rootless containers - * Do not support wildcards on cp (Edit 2020-06-03: Addresses CVE-2019-18466) - * Podman-remote run should wait for exit code - * Use exit code constants - * exec: Register resize func a bit later - * clean up after healthcheck execs - * enhance podman network rm - * Add podman icon to installer - * Test that PTYs created by 'podman exec --tty' have the ONLCR flag - * Prevent podman varlink socket fight - * Touch up some bad grammar in rootless doc - * linux: fix systemd with --cgroupns=private - * rootless: run pause process in its own scope - * rootless: automatically create a systemd scope - * utils: use the user session for systemd - * Support building Windows msi file - * Add cgroup v2 info to rootless tutorial - * fix podman sign signature store for rootless - * podman-remote image trust is broken - * Cirrus: Fix unnecessary setsebool - * Add further fields to StorageContainer - * Volume lookup needs to include state to unmarshal into - * Do not prune images being used by a container - * Add support for launching containers without CGroups - * add lint and manpage check to make validate - * Add `ContainerManager` annotation to created containers - * When first mounting any named volume, copy up - * Add function for looking up volumes by partial name - * hack/man_page_checker - improve diagnostics - * podman network create - * Fixup `util.GetRootlessConfigHomeDir` permission requirements - * Fixup Makefile for BSD systems, e.g. macOS - * Replace "podman" with "Podman" - * Add instructions for mounting named volumes from the host for `podman run` - * Add instruction for using fuse-overlayfs as the rootless storage driver - * Fix podman import bash completions - * Turn off journald in podmanimages on quay.io - * build: pass down the cgroup manager to buildah - * mac_client.md - * Ignore ENOENT on umount of SHM - * play kube: fix segfault - * Return information about mount_program (fuse-overlayfs) - * Ensure good defaults on blank c/storage configuration - * Correctly report errors on unmounting SHM - * Add ability for volumes with options to mount/umount - * Fixup README.md to give proper information - * Add volume state - * Change volume driver and options JSON tags - * Update buildah to v1.11.0 - * Set TMPDIR to /var/tmp by default - * cli-flags: use a consistent format for <size><unit> - * Fix unit tests missing comparative for 'Expect' - * System tests: support for crun on f31/rawhide - * libpod: avoid polling container status - * Add test to verify noexec works with volume mounts - * Cirrus: Update e-mail -> IRC Nick table - * handle dns response from cni - * pkg/util: use rootless function to read additional users - * Enable hack/man-page-checker in CI - * rootless: detect user namespace configuration changes - * rootless.md: add systemd unit example - * docs: add note about failing rhel7 systemd on cgroups v2 - * spec: provide custom implementation for getDevices - * spec: do not set devices cgroup when rootless - * rootless: bind mount devices instead of creating them - * Add command aliases to SYNOPSIS section - * Exclude podman-remote - * Cirrus: On success, add IRC nick mention to msg - * Fix table spacing - * Revert the descriptive text for podman-remote - * WIP - ignore man pages for commands besides podman - * podman-remote is not a subcommand - * Fix formatting and enable hack/man-page-checker - * Cirrus: Load base-image names indirectly - * Cirrus: Remove image_prune YAML-alias workaround - * Fix links to manpages - * Makefile: use go proxy - * man: events-logger → events-backend - * dont panic when using varlink commit and uppercase image names - * Add a test for the new suid/exec/dev options - * Fix addition of mount options when using RO tmpfs - * Allow :z and :Z with ProcessOptions - * Set base mount options for bind mounts from base system - * Don't double-process tmpfs options - * Add support for 'exec', 'suid', 'dev' mount flags - * Update buildah to current master - * Cirrus: Reimplement release archive + upload - * Readme: Links for automatic binary releases - * Re-add locks to volumes. - * image: remove unused Decompose method - * Temporarily disable systemd test for CGroups V2 - * Add an integration test for systemd in a container - * clean up after remote build - * Cirrus: Block CNI use of google VPCs - * Add snap build test to success and release check - * Run `apt-get update` to avoid missing package while building - * Use snapcraft on Ubuntu 18.04 for libostree-dev - * Test build snap with Cirrus CI - * Update varlink doc and code - * podman cp: big set of system tests - * add iproute to podman in podman image - * Cirrus: Enable VM image housekeeping - * clean up after remote build - * Adjust name of Podman CNI network bridge - * Update cni config instructions - * Fix minor typos in podman-run docs. - * Fix link format in rootless_tutorial.md. - * Need to include command name in error message - * podman-remote: cp crashes - * generate systemd: support pods and geneartig files - * Dockerfile.fedora: install cni plugins package - * Add --digestfile option to push - * generate systemd: drop support for remote clients - * exec: run with user specified on container start - * Dockerfile*: fix build for CNI plugins - * Touchup README with Buildah build usage - * Dockerfile.*: bump CNI plugins commit - * Implement healthcheck for remote client - * networking: use firewall plugin - * Flake fix: build test timeout - * Fix error message on podman stats on cgroups v1 rootless environments - * test: enable all tests for crun - * test: fix return code check for missing workdir - * Fix directory pull image name for OCI images - * .cirrus.yml: use crun from git master - * libpod, pkg: lookup also for crun failures - * libpod.conf: add crun to runtime_supports_json - * containers, create: debug message on failed deletion - * libpod: still attempt to read the oci log file if not output - * Issue template update to include package info - * Allow customizing pod hostname - * add --cert-dir image sign - * Cirrus: Minor: Simplify crun test task - * Create framework for varlink endpoint integration tests - * Cirrus: Confirm networking more - * inclusion of podman network - * do not activate sd_notify support when varlink - * Remove --tmpfs size default - * cirrus: enable cgroups v2 tests with crun - * tests: skip pause tests if freezer is not available - * tests: enable run tests for cgroups v2 - * tests: enable cpu tests for cgroups v2 - * tests: enable memory tests for cgroups v2 - * runtime: honor --runtime flag to build - * test: fix option name - * Add support & documentation to run containers with different file types - * Use GetRuntimeDir to setup auth.json for login - * add --pull flag for podman create&run - * Fix typos - * Update Varlink API documentation for volumes changes - * Swap 'volume inspect' frontend to use the new backend - * Implement backend for 'volume inspect' - -- Changelog for v1.5.1 (2019-08-15) - * Add release notes for v1.5.1 - * Set Pod hostname as Pod name - * tests for exit status on podman run --rm - * performance fix for podman events with large journalds - * pkg/cgroups: use DBUS session when rootless - * Fix play kube command in pod yaml - * removMergeDir from inspect result if not mounted - * Running Podman with a nonexistent hooks dir is nonfatal - * Cirrus: Install varlink on Ubuntu - * Cirrus: Install varlink on Fedora - * Add missing stage-packages in snapcraft.yaml. - * Add RHEL and SUSE to snap doc - * start groundwork for adding snap - * Add user systemd service and socket - * Small optimization - only store exit code when nonzero - * Fix container exit code with Journald backend - * Revert "Cirrus: Temp. workaround missing imgprune image" - * Homebrew installation in install.md - * varlink endpoint for containerstats requires root - * Adjust get_ci_vm.sh for substitution - * Cirrus: Add verification for cgroupv2 image - * Cirrus: Add experimental fedora VM image & test - * image: add user agent to Docker registry options - * Cirrus: Minor, use newer Ubuntu base image - * tests: disable some tests currently failing when not using runc - * containers: look also for 'file not found' in the error message - * cirrus: add tests with crun on Fedora 30 - * rootless: cherry-pick runtime from the system configuration - * cirrus: install crun - * cmd: drop check for euid==0 - * storage: drop unused geteuid check - * cmd, stats: fix check for rootless mode - * oci: drop check for euid==0 - * build: use the configured runtime - * Adjust read count so that a newline can be added afterwards - * Fix incorrect use of realloc() - * Bump gitvalidation epoch - * Bump to v1.5.1-dev - * Fix a couple of errors descovered by coverity - * Test that restored container does not depend on the original container - * Fix up ConmonPidFile after restore - * Cirrus: Enable updates-testing repo for Fedora - * enable windows remote client - * implement 'make remotesystem' - * Squish a few tpyo nits in container.go doc - * Cirrus: Add Second partition for storage testing - -- Changelog for v1.5.0 (2019-08-09) - * vendor github.com/containers/storage@v1.13.2 - * Improve dns-search validation, empty domains now return an error - * fix create&run getting --authfile from cli - * Add release notes for v1.5.0 - * Touch up build man page - * podman-container-runlabel(1): drop note - * make rmi messages more compatible with docker - * Add conmon probe to runtime construction - * fix copy change file owner if cp from container - * Vendor Buildah 1.10.1 - * Allow the passing of '.' to --dns-search - * add make to make installs - * namespaces: fix Container() call - * Add a test for verifying ENTRYPOINT and CMD - * fix port early return - * Allow --ro=[true|false] with mount flag - * refer to container whose namespace we share - * add test to verify hostname is shared in a pod - * Properly share UTS namespaces in a pod - * When populating CMD, do not include Entrypoint - * systemd library conflict with seektail and addmatch - * pod top test: reenable - * cgroup: fix regression when running systemd - * Add invalid credentials fix to docs - * Revert "rootless: Rearrange setup of rootless containers" - * restore: correctly set StartedTime - * container stop: kill conmon - * honor libpod.conf in /usr/share/containers - * fix system df crashes on unnamed images - * Don't log errors to the screen when XDG_RUNTIME_DIR is not set - * various fixes for varlink endpoints - * add eventlogger to info - * Add handling for empty LogDriver - * Add rootless NFS and OverlayFS warnings to docs - * podman events format json - * add godoc link to readme - * restore: added --ignore-static-ip option - * System tests: resolve hang in rawhide rootless - * fix search output limit - * Add capability functionality to play kube - * Use "none" instead of "null" for the null eventer - * Deduplicate capabilities in generate kube - * Fix typo - * Pass on events-backend config to cleanup processes - * Print Pod ID in `podman inspect` output - * go build: use `-mod=vendor` for go >= 1.11.x - * Use buildah/pkg/parse volume parsing rather then internal version - * github.com/containers/storage v1.12.13 - * Add new exit codes to rm & rmi for running containers & dependencies - * Add runtime and conmon path discovery - * systemd, cgroupsv2: not bind mount /sys/fs/cgroup/systemd - * Ensure we generate a 'stopped' event on force-remove - * Fix Dockerfile - a dependency's name was changed - * System events are valid, don't error on them - * Do not use an events backend when restoring images - * Expose Null eventer and allow its use in the Podman CLI - * Force tests to use file backend for events - * Add a flag to set events logger type - * Fix test suite - * Retrieve exit codes for containers via events - * podman: fix memleak caused by renaming and not deleting the exit file - * Cirrus: Fix release dependencies - * Cirrus: Fix re-run of release task into no-op. - * e2e test: check exit codes for pull, save, inspect - * rootless: Rearrange setup of rootless containers - * Add comment to describe postConfigureNetNS - * Vendor in buildah 1.9.2 - * Build fix for 32-bit systems. - * Set -env variables as appropriate - * Touch up input argument error on create - * Update libpod.conf to be NixOS friendly - * Allow info test to work with usernames w/dash - * Touch up XDG, add rootless links - * Fix the syntax in the podman export documentation example - * fix `podman -v` regression - * Move random IP code for tests from checkpoint to common - * Fix commit --changes env=X=Y - * Update pause/unpause video links and demo - * Cirrus: Remove fixed clone depth - * podman: support --userns=ns|container - * pods: do not to join a userns if there is not any - * Documenation & build automation for remote darwin - * Cirrus: Bypass release during image-building - * Use systemd cgroups for Ubuntu - * Cirrus: Ubuntu: Set + Test for $RUNC_BINARY - * Cirrus: Simplify evil-unit check in image - * Cirrus: Silence systemd-banish noise - * Cirrus: Fix image build metadata update - * Cirrus: Fix missing -n on CentOS - * Cirrus: Remove disused COMMIT variables - * Improved hooks monitoring - * Fix possible runtime panic if image history len is zero - * When retrieving volumes, only use exact names - * fix import not ignoring url path - * Document SELinux label requirements for the rootfs argument - * Fixes issue #3577. - * refactor to reduce duplicated error parsing - * remove debug prints - * Re-add int64 casts for ctime - * fix build --network=container - * Fix a segfault on Podman no-store commands with refresh - * always send generic error in case io fails - * only use stdin if specified - * buffer errChan - * move handleTerminalAttach to generic build - * remove unnecessary conversions - * add detach keys support for remote - * move editing of exitCode to runtime - * Update e2e tests for remote exec - * Finish up remote exec implementation - * golangci-lint cleanup - * install.md: mention all build tags - * golangci-lint phase 4 - * Change wait to sleep in podmanimage readme - * bump cirrus images to get new conmon - * Implement conmon exec - * bump conmon to 1.0.0-rc2 - * Cirrus: Temp. workaround missing imgprune image - * vendor github.com/containers/image@v2.0.1 - * golangci-lint round #3 - * Remove debug message - * Cleanup Pull Message - * Cirrus: Fix post-merge env. var. not set. - * mkdir -p /etc/cni/net.d requires sudo - * Add support for listing read/only and read/write images - * support podman ps filter regular expressions - * rootless: add rw devices with --privileged - * Cirrus: Minor scripting typo fix - * fix --dns* and --network not set to host conflict - * podman-remote make --size optional in ps - * Remove exec PID files after use to prevent memory leaks - * Add DefaultContent API to retrieve apparmor profile content - * libpod: support for cgroup namespace - * Make GOPATH-related symlinking more precise - * Populate inspect with security-opt settings - * Properly retrieve Conmon PID - * Move the HostConfig portion of Inspect inside libpod - * Fix play kube command - * spec: rework --ulimit host - * Cirrus: Add image-test for locked dpkg - * Cirrus: Use images w/o periodic svcs - * Cirrus: Disable most periodic services/timers - * dependency/analyses: simplify scripts - * dependency-tree analysis: direct and transitive - * analyses: README: consistent code examples - * analyses: README: fix typos - * analyses: add dependency-tree.sh - * analyses: add README.md - * hack/analyses -> dependencies/analyses - * hack/analyses/go-archive-analysis.sh: fix sorting - * add hack/analyses/nm-symbols-analysis.sh - * analyse package sizes - * Completion: complete "--health-start-period" in bash - * Make the healthcheck flags compatible with Docker CLI - * healthcheck: reject empty commands - * create: ignore check if image has HEALTHCHECK NONE - * create: apply defaults on image healthcheck options - * healthcheck: improve command list parser - * Completion: --no-healthcheck is not an option - * Cirrus: Abstract destination branch refs. - * Cirrus: Print images that should be pruned - * create: improve parser for --healthcheck-command - * Improves STD output/readability in combination with debug output. - * Fix the double replySendFile() - * Cirrus: Update to freshly built cache-images - * Cirrus: Execute system-tests during image-validation - * Cirrus: Fix missing removal of packaged podman - * cgroupsv2: do not enable controllers for the last component - * spec: fix userns with less than 5 gids - * Fix spelling mistakes in man pages and other docs - * Add glob parsing for --env flag - * Add support for -env-host - * cgroups: fix a leak when using cgroupfs - * cgroups: attempt a recursive rmdir - * Fix a bug where ctrs could not be removed from pods - * golangci-lint pass number 2 - * Add tests for --ignore-rootfs checkpoint/restore option - * Add --ignore-rootfs option for checkpoint/restore - * Fix typo in checkpoint/restore related texts - * Include root file-system changes in container migration - * Add function to get a filtered tarstream diff - * Correctly set FinishedTime for checkpointed container - * first pass of corrections for golangci-lint - * Cirrus: Fix #3543: Failure in 'release' task - * fix bug convert volume host path to absolute - * Cirrus: Fix 473d06045 / enable build_without_cgo - * account for varlink calls that dont use more - * runtime: drop spurious message log - * Ensure we have a valid store when we refresh - * cgroups: skip not existing cpuacct files - * cgroups: support creating cgroupsv2 paths - * make localsystem: wipe all user config state - * podman: create and run honors auth file location - * healthcheck: support rootless mode - * Use random IP addresses during checkpoint/restore tests - * Fix podman-remote usage message to display `podman-remote` instead of `podman` - * rootless.md: Include GPFS as a parallel filesystem - * speed up rootless tests - * podman: add --ulimit host - * docs: fix --healthcheck-command option - * code cleanup - * fix integration flake tests - * CONTRIBUTING.md: fix project paths - * get last container event - * Do not hardcode podman binary location in generate systemd. - * Move skipping systemd tests to early setup. - * Reload systemd daemon on creation of units location dir in tests. - * Add debug information to "generate systemd" test. - * Use default conmon pidfile location for root containers. - * Use conmon pidfile in generated systemd unit as PIDFile. - * Cirrus: Automate releasing of tested binaries - * trivial cleanups from golang - * ps should use nostore when possible - * libpod: discerne partial IDs between containers and pods - * Added instruction to enable the user namespaces permanenty in Manjaro - * Addressed code review comments - * Updated install.md for Manjaro Linux - * Vendor latest OCICNI version - * Bump current version in README - * Wipe PID and ConmonPID in state after container stops - * Store Conmon's PID in our state and display in inspect - * Restart failed containers in tests - * Improve parsing of mounts - * Add test for generate kube with volumes - * Bump gitvalidation epoch - * Bump to v1.4.5-dev - * Fix rootless detection error for pause & unpause - * Deduplicate volumes - * cirrus: add test for compiling without cgo - * lock: new lock type "file" - * runtime: allow to specify the lock mechanism - * lock: disable without cgo - * spec: move cgo stuff to their own file - * rootless: allow to build without cgo - * attach: move cgo bits to a different file - * vendor: update containers/psgo - * Update the testing documentation with system tests. - * Pass along volumes to pod yaml - * Configure container volumes for generate kube - * configure runtime without store - * Add RUN priv'd test for build - * Cirrus: Use packaged dependencies - * Add exec after checkpoint/restore test - * Provide correct SELinux mount-label for restored container - * Track if a container is restored from an exported checkpoint - * libpod/container_internal: Make all errors loading explicitly configured hook dirs fatal - -- Changelog for v1.4.4 (2019-07-02) - * Fix release notes - * Ensure locks are freed when ctr/pod creation fails - * Update release notes for 1.4.4 - * stats: use runtime.NumCPU when percpu counters are not available - * cgroups: fix times conversion - * Update to containers/storage v1.12.13 - * rootless: do not join namespace if it has already euid == 0 - * Exclude SIGTERM from blocked signals for pause process. - * Remove umount command from remote client. - * rootless: enable linger if /run/user/UID not exists - * Makefile: set GO111MODULE=off - * libpod removal from main (phase 2) - * runtime: do not attempt to use global conf file - * runtime: use GetRootlessUID() to get rootless uid - * Remove refs to crio/conmon - * Handle images which contain no layers - * Add tests that we don't hit errors with layerless images - * stats: fix cgroup path for rootless containers - * pkg, cgroups: add initial support for cgroup v2 - * util: drop IsCgroup2UnifiedMode and use it from cgroups - * vendor: drop github.com/containerd/cgroups - * libpod: use pkg/cgroups instead of containerd/cgroups - * pkg: new package cgroups - * Remove unnecessary blackfriday dependency - * libpod: fix hang on container start and attach - * podman: clarify the format of --detach-keys argument - * libpod: specify a detach keys sequence in libpod.conf - * Fix parsing of the --tmpfs option - * Fix crash for when remote host IP or Username is not set in conf file & conf file exists. - * Bump gitvalidation epoch - * Bump to v1.4.4-dev - * Cirrus: More tests to verify cache_images - * Update release notes for 1.4.3 release - * remove libpod from main - -- Changelog for v1.4.3 (2019-06-25) - * Update 'generate kube' tests to verify YAML - * Use a different method to retrieve YAML output in tests - * update dependencies - * Fix tests - * Change Marshal -> Unmarshal in generate kube tests - * Add test for generate kube on a pod with ports - * Only include ports in one container in Kube YAML - * Support aliases for .Src and .Dst in inspect .Mounts - * Fix a segfault in 'podman ps --sync' - * migrate to go-modules - * Makefile: add go-get function - * rootless: add an entry to /etc/hosts when using slirp4netns - * libpod.conf: add runtime crun - * Fix configs location in rootless tutorial. - * Add additional debugging when refreshing locks - * Fix gofmt - * Adjust names to match struct tags in Inspect - * Fix inspect --format '{{.Mounts}}. - * runtime.go: Add /usr/local/{s,}bin - * include make podman target in install instructions - * Add /usr/local/{s,}bin to conmon paths - * update cirrus image - * Update conmon to include attach socket unlink - * Add --latest, -l to 'podman diff' - * Build cgo files with -Wall -Werror - * Add some missing periods to the readme - * fix bug creats directory copying file - * Support Reproducible Builds by removing build path - * Support SOURCE_DATE_EPOCH - * Properly initialize container OCI runtime - * vendor containers/storage v1.12.11 - * Handle containers whose OCIRuntime fields are paths - * Properly handle OCI runtime being set to a path - * add windows bridge format - * Make configuration validation not require a DB commit - * Avoid a read-write transaction on DB init - * Fix execvp uage in rootless_linux.c - * Handle possible asprintf failure in rootless_linux.c - * Fix format specifiers in rootless_linux.c - * Print container's OCI runtime in `inspect` - * Make a missing OCI runtime nonfatal - * Begin adding support for multiple OCI runtimes - * docs: add note to system migrate - * Fix documentation for log-driver - * Minor roadmap adjustment in README - * Spoof json-file logging support - * Add tests for cached and delegated mounts - * Vendor in logrus v1.4.2 - * Add RUN with priv'd command build test - * Bump gitvalidation epoch - * Bump to v1.4.3-dev - * fix broken healthcheck tests - * Allow (but ignore) Cached and Delegated volume options - * Fix example in oci-hooks.5.md - * First pass rootless tutorial - * Correctly identify the defaults for cgroup-manager - * Cirrus: Fix F30 ssh guarantee - * Cirrus: Add support for testing F30 - * Bump gate-container up to F30 - -- Changelog for v1.4.2 (2019-06-18) - * Update release notes for Podman 1.4.2 - * updating podman logo files - * fix port -l timing with healthchecks - * Bump Buildah to v1.9.0 - * Swap to using the on-disk spec for inspect mounts - * Replace podman.svg; closes #3350 - * cmd, docs, test: fix some typos - * run BATS tests in Cirrus - * Move the Config portion of Inspect into libpod - * Add remote client logging to a file - * Fix subgidname option in docs for podman run - * stop/kill: inproper state errors: s/in state/is in state/ - * test: add test for logs -f - * kill: print ID and state for non-running containers - * API.md: fix few typos - * docs/podamn.1.md: fix typo: remove double the - * CONTRIBUTING.md: fix typo - * Remove unnecessary var type to fix lint warning - * Move installPrefix and etcDir into runtime.go - * Improve DESTDIR/PREFIX/ETCDIR handling - * Bump gitvalidation epoch - * Bump to v1.4.2-dev - * Change container command to contained - * Cirrus: Simplify log collection commands - * Accidently removed /run/lock from systemd mounts - * Add warning while untagging an image podman-load - * podman copy files to the volume with a container - -- Changelog for v1.4.1 (2019-06-14) - * Completely disable global options test - * Update release notes for 1.4.1 - * Skip runlabel global options test for podman-in-podman - * pkg/apparmor: fix when AA is disabled - * Fix ENV parsing on `podman import` - * Fix storage-opts type in Cobra - * Use the logical registry location instead of the physical one in (podman info) - * Update containers/image to v2.0.0, and buildah to v1.8.4 - * Document exit codes for podman exec - * Add --storage flag to 'podman rm' (local only) - * When creating exit command, pass storage options on - * Bump cirrus images - * Mention the new Podman mailing list in contributing.md - * Update 1.4.0 release notes with ID -> Id in inspect - * Bump conmon to 0.3.0 - * Cirrus: Guarantee ssh is running for rootless - * Purge all use of easyjson and ffjson in libpod - * Split mount options in inspect further - * storage: support --mount type=bind,bind-nonrecursive - * oci: allow to specify what runtimes support JSON - * storage: fix typo - * oci: use json formatted errors from the runtime - * Make Inspect's mounts struct accurate to Docker - * Provide OCI spec path in `podman inspect` output - * If container is not in correct state podman exec should exit with 126 - * rootless: use the slirp4netns builtin DNS first - * Add --filename option to generate kube - * Fix podman-remote to user default username - * Prohibit use of positional args with --import - * BATS tests - get working again - * Add a test for 'podman play kube' to prevent regression - * Cirrus: New images w/o buildah - * Remove source-built buildah from CI - * standardize documentation formatting - * Touchup upstream Dockerfile - * only set log driver if it isn't empty - * Fix cgo includes for musl - * When you change the storage driver we ignore the storage-options - * Update vendor on containers/storage to v1.12.10 - * Bump gitvalidation epoch - * Bump to v1.4.1-dev - * Default 'pause' to false for 'podman cp' - * Update c/storage to 9b10041d7b2ef767ce9c42b5862b6c51eeb82214 - * Fix spelling - * fix tutorial link to install.md - * Cirrus: Minor cleanup of dependencies and docs - * Begin to break up pkg/inspect - * docs: Add CI section and links - -- Changelog for v1.4.0 (2019-06-07) - * Update release notes for v1.4.0 - * Update release notes for v1.4.0 - * Disable a very badly flaking healthcheck test - * rootless: skip NS_GET_PARENT on old kernels - * Cirrus: Track VM Image calling GCE project - * remove -c for podman remote global options - * Vendor Buildah v1.8.3 - * Cirrus: Disable testing on F28 (EOL) - * migration: add possibility to restore a container with a new name - * Inherit rootless init_path from system libpod.conf - * Also download container images during restore - * Include container migration into tutorial - * Add man-pages for container migration - * Added bash completion for container migration - * Add test case for container migration - * Added support to migrate containers - * Added helper functions for container migration - * Fix restore options help text and comments - * fix timing issues with some tests - * pkg/varlinkapi/virtwriter/virtwriter.go: simplify func Reader - * rootless: block signals on re-exec - * cirrus: minor cleanup and refactoring - * manpage: podman-tool table: un-confuse version and varlink - * Create Dockerfiles for podmanimage - * rootless: use TEMP_FAILURE_RETRY macro - * rootless: fix return type - * rootless: make sure the buffer is NUL terminated - * split rootless local and remote testing - * Fix podman cp test by reordering operations - * Small fix to readme to force tests to run - * Do not set tmpcopyup on /dev - * do not run remote tests inside container - * podman remote-client commit - * Fix podman cp tests - * podman-remote.conf enablement - * Error when trying to copy into a running rootless ctr - * rootless: skip check fo /etc/containers/registries.conf - * We can't pause rootless containers during cp - * Fix bug in e2e tests for podman cp - * Tolerate non-running containers in paused cp - * Add test to ensure symlinks are resolved in ctr scope - * Add --pause to podman cp manpage and bash completions - * Pause containers while copying into them - * Use securejoin to merge paths in `podman cp` - * use imagecaches for local tests - * add dns flags to docs - * add missing container cp command - * Podman logs man page shouldn't include timestamps - * Fix the varlink upgraded calls - * hack: support setting local region/zone - * document missing container update command - * Add --follow to journald ctr logging - * Address comments - * Implement podman logs with log-driver journald - * bump go-systemd version - * Added --log-driver and journald logging - * Update completions and docs to use k8s file as log driver - * bump conmon to v0.2.0 - * runtime: unlock the alive lock only once - * rootless: make JoinUserAndMountNS private - * Revert "rootless: change default path for conmon.pid" - * rootless: enable loginctl linger - * rootless: new function to join existing conmon processes - * rootless: block signals for pause - * Update install.md ostree Debian dependencies. - * fix bug dest path of copying tar - * podman: honor env variable PODMAN_USERNS - * userns: add new option --userns=keep-id - * warn when --security-opt and --privileged - * baseline tests: apparmor with --privileged - * rootless: store also the original GID in the host - * Fix a potential flake in the tests for podman cp - * cirrus: update images w/ zip pkg - * Cirrus: Add zip package to images - * rootless: fix top huser and hgroup - * vendor: update psgo to v1.3.0 - * apparmor: don't load/set profile in privileged mode - * hack: ignore from all VCS files when tarballing - * hack: shrink xfer tarball size - * hack: Display IP address of VM from script - * document nullable types - * Add test cases for login and logout - * Remove unused return statement in kube volume code - * Fix play kube when a pod is specified - * Fix a 'generate kube' bug on ctrs with named volumes - * Add test for image volume conflict with user volume - * Cirrus: Fix missing CRIO_COMMIT -> CONMON_COMMIT - * When superceding mounts, check for opposite types - * make remote resize channel buffered - * Cirrus: workaround root expand failure - * Cirrus: Stub in F30 support - * Cirrus: fixups based on review feedback - * Cirrus: Overhaul/Simplify env. var setup - * Cirrus: Run tests on test-built cache-images - * Cirrus: Support testing of VM cache-image changes - * Cirrus: Remove "too new" runc hack - * libpod: prefer WaitForFile to polling - * Remove conmon from fedora install instructions - * rootless: force resources to be nil on cgroup v1 - * Fixup Flags - * Minor fix filtering images by label - * container: move channel close to its writer - * util: fix race condition in WaitForFile - * Update vendor of buildah and containers/images - * Add Jhon Honce (@jwhonce on github) to OWNERS - * Don't set apparmor if --priviliged - * docs/libpod.conf.5: Add "have" to "higher precedence" typo - * Output name of process on runlabel command - * Minor fix splitting env vars in podman-commit - * Fixup conmon documentation - * troubleshooting.md: add note about updating subuid/subgid - * system: migrate stops the pause process - * rootless: join namespace immediately when possible - * rootless: use a pause process - * migrate: not create a new namespace - * install.remote should be separate for install.bin - * Cirrus: Confirm networking is working - * Use containers/conmon - * Fix a typo in release notes, and bump README version - * s|kubernetes-sigs/cri-o|cri-o/cri-o|g - * Bump github.com/containers/storage to v1.12.7 - * remote: version: fix nil dereference - * Bump gitvalidation epoch - * Bump to v1.3.2-dev - * Add connection information to podman-remote info - * unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOT - * Touchup run man page - * unshare: use rootless from libpod - * Replace root-based rootless tests - * rootless: default --cgroup-manager=systemd in unified mode - * create: skip resources validation with cgroup v2 - * rootless, spec: allow resources with cgroup v2 - -- Changelog for v1.3.1 (2019-05-16) - * More release notes - * Add unshare to podman - * Release notes for 1.3.1 - * Kill os.Exit() in tests, replace with asserts - * Minor capitalization fix in Readme - * Add debug mode to Ginkgo, collect debug logs in Cirrus - * set default event logger based on build tags - * Add VarlinkCall.RequiresUpgrade() type and method - * Ensure that start() in StartAndAttach() is locked - * When removing pods, free their locks - * network: raise a clearer error when using CNI - * Fix libpod.conf option ordering - * split remote tests from distro tests - * varlink: fix usage message, URI is now optional - * Update containerd/cgroups to 4994991857f9b0ae - * healthcheck benign error - * Add `systemd` build tag - * podman: fix events help string - * When removing a pod with CGroupfs, set pids limit to 0 - * Add fix for an issue breaking our CI - * Use standard remove functions for removing pod ctrs - * implement cp reads tar file from stdin/stdout - * Add information when running podman version on client - * add varlink bridge - * Add negative command-line test - * Preserve errors returned by removing pods - * Improve robustness of pod removal - * enable integration tests for remote-client - * fix podman-remote ps --ns - * podman-run|create man updates - * Update installation instructions - * remote-podman checkpoint and restore add to container submenu - * Remove tests for deprecated podman-refresh command - * When refreshing after a reboot, force lock allocation - * Do not remove volumes when --rm removes a container - * add unit tests for generate systemd - * Bump gitvalidation epoch - * Bump to v1.3.1-dev - * Upgrade to latest criu and selinux-policy - * Only run checkpoint/restore tests on Fedora >= 29 - * Fix API.md - * Cirrus: Add missing task dependencies - * Cirrus: Add check for make varlink_api_generate - -- Changelog for v1.3.0 (2019-05-06) - * Update release notes for 1.3.0 release - * Bump to Buildah v1.8.2 - * Document events logger options in libpod.conf manpage - * Try and fix restart-policy tests - * fix logout message if login only with docker - * Fix manpage typos - * Small code fix - * Fix 'restart' event in journald - * change from sysregistries to sysregistriesv2 - * Address review comments on restart policy - * Add a test for restart policy - * Add a restart event, and make one during restart policy - * Restart policy should not run if a container is running - * Restart policy conflicts with the --rm flag - * Move to using constants for valid restart policy types - * Add manpage information for restart policy - * Add support for retry count with --restart flag - * Sending signals to containers prevents restart policy - * Add container restart policy to Libpod & Podman - * Add a StoppedByUser field to the DB - * top: fallback to execing ps(1) - * clean up shared/parse/parse.go - * Generate systemd unit files for containers - * Fix podman-in-podman volume test - * Cirrus: Add pipefail confirmation check - * Cirrus: timestamp all output script output - * Update c/storage to v1.12.6 - * Fix typo in init manpage - * Add an InvalidState varlink error for Init - * Bump Buildah to v1.8.1, ImageBuilder to v1.1.0 - * Add variable for global flags to runlabel - * docs: Fix typo "healthcheck" pt2 - * cirrus lib.sh: refactor req_env_var() - * Remove two bits of dead code - * http-proxy: improve docs - * Small fixes for #2950 - * container: drop rootless check - * Add basic structure of podman init command - * Move handling of ReadOnlyTmpfs into new mounts code - * Begin adding volume tests - * Ensure that named volumes have their options parsed - * Add options parsing for tmpfs mounts - * Use EqualValues instead of reflect equality - * Hit a number of to-do comments in unified volumes code - * Fix options for non-bind and non-tmpfs volumes - * Migrate unit tests from cmd/podman into pkg/spec - * Migrate to unified volume handling code - * Always pass pod into MakeContainerConfig - * Remove non-config fields from CreateConfig - * Add a new function for converting a CreateConfig - * podman-remote port - * install.md contains hints for rootless setup on arch linux - * auto pass http_proxy into container - * enable podman-remote on windows - * Use 'sudo tee' in tutorial so install works as non-root - * Refactor container cleanup to use latest functions - * Move --mount in run man page - * Add details on rootless Podman to the readme - * podman-remote stop - * correct upstream vndr issues - * runtime: pass down the context - * system: add new subcommand "migrate" - * Vendor in latest buildah code - * remove manual install of libsystemd-dev - * Vendor in latest containers/storage - * Add --read-only-tmpfs options - * Fix remote-client testing reports - * podman-remote prune containers - * Do not hard fail on non-decodable events - * update psgo to v1.2.1 - * Add System event type and renumber, refresh events - * enable podman remote top - * fix login supports credHelpers config - * Cirrus: Collect audit log on success and failure - * Add a debug message indicating that a refresh occurred - * image: rework parent/child/history matching - * images: add context to GetParent/IsParent/Remove/Prune... - * build podman-remote with Dockerfile. - * point to 3rd party tools for `docker-compose` format - * Update vendor of container/storage - * journald event logging - * podman remote-client restart containers - * Cirrus: Use freshly built images - * Cirrus: Bump up runc commit - * Cirrus: fix obsolete Ubuntu package - * Cirrus: Install libsystemd-dev on Ubuntu - * pull: special case all-tags semantics - * Fix test compile - * Trim whitespace from ps -q before comparing - * Enhance tests for stop to check results - * Add extra CI tests for stopping all containers - * Fix podman stop --all attempting to stop created ctrs - * Cirrus: Temp. override container-selinux on F29 - * Refactor of 'podman prune' to better support remote - * bats - various small updates - * podman-remote pause|unpause - * Internal names do not match external names - * Add header to play kube output - * Clean up after play kube failure - * rootless: not close more FDs than needed - * Fix COPR builds to start working again - * Fix podman command --change CMD - * podman-remote start - * Vendor in latest Buildah - * Added remote pod prune - * Add podman pod prune - * podman-remote container commands - * Fix segfaults attribute to missing options - * Call the runtime with WithRenumber() when asked - * Add File mounts to play kube - * cmd, pkg: drop commented code - * pod: drop dead code - * rootless, mount: not create namespace - * Incorporate image and default environment variables in play kube - * Validate ENV/LABEL Change options in varlink - * oci: fix umount of /sys/kernel - * Revert "rootless: set controlling terminal for podman in the userns" - * Remove old crio reference from man pages - * create: fix segfault if container name already exists - * adding uidmap to install steps for ubuntu - * podman-remote generate kube - * rootless: do not block SIGTSTP - * rootless: set controlling terminal for podman in the userns - * Use GetContainer instead of LookupContainer for full ID - * pull: exit with error if the image is not found - * Use the same SELinux label for CRIU log files - * pull: remove cryptic error message - * new uidmap BATS test: fix - * adding additional update, needed for install - * Fix README.md -> rootless.md link - * Fixes for podman-remote run and attach - * remote-client checkpoint/restore - * Expand debugging for container cleanup errors - * spec: mask /sys/kernel when bind mounting /sys - * Add --include-volumes flag to 'podman commit' - * oci: add /sys/kernel to the masked paths - * userns: prevent /sys/kernel/* paths in the container - * imagefilter dangling handling corrected - * rootless: fix segfault on refresh if there are containers - * Add demo script and cast to images - * Initial remote flag clean up - * (minor): fix misspelled 'Healthcheck' - * BATS tests: start supporting podman-remote - * Add the ability to attach remotely to a container - * Print header for 'podman images' even with no images - * podman-remote ps - * Re-run (make vendor) to drop the now unnecessary collation code and tables - * Potentially breaking: Make hooks sort order locale-independent - * Implement podman-remote rm - * ps: now works with --size and nonroot - * Update invalid name errors to report the correct regex - * cirrus: enable remote tests for rootless - * test: fix remote tests for rootless - * test: enable userns e2e tests for rootless - * CI check for --help vs man pages: usability fix - * podman-remote create|run - * Correct varlink pull panic - * add image rmi event - * Revert "Switch to golangci-lint" - * Document shortcomings with rootless podman - * podman: enable kube for rootless - * kube: correctly set the default for MemorySwappiness - * rootless: enable healthcheck tests - * Respect image entrypoint in play kube - * Increase CI resources to help avoid hitting timeouts - * podman-remote image tree - * Added port forwarding and IP address hint. - * fix bug podman cp directory - * Fix E2E tests - * Drop LocalVolumes from our the database - * Major rework of --volumes-from flag - * Volume force-remove now removed dependent containers - * Add handling for new named volumes code in pkg/spec - * Create non-existing named volumes at container create - * Switch Libpod over to new explicit named volumes - * Add named volumes for each container to database - * Add varcheck linter - * Add deadcode linter - * Update lint to use golangci-lint - * Update registrar unit tests to match them of cri-o - * Update run tests to be skipped when not supported - * Fix Dockerfile dependencies for packer tests - * Update Dockerfile to use golang:1.12 image - * Fix a potential segfault in podman search - * Improve podman pod rm -a test - * Cirrus: Update F28 -> F29 container image - * --size does not work with rootless at present - * add remote-client diff - * Cirrus: Support special-case modes of testing - * rootless: use a single user namespace - * rootless: remove SkipStorageSetup() - * Update cri-o annotations - * Update README with current version - * docs/podman*.md: fix numerous option typos and spacing errors - * docs/podman-rm.1.md: delete "Not yet implemented" msg for volume removal - * docs/podman-inspect.1.md: add missing option hyphen for "-t" - * Bump gitvalidation epoch - * Bump to v1.3.0-dev - * Fix location of libpod.conf - * Capitalize global options help information - -- Changelog for v1.2.0 (2019-03-30) - * Update release notes for v1.2.0 - * Remove wait event - * Vendor Buildah 1.7.2 - * Add locking to ensure events file is concurrency-safe - * Alter container/pod/volume name regexp to match Docker - * test: test that an unprivileged user cannot access the storage - * userns: do not use an intermediate mount namespace - * volumes: push the chown logic to runtime_volume_linux.go - * Cleanup image2 -> image for imports - * Set blob cache directory based on GraphDriver - * utils: call GetRootlessRuntimeDir once - * rootless: set sticky bit on rundir - * oci: drop reference to runc - * Fix lint - * Ensure that we make a netns for CNI non-default nets - * rootless: change env prefix - * vendor buildah, image, storage, cni - * Default to SELinux private label for play kube mounts - * Add watch mode to podman ps - * Add all container status states to the podman-ps manual page. - * fix bug `system df` add blank space to the output - * fix bug remote-podman images --digests - * Use spaces instead of tab for JSON marshal indent - * Fix gofmt - * Remove ulele/deepcopier in favor of JSON deep copy - * doc: add note that pod publish ports are static once defined - * Sigh; disable pod-top test, it's unreliable (#2780) - * Resolve review comments - * Add a test that --add-host conflicts with --no-hosts - * Add manpages and completions for dns=none and no-hosts - * Add --no-hosts flag to disable management of /etc/hosts - * Add for --dns=none to disable creation of resolv.conf - * Add support to disable creation of network config files - * system df: reject invalid arguments - * rootless: fix regression when using exec on old containers - * Touchup commands.md - * size is optional for container inspection - * Add three test cases for podman attach test - * system df to show podman disk usage - * Add "died" event - * docs/podman-pod-create.1.md: add example with port mapping - * podman health check phase3 - * userns: use the intermediate mountns for volumes - * volume: create new volumes with right ownership - * utils: drop dead function - * troubleshooting: explain setup user: invalid argument - * Cirrus: Verify manpages for all subcommands exist - * Make "stopped" a valid state that maps to "exited" - * fix Bug 1688041-podman image save removes existing image - * podman: do not split --env on comma - * Need to pass the true paramater with --syslog in cobra - * Fix man page to mention race condition - * docs/podman-run.1.md: remove extra whitespace in --read-only - * man pages - consistency fixes - * Add new key and never-expiring test certificate - * Cirrus: Run vendor check in parallel - * Cirrus: Various fixes for rootless testing - * ps: fix segfault if the store is not initialized - * tests: re-enable some tests for rootless mode - * rootless: implement pod restart - * rootless: reimplement restart with rootless.Argument() - * test: fix SkipIfRootless() helper - * rootless, rm: fix retcode when the container is not found - * rootless: fix ps command - * rootless: fix pod kill - * Enable rootless integration tests - * BATS: new tests, and improvements to existing ones - * podman umount: error out if called with no args - * Export ConmonPidFile in 'podman inspect' for containers - * support GO template {{ json . }} - * Incorporate user from image inspect data in play kube - * Cirrus: Disable master-success IRC notices - * Cleanup messages on podman load - * Cirrus: Update VM Cache images - * podman logs on created container should exit - * Fix cut and paste errors in podman-pod-inspect - * rootless: fix pod top - * pod: fix segfault when there are no arguments to inspect - * output of port grouping in ps command added as example - * utils: split generation and writing of storage.conf - * Cirrus: Fix post-merge failure notice - * utils: avoid too long tmp directory - * podman image tree: fix usage message - * Cirrus: Notify on IRC if post-merge testing fails - * rootless: change default path for conmon.pid - * Add CLI storage conf example to run manpage - * Integration test tweaks - * display logs for multiple containers at the same time - * Make 'podman rm' exit with 125 if it had a bogus & a running container - * rootless: write the custom config file before reload - * Add support for SCTP port forwarding - * Make sure buildin volumes have the same ownership and permissions as image - * rootless: do not override user settings - * runtime: refactor NewRuntime and NewRuntimeFromConfig - * events: use os.SEEK_END instead of its value - * container: check containerInfo.Config before accessing it - * rootless: use Geteuid instead of Getuid - * rootless: use /tmp/libpod-rundir-$EUID for fallback - * build: fix build DIR -t TAG - * testcase added for listing range of ports in ps command - * port grouping in ps command output - * Update pull and pull-always in bud man page - * cirrus: upgrade slirp4netns - * rootless: fix CI regression when using slirp4netns - * save-load-export: clear cli-parsing default - * Bump timeout on a podman info test to default - * Replace skopeo-containers with containers-common - * slirp4netns: use --disable-host-loopback - * slirp4netns: set mtu to 65520 - * Tree implementation for podman images - * Replace buildah with podman in build doc - * zsh completion - * Usage messages: deduplicate '(default true)' et al - * Corrected detach man pages and code comments - * Add --replace flag to "podman container runlabel" - * rm: fix cleanup race - * Add gating tasks - * Add 'podman events' to podman(1) - * Vendor docker/docker, fsouza and more #2 - * Usability cleanup for 'inspect' - * Add event on container death - * Update vendor of Buildah and imagebuilder - * minor typo fix in 'podman top' usage - * healtcheck phase 2 - * Add event logging to libpod, even display to podman - * Fix SELinux on host shared systems in userns - * Fix broken link in io.podman.varlink - * move formats pkg to and vendor from buildah - * Ensure that tmpfs mounts do not have symlinks - * Update troubleshooting guide for Podman-in-Podman - * Buffer stdin to a file when importing "-" - * vendor psgo v1.2 - * preparation for remote-client create container - * Initialize field in InfoHost struct - * rootless: allow single mappings - * Remove --rm and --detach don't coexist note - * rootless: fix pod stop|rm if uid in the container != 0 - * rootless: fix rm when uid in the container != 0 - * rootless: disable pod stats - * rootless: do not create automatically a userns for pod kill - * rootless: support a custom arg to the new process - * slirp4netns: add builtin DNS server to resolv.conf - * errors: fix error cause comparison - * libpod: allow to configure path to the network-cmd binary - * build: honor --net - * pull: promote debug statement to error - * Fix generation of infra container command - * Remove an unused if statement I added - * Don't delete another container's resolv and hosts files - * Fix a potential segfault during infra container create - * We don't use crio-umount.conf - * Move secrets package to buildah - * Add troublshoot information about SELinux labeling of containers/storage - * test docs fixups - * Default to image entrypoint for infra container - * ginkgo status improvements - * rootless: propagate errors from info - * podman play kube defaults - * container runlabel respect $PWD - * Remove 'podman ps' restarting filter and fix stopped - * label parsing in non-quoted field - * More cleanup for failures on missing commands. - * add podman-healthcheck(1) to podman(1) - * Implement review feedback - * new system tests under BATS - * fix bug in podman images list all images with same name - * Fix help commands to show short and long description. - * implement showerror and accept HOST_PORT env which defaults to 8080 - * create: join also the mount ns of the dependency - * rootless: exec join the user+mount namespace - * oci: make explicit the extra files to the exec - * add test to cover networking - * tests to cover locks and parallel execution #2551 - * Yet another seemingly minor tweak to usage message - * Change LookupContainer logic to match Docker - * Implement podman-remote wait command and container subcommand - * Cirrus: Use imgts container to record metadata - * System-test: Documentation and TODO list - * podman-remote pod top|stats - * fix bug --device enable specifying directory as device - * add flag --extract tar file in podman cp - * Fix incorrect pod create failure - * libpod/container_internal: Split locale at the first dot, etc. - * Add volume mounting to podman play kube - * podman healthcheck run (phase 1) - * Append hosts to dependency container's /etc/hosts file - * rootless: fix clone syscall on s390 and cris archs - * Cirrus: Add dedicated rootless mode testing - * rootless: fill in correct storage conf default - * rm: set exit code to 1 if a specified container is not found - * Support filter image by reference to the repo name - * Bump gitvalidation epoch - * Bump to v1.2.0-dev - * Support podman-remote kill container(s) - * cirrus: Drop ginkgo, gomega, easyjson install - * Cirrus: Stop testing on RHEL - * Cirrus: Stop testing on RHEL - * Globally increase test timeout to 90-minutes - * cirrus: Drop ginkgo, gomega, easyjson install - * Cirrus: Add BATS package for all platforms - * Globally increase test timeout to 90-minutes - * exec: support --preserve-fds - * get_ci_vm.sh: Fix conflicting homedir files - -- Changelog for v1.1.2 (2019-03-04) - * Fix #2521 - * Update release notes for v1.1.2 - * Change timestamp format for podman logs - * Don't extract tar file in podman cp - * runtime: fill a proper default tmpdir when --config is used - * Add additional defense against 0-length log segfaults - * When logging with timestamps, append only until newline - * Ensure that each log line is newline-terminated - * A few more usage-message tweaks - * Add missing short flag -l for run/create - * Fix aliased commands to actually work - * Support podman-remote stop container(s) - * Add tests to make sure podman container and podman image commands work - * Bump gitvalidation epoch - * Bump to v1.2.0-dev - -- Changelog for v1.1.1 (2019-03-01) - * Update release notes for v1.1.1 - * Pull image for runlabel if not local - * Fix SystemExec completion race - * Fix link inconsistencies in man pages - * Verify that used OCI runtime supports checkpoint - * Should be defaulting to pull not pull-always - * podman-commands script: refactor - * Move Alias lines to descriptions of commands - * Fix usage messages for podman image list, rm - * Fix -s to --storage-driver in baseline test - * No podman container ps command exists - * Allow Exec API user to override streams - * fix up a number of misplace commands - * rootless, new[ug]idmap: on failure add output - * [ci skip] Critical note about merge bot - * podman port fix output - * Fix ignored --time argument to podman restart - * secrets: fix fips-mode with user namespaces - * Fix four errors tagged by Cobra macro debugging - * Clean up man pages to match commands - * Add debugging for errors to Cobra compatibility macros - * Command-line input validation: reject unused args - * Fix ignored --stop-timeout flag to 'podman create' - * fixup! Incorporate review feedback - * fixup! missed some more: - * fixup! Correction to 'checkpoint' - * Followup to #2456: update examples, add trust - * podman create: disable interspersed opts - * fix up a number of misplace commands - * Add a task to Cirrus gating to build w/o Varlink - * Skip checkpoint/restore tests on Fedora for now - * Fix build for non-Varlink-tagged Podman - * Remove restore as podman subcommand - * Better usage synopses for subcommands - * Bump gitvalidation epoch - * Bump to v1.2.0-dev - * Centralize setting default volume path - * Ensure volume path is set appropriately by default - * Move all storage configuration defaults into libpod - * rename pod when we have a name collision with a container - * podman remote-client readme - -- Changelog for v1.1.0 (2019-02-26) - * Vendor in latest buildah 1.7.1 - * volume: do not create a volume if there is a bind - * Only remove image volumes when removing containers - * Fix podman logs -l - * start pod containers recursively - * Update release notes for v1.1.0 - * vendor containers/image v1.5 - * Record when volume path is explicitly set in config - * Add debug information when overriding paths with the DB - * Add path for named volumes to `podman info` - * Add volume path to default libpod.conf (and manpage) - * Validate VolumePath against DB configuration - * When location of c/storage root changes, set VolumePath - * docs: cross-reference `podman-{generate,play}-kube` - * README: refine "Out of scope" section - * oci: improve error message when the OCI runtime is not found - * Label CRIU log files correctly - * Add num_locks to the default libpod config - * podman-remote pod pause|unpause|restart - * podman: fix ro bind mounts if no* opts are on the source - * Change exit code to 1 on podman rmi nosuch image - * README.md: rephrase Buildah description - * README: update "out of scope" section - * Change exit code to 1 on podman rm nosuch container - * podman-remote create|ps - * remove duplicate commands in main - * issue template: run `podman info --debug` - * Fix play to show up in podman help - * Switch defaults for podman build versus buildah - * In shared networkNS /etc/resolv.conf&/etc/hosts should be shared - * Allow dns settings with --net=host - * Fix up handling of user defined network namespaces - * Enable more podman-remote pod commands - * tests, rootless: use relative path for export test - * rootless: force same cwd when re-execing - * Vendor Buildah v1.7 - * Exit with errors not just logging error - * cmd: support rootless mode for cp command - * hide --latest on the remote-client - * Improve command line validation - * make remote-client error messaging more robust - * podman: --runtime has higher priority on runtime_path - * podman-remote pod inspect|exists - * Cirrus: Install Go 1.11 on Ubuntu VMs - * Cirrus: Add 20m extra timeout for Ubuntu - * Introduce how to start to hack on libpod. - * update: remove duplicate newline - * Fix typo in comment - * podman-remote load image - * Do not make renumber shut down the runtime - * Add podman system renumber command - * Add ability to get a runtime that renumbers - * Recreate SHM locks when renumbering on count mismatch - * Move RenumberLocks into runtime init - * Remove locks from volumes - * Expand renumber to also renumber pod locks - * Add ability to rewrite pod configs in the database - * Add initial version of renumber backend - * Add a function for overwriting container config - * enable podman-remote pod rm - * vendor containers/image v1.4 - * Adjust LISTEN_PID for reexec in varlink mode - * Update c/storage vendor to v1.10 release - * add newline to images output - * podman-remote save [image] - * hack/tree_status.sh: preserve new lines - * remove duplicate kill from `podman --help` - * iopodman.SearchImages: add ImageSearchFilter to Varlink API - * image.SearchImages: use SearchFilter type - * SearchImages: extend API with filter parameter - * podman-search: refactor code to libpod/image/search.go - * podman-search: run in parallel - * Ensure that userns is created for stopped rootless pods - * Podman pod create now errors on receiving CLI args - * podman-remote pull - * Don't start running dependencies - * Fifth chunk of Cobra Examples - * Add 4th chunk of Cobra Examples - * OpenTracing support added to start, stop, run, create, pull, and ps - * packer: Make Makefile host arch sensitive - * Add 3rd chunk of Cobra examples - * pod infra container is started before a container in a pod is run, started, or attached. - * Add registry name to fields returned by varlink image search - * Second chunk of Cobra help - * podman: honor --storage-opt again - * docs: mention the new OCI runtime configuration - * libpod: honor runtime_path from libpod.conf - * rootless: open the correct file - * Fix `podman login` lying problem - * Fix error code retrieval for podman start --attach - * Enable --rm with --detach - * Add examples for Cobra - * Add tlsVerify bool to SearchImage for varlink - * Fix volume handling in podman - * enable podman-remote volume prune - * add build to main and as subcommand to image - * --password-stdin flag in `podman login` - * 'podman cp' copy between host and container - * podman-remote build - * Vendor in latest c/storage and c/image - * show container ports of network namespace - * podman-remote volume inspect|ls - * build varlink without GOPATH - * completions: add --pod to run/create - * Parse fq name correctly for images - * Try disabling --rm on notify_socket test - * podman-remote push - * get_ci_vm : allow running without sudo - * Only build varlink when buildtag is available - * Remove a lot of '--rm' options from unit tests - * Address review comments on #2319 - * Retain a copy of container exit file on cleanup - * Fix manual detach from containers to not wait for exit - * varlink: Rename `SearchImage` to `SearchImages` - * varlink: Rename `ContainerInList` to `Container` - * varlink: Rename `ImageInList` to `Image` - * varlink: Simplify GetVersion() call - * varlink: Return all times in RFC 3339 format - * Makefile: Don't include quotes around GIT_COMMIT - * varlink: Remove the Ping() method - * podman: Show error when creating varlink listener failed - * varlink: Remove `NotImplemented` type - * Don't show global flags except for podman command - * podman-remote volume rm - * Remove urfave/cli from libpod - * podman-remote volume create - * Separate remote and local commands - * lock and sync container before checking mountpoint - * oci: do not set XDG_RUNTIME_DIR twice - * pod: drop not valid check for rootless - * Podman pod stats -- fix GO template output - * Add troubleshooting information about running a rootless containers. - * Add --all-tags to pull command - * Add common_test.go to single test instructions - * Remove container from storage on --force - * do not crash when displaying dangling images - * Add volume mounts to PS output - * Update image-trust man with further comments - * Migrate to cobra CLI - * Remove some dead type declarations - * Fix down/missing registry.access.redhat.com - * cleanup: use the correct runtime - * make vendor: always check for latest vndr - * install.md: add section about vendoring - * Add varlink generate to the make documentation - * Mention OSes that pass the build - * Generate make helping message dynamicaly. - * Makefile: minor fix to reenable system tests - * Add StartPeriod to cmd/podman/docker.HealthConfig - * Unconditionally refresh storage options from config - * rootless: do not override /dev/pts if not needed - * Fix handling of memory limits via varlink - * Add documentation on running systemd on SELinux systems - * Cirrus: add vendor_check_task - * cleanup vendor directory - * Revert "Vendor containers/buildah" - * e2e tests: sigproxy: fix rare hang condition - * Preserve exited state across reboot - * Apply 50min timeout to integration tests - * Capatilize all usage and descriptions - * Add podman system prune and info commands - * podman-remote import|export - * tests: allow to override the OCI runtime - * rootless: copy some settings from the global configuration - * Vendor containers/buildah - * Increase e2e info/json test exit timeout - * Touch up image-trust man - * Rework Podman description - * vendor latest containers/image - * Reduce Dockerfile based build time for libpod. - * libpod/image: Use RepoDigests() in Inspect() - * add Pod Manager References - * Add support for short option -f in podman version - * Add support for short option -s in podman inspect - * Add support for short option -f - * Changes to container runlabel for toolbox project - * Fix regression in ps with custom format - * Set SELinux type on bin/podman after install - * Cirrus: Add RHEL-7 testing - * For consistency in usage output the verbs changed from 3rd person to 1st person. - * podman image prune -- implement all flag - * Alter varlink API for ListContainerMounts to return a map - * Make --quiet work in podman create/run - * apparmor: don't load default profile in rootless mode - * Cirrus: Enable AppArmor build and test - * Update ArchLinux installation instructions - * tutorials: describe how to use podman in updates-testing - * [skip ci] Cirrus: Container for tracking image use - * Cirrus: Use freshly built images - * remove sudo - * Vendor in latest containers/storage - * Show a better error message when podman info fails during a refresh - * enable podman-remote version - * Update transfer.md and commands.md to add missing commands. - * rootless: support port redirection from the host - * Mask unimplemeted commands for remote client - * Vendor in latest opencontainers/selinux - * podman-remote inspect - * Vendor in latest containers/storage - * rootless: fix --pid=host without --privileged - * Do not unmarshal into c.config.Spec - * podman-inspect: don't ignore errors - * Add openSUSE Kubic to install.md - * cirrus: Record start/end time of important things - * Cirrus: Consolidate VM image names in once place - * Update README for v1.0.0 - * Installing podman - * Ensure that wait exits on state transition - * Vendor in containers/storage - * Add --latest and --all to podman mount/umount - * Cleanup coverity scan issues - * Embed runtime struct in super localRuntime - * Collaberative podman-remote container exists - * Fix up `image sign` in PR 2108 - * add support for podman-remote history - * Rename localRuntime to runtime in cmd/podman - * podman remote integrations tests - * podman remote client -- add rmi - * Run integrations test with remote-client - * [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scp - * Update master branch with v1.0 changes from 1.0 branch - * Add local storage.conf example to troubleshoot - * config: store the runtime used to create each container - * oci: allow to define multiple OCI runtimes - * libpod: allow multiple oci runtimes - * Remove imageParts.{isTagged,registry,name,tag} - * Clarify comments about isRegistry a bit. - * Use imageParts.unnormalizedRef in GetImageBaseName - * FIXME? Introduce imageParts.suspiciousRefNameTagValuesForSearch - * Use imageParts.referenceWithRegistry in Image.getLocalImage - * Don't try to look up local images with an explicit :latest suffix - * Return a reference.Named from normalizedTag - * Use reference.TagNameOnly instead of manually adding imageParts.tag in normalizeTag - * Use imageParts.normalizedReference in normalizeTag - * Add imageParts.normalizedReference() - * Use imageparts.referenceWithRegistry in normalizeTag - * Remove no longer used imageParts.assemble() - * Use getPullRefPair / getSinglePullRefPairGoal in pullGoalFromPossiblyUnqualifiedName - * Use imageParts.referenceWithRegistry in pullGoalFromPossiblyUnqualifiedName - * Use imageParts.referenceWithRegistry in getPullRefPair - * Add imageParts.referenceWithRegistry - * Don't use imageParts.assemble when pulling from a qualified name - * Reorganize normalizeTag - * Simplify pullGoalFromPossiblyUnqualifiedName - * Remove imageParts.transport - * Simplify pullGoalFromPossiblyUnqualifiedName - * Inline imageParts.assembleWithTransport into callers - * Record the original reference.Named in imageParts - * Drop image.DecomposeString, make image.Parts private imageParts again - * Don't call image.DecomposeString in imageInListToContainerImage - * Add bridge support, for the varlink connection - * Add troubleshooting statement for homedirs mounted noexec - * Set default storage options from mounts.conf file. - * podman play kube: add containers to pod - * Add darwin support for remote-client - * vendor: update everything - * vendor make target - * rootless: create the userns immediately when creating a new pod - * rootless: join both userns and mount namespace with --pod - * spec: add nosuid,noexec,nodev to ro bind mount - * Use multi-arch images in test case scripts - * Add varlink support for prune - * Replace tab with spaces in MarshalIndent in libpod - * Remove one more usage of encoding/json in libpod - * Update vendor.conf for jsoniter vendor changes - * Move all libpod/ JSON references over to jsoniter - * Update json-iterator vendor to v1.1.5 - * Remove easyjson in preparation for switch to jsoniter - * remote-client support for images - * Move python code from contrib to it's own repo python-podman - * Use defaults if paths are not specified in storage.conf - * (Minor) Cirrus: Print timestamp at start - * fix up sigstore path - * Trivial readme updates - * podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE - * Fix handling of nil volumes - * sign: make all error messages lowercase - * sign: use filepath.Join instead of fmt.Sprintf - * createconfig: always cleanup a rootless container - * Fix 'image trust' from PR1899 - * libpod/image: Use ParseNormalizedNamed in RepoDigests - * apparmor: apply default profile at container initialization - * Fix up image sign and trust - * If you fail to open shm lock then attempt to create it - * List the long variant of each option before its shorter counterpart - * Use existing interface to request IP address during restore - * Added checkpoint/restore test for same IP - * Enable checkpoint test with established TCP connections - * .github/ISSUE_TEMPLATE: Suggest '/kind bug' and '/kind feature' - * pkg/hooks/exec: Include failed command in hook errors - * hooks/exec/runtimeconfigfilter: Log config changes - * hooks: Add pre-create hooks for runtime-config manipulation - * Add Validate completions - * Add a --workdir option to 'podman exec' - * Default --sig-proxy to true for 'podman start --attach' - * Test that 'podman start --sig-proxy' does not work without --attach - * [WIP]Support podman image sign - * vendor latest buildah - * Honor image environment variables with exec - * Minor: Remove redundant basename command in ooe.sh - * Rename libpod.Config back to ContainerConfig - * Add ability to build golang remote client - * vendor latest buildah - * Add the configuration file used to setup storage to podman info - * Address lingering review comments from SHM locking PR - * podman: set umask to 022 - * podman-login: adhere to user input - * Vendor in latest containers/buildah code - * Rootless with shmlocks was not working. - * Readd Python testing - * Update vendor of runc - * [skip ci] Docs: Add Bot Interactions section - * container runlabel NAME implementation - * Bump time for build_each_commit step - * Move lock init after tmp dir is populated properly - * DO NOT MERGE temporarily remove python tests - * When refreshing libpod, if SHM locks exist, remove them - * Ensure different error messages and creating/opening locks - * Update unit tests to use in-memory lock manager - * Remove runtime lockDir and add in-memory lock manager - * Convert pods to SHM locks - * Convert containers to SHM locking - * Add lock manager to libpod runtime - * Move to POSIX mutexes for SHM locks - * Disable lint on SHMLock struct - * Refactor locks package to build on non-Linux - * Add an SHM-backed Lock Manager implementation - * Add interface for libpod multiprocess locks - * Improve documentation and unit tests for SHM locks - * Propogate error codes from SHM lock creation and open - * Add mutex invariant to SHM semaphores. - * Initial skeleton of in-memory locks - * add container-init support - * If local storage file exists, then use it rather then defaults. - * vendor in new containers/storage - * Fix completions - * Touch up some troubleshooting nits - * Warn on overriding user-specified storage driver w/ DB - * Log container command before starting the container - * Use sprintf to generate port numbers while committing - * Add troubleshooting for sparse files - * Fix handling of symbolic links - * podman build is not using the default oci-runtime - * Re-enable checkpoint/restore CI tests on Fedora - * Fixes to handle /dev/shm correctly. - * rootless tests using stop is more reliable - * Allow alias for list, ls, ps to work - * Refactor: use idtools.ParseIDMap instead of bundling own version - * cirrus: Use updated images including new crui - * Switch all referencs to image.ContainerConfig to image.Config - * Allow users to specify a directory for additonal devices - * Change all 'can not' to 'cannot' for proper usage - * Invalid index for array - * Vendor in latest psgo code to fix race conditions - * test: add test for rootless export - * export: fix usage with rootless containers - * rootless: add function to join user and mount namespace - * libpod: always store the conmon pid file - * Use existing CRIU packages in CI setup - * skip test for blkio.weight when kernel does not support it - * Add Play - * Cirrus: Skip build all commits test on master - * prepare for move to validate on 1.11 only - * [skip ci] Gate: Update docs w/ safer local command - * Support podman image trust command - * Makefile: validate that each commit can at least build - * perf test a stress test to profile CPU load of podman - * all flakes must die - * Add information on --restart - * generate service object inline - * Cirrus: One IRC notice only - * docs/tutorials: add a basic network config - * display proper error when rmi -fa with infra containers - * add --get-login command to podman-login. - * Show image only once with images -q - * Add script to create CI VMs for debugging - * Cirrus: Migrate PAPR testing of F28 to Cirrus - * Skip checkpoint tests on Fedora <30 - * Cirrus: Add text editors to cache-images - * Bump gitvalidation epoch - * Bump to v0.12.2-dev - * Clean up some existing varlink endpoints - * mount: allow mount only when using vfs - -- Changelog for v1.0.0 (2018-1-11) - * Update release notes for v1.0 - * Remove clientintegration from Makefile - * Regenerate EasyJSON to fix JSON issues - * Update gitvalidation to avoid reverts w/o signoffs - * Cirrus: Post-Merge Testing for v1.0 Branch - * Move python code from contrib to it's own repo python-podman - * Use defaults if paths are not specified in storage.conf - * (Minor) Cirrus: Print timestamp at start - * fix up sigstore path - * Trivial readme updates - * podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE - * Fix handling of nil volumes - * sign: make all error messages lowercase - * sign: use filepath.Join instead of fmt.Sprintf - * createconfig: always cleanup a rootless container - * Fix 'image trust' from PR1899 - * libpod/image: Use ParseNormalizedNamed in RepoDigests - * apparmor: apply default profile at container initialization - * Fix up image sign and trust - * List the long variant of each option before its shorter counterpart - * Use existing interface to request IP address during restore - * Added checkpoint/restore test for same IP - * Enable checkpoint test with established TCP connections - * .github/ISSUE_TEMPLATE: Suggest '/kind bug' and '/kind feature' - * pkg/hooks/exec: Include failed command in hook errors - * hooks/exec/runtimeconfigfilter: Log config changes - * hooks: Add pre-create hooks for runtime-config manipulation - * Add Validate completions - * Add a --workdir option to 'podman exec' - * Default --sig-proxy to true for 'podman start --attach' - * Test that 'podman start --sig-proxy' does not work without --attach - * [WIP]Support podman image sign - * vendor latest buildah - * Honor image environment variables with exec - * Minor: Remove redundant basename command in ooe.sh - * Rename libpod.Config back to ContainerConfig - * Add ability to build golang remote client - * vendor latest buildah - * Add the configuration file used to setup storage to podman info - * podman: set umask to 022 - * podman-login: adhere to user input - * Vendor in latest containers/buildah code - * Readd Python testing - * Update vendor of runc - * [skip ci] Docs: Add Bot Interactions section - * container runlabel NAME implementation - * Bump time for build_each_commit step - * add container-init support - * If local storage file exists, then use it rather then defaults. - * vendor in new containers/storage - * Fix completions - * Touch up some troubleshooting nits - * Log container command before starting the container - * Use sprintf to generate port numbers while committing - * Add troubleshooting for sparse files - * Fix handling of symbolic links - * podman build is not using the default oci-runtime - * Re-enable checkpoint/restore CI tests on Fedora - * Fixes to handle /dev/shm correctly. - * rootless tests using stop is more reliable - * Allow alias for list, ls, ps to work - * Refactor: use idtools.ParseIDMap instead of bundling own version - * cirrus: Use updated images including new crui - * Switch all referencs to image.ContainerConfig to image.Config - * Allow users to specify a directory for additonal devices - * Change all 'can not' to 'cannot' for proper usage - * Invalid index for array - * Vendor in latest psgo code to fix race conditions - * test: add test for rootless export - * export: fix usage with rootless containers - * rootless: add function to join user and mount namespace - * libpod: always store the conmon pid file - * Use existing CRIU packages in CI setup - * skip test for blkio.weight when kernel does not support it - * Add Play - * Cirrus: Skip build all commits test on master - * prepare for move to validate on 1.11 only - * [skip ci] Gate: Update docs w/ safer local command - * Support podman image trust command - * Makefile: validate that each commit can at least build - * perf test a stress test to profile CPU load of podman - * all flakes must die - * Add information on --restart - * generate service object inline - * Cirrus: One IRC notice only - * docs/tutorials: add a basic network config - * display proper error when rmi -fa with infra containers - * add --get-login command to podman-login. - * Show image only once with images -q - * Add script to create CI VMs for debugging - * Cirrus: Migrate PAPR testing of F28 to Cirrus - * Skip checkpoint tests on Fedora <30 - * Cirrus: Add text editors to cache-images - * Clean up some existing varlink endpoints - * mount: allow mount only when using vfs - -- Changelog for v0.12.1.2 (2018-12-13) - * Add release notes for 0.12.1.2 - * runlabel should sub podman for docker|/usr/bin/docker - * condition fixed for adding volume to boltdb. - * e2e: add tests for systemd - * Add test for sharing resolv and hosts with netns - * Makefile tweaks to fix make shell - * failed containers with --rm should remove themselves - * Fix documentation links and flow - * Set Socket label for contianer - * Containers sharing a netns should share resolv/hosts - * Prevent a second lookup of user for image volumes - * fix typo in kubernetes - * No need to use `-i` in go build (with go 1.10 and above) - * rootless: fix restart when using fuse-overlayfs - * Cirrus: Update base-image build docs - * Add capabilities to generate kube - * disable F29 tests on PAPR - * Ensure storage options are properly initialized - * add more example usage to varlink endpoints - * Update for API change - * Vendor buildah after merging mtrmac/blob-info-caching-on-top-of-contents-caching - * Vendor c/image after merging c/image#536 - * Bump gitvalidation epoch - * Bump to v0.12.2-dev - -- Changelog for v0.12.1.1 (2018-12-07) - * Update release notes for v0.12.1.1 - * Fix errors where OCI hooks directory does not exist - * add timeout to pod stop - * Remove manual handling of insecure registries in (podman search) - * Fix reporting the registries.conf path on error - * Remove manual handling of insecure registries in doPullImage - * Remove the forceSecure parameter on the pull call stack - * Remove manual handling of insecure registries in PushImageToReference - * Factor out the registries.conf location code in pkg/registries - * Remove the forceSecure parameter of Image.PushImageTo* - * Minimally update for the DockerInsecureSkipTLSVerify type change - * Bump gitvalidation epoch - * Bump to v0.12.2-dev - * Fix build on non-Linux - * Remove some unused data structures and code - * Vendor buildah after merging https://github.com/containers/buildah/pull/1214 - * Update containers/image to 63a1cbdc5e6537056695cf0d627c0a33b334df53 - * Cirrus: Document and codify base-image production - * Cirrus: Use Makefile for image-building - * Refactor BooleanAction to mimic golang interface - * generate kube - -- Changelog for v0.12.1 (2018-12-06) - * Update release notes for 0.12.1 - * bind mount /etc/resolv.conf|hosts in pods - * Remove --sync flag from `podman rm` - * Add locking to Sync() on containers - * Add --sync flag to podman ps - * Add --sync option to podman rm - * Tests for podman volume commands - * Add "podman volume" command - * tutorial: add ostree dependency - * Pick registry to login from full image name as well - * Add ability to prune containers and images - * Invert tlsverify default in API - * set .54 version for f28 due to memory error - * Vendor in latest containers/storage - * pkg/lookup: Return ID-only pointers on ErrNo*Entries - * test for rmi with children - * libpod/container_internal_linux: Allow gids that aren't in the group file - * Don't initialize CNI when running as rootless - * correct algorithm for deleting all images - * Use runtime lockDir in BoltDB state - * test: update runc again - * vendor: update containers/storage - * create pod on the fly - * libpod/container_internal: Deprecate implicit hook directories - * Revert changes to GetDefaultStoreOptions - * Fix libpod static dir selection when graphroot changed - * podman pod exists - * Adding more varlink endpoints - * Ensure directory where we will make database exists - * Fix typo - * rootless: raise error if newuidmap/newgidmap are not installed - * Add better descriptions for validation errors in DB - * Fix gofmt and lint - * Make locks dir in unit tests - * Do not initialize locks dir in BoltDB - * Move rootless storage config into libpod - * Set default paths from DB if not explicitly overridden - * Add a struct indicating if some Runtime fields were set - * Make DB config validation an explicit step - * Move DB configuration up in runtime setup - * Add ability to retrieve runtime configuration from DB - * Add short-option handling to logs - * tests: always install runc on Ubuntu - * cirrus: update ubuntu image - * cirrus: make apt noninteractive - * Dockerfile, .cirrus.yml: update runc commit - * rootless: propagate XDG_RUNTIME_DIR to the OCI runtime - * Update ubuntu VM image w/ newer runc - * add pod short option to ps - * Add create test with --mount flag - * Only include container SizeRootFs when requested - * /dev/shm should be mounted even in rootless mode. - * disable checkpoint tests on f29 - * test, rootless: specify USER env variable - * Revert "downgrade runc due a rootless bug" - * Fix completions to work with podman run command - * hide kube command for now - * pypod create/run: ignore args for container command - * Add support for --all in pypodman ps command - * Fixes #1867 - * tests: fix NOTIFY_SOCKET test - * Fix golang formatting issues - * oci: propagate NOTIFY_SOCKET on runtime start - * test: fix test for NOTIFY_SOCKET - * Add test to ensure stopping a stopped container works - * Stopping a stopped container is not an error for Podman - * Disable mount options when running --privileged - * Vendor in latest containers/storage - * util: use fsnotify to wait for file - * vendor: update selinux - * rootless: store only subset of storage.conf - * rootless: fix cleanup - * network: allow slirp4netns mode also for root containers - * Added more checkpoint/restore test cases - * Fix podman container restore -a - * Update bash completion for checkpoint/restore - * Add '--tcp-established' to checkpoint/restore man page - * Added tcp-established to checkpoint/restore - * Remove unused CRIU_COMMIT variable - * Point CRIU_COMMIT to CRIU release 3.11 - * Updated CRIO_COMMIT to pull in new conmon for CRIU - * Use also a struct to pass options to Restore() - * _split_token(): handle None - * Use host's resolv.conf if no network namespace enabled - * rootless: add new netmode "slirp4netns" - * tests: change return type for PodmanAsUser to PodmanTestIntegration - * test: cleanup CNI network used by the tests - * exec: don't wait for pidfile when the runtime exited - * Remove mount options relatime from podman run --mount with shared - * Update test case name to podman run with --mount flag - * Add some tests for --ip flag with run and create command - * Add history and namespaceoptions to image inspect - * add podman container|image exists - * set root propagation based on volume properties - * Actually set version for podman module / pypodman - * implement --format for version command - * podman_tutorial.md typos: arguement -> argument; missing 'a' - * Load NAT modules to fix tests involving CRIU - * Vendor in latest containers/buildah - * Update checkpoint/restore man pages - * Added option to keep containers running after checkpointing - * Use a struct to pass options to Checkpoint() - * exec: always make explicit the tty value - * Allow users to expose ports from the pod to the host - * Improve speed of containers.list() - * output libpod container to kubernetes yaml - * rootless: create empty mounts.conf if it doesn't exist - * registries: check user registries file only in rootless mode - * rootless: create storage.conf when it doesn't exist - * rootless: create libpod.conf when it doesn't exist - * Don't use $HOST and $USER variables for remote - * Implement pypodman start command - * runlabel: use shlex for splitting commands - * Add a rule to compile system test in Makefile - * Fix no-new-privileges test - * The system test write with ginkgo - * Separate common used test functions and structs to test/utils - * Add version command to pypodman - * Bump gitvalidation epoch - * Bump to v0.11.2-dev - * Cirrus: Add documentation for system-testing - * Cirrus: Simplify optional system-test script - * Cirrus: Reveal magic, parallel system-testing - * libpod should know if the network is disabled - * Lint: Silence few given goconst lint warnings - * Lint: Extract constant unknownPackage - * Lint: Tests: add missing assertions - * Lint: Do not ignore errors from docker run command when selinux enabled - * Lint: InspectImage varlink api should return errors that occurred - * Lint: Exclude autogenerated files from lint test - * Lint: Update metalinter dependency - * Set --force-rm for podman build to true by default - * Vendor in latest containers/storage - -- Changelog for v0.11.1.1 (2018-11-15) - * Vendor in containers/storage - * Add release notes for 0.11.1.1 - * Increase pidWaitTimeout to 60s - * Cirrus: Add master branch testing status badge - * rootless: call IsRootless just once - * Bump golang to v1.10 in install.md - * Standardized container image for gofmt and lint - * Make list of approvers same as reviewers - * vendor: update ostree-go - * vendor.conf: fix typo - * Cleanup podman spec to not show git checkout is dirty - * Add space between num & unit in images output - * Update troubleshooting guide to deal with rootless path - * troubleshooting.md: add a recipe for rootless ping - * remove $-prefix from (most) shell examples - * docs: Fix duplicated entry for pod-container-unmount - * Better document rootless containers - * info: add rootless field - * Accurately update state if prepare() partially fails - * Do not hide errors when creating container with UserNSRoot - * rm -f now removes a paused container - * correct assignment of networkStatus - * podman_tutorial: cni build path has changed - * Bump gitvalidation epoch - * Bump to v0.11.2-dev - * Cirrus: Ignore any error from the IRC messenger - * rootless: default to fuse-overlayfs when available - -- Changelog for v0.11.1 (2018-11-08) - * Update release notes for 0.11.1 - * update seccomp.json - * Touch up --log* options and daemons in man pages - * Fix run --hostname test that started failing post-merge - * move defer'd function declaration ahead of prepare error return - * Don't fail if /etc/passwd or /etc/group does not exists - * Print error status code if we fail to parse it - * Properly set Running state when starting containers - * Fix misspelling - * Retrieve container PID from conmon - * If a container ceases to exist in runc, set exit status - * EXPERIMENTAL: Do not call out to runc for sync - * Actually save changes from post-stop sync - * rootless: mount /sys/fs/cgroup/systemd from the host - * rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode - * Add hostname to /etc/hosts - * Temporarily fix the Python tests to fix some PRs - * Remove conmon cgroup before pod cgroup for cgroupfs - * Fix cleanup for "Pause a bunch of running containers" - * --interactive shall keep STDIN attached even when not explicitly called out - * Do never override podman with docker - * Make kill, pause, and unpause parallel. - * Fix long image name handling - * Make restart parallel and add --all - * Add ChangeAction to parse sub-options from --change - * replace quay.io/baude to quay.io/libpod - * Change humanize to use MB vs MiB. - * allow ppc64le to pass libpod integration tests - * Cirrus-CI: Add option to run system-tests - * Cirrus: Skip rebuilding images unless instructed - * Cirrus: Disable image build job abort on push - * Cirrus: Add a readme - * Ubuntu VM image build: try update twice - * Cirrus: Enable updating F28 image - * rootless: do not add an additional /run to runroot - * rootless: avoid hang on failed slirp4netns - * Fix setting of version information - * runtime: do not allow runroot longer than 50 characters - * attach: fix attach when cuid is too long - * truncate command output in ps by default - * Update the runc commit used for testing - * make various changes to ps output - * Sync default config with libpod.conf - * Use two spaces to pad PS fields - * unmount: fix error logic - * get user and group information using securejoin and runc's user library - * CONTRIBUTING.md: add section about describing changes - * Change to exported name in ParseDevice - * Vendor in latest containers/storage - * fix bug in rm -fa parallel deletes - * Ensure test container in running state - * Add tests for selinux labels - * Add --max-workers and heuristics for parallel operations - * Increase security and performance when looking up groups - * run prepare in parallel - * downgrade runc due a rootless bug - * runlabel: run any command - * Eat our own dogfood - * vendor: update containers/storage - * Add support for /usr/local installation - * create: fix writing cidfile when using rootless - * Explain the device format in man pages - * read conmon output and convert to json in two steps - * Cirrus: Use images w/ buildah fix - * Add --all and --latest to checkpoint/restore - * Use the newly added getAllOrLatestContainers() function - * Use the new checkAllAndLatest() function - * Also factor out getAllOrLatestContainers() function - * Add checkAllAndLatest() function - * Downgrade code to support python3.4 - * Allow containers/storage to handle on SELinux labeling - * Use more reliable check for rootless for firewall init - * Vendor in latest containers/storage opencontainers/selinux - * Make podman ps fast - * Support auth file environment variable in podman build - * fix environment variable parsing - * tests: use existing CRIU version check - * Use the CRIU version check in checkpoint/restore - * Add helper function to read out CRIU version - * vendor in go-criu and dependencies - * oci: cleanup process status - * Handle http/https in registry given to login/out - * re-enable f29 testing - * correct stats err with non-running containers - * Use restoreArtifacts to save time in integration tests - * Make rm faster - * Fix man page to show info on storage - * Move rootless directory handling to the libpod/pkg/util directory - * Fix podman port -l - * Fix trivial missing markup in manpage - * Cirrus: Install CRIU in test images - * Cirrus: Use different CNI_COMMIT for Fedora - * Fix Cirrus/Packer VM image building - * Revert "Cirrus: Enable debugging delay on non-zero exit" - * Cirrus: IRC message when cirrus testing successful - * cirrus: Add simple IRC messenger - * fix NOTIFY_SOCKET in e2e testfix NOTIFY_SOCKET in e2e tests - * Bump gitvalidation epoch - * Bump to v0.10.2-dev - -- Changelog for v0.10.1.3 (2018-10-17) - * Update release notes for 0.10.1.3 - * Vendor in new new buildah/ci - * Fix podman in podman - * Bump gitvalidation epoch - * Bump to v0.10.2-dev - -- Changelog for v0.10.1.2 (2018-10-17) - * Update release notes for 0.10.1.2 - * Fix CGroup paths used for systemd CGroup mount - * Bump gitvalidation epoch - * Bump to v0.10.2-dev - -- Changelog for v0.10.1.1 (2018-10-16) - * Update release notes for 0.10.1.1 - * Mount proper cgroup for systemd to manage inside of the container. - * Cirrus: Enable debugging delay on non-zero exit - * Touchup fileo typo - * volume: resolve symlinks in paths - * volume: write the correct ID of the container in error messages - * vendor: update containers/buildah - * papr: relabel GOPATH/github.com/containers/podman - * tests: do not fail in the cleanup phase - * tests: do not make assumptions on the mount output - * papr_prepare: remove double process for starting up .papr.sh - * Add support for pod commands - * Support auth file environment variable & add change to man pages - * Generate a passwd file for users not in container - * Bump gitvalidation epoch - * Bump to v0.10.2-dev - -- Changelog for v0.10.1 (2018-10-11) - * Swap from map to channels for podman stop workers - * Add release notes for 0.10.1 - * Pass along syslog variable to podman cleanup processes - * Sort all command flags - * rootless: detect when user namespaces are not enabled - * Log an otherwise ignored error from joining a net ns - * Fix gofmt - * Add tests for --ip flag - * Update manpages for --ip flag - * Add --ip flag and plumbing into libpod - * Document --net as an alias of --network in podman run & create - * Update OCICNI vendor to 2d2983e4 - * Temporary commit to swap branches - * rootless: report more error messages from the startup phase - * rootless: fix an hang on older versions of setresuid/setresgid - * Update OCICNI vendor to e617a611 - * fix runlabel functions based on QA feedback - * Vendor latest containers/image - * Stop containers in parallel fashion - * wip - * remove hack/dind - * Vendor in latest github.com/containers/storage,image, buildah - * runlabel: execute /proc/self/exe and avoid recursion - * Re-add source-verify in cirrus-ci - * added links to buildah.io and podman.io to README.md - * Lower CPU/Memory usage by cirrus VMs - * skip userns tests on non-fedora distributions for now - * Remove Travis - * docker: Double quote array expansions to avoid re-splitting elements - * Ensure resolv.conf has the right label and path - * Remove no longer used libnetwork from vendor.conf - * Fix lint - * Drop libnetwork vendor and move the code into pkg/ - * Update libnetwork vendor to current master to fix CI - * Switch to using libnetwork's resolvconf package - * Add configuration for Cirrus-CI - * disable gce building of images - * re-add BR for golang compiler to contrib/spec/podman.spec.in - * completions: add checkpoint/restore completions - * tests: add checkpoint/restore test - * tutorial: add checkpoint/restore to tutorial - * docs: add checkpoint and restore man pages - * Add support to checkpoint/restore containers - * oci: split the stdout and stderr pipes - * oci: always set XDG_RUNTIME_DIR - * Fix pod status reporting for new Exited state - * Add ability for ubuntu to be tested - * selinux: drop superflous relabel - * rootless: always set XDG_RUNTIME_DIR - * Fix python tests - * Fix Wait() to allow Exited state as well as Stopped - * Fix cleanupRuntime to only save if container is valid - * Fix bug with exited state and container remove - * Address review comments and fix ps output - * Add ContainerStateExited and OCI delete() in cleanup() - * Need to allocate memory for hook struct - * Disable SELinux labeling if --privileged - * * Update documenation - * Implement pod varlink bindings - * Update docs to build a runc that works with systemd - * runtime: fix message which assumes the runtime is runc - * rootless: raise an error when trying to use cgroups - * Add --all flag to podman kill - * Add podman.io to README.md - * Vendor in the latest containers/storage, image and buildah - * Don't tmpcopyup on systemd cgroup - * Add container runlabel command - * run complex image names with short names - * Add buildah version and distribution to info - * Disable Fedora 29 and CentOS7 VM testing - * podman runs disabled containers and privileged containers as spc_t - * Update the OWNERS file so bot assigns sane reviewers - * rework CI tests to test on VMs - * Put openshift dockerfiles in test/install - * Bump gitvalidation epoch - * Bump to v0.9.4-dev - * contrib/python/*/Makefile: Fallback to unversioned 'python' - * Makefile: Drop PYTHON - * Makefile: Call contrib/python's clean regardless of HAS_PYTHON3 - -- Changelog for v0.9.3.1 (2018-09-25) - * Update release notes for 0.9.3.1 - * Disable problematic SELinux code causing runc issues - * Bump gitvalidation epoch - * Bump to v0.9.4-dev - -- Changelog for v0.9.3 (2018-09-21) - * Update release notes for 0.9.3 - * Add --mount option for `create` & `run` command - * Refactor Wait() to not require a timeout - * Updates from reviews - * Implement new subcommands - * Don't mount /dev/shm if the user told you --ipc=none - * rootless: error out if there are not enough UIDs/GIDs available - * Vendor in latest containers/buildah - * rootless: fix create with images not in the storage - * rootless: skip usage of filepath.Join - * create, rootless: join the userns of ns:PATH - * create, rootless: join the userns of container:CONTAINER - * spec: refactor ns modes to a common interface - * Don't output inodes created to run a container - * Add rpmbuild to the openshift fedora test image - * Add new field to libpod to indicate whether or not to use labelling - * Bind Mounts should be mounted read-only when in read-only mode - * test, rootless: enforce cgroupfs manager - * report when rootless - * add the gopath environment variable to the openshift dockerfile - * Vendor in latest opencontainers/runtime-tools - * Add python-varlink to the Fedora openshift image - * Add Dockerfile for openshift lint, gofmt, and validate testing - * Vendor in latest containers/buildah - * Don't crash if an image has no names - * Replace all usages of "install -D" with "install -d" - * Increase pidWaitTimeout to 1000ms - * Small updates to OCI spec generation - * Add new tests for ipc namespace sharing - * Hooks supports two directories, process default and override - * Bump gitvalidation epoch - * Bump to v0.9.3-dev - -- Changelog for v0.9.2.1 (2018-09-17) - * Update release notes for 0.9.2.1 - * Vendor in latest projectatomic/buildah - * Vndr latest containers/image - * Bump gitvalidation epoch - * Bump to v0.9.3-dev - -- Changelog for v0.9.2 (2018-09-14) - * Update release notes for 0.9.2 - * change search test to look for fedora and not fedora-minimal - * Don't mount /dev/* if user mounted /dev - * add registry information to varlink info - * libpod/image/pull: Return image-pulling errors from doPullImage - * Update gitvalidation epoch to avoid a bad commit - * Update README to reflect current development efforts - * rootless: do not raise an error if the entrypoint is specified - * Add Buildah Podman relationship to README.md - * Swap default mount propagation from private to rprivate - * Add a way to disable port reservation - * Add notes to check version on problem - * Do not set rlimits if we are rootless - * Up default Podman rlimits to avoid max open files - * Search registries with an empty query - * Vendor in latest containers/image - * Remove duplicate code between create.go and run.go - * Add --interval flag to podman wait - * Add `podman rm --volumes` flag - * Vendor in latest containers/storage to eliminage deadlock - * do not build with devicemapper - * run different cgroup tests depending on conditions - * dont make python when running make - * Explicitly set default CNI network name in libpod.conf - * Pass on securityOpts from podInfraContainer to container added to pod. - * Bump gitvalidation epoch - * Bump to v0.9.2-dev - -- Changelog for v0.9.1.1 (2018-09-10) - * Update release notes for 0.9.1.1 - * Replace existing iptables handler with firewall code - * Vendor CNI plugins firewall code - * Fix displaying size on size calculation error - * Bump gitvalidation epoch - * Bump to v0.9.2-dev - -- Changelog for v0.9.1 (2018-09-07) - * Update RELEASE_NOTES for 0.9.1 release - * Fix pod sharing for utsmode - * Respect user-added mounts over default spec mounts - * Ensure we do not overlap mounts in the spec - * Change references to cri-o to point at new repository - * fix docs for podman build - * use layer cache when building images - * Add first pass for baseline pod tests - * Change shm test to be less flaky. - * Update WaitForTimeOut to output OutputString to help with debugging. - * Fixups for baseline test script - * Fix nameing of Namespaces to be more consistent - * Start pod infra container when pod is created - * vendor containerd/cgroups - * Fix up libpod.conf man pages and referencese to it. - * Print errors from individual pull attempts - * Added GOPATH/bin to PATH install.md - * We should fail Podman with ExitCode 125 by default - * Add CRI logs parsing to podman logs - * rmi remove all not error when no images are present - * rootless: check uid with Geteuid() instead of Getuid() - * rootless, tests: add tests for the pod command - * rootless, create: support --pod - * rootless, run: support --pod - * rootless: create compatible pod infra container - * rootless: be in an userns to initialize the runtime - * commandNotFoundHandler: use stderr and exit code 1 - * Bump gitvalidation epoch - * Bump to v0.9.1-dev - * Update release notes for 0.8.5 - -- Changelog for v0.8.5 (2018-08-31) - * Add proper support for systemd inside of podman - * We are mistakenly seeing repos as registries. - * container: resolve rootfs symlinks - * Up time between checks for podman wait - * Turn on test debugging - * Add support for remote commands - * fixup A few language changes and subuid(5) - * Make the documentation of user namespace options in podman-run clearer - * pod create: restore help flag - * catch command-not-found errors - * don't print help message for usage errors - * Vendor in latest containers/storage and containers/image - * add conmon to copr spec - * docs: consistent format for example - * docs: consistent headings - * docs: make HISTORY consistent - * docs: fix headers - * varlink: fix --timeout usage - * run/create: reserve `-h` flag for hostname - * podman,varlink: inform user about --timeout 0 - * rootless: show an error when stats is used - * rootless: show an error when pause/unpause are used - * rootless: unexport GetUserNSForPid - * rootless, exec: use the new function to join the userns - * rootless: fix top - * rootless: add new function to join existing namespace - * Vendor in latest projectatomic/buildah - * Set nproc in containers unless explicitly overridden - * Do not set max open files by default if we are rootless - * Set default max open files in spec - * Resolve /etc/resolv.conf before reading - * document `--rm` semantics - * allow specification of entrypoint in the form of a slice - * Test RPM build and install for regressions - * rootless, search: do not create a new userns - * rootless, login, logout: do not create a new userns - * rootless, kill: do not create a new userns - * rootless, stop: do not create a new userns - * Ensure return errors match API docs - * Fix manpage to note how multiple filters are combined - * Fix handling of multiple filters in podman ps - * Fix Mount Propagation - * docs: add containers-mounts.conf(5) - * docs: use "containers-" prefix for registries and storage - * rootless: fix --pid=host - * rootless: fix --ipc=host - * spec: bind mount /sys only when userNS are enabled - * rootless, tests: add test for --uts=host - * Dockerfile.Fedora: install slirp4netns - * rootless: don't use kill --all - * rootless: exec handle processes that create an user namespace - * rootless: fix exec - * Move whale-says test to end of baseline - * Bump gitvalidation epoch - * Bump to v0.8.5-dev - -- Changelog for v0.8.4 (2018-08-24) - * Add release notes - * Regenerate easyjson after rebase - * Vendor easyjson code to fix build - * Swap from FFJSON to easyjson - * Make 'make clean' remove FFJSON generated code - * rootless: allow to override policy.json by the user - * add completion for --pod in run and create - * Fixed formatting and lowered verbosity of pod ps - * Do not try to enable AppArmor in rootless mode - * exposes tcp port only if no proto specified. - * rpm-spec: use skopeo-containers instead of containers-common - * Reveal information about container capabilities - * Vendor in latest projectatomic/buildah - * Refactor error checking in With*NSFromPod options - * Fixing network ns segfault - * Change pause container to infra container - * Support pause containers in varlink - * Added option to share kernel namespaces in libpod and podman - * Changed GetContainerStats to return ErrCtrStateInvalid - * Add GetPodStats to varlink - * rpm-spec: update distro-specific dependencies - * Add podman pod top - * Include pod stats and top in commands/completions - * Vendor changes to psgo - * Fix syntax description of --ulimit command - * Swap test image in exec test to fedora for useradd - * Add tests for exec --user - * Properly translate users into runc format for exec - * test: ad more tests for rootless containers - * rootless: fix --net host --privileged - * Fix a bug with hook ALWAYS matching with a process - * Fixed segfault in stats where container had netNS none or from container - * Enable pod stats with short ID and name - * Touch up cert-dir in man pages - * make dbuild fixed on ubuntu/debian - * vendor latest github.com/urfave/cli - * Add retry decorator for flakey tests - * Update error message from reviews - * Support Attach subcommand in pypodman - * Fix handling of devices - * tutorial: point to containers/skopeo - * point to containers/skopeo - * install.md: point to containers/libpod - * Bump gitvalidation epoch - * Bump to v0.8.4-dev - -- Changelog for v0.8.3 (2018-08-17) - * Make failure to retrieve individual ctrs/pods nonfatal - * Mention that systemd is the default cgroup manager - * Add dependency for python3-psutil module - * Vendor in latest buildah and imagebuilder - * Don't fail on size. - * Fix handling of socket connection refusal. - * podman: fix --uts=host - * podman pod stats - * Added helper function for libpod pod api calls - * CreatePod args now PodCreate structure - * Added reason to PodContainerError - * Change batchcontainer to shared - * Add Pod API to varlink. - * Change pod varlink API. - * Moved getPodStatus to pod API to be used in varlink - * Vendor in latest containers/psgo code - * switch projectatomic to containers - * Revert "spec: bind mount /sys only for rootless containers" - * Suport format param for varlink Commit - * Fix segfault in top when -l and no args are passed - * Document STORAGE_DRIVER and STORAGE_OPTS environment variable - * podman.spec: recommend slirp4netns - * Do not 'make all' on Travis for Linux - * Fix build on non-Linux OSes - * Create pod CGroups when using the systemd cgroup driver - * Switch systemd default CGroup parent to machine.slice - * spec: bind mount /sys only for rootless containers - * build, rootless: specify IsolationOCIRootless - * vendor: update buildah version - * Fix handling of hostname in --net=host - * Updated pod_api to reflect function spec - * Add create and pull commands - * rootless: not require userns for help/version - * pkg/apparmor: use a pipe instead of a tmp file - * pkg/apparmor: move data under Linux/apparmor buildtags - * pkg/apparmor: move all linux-code into apparmor_linux* - * podman in rootless mode will only work with cgroupfs at this point. - * when searching, survive errors for multiple registries - * Remove unused function in runtime.go - * Fix papr tests by forcing cgroupfs in CI - * Bump gitvalidation epoch - * Bump to v0.8.3-dev - -- Changelog for v0.8.2.1 (2018-08-11) - * Ensure pod inspect is locked and validity-checked - * Further fix tests - * Bump gitvalidation epoch - * Bump to v0.8.3-dev - * Fix python tests again - * Fix python tests to use cgroupfs - * Fix typo breaking tests - * Force cgroupfs for python tests - * Swap default CGroup manager to systemd - * Only use cgroupfs for containerized tests - * Temporarily force all tests to use cgroupfs driver - -- Changelog for v0.8.2 (2018-08-10) - * We need to sort mounts so that one mount does not over mount another. - * search name should include registry - * Split pod.go into 3 files - * Make errors during refresh nonfatal - * Add batch check to container stats lock - * removeContainer: fix deadlock - * Add FFJSON to build container - * Don't require .gopathok for individual FFJSON targets - * Add FFJSON generation to makefile - * Re-add FFJSON for container and pod structs - * Fixed a bug setting dependencies on the wrong container - * Always connect to the stdout and stderr of stream - * apparmor: respect "unconfined" setting - * oci.go: syslog: fix debug formatting - * add podman pod inspect - * Fix ambiguity in adding localhost to podman save - * Fix CGroupFS cgroup manager cgroup creation for pods - * Update Conmon commit for testing - * Pass newly-added --log-level flag to Conmon - * Cleanup man pages - * Improve ps handling of container start/stop time - * rootless: fix user lookup if USER= is not set - * enabled copr epel builds again - * Handle yum and dnf - * Test regressions against the RPM spec file - * Pass DESTDIR down to python Makefile - * Add dpkg support for returning oci/conmon versions - * Have info print conmon/oci runtime information - * Better pull error for fully-qualified images - * Stub varlink pod methods. - * Remove inotify work around - * Rename varlink socket and interface - * Change tarball filename in copr prepare and match short-commit length - * Add Runc and Conmon versions to Podman Version - * update copr spec, lets get it building again - * Add missing dependencies to build system - * Port to MacOS - * Make one runtime for the varlink service - * Bump gitvalidation epoch - * Bump to v0.8.2-dev - -- Changelog for v0.8.1 (2018-08-03) - * Vendor in latest github.com/projectatomic/buildah - * Update gitvalidation epoch - * Check for missing arguments in /proc/self/cmdline - * Added ps --pod option - * clarify pull error message - * rootless: do not set setgroups to deny when using newuidmap - * Man page fixes found by https://pagure.io/ManualPageScan - * Inline pullGoalNamesFromPossiblyUnqualifiedName into Runtime.pullGoalFromPossibly... - * Replace getPullRefName by Runtime.getPullRefPair - * Inline pullGoalNamesFromImageReference back into Runtime.pullGoalFromImageReference - * Introduce getSinglePullRefNameGoal - * Test Runtime.pullGoalFromPossiblyUnqualifiedName instead of pullGoalNameFrom... - * Test Runtime.pullGoalFromImageReference instead of pullGoalNamesFromImageReference - * Use REGISTRIES_CONFIG_PATH for all tests - * rootless: do not segfault if the parent already died - * RFC: Rename runtime.pullImage to runtime.pullImageFromHeuristicSource - * Introduce Runtime.pullImageFromReference, call it in Runtime.FromImageReference - * RFC: Remove unused transport name constants from libpod - * Replace Runtime.LoadFromArchive with Runtime.LoadFromArchiveReference - * Rename the "image" variable to "imageName" - * Fix the heuristic for docker-archive: sources in (podman pull) - * Split doPullImage from pullImage - * Remove the forceCompress parameter from getCopyOptions and DRO.GetSystemContext - * Remove the authFile parameter from getCopyOptions and DRO.GetSystemContext - * Remove the signaturePolicyPath parameter from getCopyOptions and DRO.GetSystemContext - * Add a *types.SystemContext parameter to getCopyOptions and DRO.GetSystemContext - * Move pullImage from Image to Runtime - * Do not re-parse the list of search registries just for an error message - * Eliminate duplicate determination whether to use search registries - * Eliminate the "DockerArchive means pull all refPairs" special case - * Introduce struct pullGoalNames - * Introduce struct pullGoal - * Use []pullRefPair instead of []*pullRefPair - * Use []pullRefName instead of []*pullRefName - * Introduce singlePullRefNameGoal - * Use an early return from refNamesFromPossiblyUnqualifiedName - * RFC: Rename Image.PushImage to Image.PushImageToHeuristicDestination - * Remove an unnecessary use of alltransports.ParseImageName - * RFC? Hard-code "format" string values instead of using libpod.* transport names - * Use PushImageToReference for (podman save) - * Call imageNameForSaveDestination while creating the references - * Exit early in the simple case in imageNameForSaveDestination - * Rename parameters of imageNameForSaveDestination - * Split imageNameForSaveDestination from saveCmd - * Split a single if statement into two. - * Move source handling before destination parsing - * Split Image.PushImageToReference from Image.PushImage - * Don't format to string and re-parse a DockerReference() - * Remove the :// end from DockerTransport - * Remove the TransportNames arrays - * Document the properties of DefaultTransport a bit better. - * Eliminate the "dest" variable. - * Use an early exit if a docker-archive: image has no repo tags - * Reorganize the tag loading in DockerArchive case - * Return early in refNamesFromImageReference instead of appending to pullNames - * Use srcRef.StringWithinTransport() instead of parsing imgName again - * Use a switch instead of if/if else/.../else - * Remove the error return value from getPullRefName - * Rename getPullListFromRef to refPairsFromImageReference - * Split refNamesFromImageReference from Runtime.getPullListFromRef - * Replace getPullRefPair with getPullRefName - * Include the rejected reference when parsing it fails in pullRefPairsFromRefNames - * Add --force to podman umount to force the unmounting of the rootfs - * Integration Test Improvements #3 - * Ensure container and pod refresh picks up a State - * Fix build on non-linux platforms - * Rework state testing to allow State structs to be empty - * Add additional comments on accessing state in API - * Do not fetch pod and ctr State on retrieval in Bolt - * network: add support for rootless network with slirp4netns - * varlink ImageRemove should always return image ID - * Add documentations on how to setup /etc/subuid and /etc/subgid - * Integration Test Improvements #2 - * avoid spewing fds do to restore of cached images - * Add load test for xz compressed images - * Speed up test results - * Show duration for each ginkgo test and test speed improvements - * vendor: update containers/storage - * Clean up pylint warnings and errors for podman - * podman rmi shouldn't delete named referenced images - * Bump gitvalidation epoch - * Bump to v0.8.1-dev - -- Changelog for v0.7.4 (2018-07-27) - * Add pod pause/unpause - * Fix up docker compatibility messages - * Update vendored version of runc,buildah,containers/image - * Refactored method of getting pods - * Fix godoc comment in pkg/netns - * Fix handling of Linux network namespaces - * Update containernetworking/plugins to current master - * Cleanup descriptions and help information - * Skip seccomp-dependent tests on non-Linux - * Use the Linux version BoltState.getContainerFromDB on all platforms. - * Split parseNetNSBoltData from BoltState.getContainerFromDB - * Use testify/require in a few places to avoid panics in tests - * Skip unit tests which require storage when not running as root - * Don't pollute the build output with failures to build checkseccomp - * Remove cmd/podman/user.go - * double papr timeout for all ci tests - * vendor latest containers/psgo - * Vendor latest container/storage to fix overlay mountopt - * Add pod kill - * Added pod restart - * Added pod.Restart() functionality to libpod. - * Add a mutex to BoltDB state to prevent lock issues - * Clear variables used to store options after parsing for every volume - * Clean up pylint warnings and errors - * podman: allow to specify the IPC namespace to join - * podman: allow to specify the UTS namespace to join - * podman: allow to specify the PID namespace to join - * podman: allow to specify the userns to join - * network: support ns: prefix to join existing namespace - * spec: allow container:NAME network mode - * Update comments in BoltDB and In-Memory states - * Add an E2E test to verify basic namespace functionality - * Add libpod namespace to config - * Add missing runtime.go lines to set namespace - * Address first round of review comments - * Set namespace for new pods/containers based on runtime - * Add --namespace flag to Podman - * Update documentation for the State interface - * Ensure pods are part of the set namespace when added - * Enforce namespace checks on container add - * Add tests for state namespacing - * Add namespaces to in memory state - * Untested implementation of namespaced BoltDB access - * Add constraint that dependencies must be in the same ns - * Add namespaces and initial constraints to database - * Add container and pod namespaces to configs - * Fix varlink API usage of psgo - * Update issue template to point build bugs at buildah - * We don't currently support --mac-address - * Vendor in latest containers/psgo code - * Update container Mounted() and Mountpoint() functions - * [WIP] Refactor and simplify python builds - * AppArmor: runtime check if it's enabled on the host - * Add format descriptors infor to podman top - * Fix error handling in pod start/stop. - * docs/podman-top: fix typo and whitespace - * Use the result of reference.Parse when checking for digests. - * Make refNamesFromPossiblyUnqualifiedName independent from Image - * Make Image.HasShaInInputName to an independent local function - * Split createNamesToPull into ref{Names,Pairs}FromPossiblyUnqualifiedName - * Rename local variables in Runtime.pullRefPairsFromRefNames - * Split Runtime.pullRefPairsFromRefNames from Image.createNamesToPull - * Rename nameToPull to pullRefName - * Rename pullStruct to pullRefPair - * Replace optional nameToPull.shaPullName with mandatory dstName - * Introduce nameToPull, move shaPullName in there - * Split normalizeTag from Image.TagImage - * Remove Image.isShortName - * Inline getTags into its only user - * Add unit tests for imageParts - * Add OnBuild and usernamespace test to baseline - * Bump gitvalidation epoch - * Bump to v0.7.4-dev - -- Changelog for v0.7.3 (2018-07-20) - * Update psgo vendor - * Podman load/tag/save prepend localhost when no repository is present - * Pod ps now uses pod.Status() - * Added pod start and stop - * rootless: support a per-user mounts.conf - * secrets: parse only one mounts configuration file - * rootless: allow a per-user registries.conf file - * pull: get registries using the registries pkg - * rootless: allow a per-user storage.conf file - * rootless, docs: document the libpod.conf file used in rootless mode - * Let containers/storage keep track of mounts - * podman-top: use containers/psgo - * Vendor in latest code for storage,image, buildah - * Abort a test on nil containers, so that future tests don't panic - * Fix TestPostDeleteHooks on macOS - * Use `...` for a regexp constant to improve readability - * oci: keep exposed ports busy and leak the fd into conmon - * Dockerfile: install nmap-ncat - * Update podman_tutorial.md - * Update transfer.md - * Add missing podman commands - * Update gitvalidation epoch - * Fix ps filter with key=value labels - * rootless: require subids to be present - * Downgrade setup.py - * Bump gitvalidation epoch - * Bump to v0.7.3-dev - -- Changelog for v0.7.2 (2018-07-13) - * Change logic for detecting conflicting flags in ps - * Update python directories to better support setup.py - * Fix ps --sort=size test - * remote python client for podman - * Only print container size JSON if --size was requested - * Don't print rootfs and rw sizes if they're empty - * Major fixes to podman ps --format=json output - * Ignore running containers in ps exit-code filters - * Record whether the container has exited - * rootless: correctly propagate the exit status from the container - * rootless: unshare mount namespace - * Need to wait for container to exit before completing run/start completes - * If proxy fails then then signal should be sent to the main process - * fix pull image that includes a sha - * Added full podman pod ps, with tests and man page - * Podman pod create/rm commands with man page and tests. - * Added created time to pod state - * Support multiple networks - * Log all output of logrus to syslog as well as stdout/stderr - * podman rmi should only untag image if parent of another - * Changed container status of Unknown from being printed as Dead to Error in Ps - * Fix podman build completions - * Refactor attach()/start() after podman changes - * create conmon sockets when getting their paths - * build: enable ostree in containers/storage when available - * podman/libpod: add default AppArmor profile - * runtime: delete unused function - * rootless: propagate errors from GetRootlessRuntimeDir() - * rootless: resolve the user home directory - * rootless: fix when argv[0] is not an absolute path - * Allow Init() on stopped containers - * urfave/cli: fix regression in short-opts parsing - * Add --volumes-from flag to podman run and create - * Vendor in latest buildah to add masks for /proc/keys and /proc/acpi - * Vendor in latest containers/storage - * Mask /proc/keys to protect information leak about keys on host - * ctime: Drop 32-/64-bit distinction on Linux - * Podman stats with no containers listed is the same as podman stats --all - * Refactor unittest for change in history API - * Bump gitvalidation epoch - * Bump to v0.7.2-dev - -- Changelog for v0.7.1 (2018-07-06) - * pkg/ctime: Factor libpod/finished* into a separate package - * Block use of /proc/acpi from inside containers - * remove buildah requirement for the libpod image library - * contrib/python/test/test_tunnel: Fix -nNT -> -nNTq - * Refactor podman/utils with a single container start and attach function - * Remove now-unneeded cleanupCgroup() for unsupported OS - * Remove per-container CGroup parents - * Fix nits and GOPATH in tutorial - * spec: Make addPrivilegedDevices and createBlockIO per-platform - * libpod/runtime_pod: Make removePod per-platform - * libpod/networking_unsupported: Remove JoinNetworkNameSpace - * .travis: Run gofmt and lint on OS X - * rootless: Merge rootless.go back into rootless_linux.go - * Makefile: Use a pattern rule for cross-compilation - * more changes to compile darwin - * Fix timeout issue with built-in volume test - * rootless: add /run/user/$UID to the lookup paths - * rootless: add function to retrieve the original UID - * rootless: always set XDG_RUNTIME_DIR - * rootless: set XDG_RUNTIME_DIR also for state and exec - * libpod/container: Replace containerState* with containerPlatformState - * urfave/cli: fix parsing of short opts - * docs: Follow man-pages(7) suggestions for SYNOPSIS - * Allow multiple mounts - * Makefile: Use 'git diff' to show gofmt changes - * Skip a test in Travis that has timeout issues - * vendor in selinux and buildah for darwin compilation - * add image user to inspect data - * changes to allow for darwin compilation - * Bump gitvalidation epoch - * Bump to v0.7.1-dev - -- Changelog for v0.6.5 (2018-06-29) - * Fix built-in volume issue with podman run/create - * Add `podman container cleanup` to CLI - * Allow multiple containers and all for umount - * Returning joining namespace error should not be fatal - * Start using github.com/seccomp/containers-golang - * Test to verify overlay quotas work, show container overhead on quota - * conmon no longer writes to syslog - * Fix broken f28/cloud instance - * Vendor latest projectatomic/buildah - * vendor in latest golang/x/sys - * vendor in latest docker package - * Remove the --registry flag from podman search - * utils: fix endless write of resize event - * Start prints UUID or container name that user inputs on success - * cmd/podman/utils.go: Cancel-able resize writes - * Fix podman hangs when detecting startup error in container attached mode - * travis: bump go to 1.9.x and 1.10.x - * podman-build --help: update description - * *: Replace Generator.Spec() with Generator.Config - * generator.New() requires an OS string input variable - * Vendor in latest buildah - * Vendor in latest runtime-tools - * docs: add documentation for rootless containers - * runtime: change rootless data storage default path - * rootless: use $HOME/.config/containers/libpod.conf - * test: add env variables to the debug output - * rootless: do not configure additional groups - * oci: set XDG_RUNTIME_DIR to the runtime from GetRootlessRuntimeDir() - * rootless: add management for the userNS - * container_internal: don't ignore error from cleanupNetwork() - * Mark containers invalid earlier during removal - * Add --authfile to podman search - * Vendor in latest containers/image - * add podman remote client - * Vendor in go-selinux again - * Update the vendoring of github.com/opencontainers/selinux - * Containers can dissappear - * Add podman-image and podman-container man page links - * Update ocicni vendor to pick up bugfixes - * make varlink optional for podman - * Bump gitvalidation epoch - * Bump to v0.6.5-dev - -- Changelog for v0.6.4 (2018-06-22) - * Add tests for podman refresh - * Point podman-refresh at the right manpage - * Add bash completions for podman refresh - * Add manpages for podman refresh - * Move podman refresh under the container subcommand - * Make CGroups cleanup optional on whether they exist - * Add podman refresh command - * Add Refresh() to ctrs to refresh state after db change - * Add information about the configuration files to the install docs - * Add unittests and fix bugs - * Fix docs on --sig-proxy to match current behaviour - * Podman history now prints out intermediate image IDs - * Add cap-add and cap-drop to build man page - * Option handling has become large and should be a shared function - * Fix image volumes access and mount problems on restart - * We are using err in defer function, needs to be defined name - * Update the version of conmon used in test - * install: need to install make on Fedora-like distros - * Vendor containers/storage for better error reporting on dups - * libpod: fix race with attach/start - * Implement SSH tunnels between client and podman server - * Add carriage return to log message when using --tty flag - * Errors from closing a netns on removal from DB are nonfatal - * Vendor in latest go-selinux - * Added --sort to ps - * Fix podman build -q - * Add extra debug so we can tell apart postdelete hooks - * hack/ostree_tag.sh: Fill in OSTree dependencies - * TLS verify is skipped per registry. - * Add missing functionality for podman build layers - * Add --all,-a flag to podman images - * Add MacAddress to inspect - * Update gitvalidation epoch - * top: make output tabular - * Add more network info ipv4/ipv6 and be more compatible with docker - * Do not run iptablesDNS workaround on IPv6 addresses - * Added --tls-verify functionality to podman search, with tests - * Bump gitvalidation epoch - * Bump to v0.6.4-dev - -- Changelog for v0.6.3 (2018-06-15) - * spec: remove dead code - * test: add test for running a rootless container - * container: specify path to error message - * podman: use a different store for the rootless case - * container: do not set any mapping when using a rootfs - * podman: do not use Chown in rootless mode - * network: do not attempt to create a network in rootless mode - * oci: do not set resources in rootless mode - * oci: do not use hooks in rootless mode - * oci: do not set the cgroup path in Rootless mode - * spec: change mount options for /dev/pts in rootless mode - * container: do not add shm in rootless mode - * oci: pass XDG_RUNTIME_DIR down to the OCI runtime - * podman: allow to override Tmpdir - * podman: provide a default UID mapping when non root - * podman: accept option --rootfs to use exploded images - * When setting a memory limit, also set a swap limit - * Fix cleaning up network namespaces on detached ctrs - * Vendor in latest projectatomic/buildah - * Temporarily turn of ps --last test until fixed - * Implement --latest for ps - * Correctly report errors retrieving containers in ps - * Doc changes to fix alignment on most of the docs - * Added --sort flag to podman image - * add podman container and image command - * Vendor in latest buildah code - * rmi: remove image if all tags are specified - * Aliases do not work with IsSet - * Touchups for registries.conf across a few man pages - * Remove container from state before cleaning up. - * hack/release.sh: Add a guard against -dev suffixes for argv[2] - * Bump gitvalidation epoch - * Bump to v0.6.3-dev - -- Changelog for v0.6.2 (2018-06-08) - * Test to make sure we are getting proper exit codes on podman run - * Propegate exit code on Exec calls and integrated test - * Vendor in latest buildah code - * Update epoch to fix validation problems - * Touch up whitespace issue in build man - * Add disable-content flag info to man page for build - * podman-run: clean up some formatting issues - * Add pointers for Integration Tests to docs - * Remove SELinux transition rule after conmon is started. - * Add --all flag even though it is a noop so scripts will work - * Add support for BuildImage - * Added a defer to an Unlock that immediately followed a Lock - * varlink build fixes - * podman-varlink: log timeouts - * bash completion: remove shebang - * install.md: fix typo - * Vendor in latest buildah code - * Update OWNERS file to be based on reality - * Add logo to transfer page - * libpod: Execute poststop hooks locally - * Add some test for podman run flag security-opt - * Add a function for e2e test to write json file - * Use go-selinux for selinux check - * Add flag to add annotations to a container - * Want to change the log level on buildah by default to warnf - * vendor in latest github.com/varlink/go - * hooks: Add debug logging for initial hook loading - * hooks/docs: Fix 1.0.0 Nvidia example (adding version, etc.) - * hooks/1.0.0/when_test: Fix "both, and" -> "both, or" name typo - * hooks/1.0.0: Fix 'annotation' -> 'annotations' in JSON - * hooks: Fail ReadDir if a configured hook executable is missing - * Cleanup transfer.md page, remove CRI-O content - * Vendor in latest containers/storage - * Bump gitvalidation epoch - * Bump to v0.6.2-dev - -- Changelog for v0.6.1 (2018-06-01) - * hack/release.sh: Bump spec in dev_version_commit - * hack/release.sh: No longer need to bump setup.py - * Provide examples for python podman API - * Bump Buildah vendor to pick up fix for tests - * Log podman build failures in papr - * Use Version from spec file in setup.py - * Attempt to use fedora 28 atomic host - * Fix lable handling - * runtime: add /usr/libexec/podman/conmon to the conmon paths - * varlink build - * Add OnBuild support for podman build - * return all inspect info for varlink containerinspect - * hooks/exec: Allow successful reaps for 0s post-kill timeouts - * hack/release.sh: Add a release script - * Implement container attach - * If user specifies UIDMapSlice without GIDMapSlice, set them equal - * fix panic with podman pull - * pkg/hooks/exec: Add a new package for local hook execution - * Remove --net flag and make it an alias for --network - * Catch does not exist error - * hooks: Rename Hooks() output to extensionStageHooks - * hooks: Allow local control of OCI stages via extensionStages - * We need to change the SELinux label of the conmon process to s0 - * Clear all caps, except the bounding set, when --user is specified. - * Makefile: Add stderr redirect to HAS_PYTHON3 definition - * Force update of API.md - * do not allow port related args to be used with --network=container: - * Update .gitignore for Varlink code and gopathok - * sort containers and images by create time - * Cleanup man pages - * add go generate varlink to copr spec - * Remove varlink's generated Go file - * Bump gitvalidation epoch - * Bump to v0.6.1-dev - -- Changelog for v0.5.4 (2018-05-25): - * Vendor in latest projectatomic/buildah - * Rename addFIPSsModeSecret to addFIPSModeSecret - * Make references to the Process part of Spec conditional - * save and load should support multi-tag for docker-archive - * Implement python podman create and start - * Spell check strings and comments - * hooks/1.0.0: Error on empty process.args instead of panicking - * Set Entrypoint from image only if not already set - * Update podman build to match buildah bud functionality - * Fix test_runner call of podman varlink - * Fix handling of command in images - * Add support for Zulu timestamp parsing - * Clarify using podman build with a URL, Git repo, or archive. - * Vendor in latest container/storage for devicemapper support - * set varlink timeout to 1 seconds - * podman create, start, getattachsocket - * use $GO env-var instead of hard-coded go binary - * tidy up the copr spec - * honor multiple change values - * hooks/README: Fix some Markdown typos (e.g. missing runc target) - * oci-hooks.5: Discuss directory precedence and monitoring - * finish changing the path for varlink - * Tighten the security on the podman varlink socket - * Implement podman.containers.commit() - -- Changelog for v0.5.3 (2018-05-18): - * remove hooks files reference and no varlink-python on f27 or epel - * contrib/spec/podman.spec.in: Drop README-hooks - * troubleshooting: Add console syntax highlighting - * Fix typo - * Refresh pods when refreshing podman state - * Add per-pod CGroups - * Add pod state - * hooks: Fix monitoring of multiple directories - * make sure hooks are renamed for copr spec - * Use container cleanup() functions when removing - * docs/podman.1: Link to hook documentation - * hooks/docs: Add oci-hooks.5 and per-package man page building - * Add Troubleshooting guide - * chrootuser: default to GID 0 when given a numeric --user - * Add python3 package to podman - * libpod: fix panic when using -t and the process fails to start - * Makefile: Use ?= for shell variables (ISODATE, etc.) - * Skip tests that are flaking, holding up merge queue - * Remove old varlink tests - * Allow push/save without image reference - * Vendor in latest containers/image - * Makefile: Respect GOBIN - * Fix podman inspect bash completions - * Update Tutorial with Fedora kit location - * Makefile: Drop find-godeps.sh for podman target - * Support pulling Dockerfile from http - * Refactor libpod python varlink bindings - * add more bash completions - * improve podman commit documentation and error messages - * Touch up logo links - * implement varlink commit - * fix segfault for podman push - * Add the Podman Logo - * logo: Remove unused directory - * hooks: Add package support for extension stages - * Gracefully handle containers removed from c/storage - * Add packaging for hooks/README.md - * Remove stop on error from Docker install switch in baseline tests - * docs: fix contrib/cni broken link - -- Changelog for v0.5.2 (2018-05-11): - * vendor/golang.org/x/text: Vendor collate and language - * hooks: Order injection by collated JSON filename - * libpod: Add HooksDirNotExistFatal - * hooks/read: Ignore IsNotExist for JSON files in ReadDir - * pkg/hooks: Version the hook structure and add 1.0.0 hooks - * Fix varlink remove image force - * Update Podman-specific readme - * Update main README - * vendor.conf: Pin containernetworking/plugins to 1fb94a42 - * Do not error trying to remove cgroups that don't exist - * Remove parent cgroup we create with cgroupfs - * Place Conmon and Container in separate CGroups - * Add --cgroup-manager flag to Podman binary - * Major fixes to systemd cgroup handling - * Skip systemd-style CGroups test - * Alter CGroup path handling for 'podman top' - * Add validation for CGroup parents. Pass CGroups path into runc - * vendor/github.com/docker/docker/hack: Remove unused directory - * varlink info - * vendor.conf: Bump containerd/cgroups to 77e62851 - * vendor.conf: Bump CNI to v0.6.0 - * Dont eat the pull error message for varlink - * podman push should honor registries.conf - * alphabetize the varlink methods, types, and errors in the docs - * Add missing newline to podman port - * Generate varlink API documentation automatically - * Allow streaming on some varlink container methods - * Remove extra close from attach resize channel - * Vendor in latest containers/storage fix for UserNS - * container.go: fix lint error - * Dockerfile.Fedora: use fedora:28 instead of fedora:27 - * Fix calculation of RunningFor in ps json output - * Should not error out if container no longer exists in oci - * Make invalid state nonfatal when cleaning up in run - * test/e2e/run_userns_test.go: new file - * podman, userNS: configure an intermediate mount namespace - * networking, userNS: configure the network namespace after create - * Begin wiring in USERNS Support into podman - -- Changelog for v0.5.1 (2018-05-04): - * Fix pulling from secure registry - * Optionally init() during container restart - * bashcompletion enhancements - * Add directory for systemd socket and service if not present - * varlink containers - * Make podman commit to localhost rather then docker.io - * Trivial refactor on volume addition - * When adding volumes to DB, handle nontrivial cases - * Add accessors for new image fields in container config - * Store user Volumes, Entrypoint, Command in database - * Further fix Godoc comments in options.go - * Update hooks to use config bool to detect volume mounts - * Fix Godoc comments in options.go - * Add config bool to indicate there are user volumes - * Print the Buildah comment from commit to given writer - * Do not print unnecessary Buildah details during commit - * remove options from create/run that we cannot support - * fix typos in the inspect json structs - * Fix podman logout --all flag - * podman should assign a host port to -p when omitted - * Vendor in latest buildah - * Fix misc stuff found by jhonce - * libpod.conf: Podman's conmon path on openSUSE - * Add iidfile parame to build and commit man pages - * do not commit default volumes from container - * correct varlink command in service file - * Vendor in latest containers/image - * Make ':' a restricted character for file names - * Add more validation to --volume flag for run and create - * Fix libseccomp not working in travis - * CONTRIBUTING: Document PR approval and link to OWNERS - * OWNERS: rename 'assignees' to 'approvers' - -- Changelog for v0.4.4 (2018-04-27): - * Use buildah commit and bud in podman - * README: Link to CONTRIBUTING.md - * Remove systemd-cat support - * Refactor unittest for varlink component - * Update .gitignore for python work - * Modify secrets pkg - * varlink images - * Retrieve IP addresses for container from DB - * Add --default-mounts-file hidden flag - * Add isolation note to build man page - * Modify man pages so they compile correctly in mandb - * Strip transport from image name when looking for local image - * readme: improve formatting, add links - * updated epoch for bad dco - * Only generate the varlink glue code if needed and from the vendor dir - * Latest revendoring deleted the cmd dir in varlink - * Remove more Errorf in favor of Wrapf - * Do not eat error messages from pullImage - * Updated varlink vendored code - * Add unit files to the copr spec - * packagers need the varlink generated file - * Makefile; make podman depend on varlink_generate - * Modify --user flag for podman create and run - * Add some podman search test with filter - * Fix podman search no-trunc test - * Dusty would prefer it to be part of the release. - * Add FIPS mode secret - * Initial varlink implementation - * Add restart test with timeout - * Improve restart latest container test - * Add start time check for restart test - * add libpod.conf man page - * Add seconds after epoch to copr rpms to tie break versioning - * enable no test cache - -- Changelog for v0.4.3 (2018-04-20): - * podman push without destination image - * Add make .git target - * Fix tests for podman run --attach - * Print ctr ID if neither STDOUT and STDERR are attached - * Add one test case for check diff in container and committed image - * Vendor in latest containers/image and contaners/storage - * Fix a typo - * It is OK to start an already running container (with no attach) - * Refactor logic for forceSecure in pull for readability - * Small logic fix for podman pull with tls-verify - * Allow podman start to attach to a running container - * regression: tls verify should be set on registries.conf if insecure - * ip validation game too strong - * - reverse host field order (ip goes first) - fix host string split to permit IPv6 - * Allow podman to exit exit codes of removed containers - * Modify diff and inspect docs - * Add oci-systemd-hook as a runtime dep to copr spec - * validate dns-search values prior to creation - * Change container.locked to batched - * Add a function for check if command exist - * Add WaitContainerReady for wait for docker registry ready - * Add several podman push tests - * podman pull should always try to pull - * Allow the use of -i/-a on any container - * Fix secrets patch - * Remove demos.sh file from test - -- Changelog for v0.4.2 (2018-04-13): - * Fix podman run --attach tests - * Fix another comparison of a Go interface against nil - * Allowing attaching stdin to non-interactive containers - * Add tests for podman attach - * Change attach to accept a struct containing streams - * Fix terminal attach - * Changes to attach to enable per-stream attaching - * HACK temporary fix for test suite - * Fix locking interaction in batched Exec() on container - * Fix leaking files in Ginkgo - * Force host UID/GID mapping when creating containers - * Do not lock all containers during pod kill - * Make pod stop lock one container at a time - * Do not lock all containers during pod start - * Containers transitioning to stop should not break stats - * Add -i to exec for compatibility reasons - * Unescape characters in inspect JSON format output - * Use buildah commit for podman commit - * Functionality changes to the following flags - * Vendor in latest containers/storage and containers/image - -- Changelog for v0.4.1 (2018-04-05): - * Remove image via storage if a buildah container is associated - * Add hooks support to podman - * Run images with no names - * Prevent a potential race when stopping containers - * Only allocate tty when -t - * Stopping a stopped container should not be an error - * Add conmon-pidfile flag to bash completions/manpages - * --entrypoint= should delete existing entrypoint - * Fix golint - * Remove explicit Init() calls in run and start - * Refactor dependency checks from init() into public API - * Do not require Init() before Start() - * Ensure dependencies are running before initializing containers - * Add container dependencies to Inspect output - * Add backend code for generic dependencies - * Vendor in latest containers/image - * Makefile: Fix typo podmon -> podman - * Correct a godoc comment - * Sleep for 5 seconds before pushing to registry in tests - * Change errorf to warnf in warning removing ctr storage - * Don't return an ImageConfig when creating storage - * More gracefully handle unexpected storage deletion - * Remove crictl from Dockerfile - * Eliminate raceyness of sig-proxy test - -- Changelog for v0.3.5 (2018-03-29): - * Allow sha256: prefix for input - * Add secrets patch to podman - * Fix tests - * Remove a loop in container graph - * Only start containers that are not running in pod start - * Change pod Start() to use container dependency graph - * Add tests for container graphs - * Initial implementation of container graph generation - * Error is already wrapped properly. - * Check for duplicate names when generating new container and pod names. - * podman: new option --conmon-pidfile= - * Ensure container dependencies are part of the same pod - * Prevent ctrs not in pods from depending on pod ctrs - * Disable --sig-proxy tests due to race conditions - * Remove dependency on kubernetes - * Vendor in lots of kubernetes stuff to shrink image size - * Fix some minor issues lint has been picking up - * cmd/podman/run.go: Error nicely when no image found - * podman exec should handle options --env foo - * Remove current SQLite DB driver - * Update containers/storage to pick up overlay driver fix - * First tag, untag THEN reload the image - * Add files section to podman man page - -- Changelog for v0.3.4 (2018-03-23): - * Bump version to v0.3.4 - * Make container env variable conditional - * Stage 4 Image cleanup - * Add CONTAINER environment variable - * Small manpage reword - * Document .containerenv in manpages. Move it to /run. - * Add .containerenv file - * Add script to determine dependency sizes - * If cidfile exists, do not proceed - * Removing tagged images change in behavior - * Use podman to test podman on FAH - * Migrate podman inspect and tag to image library - * Migrate podman images to image library - * Makefile: add changelog target - * Image library stage 4 - create and commit - * Add 'podman restart' asciinema - * Fix Travis tests for sig-proxy diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 3966606e3..e925fb4f1 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -223,7 +223,7 @@ func getSecrets(cmd *cobra.Command, toComplete string) ([]string, cobra.ShellCom cobra.CompErrorln(err.Error()) return nil, cobra.ShellCompDirectiveNoFileComp } - secrets, err := engine.SecretList(registry.GetContext()) + secrets, err := engine.SecretList(registry.GetContext(), entities.SecretListRequest{}) if err != nil { cobra.CompErrorln(err.Error()) return nil, cobra.ShellCompDirectiveNoFileComp diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go index b76a71f0d..2ab33c26b 100644 --- a/cmd/podman/generate/systemd.go +++ b/cmd/podman/generate/systemd.go @@ -12,15 +12,22 @@ import ( "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/cmd/podman/utils" "github.com/containers/podman/v3/pkg/domain/entities" + systemDefine "github.com/containers/podman/v3/pkg/systemd/define" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) +const ( + restartPolicyFlagName = "restart-policy" + timeFlagName = "time" +) + var ( files bool format string systemdTimeout uint + systemdRestart string systemdOptions = entities.GenerateSystemdOptions{} systemdDescription = `Generate systemd units for a pod or container. The generated units can later be controlled via systemctl(1).` @@ -47,7 +54,6 @@ func init() { flags.BoolVarP(&systemdOptions.Name, "name", "n", false, "Use container/pod names instead of IDs") flags.BoolVarP(&files, "files", "f", false, "Generate .service files instead of printing to stdout") - timeFlagName := "time" flags.UintVarP(&systemdTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Stop timeout override") _ = systemdCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone) flags.BoolVarP(&systemdOptions.New, "new", "", false, "Create a new container or pod instead of starting an existing one") @@ -65,8 +71,7 @@ func init() { flags.StringVar(&systemdOptions.Separator, separatorFlagName, "-", "Systemd unit name separator between name/id and prefix") _ = systemdCmd.RegisterFlagCompletionFunc(separatorFlagName, completion.AutocompleteNone) - restartPolicyFlagName := "restart-policy" - flags.StringVar(&systemdOptions.RestartPolicy, restartPolicyFlagName, "on-failure", "Systemd restart-policy") + flags.StringVar(&systemdRestart, restartPolicyFlagName, systemDefine.DefaultRestartPolicy, "Systemd restart-policy") _ = systemdCmd.RegisterFlagCompletionFunc(restartPolicyFlagName, common.AutocompleteSystemdRestartOptions) formatFlagName := "format" @@ -77,9 +82,12 @@ func init() { } func systemd(cmd *cobra.Command, args []string) error { - if cmd.Flags().Changed("time") { + if cmd.Flags().Changed(timeFlagName) { systemdOptions.StopTimeout = &systemdTimeout } + if cmd.Flags().Changed(restartPolicyFlagName) { + systemdOptions.RestartPolicy = &systemdRestart + } if registry.IsRemote() { logrus.Warnln("The generated units should be placed on your remote system") diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go index bd3060882..4c7fa33a4 100644 --- a/cmd/podman/inspect/inspect.go +++ b/cmd/podman/inspect/inspect.go @@ -254,7 +254,9 @@ func printTmpl(typ, row string, data []interface{}) error { if err != nil { return err } - return t.Execute(w, data) + err = t.Execute(w, data) + w.Flush() + return err } func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]interface{}, []error, error) { diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index 3a89cfb87..ec44a707d 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index 134a081ab..d4360bb9b 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/machine/machine.go b/cmd/podman/machine/machine.go index b059afc38..8ff9055f0 100644 --- a/cmd/podman/machine/machine.go +++ b/cmd/podman/machine/machine.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/machine/rm.go b/cmd/podman/machine/rm.go index 02e3dfeb8..c17399c78 100644 --- a/cmd/podman/machine/rm.go +++ b/cmd/podman/machine/rm.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index b52a48faf..85101a641 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index f8f0eed09..4ae31e6de 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -1,8 +1,10 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine import ( + "fmt" + "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" "github.com/containers/podman/v3/pkg/machine/qemu" @@ -58,5 +60,9 @@ func start(cmd *cobra.Command, args []string) error { if err != nil { return err } - return vm.Start(vmName, machine.StartOptions{}) + if err := vm.Start(vmName, machine.StartOptions{}); err != nil { + return err + } + fmt.Printf("Machine %q started successfully\n", vmName) + return nil } diff --git a/cmd/podman/machine/stop.go b/cmd/podman/machine/stop.go index 2d5aa7b95..76ba85601 100644 --- a/cmd/podman/machine/stop.go +++ b/cmd/podman/machine/stop.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 1f3b321ba..b5ddd215f 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -11,6 +11,7 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -56,7 +57,8 @@ func networkCreateFlags(cmd *cobra.Command) { macvlanFlagName := "macvlan" flags.StringVar(&networkCreateOptions.MacVLAN, macvlanFlagName, "", "create a Macvlan connection based on this device") - _ = cmd.RegisterFlagCompletionFunc(macvlanFlagName, completion.AutocompleteNone) + // This option is deprecated + flags.MarkHidden(macvlanFlagName) labelFlagName := "label" flags.StringArrayVar(&labels, labelFlagName, nil, "set metadata on a network") @@ -100,6 +102,11 @@ func networkCreate(cmd *cobra.Command, args []string) error { if err != nil { return errors.Wrapf(err, "unable to process options") } + + if networkCreateOptions.MacVLAN != "" { + logrus.Warn("The --macvlan option is deprecated, use `--driver macvlan --opt parent=<device>` instead") + } + response, err := registry.ContainerEngine().NetworkCreate(registry.Context(), name, networkCreateOptions) if err != nil { return err diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go index 4bb88f48a..96eaec3b9 100644 --- a/cmd/podman/pods/inspect.go +++ b/cmd/podman/pods/inspect.go @@ -80,5 +80,7 @@ func inspect(cmd *cobra.Command, args []string) error { if err != nil { return err } - return t.Execute(w, *responses) + err = t.Execute(w, *responses) + w.Flush() + return err } diff --git a/cmd/podman/pods/logs.go b/cmd/podman/pods/logs.go new file mode 100644 index 000000000..fe5205669 --- /dev/null +++ b/cmd/podman/pods/logs.go @@ -0,0 +1,140 @@ +package pods + +import ( + "os" + + "github.com/containers/common/pkg/completion" + "github.com/containers/podman/v3/cmd/podman/common" + "github.com/containers/podman/v3/cmd/podman/registry" + "github.com/containers/podman/v3/cmd/podman/validate" + "github.com/containers/podman/v3/libpod/define" + "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/containers/podman/v3/pkg/util" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +// logsOptionsWrapper wraps entities.LogsOptions and prevents leaking +// CLI-only fields into the API types. +type logsOptionsWrapper struct { + entities.PodLogsOptions + + SinceRaw string + + UntilRaw string +} + +var ( + logsPodOptions logsOptionsWrapper + logsPodDescription = `Displays logs for pod with one or more containers.` + logsPodCommand = &cobra.Command{ + Use: "logs [options] POD", + Short: "Fetch logs for pod with one or more containers", + Long: logsPodDescription, + // We dont want users to invoke latest and pod togather + Args: func(cmd *cobra.Command, args []string) error { + switch { + case registry.IsRemote() && logsPodOptions.Latest: + return errors.New(cmd.Name() + " does not support 'latest' when run remotely") + case len(args) > 1: + return errors.New("requires exactly 1 arg") + case logsPodOptions.Latest && len(args) > 0: + return errors.New("--latest and pods cannot be used together") + case !logsPodOptions.Latest && len(args) < 1: + return errors.New("specify at least one pod name or ID to log") + } + return nil + }, + RunE: logs, + ValidArgsFunction: common.AutocompletePods, + Example: `podman pod logs podID + podman pod logs -c ctrname podName + podman pod logs --tail 2 mywebserver + podman pod logs --follow=true --since 10m podID + podman pod logs mywebserver`, + } + + containerLogsCommand = &cobra.Command{ + Use: logsPodCommand.Use, + Short: logsPodCommand.Short, + Long: logsPodCommand.Long, + Args: logsPodCommand.Args, + RunE: logsPodCommand.RunE, + ValidArgsFunction: logsPodCommand.ValidArgsFunction, + Example: `podman pod logs podId + podman pod logs -c ctrname podName + podman pod logs --tail 2 mywebserver + podman pod logs --follow=true --since 10m podID`, + } +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: logsPodCommand, + }) + logsFlags(logsPodCommand) + validate.AddLatestFlag(logsPodCommand, &logsPodOptions.Latest) + + // container logs + registry.Commands = append(registry.Commands, registry.CliCommand{ + Command: containerLogsCommand, + Parent: podCmd, + }) + logsFlags(containerLogsCommand) + validate.AddLatestFlag(containerLogsCommand, &logsPodOptions.Latest) +} + +func logsFlags(cmd *cobra.Command) { + flags := cmd.Flags() + + flags.BoolVar(&logsPodOptions.Details, "details", false, "Show extra details provided to the logs") + flags.BoolVarP(&logsPodOptions.Follow, "follow", "f", false, "Follow log output.") + + containerNameFlag := "container" + flags.StringVarP(&logsPodOptions.ContainerName, containerNameFlag, "c", "", "Filter logs by container name or id which belongs to pod") + _ = cmd.RegisterFlagCompletionFunc(containerNameFlag, common.AutocompleteContainers) + + sinceFlagName := "since" + flags.StringVar(&logsPodOptions.SinceRaw, sinceFlagName, "", "Show logs since TIMESTAMP") + _ = cmd.RegisterFlagCompletionFunc(sinceFlagName, completion.AutocompleteNone) + + untilFlagName := "until" + flags.StringVar(&logsPodOptions.UntilRaw, untilFlagName, "", "Show logs until TIMESTAMP") + _ = cmd.RegisterFlagCompletionFunc(untilFlagName, completion.AutocompleteNone) + + tailFlagName := "tail" + flags.Int64Var(&logsPodOptions.Tail, tailFlagName, -1, "Output the specified number of LINES at the end of the logs.") + _ = cmd.RegisterFlagCompletionFunc(tailFlagName, completion.AutocompleteNone) + + flags.BoolVarP(&logsPodOptions.Timestamps, "timestamps", "t", false, "Output the timestamps in the log") + flags.SetInterspersed(false) + _ = flags.MarkHidden("details") +} + +func logs(_ *cobra.Command, args []string) error { + if logsPodOptions.SinceRaw != "" { + // parse time, error out if something is wrong + since, err := util.ParseInputTime(logsPodOptions.SinceRaw, true) + if err != nil { + return errors.Wrapf(err, "error parsing --since %q", logsPodOptions.SinceRaw) + } + logsPodOptions.Since = since + } + if logsPodOptions.UntilRaw != "" { + // parse time, error out if something is wrong + until, err := util.ParseInputTime(logsPodOptions.UntilRaw, false) + if err != nil { + return errors.Wrapf(err, "error parsing --until %q", logsPodOptions.UntilRaw) + } + logsPodOptions.Until = until + } + + // Remote can only process one container at a time + if registry.IsRemote() && logsPodOptions.ContainerName == "" { + return errors.Wrapf(define.ErrInvalidArg, "-c or --container cannot be empty") + } + + logsPodOptions.StdoutWriter = os.Stdout + logsPodOptions.StderrWriter = os.Stderr + return registry.ContainerEngine().PodLogs(registry.GetContext(), args[0], logsPodOptions.PodLogsOptions) +} diff --git a/cmd/podman/secrets/list.go b/cmd/podman/secrets/list.go index e64990c6f..f136de4ab 100644 --- a/cmd/podman/secrets/list.go +++ b/cmd/podman/secrets/list.go @@ -48,7 +48,7 @@ func init() { } func ls(cmd *cobra.Command, args []string) error { - responses, err := registry.ContainerEngine().SecretList(context.Background()) + responses, err := registry.ContainerEngine().SecretList(context.Background(), entities.SecretListRequest{}) if err != nil { return err } diff --git a/contrib/cirrus/pr-should-include-tests b/contrib/cirrus/pr-should-include-tests index 0124e238e..09ab002cf 100755 --- a/contrib/cirrus/pr-should-include-tests +++ b/contrib/cirrus/pr-should-include-tests @@ -35,7 +35,6 @@ filtered_changes=$(git diff --name-status $base $head | fgrep -vx .cirrus.yml | fgrep -vx .gitignore | fgrep -vx Makefile | - fgrep -vx changelog.txt | fgrep -vx go.mod | fgrep -vx go.sum | egrep -v '^[^/]+\.md$' | diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 0e32fb20d..00e94b41d 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1125,21 +1125,21 @@ Example: `containers:2147483647:2147483648`. Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode - Valid `auto`options: + Valid `auto` options: - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace. - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace. - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace. -- **container:**_id_: join the user namespace of the specified container. +**container:**_id_: join the user namespace of the specified container. -- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). +**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). -- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. -- **ns:**_namespace_: run the container in the given existing user namespace. +**ns:**_namespace_: run the container in the given existing user namespace. -- **private**: create a new namespace for the container. +**private**: create a new namespace for the container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 227fbd92d..7127f9026 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -31,23 +31,18 @@ Run podman info with plain text response: $ podman info host: arch: amd64 - buildahVersion: 1.19.0-dev - cgroupControllers: - - cpuset - - cpu - - io - - memory - - pids + buildahVersion: 1.22.3 + cgroupControllers: [] cgroupManager: systemd cgroupVersion: v2 conmon: - package: conmon-2.0.22-2.fc33.x86_64 + package: conmon-2.0.29-2.fc34.x86_64 path: /usr/bin/conmon - version: 'conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01' + version: 'conmon version 2.0.29, commit: ' cpus: 8 distribution: distribution: fedora - version: "33" + version: "34" eventLogger: journald hostname: localhost.localdomain idMappings: @@ -65,108 +60,112 @@ host: - container_id: 1 host_id: 100000 size: 65536 - kernel: 5.9.11-200.fc33.x86_64 + kernel: 5.13.13-200.fc34.x86_64 linkmode: dynamic - memFree: 837505024 - memTotal: 16416481280 + logDriver: journald + memFree: 1351262208 + memTotal: 16401895424 ociRuntime: name: crun - package: crun-0.16-1.fc33.x86_64 + package: crun-1.0-1.fc34.x86_64 path: /usr/bin/crun version: |- - crun version 0.16 - commit: eb0145e5ad4d8207e84a327248af76663d4e50dd + crun version 1.0 + commit: 139dc6971e2f1d931af520188763e984d6cdfbf8 spec: 1.0.0 - +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL + +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL os: linux remoteSocket: - exists: true path: /run/user/3267/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true + seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true + serviceIsRemote: false slirp4netns: executable: /bin/slirp4netns - package: slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64 + package: slirp4netns-1.1.12-2.fc34.x86_64 version: |- - slirp4netns version 1.1.4+dev - commit: eecccdb96f587b11d7764556ffacfeaffe4b6e11 - libslirp: 4.3.1 + slirp4netns version 1.1.12 + commit: 7a104a101aa3278a2152351a082a6df71f57c9a3 + libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.0 - swapFree: 6509203456 - swapTotal: 12591292416 - uptime: 264h 14m 32.73s (Approximately 11.00 days) + swapFree: 16818888704 + swapTotal: 16886259712 + uptime: 33h 57m 32.85s (Approximately 1.38 days) +plugins: + log: + - k8s-file + - none + - journald + network: + - bridge + - macvlan + volume: + - local registries: + localhost:5000: + Blocked: false + Insecure: true + Location: localhost:5000 + MirrorByDigestOnly: false + Mirrors: null + Prefix: localhost:5000 search: - registry.fedoraproject.org - registry.access.redhat.com - - registry.centos.org - docker.io store: configFile: /home/dwalsh/.config/containers/storage.conf containerStore: - number: 3 + number: 2 paused: 0 - running: 0 - stopped: 3 + running: 1 + stopped: 1 graphDriverName: overlay - graphOptions: - overlay.mount_program: - Executable: /home/dwalsh/bin/fuse-overlayfs - Package: Unknown - Version: |- - fusermount3 version: 3.9.3 - fuse-overlayfs: version 0.7.2 - FUSE library version 3.9.3 - using FUSE kernel interface version 7.31 + graphOptions: {} graphRoot: /home/dwalsh/.local/share/containers/storage graphStatus: Backing Filesystem: extfs - Native Overlay Diff: "false" + Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" imageStore: - number: 77 + number: 37 runRoot: /run/user/3267/containers volumePath: /home/dwalsh/.local/share/containers/storage/volumes version: - APIVersion: 3.0.0 - Built: 1608562922 - BuiltTime: Mon Dec 21 10:02:02 2020 - GitCommit: d6925182cdaf94225908a386d02eae8fd3e01123-dirty - GoVersion: go1.15.5 + APIVersion: 3.3.1 + Built: 1631137208 + BuiltTime: Wed Sep 8 17:40:08 2021 + GitCommit: ab272d1e9bf4daac224fb230e0c9b5c56c4cab4d-dirty + GoVersion: go1.16.6 OsArch: linux/amd64 - Version: 3.0.0-dev - + Version: 3.3.1 ``` Run podman info with JSON formatted response: ``` +$ ./bin/podman info --format json { "host": { "arch": "amd64", - "buildahVersion": "1.19.0-dev", + "buildahVersion": "1.22.3", "cgroupManager": "systemd", "cgroupVersion": "v2", - "cgroupControllers": [ - "cpuset", - "cpu", - "io", - "memory", - "pids" - ], + "cgroupControllers": [], "conmon": { - "package": "conmon-2.0.22-2.fc33.x86_64", + "package": "conmon-2.0.29-2.fc34.x86_64", "path": "/usr/bin/conmon", - "version": "conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01" + "version": "conmon version 2.0.29, commit: " }, "cpus": 8, "distribution": { "distribution": "fedora", - "version": "33" + "version": "34" }, "eventLogger": "journald", "hostname": "localhost.localdomain", @@ -196,81 +195,99 @@ Run podman info with JSON formatted response: } ] }, - "kernel": "5.9.11-200.fc33.x86_64", - "memFree": 894574592, - "memTotal": 16416481280, + "kernel": "5.13.13-200.fc34.x86_64", + "logDriver": "journald", + "memFree": 1274040320, + "memTotal": 16401895424, "ociRuntime": { "name": "crun", - "package": "crun-0.16-1.fc33.x86_64", + "package": "crun-1.0-1.fc34.x86_64", "path": "/usr/bin/crun", - "version": "crun version 0.16\ncommit: eb0145e5ad4d8207e84a327248af76663d4e50dd\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL" + "version": "crun version 1.0\ncommit: 139dc6971e2f1d931af520188763e984d6cdfbf8\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL" }, "os": "linux", "remoteSocket": { - "path": "/run/user/3267/podman/podman.sock", - "exists": true + "path": "/run/user/3267/podman/podman.sock" }, + "serviceIsRemote": false, "security": { "apparmorEnabled": false, "capabilities": "CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT", "rootless": true, "seccompEnabled": true, + "seccompProfilePath": "/usr/share/containers/seccomp.json", "selinuxEnabled": true }, "slirp4netns": { "executable": "/bin/slirp4netns", - "package": "slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64", - "version": "slirp4netns version 1.1.4+dev\ncommit: eecccdb96f587b11d7764556ffacfeaffe4b6e11\nlibslirp: 4.3.1\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" + "package": "slirp4netns-1.1.12-2.fc34.x86_64", + "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" }, - "swapFree": 6509203456, - "swapTotal": 12591292416, - "uptime": "264h 13m 12.39s (Approximately 11.00 days)", + "swapFree": 16818888704, + "swapTotal": 16886259712, + "uptime": "33h 59m 25.69s (Approximately 1.38 days)", "linkmode": "dynamic" }, "store": { "configFile": "/home/dwalsh/.config/containers/storage.conf", "containerStore": { - "number": 3, + "number": 2, "paused": 0, - "running": 0, - "stopped": 3 + "running": 1, + "stopped": 1 }, "graphDriverName": "overlay", "graphOptions": { - "overlay.mount_program": { - "Executable": "/home/dwalsh/bin/fuse-overlayfs", - "Package": "Unknown", - "Version": "fusermount3 version: 3.9.3\nfuse-overlayfs: version 0.7.2\nFUSE library version 3.9.3\nusing FUSE kernel interface version 7.31" -} }, "graphRoot": "/home/dwalsh/.local/share/containers/storage", "graphStatus": { "Backing Filesystem": "extfs", - "Native Overlay Diff": "false", + "Native Overlay Diff": "true", "Supports d_type": "true", "Using metacopy": "false" }, "imageStore": { - "number": 77 + "number": 37 }, "runRoot": "/run/user/3267/containers", "volumePath": "/home/dwalsh/.local/share/containers/storage/volumes" }, "registries": { + "localhost:5000": { + "Prefix": "localhost:5000", + "Location": "localhost:5000", + "Insecure": true, + "Mirrors": null, + "Blocked": false, + "MirrorByDigestOnly": false +}, "search": [ "registry.fedoraproject.org", "registry.access.redhat.com", - "registry.centos.org", "docker.io" ] }, + "plugins": { + "volume": [ + "local" + ], + "network": [ + "bridge", + "macvlan" + ], + "log": [ + "k8s-file", + "none", + "journald" + ] + }, "version": { - "APIVersion": "3.0.0", - "Version": "3.0.0-dev", - "GoVersion": "go1.15.5", - "GitCommit": "d6925182cdaf94225908a386d02eae8fd3e01123-dirty", - "BuiltTime": "Mon Dec 21 10:02:02 2020", - "Built": 1608562922, + "APIVersion": "3.3.1", + "Version": "3.3.1", + "GoVersion": "go1.16.6", + "GitCommit": "", + "BuiltTime": "Mon Aug 30 16:46:36 2021", + "Built": 1630356396, "OsArch": "linux/amd64" } } diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index d110c4ceb..04290c188 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -25,7 +25,8 @@ resolution. #### **--driver**, **-d** -Driver to manage the network (default "bridge"). Currently only `bridge` is supported. +Driver to manage the network. Currently `bridge` and `macvlan` is supported. Defaults to `bridge`. +As rootless the `macvlan` driver has no access to the host network interfaces because rootless networking requires a separate network namespace. #### **--opt**=*option*, **-o** @@ -54,13 +55,6 @@ must be used with a *subnet* option. Set metadata for a network (e.g., --label mykey=value). -#### **--macvlan** - -*This option is being deprecated* - -Create a *Macvlan* based connection rather than a classic bridge. You must pass an interface name from the host for the -Macvlan connection. - #### **--subnet** The subnet in CIDR notation. diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 33f79e7ef..6af1bde1d 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -113,9 +113,28 @@ Set logging driver for all created containers. Assign a static mac address to the pod. This option can be specified several times when play kube creates more than one pod. -#### **--network**=*networks*, **--net** - -A comma-separated list of the names of CNI networks the pod should join. +#### **--network**=*mode*, **--net** + +Change the network mode of the pod. The host and bridge network mode should be configured in the yaml file. +Valid _mode_ values are: + +- **none**: Create a network namespace for the container but do not configure network interfaces for it, thus the container has no network connectivity. +- **container:**_id_: Reuse another container's network stack. +- **network**: Connect to a user-defined network, multiple networks should be comma-separated. +- **ns:**_path_: Path to a network namespace to join. +- **private**: Create a new namespace for the container. This will use the **bridge** mode for rootfull containers and **slirp4netns** for rootless ones. +- **slirp4netns[:OPTIONS,...]**: use **slirp4netns**(1) to create a user network stack. This is the default for rootless containers. It is possible to specify these additional options: + - **allow_host_loopback=true|false**: Allow the slirp4netns to reach the host loopback IP (`10.0.2.2`, which is added to `/etc/hosts` as `host.containers.internal` for your convenience). Default is false. + - **mtu=MTU**: Specify the MTU to use for this network. (Default is `65520`). + - **cidr=CIDR**: Specify ip range to use for this network. (Default is `10.0.2.0/24`). + - **enable_ipv6=true|false**: Enable IPv6. Default is false. (Required for `outbound_addr6`). + - **outbound_addr=INTERFACE**: Specify the outbound interface slirp should bind to (ipv4 traffic only). + - **outbound_addr=IPv4**: Specify the outbound ipv4 address slirp should bind to. + - **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only). + - **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to. + - **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default. + Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks. + - **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks. #### **--quiet**, **-q** diff --git a/docs/source/markdown/podman-pod-logs.1.md b/docs/source/markdown/podman-pod-logs.1.md new file mode 100644 index 000000000..8378f2eea --- /dev/null +++ b/docs/source/markdown/podman-pod-logs.1.md @@ -0,0 +1,88 @@ +% podman-pod-logs(1) + +## NAME +podman\-pod\-logs - Displays logs for pod with one or more containers + +## SYNOPSIS +**podman pod logs** [*options*] *pod* + +## DESCRIPTION +The podman pod logs command batch-retrieves whatever logs are present with all the containers of a pod. Pod logs can be filtered by container name or id using flag **-c** or **--container** if needed. + +Note: Long running command of `podman pod log` with a `-f` or `--follow` needs to be reinvoked if new container is added to the pod dynamically otherwise logs of newly added containers would not be visible in log stream. + +## OPTIONS + +#### **--container**, **-c** + +By default `podman pod logs` retrives logs for all the containers available within the pod differentiate by field `container`. However there are use-cases where user would want to limit the log stream only to a particular container of a pod for such cases `-c` can be used like `podman pod logs -c ctrNameorID podname`. + +#### **--follow**, **-f** + +Follow log output. Default is false. + +Note: If you are following a pod which is removed `podman pod rm`, then there is a +chance the the log file will be removed before `podman pod logs` reads the final content. + +#### **--latest**, **-l** + +Instead of providing the pod name or id, get logs of the last created pod. (This option is not available with the remote Podman client) + +#### **--since**=*TIMESTAMP* + +Show logs since TIMESTAMP. The --since option can be Unix timestamps, date formatted timestamps, or Go duration +strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted +time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00, +and 2006-01-02. + +#### **--until**=*TIMESTAMP* + +Show logs until TIMESTAMP. The --until option can be Unix timestamps, date formatted timestamps, or Go duration +strings (e.g. 10m, 1h30m) computed relative to the client machine's time. Supported formats for date formatted +time stamps include RFC3339Nano, RFC3339, 2006-01-02T15:04:05, 2006-01-02T15:04:05.999999999, 2006-01-02Z07:00, +and 2006-01-02. + + +#### **--tail**=*LINES* + +Output the specified number of LINES at the end of the logs. LINES must be an integer. Defaults to -1, +which prints all lines + +#### **--timestamps**, **-t** + +Show timestamps in the log outputs. The default is false + +## EXAMPLE + +To view a pod's logs: +``` +podman pod logs -t podIdorName +``` + +To view logs of a specific container on the pod +``` +podman pod logs -c ctrIdOrName podIdOrName +``` + +To view all pod logs: +``` +podman pod logs -t --since 0 myserver-pod-1 +``` + +To view a pod's logs since a certain time: +``` +podman pod logs -t --since 2017-08-07T10:10:09.055837383-04:00 myserver-pod-1 +``` + +To view a pod's logs generated in the last 10 minutes: +``` +podman pod logs --since 10m myserver-pod-1 +``` + +To view a pod's logs until 30 minutes ago: +``` +podman pod logs --until 30m myserver-pod-1 +``` + +## SEE ALSO +podman(1), podman-pod-start(1), podman-pod-rm(1), podman-logs(1) diff --git a/docs/source/markdown/podman-pod.1.md b/docs/source/markdown/podman-pod.1.md index e5a8207e9..9de2442bd 100644 --- a/docs/source/markdown/podman-pod.1.md +++ b/docs/source/markdown/podman-pod.1.md @@ -17,11 +17,12 @@ podman pod is a set of subcommands that manage pods, or groups of containers. | exists | [podman-pod-exists(1)](podman-pod-exists.1.md) | Check if a pod exists in local storage. | | inspect | [podman-pod-inspect(1)](podman-pod-inspect.1.md) | Displays information describing a pod. | | kill | [podman-pod-kill(1)](podman-pod-kill.1.md) | Kill the main process of each container in one or more pods. | +| logs | [podman-pod-logs(1)](podman-pod-logs.1.md) | Displays logs for pod with one or more containers. | | pause | [podman-pod-pause(1)](podman-pod-pause.1.md) | Pause one or more pods. | -| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods and their containers. | +| prune | [podman-pod-prune(1)](podman-pod-prune.1.md) | Remove all stopped pods and their containers. | | ps | [podman-pod-ps(1)](podman-pod-ps.1.md) | Prints out information about pods. | | restart | [podman-pod-restart(1)](podman-pod-restart.1.md) | Restart one or more pods. | -| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more stopped pods and containers. | +| rm | [podman-pod-rm(1)](podman-pod-rm.1.md) | Remove one or more stopped pods and containers. | | start | [podman-pod-start(1)](podman-pod-start.1.md) | Start one or more pods. | | stats | [podman-pod-stats(1)](podman-pod-stats.1.md) | Display a live stream of resource usage stats for containers in one or more pods. | | stop | [podman-pod-stop(1)](podman-pod-stop.1.md) | Stop one or more pods. | diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3bbe41cc2..63224b49d 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1184,21 +1184,21 @@ Example: `containers:2147483647:2147483648`. Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode - Valid `auto`options: + Valid `auto` options: - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace. - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace. - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace. -- **container:**_id_: join the user namespace of the specified container. +**container:**_id_: join the user namespace of the specified container. -- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). +**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). -- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. -- **ns:**_namespace_: run the container in the given existing user namespace. +**ns:**_namespace_: run the container in the given existing user namespace. -- **private**: create a new namespace for the container. +**private**: create a new namespace for the container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. diff --git a/docs/source/pod.rst b/docs/source/pod.rst index 2df377762..d9ad07d83 100644 --- a/docs/source/pod.rst +++ b/docs/source/pod.rst @@ -9,6 +9,8 @@ Pod :doc:`kill <markdown/podman-pod-kill.1>` Send the specified signal or SIGKILL to containers in pod +:doc:`logs <markdown/podman-pod-logs.1>` Displays logs for pod with one or more containers + :doc:`pause <markdown/podman-pause.1>` Pause one or more pods :doc:`prune <markdown/podman-pod-prune.1>` Remove all stopped pods and their containers diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 7419f445e..92d0c41b1 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -50,11 +50,11 @@ Note: The -l is a convenience argument for **latest container**. You can also u of -l. ### Testing the httpd server -Now that we have the IP address of the container, we can test the network communication between the host +As we do not have the IP address of the container, we can test the network communication between the host operating system and the container using curl. The following command should display the index page of our containerized httpd server. ```console -curl http://<IP_address>:8080 +curl http://localhost:8080 ``` ### Viewing the container's logs @@ -32,7 +32,7 @@ require ( github.com/dtylman/scp v0.0.0-20181017070807-f3000a34aef4 github.com/fsnotify/fsnotify v1.5.1 github.com/ghodss/yaml v1.0.0 - github.com/godbus/dbus/v5 v5.0.4 + github.com/godbus/dbus/v5 v5.0.5 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf github.com/google/uuid v1.3.0 github.com/gorilla/mux v1.8.0 @@ -61,14 +61,13 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/uber/jaeger-client-go v2.29.1+incompatible github.com/vbauerster/mpb/v6 v6.0.4 + github.com/vbauerster/mpb/v7 v7.1.4 // indirect github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 go.etcd.io/bbolt v1.3.6 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 + golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b k8s.io/api v0.22.1 k8s.io/apimachinery v0.22.1 ) - -replace github.com/vbauerster/mpb/v7 => github.com/mtrmac/mpb/v7 v7.0.5-0.20210831125917-6bcc64f93d02 @@ -402,8 +402,9 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.5 h1:9Eg0XUhQxtkV8ykTMKtMMYY72g4NgxtRq4jgh4Ih5YM= +github.com/godbus/dbus/v5 v5.0.5/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= @@ -683,8 +684,6 @@ github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/mtrmac/gpgme v0.1.2 h1:dNOmvYmsrakgW7LcgiprD0yfRuQQe8/C8F6Z+zogO3s= github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= -github.com/mtrmac/mpb/v7 v7.0.5-0.20210831125917-6bcc64f93d02 h1:6FgywoK3FxI2NCAiDHdcpguaZ4mhOQpKRd6MjN5nelo= -github.com/mtrmac/mpb/v7 v7.0.5-0.20210831125917-6bcc64f93d02/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -914,6 +913,10 @@ github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlI github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbauerster/mpb/v6 v6.0.4 h1:h6J5zM/2wimP5Hj00unQuV8qbo5EPcj6wbkCqgj7KcY= github.com/vbauerster/mpb/v6 v6.0.4/go.mod h1:a/+JT57gqh6Du0Ay5jSR+uBMfXGdlR7VQlGP52fJxLM= +github.com/vbauerster/mpb/v7 v7.0.3/go.mod h1:NXGsfPGx6G2JssqvEcULtDqUrxuuYs4llpv8W6ZUpzk= +github.com/vbauerster/mpb/v7 v7.1.3/go.mod h1:X5GlohZw2fIpypMXWaKart+HGSAjpz49skxkDk+ZL7c= +github.com/vbauerster/mpb/v7 v7.1.4 h1:XGWpWEB8aWnvqSlAMA7F7kdeUGqcTujuVFvYj9+59Ww= +github.com/vbauerster/mpb/v7 v7.1.4/go.mod h1:4zulrZfvshMOnd2APiHgWS9Yrw08AzZVRr9G11tkpcQ= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852 h1:cPXZWzzG0NllBLdjWoD1nDfaqu98YMv+OneaKc8sPOA= @@ -1198,8 +1201,9 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 h1:rw6UNGRMfarCepjI8qOepea/SXwIBVfTKjztZ5gBbq4= golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 h1:GkvMjFtXUmahfDtashnc1mnrCtuBVcwse5QV2lUk/tI= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201113234701-d7a72108b828/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/hack/release.sh b/hack/release.sh index 34842de2e..7925d55ad 100755 --- a/hack/release.sh +++ b/hack/release.sh @@ -36,20 +36,10 @@ write_spec_version() sed -i "s/^\(Version: *\).*/\1${LOCAL_VERSION}/" contrib/spec/podman.spec.in } -write_changelog() -{ - echo "- Changelog for v${VERSION} (${DATE})" >.changelog.txt && - git log --no-merges --format=' * %s' "${LAST_TAG}..HEAD" >>.changelog.txt && - echo >>.changelog.txt && - cat changelog.txt >>.changelog.txt && - mv -f .changelog.txt changelog.txt -} - release_commit() { write_go_version "${VERSION}" && write_spec_version "${VERSION}" && - write_changelog && git commit -asm "Bump to v${VERSION}" } diff --git a/libpod/container.go b/libpod/container.go index c57250d72..0986a0d80 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -159,6 +159,9 @@ type ContainerState struct { // OOMKilled indicates that the container was killed as it ran out of // memory OOMKilled bool `json:"oomKilled,omitempty"` + // Checkpointed indicates that the container was stopped by a checkpoint + // operation. + Checkpointed bool `json:"checkpointed,omitempty"` // PID is the PID of a running container PID int `json:"pid,omitempty"` // ConmonPID is the PID of the container's conmon diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index 97318a2e8..2ef4532cd 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -103,18 +103,19 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver Path: path, Args: args, State: &define.InspectContainerState{ - OciVersion: ctrSpec.Version, - Status: runtimeInfo.State.String(), - Running: runtimeInfo.State == define.ContainerStateRunning, - Paused: runtimeInfo.State == define.ContainerStatePaused, - OOMKilled: runtimeInfo.OOMKilled, - Dead: runtimeInfo.State.String() == "bad state", - Pid: runtimeInfo.PID, - ConmonPid: runtimeInfo.ConmonPID, - ExitCode: runtimeInfo.ExitCode, - Error: "", // can't get yet - StartedAt: runtimeInfo.StartedTime, - FinishedAt: runtimeInfo.FinishedTime, + OciVersion: ctrSpec.Version, + Status: runtimeInfo.State.String(), + Running: runtimeInfo.State == define.ContainerStateRunning, + Paused: runtimeInfo.State == define.ContainerStatePaused, + OOMKilled: runtimeInfo.OOMKilled, + Dead: runtimeInfo.State.String() == "bad state", + Pid: runtimeInfo.PID, + ConmonPid: runtimeInfo.ConmonPID, + ExitCode: runtimeInfo.ExitCode, + Error: "", // can't get yet + StartedAt: runtimeInfo.StartedTime, + FinishedAt: runtimeInfo.FinishedTime, + Checkpointed: runtimeInfo.Checkpointed, }, Image: config.RootfsImageID, ImageName: config.RootfsImageName, diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 9082b136a..4d1a25541 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -584,6 +584,7 @@ func resetState(state *ContainerState) { state.StoppedByUser = false state.RestartPolicyMatch = false state.RestartCount = 0 + state.Checkpointed = false } // Refresh refreshes the container's state after a restart. @@ -1110,6 +1111,7 @@ func (c *Container) init(ctx context.Context, retainRetries bool) error { c.state.ExecSessions = make(map[string]*ExecSession) } + c.state.Checkpointed = false c.state.ExitCode = 0 c.state.Exited = false c.state.State = define.ContainerStateCreated diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 847122929..eabe8efd2 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package libpod @@ -1145,6 +1146,7 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO if !options.KeepRunning && !options.PreCheckPoint { c.state.State = define.ContainerStateStopped + c.state.Checkpointed = true // Cleanup Storage and Network if err := c.cleanup(ctx); err != nil { @@ -1942,9 +1944,24 @@ func (c *Container) generateHosts(path string) (string, error) { } hosts := string(orig) hosts += c.getHosts() + + hosts = c.appendLocalhost(hosts) + return c.writeStringToRundir("hosts", hosts) } +// based on networking mode we may want to append the localhost +// if there isn't any record for it and also this shoud happen +// in slirp4netns and similar network modes. +func (c *Container) appendLocalhost(hosts string) string { + if !strings.Contains(hosts, "localhost") && + !c.config.NetMode.IsHost() { + hosts += "127.0.0.1\tlocalhost\n::1\tlocalhost\n" + } + + return hosts +} + // appendHosts appends a container's config and state pertaining to hosts to a container's // local hosts file. netCtr is the container from which the netNS information is // taken. diff --git a/libpod/container_internal_linux_test.go b/libpod/container_internal_linux_test.go index 1465ffbea..899f9bffd 100644 --- a/libpod/container_internal_linux_test.go +++ b/libpod/container_internal_linux_test.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package libpod @@ -7,6 +8,7 @@ import ( "os" "testing" + "github.com/containers/podman/v3/pkg/namespaces" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" ) @@ -68,3 +70,30 @@ func TestGenerateUserGroupEntry(t *testing.T) { } assert.Equal(t, group, "567:x:567:567\n") } + +func TestAppendLocalhost(t *testing.T) { + { + c := Container{ + config: &ContainerConfig{ + ContainerNetworkConfig: ContainerNetworkConfig{ + NetMode: namespaces.NetworkMode("slirp4netns"), + }, + }, + } + + assert.Equal(t, "127.0.0.1\tlocalhost\n::1\tlocalhost\n", c.appendLocalhost("")) + assert.Equal(t, "127.0.0.1\tlocalhost", c.appendLocalhost("127.0.0.1\tlocalhost")) + } + { + c := Container{ + config: &ContainerConfig{ + ContainerNetworkConfig: ContainerNetworkConfig{ + NetMode: namespaces.NetworkMode("host"), + }, + }, + } + + assert.Equal(t, "", c.appendLocalhost("")) + assert.Equal(t, "127.0.0.1\tlocalhost", c.appendLocalhost("127.0.0.1\tlocalhost")) + } +} diff --git a/libpod/container_log.go b/libpod/container_log.go index 3988bb654..89dd5e8b0 100644 --- a/libpod/container_log.go +++ b/libpod/container_log.go @@ -107,16 +107,18 @@ func (c *Container) readFromLogFile(ctx context.Context, options *logs.LogOption // until EOF. state, err := c.State() if err != nil || state != define.ContainerStateRunning { - // Make sure to wait at least for the poll duration - // before stopping the file logger (see #10675). - time.Sleep(watch.POLL_DURATION) - tailError := t.StopAtEOF() - if tailError != nil && fmt.Sprintf("%v", tailError) != "tail: stop at eof" { - logrus.Errorf("Error stopping logger: %v", tailError) - } if err != nil && errors.Cause(err) != define.ErrNoSuchCtr { logrus.Errorf("Error getting container state: %v", err) } + go func() { + // Make sure to wait at least for the poll duration + // before stopping the file logger (see #10675). + time.Sleep(watch.POLL_DURATION) + tailError := t.StopAtEOF() + if tailError != nil && tailError.Error() != "tail: stop at eof" { + logrus.Errorf("Error stopping logger: %v", tailError) + } + }() return nil } diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index af8ba6ecf..90703a807 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -189,20 +189,21 @@ type InspectMount struct { // Docker, but here we see more fields that are unused (nonsensical in the // context of Libpod). type InspectContainerState struct { - OciVersion string `json:"OciVersion"` - Status string `json:"Status"` - Running bool `json:"Running"` - Paused bool `json:"Paused"` - Restarting bool `json:"Restarting"` // TODO - OOMKilled bool `json:"OOMKilled"` - Dead bool `json:"Dead"` - Pid int `json:"Pid"` - ConmonPid int `json:"ConmonPid,omitempty"` - ExitCode int32 `json:"ExitCode"` - Error string `json:"Error"` // TODO - StartedAt time.Time `json:"StartedAt"` - FinishedAt time.Time `json:"FinishedAt"` - Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"` + OciVersion string `json:"OciVersion"` + Status string `json:"Status"` + Running bool `json:"Running"` + Paused bool `json:"Paused"` + Restarting bool `json:"Restarting"` // TODO + OOMKilled bool `json:"OOMKilled"` + Dead bool `json:"Dead"` + Pid int `json:"Pid"` + ConmonPid int `json:"ConmonPid,omitempty"` + ExitCode int32 `json:"ExitCode"` + Error string `json:"Error"` // TODO + StartedAt time.Time `json:"StartedAt"` + FinishedAt time.Time `json:"FinishedAt"` + Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"` + Checkpointed bool `json:"Checkpointed,omitempty"` } // HealthCheckResults describes the results/logs from a healthcheck diff --git a/libpod/define/info.go b/libpod/define/info.go index 95c1196dd..73df80087 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -36,6 +36,7 @@ type HostInfo struct { Hostname string `json:"hostname"` IDMappings IDMappings `json:"idMappings,omitempty"` Kernel string `json:"kernel"` + LogDriver string `json:"logDriver"` MemFree int64 `json:"memFree"` MemTotal int64 `json:"memTotal"` OCIRuntime *OCIRuntimeInfo `json:"ociRuntime"` diff --git a/libpod/info.go b/libpod/info.go index 8f4c7f015..31ec9cdc1 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -126,6 +126,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { Linkmode: linkmode.Linkmode(), CPUs: runtime.NumCPU(), Distribution: hostDistributionInfo, + LogDriver: r.config.Containers.LogDriver, EventLogger: r.eventer.String(), Hostname: host, IDMappings: define.IDMappings{}, diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 353e6af71..c00d83f95 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -46,7 +46,9 @@ import ( const ( // This is Conmon's STDIO_BUF_SIZE. I don't believe we have access to it // directly from the Go code, so const it here - bufferSize = conmonConfig.BufSize + // Important: The conmon attach socket uses an extra byte at the beginning of each + // message to specify the STREAM so we have to increase the buffer size by one + bufferSize = conmonConfig.BufSize + 1 ) // ConmonOCIRuntime is an OCI runtime managed by Conmon. diff --git a/libpod/runtime.go b/libpod/runtime.go index c5f5db531..1c9c56d16 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -15,6 +15,8 @@ import ( "syscall" "time" + "golang.org/x/sys/unix" + "github.com/containers/buildah/pkg/parse" "github.com/containers/common/libimage" "github.com/containers/common/pkg/config" @@ -328,6 +330,16 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { runtime.mergeDBConfig(dbConfig) + unified, _ := cgroups.IsCgroup2UnifiedMode() + if unified && rootless.IsRootless() && !systemd.IsSystemdSessionValid(rootless.GetRootlessUID()) { + // If user is rootless and XDG_RUNTIME_DIR is found, podman will not proceed with /tmp directory + // it will try to use existing XDG_RUNTIME_DIR + // if current user has no write access to XDG_RUNTIME_DIR we will fail later + if unix.Access(runtime.storageConfig.RunRoot, unix.W_OK) != nil { + logrus.Warnf("XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.") + } + } + logrus.Debugf("Using graph driver %s", runtime.storageConfig.GraphDriverName) logrus.Debugf("Using graph root %s", runtime.storageConfig.GraphRoot) logrus.Debugf("Using run root %s", runtime.storageConfig.RunRoot) diff --git a/pkg/api/handlers/compat/secrets.go b/pkg/api/handlers/compat/secrets.go index 86e3887a4..7dd17ea94 100644 --- a/pkg/api/handlers/compat/secrets.go +++ b/pkg/api/handlers/compat/secrets.go @@ -11,31 +11,25 @@ import ( "github.com/containers/podman/v3/pkg/api/handlers/utils" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/domain/infra/abi" - "github.com/gorilla/schema" + "github.com/containers/podman/v3/pkg/util" "github.com/pkg/errors" ) func ListSecrets(w http.ResponseWriter, r *http.Request) { var ( runtime = r.Context().Value("runtime").(*libpod.Runtime) - decoder = r.Context().Value("decoder").(*schema.Decoder) ) - query := struct { - Filters map[string][]string `schema:"filters"` - }{} - - if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest, + filtersMap, err := util.PrepareFilters(r) + if err != nil { + utils.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) return } - if len(query.Filters) > 0 { - utils.Error(w, "filters not supported", http.StatusBadRequest, - errors.Wrapf(errors.New("bad parameter"), "filters not supported")) - return - } ic := abi.ContainerEngine{Libpod: runtime} - reports, err := ic.SecretList(r.Context()) + listOptions := entities.SecretListRequest{ + Filters: *filtersMap, + } + reports, err := ic.SecretList(r.Context(), listOptions) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/api/handlers/libpod/generate.go b/pkg/api/handlers/libpod/generate.go index 0e6e9100a..8a2b93d0e 100644 --- a/pkg/api/handlers/libpod/generate.go +++ b/pkg/api/handlers/libpod/generate.go @@ -16,16 +16,15 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) decoder := r.Context().Value("decoder").(*schema.Decoder) query := struct { - Name bool `schema:"useName"` - New bool `schema:"new"` - NoHeader bool `schema:"noHeader"` - RestartPolicy string `schema:"restartPolicy"` - StopTimeout uint `schema:"stopTimeout"` - ContainerPrefix string `schema:"containerPrefix"` - PodPrefix string `schema:"podPrefix"` - Separator string `schema:"separator"` + Name bool `schema:"useName"` + New bool `schema:"new"` + NoHeader bool `schema:"noHeader"` + RestartPolicy *string `schema:"restartPolicy"` + StopTimeout uint `schema:"stopTimeout"` + ContainerPrefix string `schema:"containerPrefix"` + PodPrefix string `schema:"podPrefix"` + Separator string `schema:"separator"` }{ - RestartPolicy: "on-failure", StopTimeout: util.DefaultContainerConfig().Engine.StopTimeout, ContainerPrefix: "container", PodPrefix: "pod", @@ -49,6 +48,7 @@ func GenerateSystemd(w http.ResponseWriter, r *http.Request) { PodPrefix: query.PodPrefix, Separator: query.Separator, } + report, err := containerEngine.GenerateSystemd(r.Context(), utils.GetName(r), options) if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "error generating systemd units")) diff --git a/pkg/api/server/register_containers.go b/pkg/api/server/register_containers.go index b36cb75f1..2a32966cc 100644 --- a/pkg/api/server/register_containers.go +++ b/pkg/api/server/register_containers.go @@ -1028,7 +1028,8 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error { // - in: query // name: t // type: integer - // description: timeout before sending kill signal to container + // default: 10 + // description: number of seconds to wait before killing container // produces: // - application/json // responses: diff --git a/pkg/api/server/register_secrets.go b/pkg/api/server/register_secrets.go index ca9790e93..129912179 100644 --- a/pkg/api/server/register_secrets.go +++ b/pkg/api/server/register_secrets.go @@ -44,6 +44,14 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error { // - secrets // summary: List secrets // description: Returns a list of secrets + // parameters: + // - in: query + // name: filters + // type: string + // description: | + // JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Currently available filters: + // - `name=[name]` Matches secrets name (accepts regex). + // - `id=[id]` Matches for full or partial ID. // produces: // - application/json // parameters: @@ -110,6 +118,14 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error { // - secrets (compat) // summary: List secrets // description: Returns a list of secrets + // parameters: + // - in: query + // name: filters + // type: string + // description: | + // JSON encoded value of the filters (a `map[string][]string`) to process on the secrets list. Currently available filters: + // - `name=[name]` Matches secrets name (accepts regex). + // - `id=[id]` Matches for full or partial ID. // produces: // - application/json // parameters: diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index ecfa6651c..6aff880f4 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -259,7 +259,9 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin // tested, and we make sure to use the same code as the image backend. sys := types.SystemContext{AuthFilePath: authFilePath} for server, config := range authConfigs { - // Note that we do not validate the credentials here. Wassume + server = normalize(server) + + // Note that we do not validate the credentials here. We assume // that all credentials are valid. They'll be used on demand // later. if err := imageAuth.SetAuthentication(&sys, server, config.Username, config.Password); err != nil { @@ -270,6 +272,22 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin return authFilePath, nil } +// normalize takes a server and removes the leading "http[s]://" prefix as well +// as removes path suffixes from docker registries. +func normalize(server string) string { + stripped := strings.TrimPrefix(server, "http://") + stripped = strings.TrimPrefix(stripped, "https://") + + /// Normalize docker registries + if strings.HasPrefix(stripped, "index.docker.io/") || + strings.HasPrefix(stripped, "registry-1.docker.io/") || + strings.HasPrefix(stripped, "docker.io/") { + stripped = strings.SplitN(stripped, "/", 2)[0] + } + + return stripped +} + // dockerAuthToImageAuth converts a docker auth config to one we're using // internally from c/image. Note that the Docker types look slightly // different, so we need to convert to be extra sure we're not running into diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go new file mode 100644 index 000000000..da2d9a5c5 --- /dev/null +++ b/pkg/auth/auth_test.go @@ -0,0 +1,66 @@ +package auth + +import ( + "io/ioutil" + "testing" + + "github.com/containers/image/v5/types" + "github.com/stretchr/testify/assert" +) + +func TestAuthConfigsToAuthFile(t *testing.T) { + for _, tc := range []struct { + name string + server string + shouldErr bool + expectedContains string + }{ + { + name: "empty auth configs", + server: "", + shouldErr: false, + expectedContains: "{}", + }, + { + name: "registry with prefix", + server: "my-registry.local/username", + shouldErr: false, + expectedContains: `"my-registry.local/username":`, + }, + { + name: "normalize https:// prefix", + server: "http://my-registry.local/username", + shouldErr: false, + expectedContains: `"my-registry.local/username":`, + }, + { + name: "normalize docker registry with https prefix", + server: "http://index.docker.io/v1/", + shouldErr: false, + expectedContains: `"index.docker.io":`, + }, + { + name: "normalize docker registry without https prefix", + server: "docker.io/v2/", + shouldErr: false, + expectedContains: `"docker.io":`, + }, + } { + configs := map[string]types.DockerAuthConfig{} + if tc.server != "" { + configs[tc.server] = types.DockerAuthConfig{} + } + + filePath, err := authConfigsToAuthFile(configs) + + if tc.shouldErr { + assert.NotNil(t, err) + assert.Empty(t, filePath) + } else { + assert.Nil(t, err) + content, err := ioutil.ReadFile(filePath) + assert.Nil(t, err) + assert.Contains(t, string(content), tc.expectedContains) + } + } +} diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 39e0fc5df..3beafa585 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -501,6 +501,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { if err != nil { return err } + hdr.Uid, hdr.Gid = 0, 0 orig, ok := seen[di] if ok { hdr.Typeflag = tar.TypeLink @@ -532,6 +533,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { return lerr } hdr.Name = name + hdr.Uid, hdr.Gid = 0, 0 if lerr := tw.WriteHeader(hdr); lerr != nil { return lerr } @@ -545,6 +547,7 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { return lerr } hdr.Name = name + hdr.Uid, hdr.Gid = 0, 0 if lerr := tw.WriteHeader(hdr); lerr != nil { return lerr } diff --git a/pkg/bindings/secrets/secrets.go b/pkg/bindings/secrets/secrets.go index b741d3e5c..c439971c9 100644 --- a/pkg/bindings/secrets/secrets.go +++ b/pkg/bindings/secrets/secrets.go @@ -18,7 +18,11 @@ func List(ctx context.Context, options *ListOptions) ([]*entities.SecretInfoRepo if err != nil { return nil, err } - response, err := conn.DoRequest(nil, http.MethodGet, "/secrets/json", nil, nil) + params, err := options.ToParams() + if err != nil { + return nil, err + } + response, err := conn.DoRequest(nil, http.MethodGet, "/secrets/json", params, nil) if err != nil { return secrs, err } diff --git a/pkg/bindings/secrets/types.go b/pkg/bindings/secrets/types.go index a64dea1b4..01c3c248d 100644 --- a/pkg/bindings/secrets/types.go +++ b/pkg/bindings/secrets/types.go @@ -3,6 +3,7 @@ package secrets //go:generate go run ../generator/generator.go ListOptions // ListOptions are optional options for inspecting secrets type ListOptions struct { + Filters map[string][]string } //go:generate go run ../generator/generator.go InspectOptions diff --git a/pkg/bindings/secrets/types_list_options.go b/pkg/bindings/secrets/types_list_options.go index 568e021a8..e4501dde8 100644 --- a/pkg/bindings/secrets/types_list_options.go +++ b/pkg/bindings/secrets/types_list_options.go @@ -19,3 +19,19 @@ func (o *ListOptions) Changed(fieldName string) bool { func (o *ListOptions) ToParams() (url.Values, error) { return util.ToParams(o) } + +// WithFilters +func (o *ListOptions) WithFilters(value map[string][]string) *ListOptions { + v := value + o.Filters = v + return o +} + +// GetFilters +func (o *ListOptions) GetFilters() map[string][]string { + var filters map[string][]string + if o.Filters == nil { + return filters + } + return o.Filters +} diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index 9cb32a364..4bb8de69b 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -231,7 +231,10 @@ func getCgroupPathForCurrentProcess() (string, error) { for s.Scan() { text := s.Text() procEntries := strings.SplitN(text, "::", 2) - cgroupPath = procEntries[1] + // set process cgroupPath only if entry is valid + if len(procEntries) > 1 { + cgroupPath = procEntries[1] + } } if err := s.Err(); err != nil { return cgroupPath, err diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index bd011d309..3da31d8a0 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -72,6 +72,7 @@ type ContainerEngine interface { PodExists(ctx context.Context, nameOrID string) (*BoolReport, error) PodInspect(ctx context.Context, options PodInspectOptions) (*PodInspectReport, error) PodKill(ctx context.Context, namesOrIds []string, options PodKillOptions) ([]*PodKillReport, error) + PodLogs(ctx context.Context, pod string, options PodLogsOptions) error PodPause(ctx context.Context, namesOrIds []string, options PodPauseOptions) ([]*PodPauseReport, error) PodPrune(ctx context.Context, options PodPruneOptions) ([]*PodPruneReport, error) PodPs(ctx context.Context, options PodPSOptions) ([]*ListPodsReport, error) @@ -85,7 +86,7 @@ type ContainerEngine interface { SetupRootless(ctx context.Context, noMoveProcess bool) error SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error) SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error) - SecretList(ctx context.Context) ([]*SecretInfoReport, error) + SecretList(ctx context.Context, opts SecretListRequest) ([]*SecretInfoReport, error) SecretRm(ctx context.Context, nameOrID []string, opts SecretRmOptions) ([]*SecretRmReport, error) Shutdown(ctx context.Context) SystemDf(ctx context.Context, options SystemDfOptions) (*SystemDfReport, error) diff --git a/pkg/domain/entities/generate.go b/pkg/domain/entities/generate.go index 8a437061f..7809c5241 100644 --- a/pkg/domain/entities/generate.go +++ b/pkg/domain/entities/generate.go @@ -9,7 +9,7 @@ type GenerateSystemdOptions struct { // New - create a new container instead of starting a new one. New bool // RestartPolicy - systemd restart policy. - RestartPolicy string + RestartPolicy *string // StopTimeout - time when stopping the container. StopTimeout *uint // ContainerPrefix - systemd unit name prefix for containers diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go index 10bd7e5ce..d9dd0c532 100644 --- a/pkg/domain/entities/pods.go +++ b/pkg/domain/entities/pods.go @@ -133,6 +133,14 @@ type PodCreateOptions struct { Userns specgen.Namespace } +// PodLogsOptions describes the options to extract pod logs. +type PodLogsOptions struct { + // Other fields are exactly same as ContainerLogOpts + ContainerLogsOptions + // If specified will only fetch the logs of specified container + ContainerName string +} + type ContainerCreateOptions struct { Annotation []string Attach []string @@ -426,3 +434,22 @@ func ValidatePodStatsOptions(args []string, options *PodStatsOptions) error { return errors.New("--all, --latest and arguments cannot be used together") } } + +// Converts PodLogOptions to ContainerLogOptions +func PodLogsOptionsToContainerLogsOptions(options PodLogsOptions) ContainerLogsOptions { + // PodLogsOptions are similar but contains few extra fields like ctrName + // So cast other values as is so we can re-use the code + containerLogsOpts := ContainerLogsOptions{ + Details: options.Details, + Latest: options.Latest, + Follow: options.Follow, + Names: options.Names, + Since: options.Since, + Until: options.Until, + Tail: options.Tail, + Timestamps: options.Timestamps, + StdoutWriter: options.StdoutWriter, + StderrWriter: options.StderrWriter, + } + return containerLogsOpts +} diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go index 56a1465b7..55b470d7b 100644 --- a/pkg/domain/entities/secrets.go +++ b/pkg/domain/entities/secrets.go @@ -16,7 +16,7 @@ type SecretCreateOptions struct { } type SecretListRequest struct { - Filters map[string]string + Filters map[string][]string } type SecretListReport struct { diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index ff34ec86b..dc5f7a0df 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -371,7 +371,7 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st if options.Latest { ctr, err := ic.Libpod.GetLatestContainer() if err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { return nil, []error{errors.Wrapf(err, "no containers to inspect")}, nil } return nil, nil, err @@ -397,7 +397,7 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st if err != nil { // ErrNoSuchCtr is non-fatal, other errors will be // treated as fatal. - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { errs = append(errs, errors.Errorf("no such container %s", name)) continue } @@ -406,6 +406,12 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st inspect, err := ctr.Inspect(options.Size) if err != nil { + // ErrNoSuchCtr is non-fatal, other errors will be + // treated as fatal. + if errors.Is(err, define.ErrNoSuchCtr) { + errs = append(errs, errors.Errorf("no such container %s", name)) + continue + } return nil, nil, err } diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 2799df794..c6d5dcc3d 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -196,9 +196,11 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY if (ns.IsBridge() && len(cniNets) == 0) || ns.IsHost() { return nil, errors.Errorf("invalid value passed to --network: bridge or host networking must be configured in YAML") } - logrus.Debugf("Pod %q joining CNI networks: %v", podName, cniNets) - podOpt.Net.Network.NSMode = specgen.Bridge - podOpt.Net.CNINetworks = append(podOpt.Net.CNINetworks, cniNets...) + + podOpt.Net.Network = ns + if len(cniNets) > 0 { + podOpt.Net.CNINetworks = append(podOpt.Net.CNINetworks, cniNets...) + } if len(netOpts) > 0 { podOpt.Net.NetworkOptions = netOpts } @@ -267,12 +269,9 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } if podOpt.Infra { - imagePull := config.DefaultInfraImage - if podOpt.InfraImage != config.DefaultInfraImage && podOpt.InfraImage != "" { - imagePull = podOpt.InfraImage - } + containerConfig := util.DefaultContainerConfig() - pulledImages, err := pullImage(ic, writer, imagePull, options, config.PullPolicyNewer) + pulledImages, err := pullImage(ic, writer, containerConfig.Engine.InfraImage, options, config.PullPolicyNewer) if err != nil { return nil, err } diff --git a/pkg/domain/infra/abi/pods.go b/pkg/domain/infra/abi/pods.go index 98233f60d..6b432c214 100644 --- a/pkg/domain/infra/abi/pods.go +++ b/pkg/domain/infra/abi/pods.go @@ -83,6 +83,46 @@ func (ic *ContainerEngine) PodKill(ctx context.Context, namesOrIds []string, opt return reports, nil } +func (ic *ContainerEngine) PodLogs(ctx context.Context, nameOrID string, options entities.PodLogsOptions) error { + // Implementation accepts slice + podName := []string{nameOrID} + pod, err := getPodsByContext(false, options.Latest, podName, ic.Libpod) + if err != nil { + return err + } + // Get pod containers + podCtrs, err := pod[0].AllContainers() + if err != nil { + return err + } + + ctrNames := []string{} + // Check if `kubectl pod logs -c ctrname <podname>` alike command is used + if options.ContainerName != "" { + ctrFound := false + for _, ctr := range podCtrs { + if ctr.ID() == options.ContainerName || ctr.Name() == options.ContainerName { + ctrNames = append(ctrNames, options.ContainerName) + ctrFound = true + } + } + if !ctrFound { + return errors.Wrapf(define.ErrNoSuchCtr, "container %s is not in pod %s", options.ContainerName, nameOrID) + } + } else { + // No container name specified select all containers + for _, ctr := range podCtrs { + ctrNames = append(ctrNames, ctr.Name()) + } + } + + // PodLogsOptions are similar but contains few extra fields like ctrName + // So cast other values as is so we can re-use the code + containerLogsOpts := entities.PodLogsOptionsToContainerLogsOptions(options) + + return ic.ContainerLogs(ctx, ctrNames, containerLogsOpts) +} + func (ic *ContainerEngine) PodPause(ctx context.Context, namesOrIds []string, options entities.PodPauseOptions) ([]*entities.PodPauseReport, error) { reports := []*entities.PodPauseReport{} pods, err := getPodsByContext(options.All, options.Latest, namesOrIds, ic.Libpod) diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go index 0bdb4ce60..2bf8eaae3 100644 --- a/pkg/domain/infra/abi/secrets.go +++ b/pkg/domain/infra/abi/secrets.go @@ -7,6 +7,7 @@ import ( "path/filepath" "github.com/containers/podman/v3/pkg/domain/entities" + "github.com/containers/podman/v3/pkg/domain/utils" "github.com/pkg/errors" ) @@ -84,7 +85,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string return reports, errs, nil } -func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) { +func (ic *ContainerEngine) SecretList(ctx context.Context, opts entities.SecretListRequest) ([]*entities.SecretInfoReport, error) { manager, err := ic.Libpod.SecretsManager() if err != nil { return nil, err @@ -95,19 +96,25 @@ func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretIn } report := make([]*entities.SecretInfoReport, 0, len(secretList)) for _, secret := range secretList { - reportItem := entities.SecretInfoReport{ - ID: secret.ID, - CreatedAt: secret.CreatedAt, - UpdatedAt: secret.CreatedAt, - Spec: entities.SecretSpec{ - Name: secret.Name, - Driver: entities.SecretDriverSpec{ - Name: secret.Driver, - Options: secret.DriverOptions, + result, err := utils.IfPassesSecretsFilter(secret, opts.Filters) + if err != nil { + return nil, err + } + if result { + reportItem := entities.SecretInfoReport{ + ID: secret.ID, + CreatedAt: secret.CreatedAt, + UpdatedAt: secret.CreatedAt, + Spec: entities.SecretSpec{ + Name: secret.Name, + Driver: entities.SecretDriverSpec{ + Name: secret.Driver, + Options: secret.DriverOptions, + }, }, - }, + } + report = append(report, &reportItem) } - report = append(report, &reportItem) } return report, nil } diff --git a/pkg/domain/infra/tunnel/generate.go b/pkg/domain/infra/tunnel/generate.go index 3d3cd52be..9f69abb1a 100644 --- a/pkg/domain/infra/tunnel/generate.go +++ b/pkg/domain/infra/tunnel/generate.go @@ -9,7 +9,10 @@ import ( func (ic *ContainerEngine) GenerateSystemd(ctx context.Context, nameOrID string, opts entities.GenerateSystemdOptions) (*entities.GenerateSystemdReport, error) { options := new(generate.SystemdOptions).WithUseName(opts.Name).WithContainerPrefix(opts.ContainerPrefix).WithNew(opts.New).WithNoHeader(opts.NoHeader) - options.WithPodPrefix(opts.PodPrefix).WithRestartPolicy(opts.RestartPolicy).WithSeparator(opts.Separator) + options.WithPodPrefix(opts.PodPrefix).WithSeparator(opts.Separator) + if opts.RestartPolicy != nil { + options.WithRestartPolicy(*opts.RestartPolicy) + } if to := opts.StopTimeout; to != nil { options.WithStopTimeout(*opts.StopTimeout) } diff --git a/pkg/domain/infra/tunnel/pods.go b/pkg/domain/infra/tunnel/pods.go index 480adb88a..8139216b3 100644 --- a/pkg/domain/infra/tunnel/pods.go +++ b/pkg/domain/infra/tunnel/pods.go @@ -42,6 +42,16 @@ func (ic *ContainerEngine) PodKill(ctx context.Context, namesOrIds []string, opt return reports, nil } +func (ic *ContainerEngine) PodLogs(_ context.Context, nameOrIDs string, options entities.PodLogsOptions) error { + // PodLogsOptions are similar but contains few extra fields like ctrName + // So cast other values as is so we can re-use the code + containerLogsOpts := entities.PodLogsOptionsToContainerLogsOptions(options) + + // interface only accepts slice, keep everything consistent + name := []string{options.ContainerName} + return ic.ContainerLogs(nil, name, containerLogsOpts) +} + func (ic *ContainerEngine) PodPause(ctx context.Context, namesOrIds []string, options entities.PodPauseOptions) ([]*entities.PodPauseReport, error) { foundPods, err := getPodsByContext(ic.ClientCtx, options.All, namesOrIds) if err != nil { diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go index ecbb80931..6337c7fbe 100644 --- a/pkg/domain/infra/tunnel/secrets.go +++ b/pkg/domain/infra/tunnel/secrets.go @@ -43,8 +43,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string return allInspect, errs, nil } -func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) { - secrs, _ := secrets.List(ic.ClientCtx, nil) +func (ic *ContainerEngine) SecretList(ctx context.Context, opts entities.SecretListRequest) ([]*entities.SecretInfoReport, error) { + options := new(secrets.ListOptions).WithFilters(opts.Filters) + secrs, _ := secrets.List(ic.ClientCtx, options) return secrs, nil } diff --git a/pkg/domain/utils/secrets_filters.go b/pkg/domain/utils/secrets_filters.go new file mode 100644 index 000000000..3ff7c7530 --- /dev/null +++ b/pkg/domain/utils/secrets_filters.go @@ -0,0 +1,24 @@ +package utils + +import ( + "strings" + + "github.com/containers/common/pkg/secrets" + "github.com/containers/podman/v3/pkg/util" + "github.com/pkg/errors" +) + +func IfPassesSecretsFilter(s secrets.Secret, filters map[string][]string) (bool, error) { + result := true + for key, filterValues := range filters { + switch strings.ToLower(key) { + case "name": + result = util.StringMatchRegexSlice(s.Name, filterValues) + case "id": + result = util.StringMatchRegexSlice(s.ID, filterValues) + default: + return false, errors.Errorf("invalid filter %q", key) + } + } + return result, nil +} diff --git a/pkg/machine/config.go b/pkg/machine/config.go index db9bfa7de..cad71ba49 100644 --- a/pkg/machine/config.go +++ b/pkg/machine/config.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/connection.go b/pkg/machine/connection.go index 3edcbd10e..ed1093264 100644 --- a/pkg/machine/connection.go +++ b/pkg/machine/connection.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go index 85cedcd5a..4ea965b7f 100644 --- a/pkg/machine/fcos.go +++ b/pkg/machine/fcos.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index 1d77083d0..a9289d6b3 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/ignition_schema.go b/pkg/machine/ignition_schema.go index 6ac8af826..aa4b8e060 100644 --- a/pkg/machine/ignition_schema.go +++ b/pkg/machine/ignition_schema.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go index 81ec44ea8..319fc2b4e 100644 --- a/pkg/machine/keys.go +++ b/pkg/machine/keys.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/libvirt/config.go b/pkg/machine/libvirt/config.go deleted file mode 100644 index 1ce5ab154..000000000 --- a/pkg/machine/libvirt/config.go +++ /dev/null @@ -1,6 +0,0 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin - -package libvirt - -type MachineVM struct { -} diff --git a/pkg/machine/libvirt/machine.go b/pkg/machine/libvirt/machine.go deleted file mode 100644 index e1aa1569b..000000000 --- a/pkg/machine/libvirt/machine.go +++ /dev/null @@ -1,17 +0,0 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin - -package libvirt - -import "github.com/containers/podman/v3/pkg/machine" - -func (v *MachineVM) Init(name string, opts machine.InitOptions) error { - return nil -} - -func (v *MachineVM) Start(name string) error { - return nil -} - -func (v *MachineVM) Stop(name string) error { - return nil -} diff --git a/pkg/machine/libvirt/machine_unsupported.go b/pkg/machine/libvirt/machine_unsupported.go deleted file mode 100644 index 8b54440fe..000000000 --- a/pkg/machine/libvirt/machine_unsupported.go +++ /dev/null @@ -1,3 +0,0 @@ -// +build !amd64 amd64,windows - -package libvirt diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go index 662896de5..f79ac6ec4 100644 --- a/pkg/machine/pull.go +++ b/pkg/machine/pull.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package machine diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go index 013f28960..3d0fa4094 100644 --- a/pkg/machine/qemu/config.go +++ b/pkg/machine/qemu/config.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package qemu diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 38a16c3ef..855a39c56 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -1,4 +1,4 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin +// +build amd64,!windows arm64,!windows package qemu @@ -278,6 +278,9 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { time.Sleep(wait) wait++ } + if err != nil { + return err + } fd, err := qemuSocketConn.(*net.UnixConn).File() if err != nil { diff --git a/pkg/machine/qemu/options_darwin.go b/pkg/machine/qemu/options_darwin.go index 440937131..124358db8 100644 --- a/pkg/machine/qemu/options_darwin.go +++ b/pkg/machine/qemu/options_darwin.go @@ -2,14 +2,12 @@ package qemu import ( "os" - - "github.com/pkg/errors" ) func getRuntimeDir() (string, error) { tmpDir, ok := os.LookupEnv("TMPDIR") if !ok { - return "", errors.New("unable to resolve TMPDIR") + tmpDir = "/tmp" } return tmpDir, nil } diff --git a/pkg/machine/qemu/options_darwin_amd64.go b/pkg/machine/qemu/options_darwin_amd64.go index ee1036291..ff8d10db1 100644 --- a/pkg/machine/qemu/options_darwin_amd64.go +++ b/pkg/machine/qemu/options_darwin_amd64.go @@ -5,7 +5,7 @@ var ( ) func (v *MachineVM) addArchOptions() []string { - opts := []string{"-machine", "q35,accel=hvf:tcg"} + opts := []string{"-machine", "q35,accel=hvf:tcg", "-cpu", "host"} return opts } diff --git a/pkg/machine/qemu/options_darwin_arm64.go b/pkg/machine/qemu/options_darwin_arm64.go index 7513b3048..43cd3d69d 100644 --- a/pkg/machine/qemu/options_darwin_arm64.go +++ b/pkg/machine/qemu/options_darwin_arm64.go @@ -1,6 +1,7 @@ package qemu import ( + "os" "os/exec" "path/filepath" ) @@ -13,9 +14,10 @@ func (v *MachineVM) addArchOptions() []string { ovmfDir := getOvmfDir(v.ImagePath, v.Name) opts := []string{ "-accel", "hvf", + "-accel", "tcg", "-cpu", "cortex-a57", "-M", "virt,highmem=off", - "-drive", "file=/usr/local/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on", + "-drive", "file=" + getEdk2CodeFd("edk2-aarch64-code.fd") + ",if=pflash,format=raw,readonly=on", "-drive", "file=" + ovmfDir + ",if=pflash,format=raw"} return opts } @@ -34,3 +36,23 @@ func (v *MachineVM) archRemovalFiles() []string { func getOvmfDir(imagePath, vmName string) string { return filepath.Join(filepath.Dir(imagePath), vmName+"_ovmf_vars.fd") } + +/* + * QEmu can be installed in multiple locations on MacOS, especially on + * Apple Silicon systems. A build from source will likely install it in + * /usr/local/bin, whereas Homebrew package management standard is to + * install in /opt/homebrew + */ +func getEdk2CodeFd(name string) string { + dirs := []string{ + "/usr/local/share/qemu", + "/opt/homebrew/share/qemu", + } + for _, dir := range dirs { + fullpath := filepath.Join(dir, name) + if _, err := os.Stat(fullpath); err == nil { + return fullpath + } + } + return name +} diff --git a/pkg/systemd/define/const.go b/pkg/systemd/define/const.go index 1b50be5db..6bab8b629 100644 --- a/pkg/systemd/define/const.go +++ b/pkg/systemd/define/const.go @@ -1,8 +1,13 @@ package define -// EnvVariable "PODMAN_SYSTEMD_UNIT" is set in all generated systemd units and -// is set to the unit's (unique) name. -const EnvVariable = "PODMAN_SYSTEMD_UNIT" +const ( + // Default restart policy for generated unit files. + DefaultRestartPolicy = "on-failure" + + // EnvVariable "PODMAN_SYSTEMD_UNIT" is set in all generated systemd units and + // is set to the unit's (unique) name. + EnvVariable = "PODMAN_SYSTEMD_UNIT" +) // RestartPolicies includes all valid restart policies to be used in a unit // file. diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go index 49465fb30..3515bb3b7 100644 --- a/pkg/systemd/generate/common.go +++ b/pkg/systemd/generate/common.go @@ -71,12 +71,13 @@ func filterCommonContainerFlags(command []string, argCount int) []string { case s == "--rm": // Boolean flags support --flag and --flag={true,false}. continue - case s == "--sdnotify", s == "--cgroups", s == "--cidfile": + case s == "--sdnotify", s == "--cgroups", s == "--cidfile", s == "--restart": i++ continue case strings.HasPrefix(s, "--rm="), strings.HasPrefix(s, "--cgroups="), - strings.HasPrefix(s, "--cidfile="): + strings.HasPrefix(s, "--cidfile="), + strings.HasPrefix(s, "--restart="): continue } processed = append(processed, s) diff --git a/pkg/systemd/generate/common_test.go b/pkg/systemd/generate/common_test.go index 80abebb26..45004ecb0 100644 --- a/pkg/systemd/generate/common_test.go +++ b/pkg/systemd/generate/common_test.go @@ -117,12 +117,12 @@ func TestFilterCommonContainerFlags(t *testing.T) { 1, }, { - []string{"podman", "run", "--cgroups=foo", "alpine"}, + []string{"podman", "run", "--cgroups=foo", "--restart=foo", "alpine"}, []string{"podman", "run", "alpine"}, 1, }, { - []string{"podman", "run", "--cgroups=foo", "--rm", "alpine"}, + []string{"podman", "run", "--cgroups=foo", "--rm", "--restart", "foo", "alpine"}, []string{"podman", "run", "alpine"}, 1, }, diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 188926115..037652a6d 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -10,6 +10,7 @@ import ( "time" "github.com/containers/podman/v3/libpod" + libpodDefine "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" "github.com/containers/podman/v3/pkg/systemd/define" "github.com/containers/podman/v3/version" @@ -34,6 +35,8 @@ type containerInfo struct { StopTimeout uint // RestartPolicy of the systemd unit (e.g., no, on-failure, always). RestartPolicy string + // Custom number of restart attempts. + StartLimitBurst string // PIDFile of the service. Required for forking services. Must point to the // PID of the associated conmon process. PIDFile string @@ -101,6 +104,9 @@ Environment={{{{.EnvVariable}}}}=%n Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}{{{{end}}}} {{{{- end}}}} Restart={{{{.RestartPolicy}}}} +{{{{- if .StartLimitBurst}}}} +StartLimitBurst={{{{.StartLimitBurst}}}} +{{{{- end}}}} TimeoutStopSec={{{{.TimeoutStopSec}}}} {{{{- if .ExecStartPre}}}} ExecStartPre={{{{.ExecStartPre}}}} @@ -175,7 +181,7 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste info := containerInfo{ ServiceName: serviceName, ContainerNameOrID: nameOrID, - RestartPolicy: options.RestartPolicy, + RestartPolicy: define.DefaultRestartPolicy, PIDFile: conmonPidFile, StopTimeout: timeout, GenerateTimestamp: true, @@ -202,8 +208,11 @@ func containerServiceName(ctr *libpod.Container, options entities.GenerateSystem // containerInfo. Note that the containerInfo is also post processed and // completed, which allows for an easier unit testing. func executeContainerTemplate(info *containerInfo, options entities.GenerateSystemdOptions) (string, error) { - if err := validateRestartPolicy(info.RestartPolicy); err != nil { - return "", err + if options.RestartPolicy != nil { + if err := validateRestartPolicy(*options.RestartPolicy); err != nil { + return "", err + } + info.RestartPolicy = *options.RestartPolicy } // Make sure the executable is set. @@ -275,6 +284,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst fs.Bool("replace", false, "") fs.StringArrayP("env", "e", nil, "") fs.String("sdnotify", "", "") + fs.String("restart", "", "") fs.Parse(remainingCmd) remainingCmd = filterCommonContainerFlags(remainingCmd, fs.NArg()) @@ -339,6 +349,27 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst } } + // Unless the user explicitly set a restart policy, check + // whether the container was created with a custom one and use + // it instead of the default. + if options.RestartPolicy == nil { + restartPolicy, err := fs.GetString("restart") + if err != nil { + return "", err + } + if restartPolicy != "" { + if strings.HasPrefix(restartPolicy, "on-failure:") { + // Special case --restart=on-failure:5 + spl := strings.Split(restartPolicy, ":") + restartPolicy = spl[0] + info.StartLimitBurst = spl[1] + } else if restartPolicy == libpodDefine.RestartPolicyUnlessStopped { + restartPolicy = libpodDefine.RestartPolicyAlways + } + info.RestartPolicy = restartPolicy + } + } + envs, err := fs.GetStringArray("env") if err != nil { return "", err diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index c60c301cc..f46513459 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -52,7 +52,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=82 ExecStart=/usr/bin/podman start 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 ExecStop=/usr/bin/podman stop -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 @@ -78,7 +78,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar ExecStop=/usr/bin/podman stop -t 10 foobar @@ -104,7 +104,7 @@ After=a.service b.service c.service pod.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar ExecStop=/usr/bin/podman stop -t 10 foobar @@ -128,7 +128,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" @@ -153,7 +153,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm -d --replace --sdnotify=container --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" @@ -178,7 +178,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN @@ -203,7 +203,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --pod-id-file %t/pod-foobar.pod-id-file --sdnotify=conmon --replace -d --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN @@ -228,7 +228,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace --detach --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN @@ -253,7 +253,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest @@ -279,7 +279,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon ` + @@ -308,7 +308,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test -p 80:80 awesome-image:latest somecmd --detach=false @@ -333,7 +333,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=102 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman --events-backend none --runroot /root run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest @@ -358,7 +358,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest @@ -383,7 +383,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test --log-driver=journald --log-opt=tag={{.Name}} awesome-image:latest @@ -408,7 +408,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace --name test awesome-image:latest sh -c "kill $$$$ && echo %%\\" @@ -433,7 +433,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --conmon-pidfile=foo awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo alpine @@ -458,7 +458,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --pod-id-file %t/pod-foobar.pod-id-file --sdnotify=conmon -d --conmon-pidfile=foo awesome-image:latest podman run --cgroups=foo --conmon-pidfile=foo --cidfile=foo --pod-id-file /tmp/pod-foobar.pod-id-file alpine @@ -484,7 +484,7 @@ RequiresMountsFor=/var/run/containers/storage [Service] Environment=PODMAN_SYSTEMD_UNIT=%n Environment=FOO=abc "BAR=my test" USER=%%a -Restart=always +Restart=on-failure TimeoutStopSec=70 ExecStartPre=/bin/rm -f %t/%n.ctr-id ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --env FOO --env=BAR --env=MYENV=2 -e USER awesome-image:latest @@ -496,6 +496,32 @@ NotifyAccess=all [Install] WantedBy=multi-user.target default.target ` + + goodNewWithRestartPolicy := `# jadda-jadda.service +# autogenerated by Podman CI + +[Unit] +Description=Podman jadda-jadda.service +Documentation=man:podman-generate-systemd(1) +Wants=network-online.target +After=network-online.target +RequiresMountsFor=/var/run/containers/storage + +[Service] +Environment=PODMAN_SYSTEMD_UNIT=%n +Restart=on-failure +StartLimitBurst=42 +TimeoutStopSec=70 +ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d awesome-image:latest +ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +Type=notify +NotifyAccess=all + +[Install] +WantedBy=multi-user.target default.target +` tests := []struct { name string info containerInfo @@ -510,7 +536,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "container-639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", ContainerNameOrID: "639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 22, PodmanVersion: "CI", @@ -528,7 +553,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "container-639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", ContainerNameOrID: "639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 22, PodmanVersion: "CI", @@ -546,7 +570,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "container-foobar", ContainerNameOrID: "foobar", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -564,7 +587,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "container-foobar", ContainerNameOrID: "foobar", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -578,29 +600,11 @@ WantedBy=multi-user.target default.target false, false, }, - {"bad restart policy", - containerInfo{ - Executable: "/usr/bin/podman", - ServiceName: "639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", - RestartPolicy: "never", - PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", - StopTimeout: 10, - PodmanVersion: "CI", - EnvVariable: define.EnvVariable, - GraphRoot: "/var/lib/containers/storage", - RunRoot: "/var/run/containers/storage", - }, - "", - false, - false, - true, - }, {"good with name and generic", containerInfo{ Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -619,7 +623,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -638,7 +641,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -657,7 +659,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -679,7 +680,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -698,7 +698,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "container-639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", ContainerNameOrID: "639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -717,7 +716,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -736,7 +734,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -755,7 +752,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -774,7 +770,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -793,7 +788,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -812,26 +806,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", - PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", - StopTimeout: 42, - PodmanVersion: "CI", - CreateCommand: []string{"I'll get stripped", "run", "-tid", "awesome-image:latest"}, - EnvVariable: define.EnvVariable, - GraphRoot: "/var/lib/containers/storage", - RunRoot: "/var/run/containers/storage", - }, - genGoodNewDetach("-tid"), - true, - false, - false, - }, - {"good with root flags", - containerInfo{ - Executable: "/usr/bin/podman", - ServiceName: "jadda-jadda", - ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -850,7 +824,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -869,7 +842,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -888,7 +860,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -907,7 +878,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -926,7 +896,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -948,7 +917,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "jadda-jadda", ContainerNameOrID: "jadda-jadda", - RestartPolicy: "always", PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -963,6 +931,24 @@ WantedBy=multi-user.target default.target false, false, }, + {"good with restart policy", + containerInfo{ + Executable: "/usr/bin/podman", + ServiceName: "jadda-jadda", + ContainerNameOrID: "jadda-jadda", + PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", + StopTimeout: 10, + PodmanVersion: "CI", + GraphRoot: "/var/lib/containers/storage", + RunRoot: "/var/run/containers/storage", + CreateCommand: []string{"I'll get stripped", "create", "--restart", "on-failure:42", "awesome-image:latest"}, + EnvVariable: define.EnvVariable, + }, + goodNewWithRestartPolicy, + true, + false, + false, + }, } for _, tt := range tests { test := tt @@ -971,6 +957,7 @@ WantedBy=multi-user.target default.target New: test.new, NoHeader: test.noHeader, } + test.info.RestartPolicy = define.DefaultRestartPolicy got, err := executeContainerTemplate(&test.info, opts) if (err != nil) != test.wantErr { t.Errorf("CreateContainerSystemdUnit() %s error = \n%v, wantErr \n%v", test.name, err, test.wantErr) diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index 1b92649e8..e755b8eea 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -217,7 +217,6 @@ func generatePodInfo(pod *libpod.Pod, options entities.GenerateSystemdOptions) ( info := podInfo{ ServiceName: serviceName, InfraNameOrID: ctrNameOrID, - RestartPolicy: options.RestartPolicy, PIDFile: conmonPidFile, StopTimeout: timeout, GenerateTimestamp: true, @@ -230,8 +229,12 @@ func generatePodInfo(pod *libpod.Pod, options entities.GenerateSystemdOptions) ( // that the podInfo is also post processed and completed, which allows for an // easier unit testing. func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) (string, error) { - if err := validateRestartPolicy(info.RestartPolicy); err != nil { - return "", err + info.RestartPolicy = define.DefaultRestartPolicy + if options.RestartPolicy != nil { + if err := validateRestartPolicy(*options.RestartPolicy); err != nil { + return "", err + } + info.RestartPolicy = *options.RestartPolicy } // Make sure the executable is set. diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 4b8a9ffd5..c565a30ed 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -53,7 +53,7 @@ Before=container-1.service container-2.service [Service] Environment=PODMAN_SYSTEMD_UNIT=%n -Restart=always +Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra @@ -192,7 +192,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -211,7 +210,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -230,7 +228,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "always", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", @@ -249,7 +246,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "on-failure", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -268,7 +264,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "on-failure", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -287,7 +282,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "on-failure", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -306,7 +300,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "on-failure", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", @@ -325,7 +318,6 @@ WantedBy=multi-user.target default.target Executable: "/usr/bin/podman", ServiceName: "pod-123abc", InfraNameOrID: "jadda-jadda-infra", - RestartPolicy: "on-failure", PIDFile: "/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 10, PodmanVersion: "CI", diff --git a/pkg/util/utils_supported.go b/pkg/util/utils_supported.go index cb992d8b6..6eba0bc3c 100644 --- a/pkg/util/utils_supported.go +++ b/pkg/util/utils_supported.go @@ -1,4 +1,4 @@ -// +build linux darwin +// +build !windows package util diff --git a/test/apiv2/50-secrets.at b/test/apiv2/50-secrets.at index 034ec080a..ed0e8fb6b 100644 --- a/test/apiv2/50-secrets.at +++ b/test/apiv2/50-secrets.at @@ -27,8 +27,37 @@ t GET secrets 200 \ .[0].Spec.Name=mysecret \ .[0].Version.Index=1 -# secret list unsupported filters -t GET secrets?filters='{"name":["foo1"]}' 400 +# secret list with filters +t GET secrets?filters='{"name":["mysecret"]}' 200 \ + length=1 \ + .[0].Spec.Name=mysecret \ + .[0].Version.Index=1 + +t GET secrets?filters='{"name":["mysecret2"]}' 200 \ + length=0 \ + +# secret libpod list with filters +t GET libpod/secrets/json?filters='{"name":["mysecret"]}' 200 \ + length=1 \ + .[0].Spec.Name=mysecret \ + +t GET libpod/secrets/json?filters='{"name":["mysecret2"]}' 200 \ + length=0 \ + +# secret list with unsupported filters +t GET secrets?filters='{"label":["xyz"]}' 500 + +#compat api list secrets sanity checks +t GET secrets?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET secrets?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" + +#libpod api list secrets sanity checks +t GET libpod/secrets/json?filters='garb1age}' 500 \ + .cause="invalid character 'g' looking for beginning of value" +t GET libpod/secrets/json?filters='{"label":["testl' 500 \ + .cause="unexpected end of JSON input" # secret rm t DELETE secrets/mysecret 204 diff --git a/test/e2e/build/envwithtab/Dockerfile b/test/e2e/build/envwithtab/Dockerfile new file mode 100644 index 000000000..0d8480c04 --- /dev/null +++ b/test/e2e/build/envwithtab/Dockerfile @@ -0,0 +1,3 @@ +FROM alpine + +ENV TEST=" t" diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 1c9a8dc6f..403d739f0 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -93,6 +93,12 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + inspect := podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut := inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Checkpointed).To(BeTrue()) + result = podmanTest.Podman([]string{"container", "restore", cid}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 89859e74f..59615d009 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -50,6 +50,24 @@ var _ = Describe("Podman inspect", func() { Expect(session).To(ExitWithError()) }) + It("podman inspect filter should work if result contains tab", func() { + session := podmanTest.Podman([]string{"build", "--tag", "envwithtab", "build/envwithtab"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // Verify that OS and Arch are being set + inspect := podmanTest.Podman([]string{"inspect", "-f", "{{ .Config.Env }}", "envwithtab"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + // output should not be empty + // test validates fix for https://github.com/containers/podman/issues/8785 + Expect(strings.Contains(inspect.OutputToString(), "TEST")) + + session = podmanTest.Podman([]string{"rmi", "envwithtab"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + }) + It("podman inspect with GO format", func() { session := podmanTest.Podman([]string{"inspect", "--format", "{{.ID}}", ALPINE}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index ab496f0eb..fa30f068c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -11,6 +11,7 @@ import ( "text/template" "time" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/pkg/util" . "github.com/containers/podman/v3/test/utils" "github.com/containers/storage/pkg/stringid" @@ -30,6 +31,22 @@ metadata: spec: hostname: unknown ` +var checkInfraImagePodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + labels: + app: check-infra-image + name: check-infra-image +spec: + containers: + - name: alpine + image: quay.io/libpod/alpine:latest + command: + - sleep + - 24h +status: {} +` var sharedNamespacePodYaml = ` apiVersion: v1 kind: Pod @@ -1098,6 +1115,55 @@ var _ = Describe("Podman play kube", func() { Expect(label).To(ContainSubstring("unconfined_u:system_r:spc_t:s0")) }) + It("podman play kube should use default infra_image", func() { + err := writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"inspect", "check-infra-image", "--format", "{{ .InfraContainerID }}"}) + podInspect.WaitWithDefaultTimeout() + infraContainerID := podInspect.OutputToString() + + conInspect := podmanTest.Podman([]string{"inspect", infraContainerID, "--format", "{{ .ImageName }}"}) + conInspect.WaitWithDefaultTimeout() + infraContainerImage := conInspect.OutputToString() + Expect(infraContainerImage).To(Equal(config.DefaultInfraImage)) + }) + + It("podman play kube should use customized infra_image", func() { + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + + infraImage := "k8s.gcr.io/pause:3.2" + err := ioutil.WriteFile(conffile, []byte(fmt.Sprintf("[engine]\ninfra_image=\"%s\"\n", infraImage)), 0644) + Expect(err).To(BeNil()) + + os.Setenv("CONTAINERS_CONF", conffile) + defer os.Unsetenv("CONTAINERS_CONF") + + if IsRemote() { + podmanTest.RestartRemoteService() + } + + err = writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"inspect", "check-infra-image", "--format", "{{ .InfraContainerID }}"}) + podInspect.WaitWithDefaultTimeout() + infraContainerID := podInspect.OutputToString() + + conInspect := podmanTest.Podman([]string{"inspect", infraContainerID, "--format", "{{ .ImageName }}"}) + conInspect.WaitWithDefaultTimeout() + infraContainerImage := conInspect.OutputToString() + Expect(infraContainerImage).To(Equal(infraImage)) + }) + It("podman play kube should share ipc,net,uts when shareProcessNamespace is set", func() { SkipIfRootless("Requires root privileges for sharing few namespaces") err := writeYaml(sharedNamespacePodYaml, kubeYaml) @@ -1289,6 +1355,40 @@ var _ = Describe("Podman play kube", func() { Expect(logs.OutputToString()).To(ContainSubstring("hello world")) }) + It("podman pod logs test", func() { + SkipIfRemote("podman-remote pod logs -c is mandatory for remote machine") + p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"})))) + + err := generateKubeYaml("pod", p, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + logs := podmanTest.Podman([]string{"pod", "logs", p.Name}) + logs.WaitWithDefaultTimeout() + Expect(logs).Should(Exit(0)) + Expect(logs.OutputToString()).To(ContainSubstring("hello world")) + }) + + It("podman-remote pod logs test", func() { + // -c or --container is required in podman-remote due to api limitation. + p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"})))) + + err := generateKubeYaml("pod", p, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + logs := podmanTest.Podman([]string{"pod", "logs", "-c", getCtrNameInPod(p), p.Name}) + logs.WaitWithDefaultTimeout() + Expect(logs).Should(Exit(0)) + Expect(logs.OutputToString()).To(ContainSubstring("hello world")) + }) + It("podman play kube test restartPolicy", func() { // podName, set, expect testSli := [][]string{ diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index b0faabf6c..f82c3d9d1 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -148,7 +148,7 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", "docker.io/alpine"}) search.WaitWithDefaultTimeout() Expect(search).Should(Exit(0)) - Expect(len(search.OutputToStringArray())).To(Equal(26)) + Expect(len(search.OutputToStringArray())).To(BeNumerically(">", 10)) search = podmanTest.Podman([]string{"search", "--limit", "3", "docker.io/alpine"}) search.WaitWithDefaultTimeout() @@ -462,7 +462,7 @@ registries = ['{{.Host}}:{{.Port}}']` search = podmanTest.Podman([]string{"search", "--list-tags", "docker.io/library/alpine"}) search.WaitWithDefaultTimeout() Expect(search).Should(Exit(0)) - Expect(len(search.OutputToStringArray()) > 2).To(BeTrue()) + Expect(len(search.OutputToStringArray())).To(BeNumerically(">", 2)) search = podmanTest.Podman([]string{"search", "--filter=is-official", "--list-tags", "docker.io/library/alpine"}) search.WaitWithDefaultTimeout() @@ -477,6 +477,6 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", "--limit", "130", "registry.redhat.io/rhel"}) search.WaitWithDefaultTimeout() Expect(search).Should(Exit(0)) - Expect(len(search.OutputToStringArray())).To(Equal(131)) + Expect(len(search.OutputToStringArray())).To(BeNumerically("<=", 131)) }) }) diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 96ca2c1bd..0ea0f8356 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -9,6 +9,7 @@ load helpers buildahVersion: *[0-9.]\\\+ conmon:\\\s\\\+package: distribution: +logDriver: ociRuntime:\\\s\\\+name: os: rootless: diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats index 32282c8e1..a04d2ac74 100644 --- a/test/system/035-logs.bats +++ b/test/system/035-logs.bats @@ -174,4 +174,31 @@ $s_after" _log_test_until journald } +function _log_test_follow() { + local driver=$1 + cname=$(random_string) + contentA=$(random_string) + contentB=$(random_string) + contentC=$(random_string) + + # Note: it seems we need at least three log lines to hit #11461. + run_podman run --log-driver=$driver --name $cname $IMAGE sh -c "echo $contentA; echo $contentB; echo $contentC" + run_podman logs -f $cname + is "$output" "$contentA +$contentB +$contentC" "logs -f on exitted container works" + + run_podman rm -f $cname +} + +@test "podman logs - --follow k8s-file" { + _log_test_follow k8s-file +} + +@test "podman logs - --follow journald" { + # We can't use journald on RHEL as rootless: rhbz#1895105 + skip_if_journald_unavailable + + _log_test_follow journald +} # vim: filetype=sh diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 0f58b2784..47db08eb1 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -929,6 +929,33 @@ EOF is "$output" ".*test1" "test1 should exists in the final image" } +@test "podman build build context ownership" { + tmpdir=$PODMAN_TMPDIR/build-test + subdir=$tmpdir/subdir + mkdir -p $subdir + + touch $tmpdir/empty-file.txt + if is_remote && ! is_rootless ; then + # TODO: set this file's owner to a UID:GID that will not be mapped + # in the context where the remote server is running, which generally + # requires us to be root (or running with more mapped IDs) on the + # client, but not root (or running with fewer mapped IDs) on the + # remote server + # 4294967292:4294967292 (0xfffffffc:0xfffffffc) isn't that, but + # it will catch errors where a remote server doesn't apply the right + # default as it copies content into the container + chown 4294967292:4294967292 $tmpdir/empty-file.txt + fi + cat >$tmpdir/Dockerfile <<EOF +FROM $IMAGE +COPY empty-file.txt . +RUN echo 0:0 | tee expected.txt +RUN stat -c "%u:%g" empty-file.txt | tee actual.txt +RUN cmp expected.txt actual.txt +EOF + run_podman build -t build_test $tmpdir +} + function teardown() { # A timeout or other error in 'build' can leave behind stale images # that podman can't even see and which will cascade into subsequent diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index 3e8c3c1ea..b7367d153 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -101,4 +101,32 @@ load helpers run_podman rm $cid } +# #11496: podman-remote loses output +@test "podman exec/run - missing output" { + local bigfile=${PODMAN_TMPDIR}/bigfile + local newfile=${PODMAN_TMPDIR}/newfile + # create a big file, bigger than the 8K buffer size + base64 /dev/urandom | head -c 20K > $bigfile + + run_podman run --rm -v $bigfile:/tmp/test:Z $IMAGE cat /tmp/test + printf "%s" "$output" > $newfile + # use cmp to compare the files, this is very helpful since it will + # tell us the first wrong byte in case this fails + run cmp $bigfile $newfile + is "$output" "" "run output is identical with the file" + + run_podman run -d --stop-timeout 0 -v $bigfile:/tmp/test:Z $IMAGE sleep inf + cid="$output" + + run_podman exec $cid cat /tmp/test + printf "%s" "$output" > $newfile + # use cmp to compare the files, this is very helpful since it will + # tell us the first wrong byte in case this fails + run cmp $bigfile $newfile + is "$output" "" "exec output is identical with the file" + + # Clean up + run_podman rm -f $cid +} + # vim: filetype=sh diff --git a/test/system/150-login.bats b/test/system/150-login.bats index b6c04db08..ed925044c 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -22,12 +22,7 @@ fi # Randomly-assigned port in the 5xxx range if [ -z "${PODMAN_LOGIN_REGISTRY_PORT}" ]; then - for port in $(shuf -i 5000-5999);do - if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then - export PODMAN_LOGIN_REGISTRY_PORT=$port - break - fi - done + export PODMAN_LOGIN_REGISTRY_PORT=$(random_free_port) fi # Override any user-set path to an auth file diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 266f91298..027abf9dc 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -76,11 +76,7 @@ function teardown() { fi # Randomly-assigned port in the 5xxx range - for port in $(shuf -i 5000-5999);do - if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then - break - fi - done + port=$(random_free_port) # Listener. This will exit as soon as it receives a message. run_podman run -d --pod $podname $IMAGE nc -l -p $port @@ -183,16 +179,8 @@ function random_ip() { pod_id_file=${PODMAN_TMPDIR}/pod-id-file # Randomly-assigned ports in the 5xxx and 6xxx range - for port_in in $(shuf -i 5000-5999);do - if ! { exec 3<> /dev/tcp/127.0.0.1/$port_in; } &>/dev/null; then - break - fi - done - for port_out in $(shuf -i 6000-6999);do - if ! { exec 3<> /dev/tcp/127.0.0.1/$port_out; } &>/dev/null; then - break - fi - done + port_in=$(random_free_port 5000-5999) + port_out=$(random_free_port 6000-6999) # Create a pod with all the desired options # FIXME: --ip=$ip fails: diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 08fad5e7c..4578d9e60 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -136,6 +136,29 @@ function service_cleanup() { service_cleanup } +# Regression test for #11438 +@test "podman generate systemd - restart policy" { + cname=$(random_string) + run_podman create --restart=always --name $cname $IMAGE + run_podman generate systemd --new $cname + is "$output" ".*Restart=always.*" "Use container's restart policy if set" + run_podman generate systemd --new --restart-policy=on-failure $cname + is "$output" ".*Restart=on-failure.*" "Override container's restart policy" + + cname2=$(random_string) + run_podman create --restart=unless-stopped --name $cname2 $IMAGE + run_podman generate systemd --new $cname2 + is "$output" ".*Restart=always.*" "unless-stopped translated to always" + + cname3=$(random_string) + run_podman create --restart=on-failure:42 --name $cname3 $IMAGE + run_podman generate systemd --new $cname3 + is "$output" ".*Restart=on-failure.*" "on-failure:xx is parsed correclty" + is "$output" ".*StartLimitBurst=42.*" "on-failure:xx is parsed correctly" + + run_podman rm -f $cname $cname2 $cname3 +} + function set_listen_env() { export LISTEN_PID="100" LISTEN_FDS="1" LISTEN_FDNAMES="listen_fdnames" } diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats index b172bb917..bb4b5c13f 100644 --- a/test/system/255-auto-update.bats +++ b/test/system/255-auto-update.bats @@ -339,6 +339,8 @@ EOF } @test "podman auto-update using systemd" { + skip_if_journald_unavailable + generate_service alpine image cat >$UNIT_DIR/podman-auto-update-$cname.timer <<EOF @@ -386,7 +388,9 @@ EOF done if [[ -n "$failed_start" ]]; then - die "Did not find expected string '$expect' in journalctl output for $cname" + echo "journalctl output:" + sed -e 's/^/ /' <<<"$output" + die "Did not find expected string '$expect' in journalctl output for $cname" fi _confirm_update $cname $ori_image diff --git a/test/system/271-tcp-cors-server.bats b/test/system/271-tcp-cors-server.bats index cdfa82e82..d8e4eb3df 100644 --- a/test/system/271-tcp-cors-server.bats +++ b/test/system/271-tcp-cors-server.bats @@ -14,7 +14,7 @@ SOCKET_FILE="$UNIT_DIR/$SERVICE_NAME.socket" @test "podman system service - tcp CORS" { skip_if_remote "system service tests are meaningless over remote" - PORT=$(( ((RANDOM<<15)|RANDOM) % 63001 + 2000 )) + PORT=$(random_free_port 63000-64999) run_podman system service --cors="*" tcp:$SERVICE_TCP_HOST:$PORT -t 20 & podman_pid="$!" sleep 5s @@ -26,7 +26,7 @@ SOCKET_FILE="$UNIT_DIR/$SERVICE_NAME.socket" @test "podman system service - tcp without CORS" { skip_if_remote "system service tests are meaningless over remote" - PORT=$(( ((RANDOM<<15)|RANDOM) % 63001 + 2000 )) + PORT=$(random_free_port 63000-64999) run_podman system service tcp:$SERVICE_TCP_HOST:$PORT -t 20 & podman_pid="$!" sleep 5s diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 3ebe45e63..ad5891dd9 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -23,7 +23,7 @@ load helpers random_1=$(random_string 30) random_2=$(random_string 30) - HOST_PORT=8080 + HOST_PORT=$(random_free_port) SERVER=http://127.0.0.1:$HOST_PORT # Create a test file with random content @@ -114,11 +114,8 @@ load helpers # Issue #5466 - port-forwarding doesn't work with this option and -d @test "podman networking: port with --userns=keep-id" { - # FIXME: randomize port, and create second random host port - myport=54321 - for cidr in "" "$(random_rfc1918_subnet).0/24"; do - myport=$(( myport + 1 )) + myport=$(random_free_port 52000-52999) if [[ -z $cidr ]]; then # regex to match that we are in 10.X subnet match="10\..*" @@ -188,6 +185,7 @@ load helpers # "network create" now works rootless, with the help of a special container @test "podman network create" { + # Deliberately use a fixed port, not random_open_port, because of #10806 myport=54322 local mynetname=testnet-$(random_string 10) @@ -244,7 +242,7 @@ load helpers skip_if_remote "podman network reload does not have remote support" random_1=$(random_string 30) - HOST_PORT=12345 + HOST_PORT=$(random_free_port) SERVER=http://127.0.0.1:$HOST_PORT # Create a test file with random content @@ -396,7 +394,7 @@ load helpers # Test for https://github.com/containers/podman/issues/10052 @test "podman network connect/disconnect with port forwarding" { random_1=$(random_string 30) - HOST_PORT=12345 + HOST_PORT=$(random_free_port) SERVER=http://127.0.0.1:$HOST_PORT # Create a test file with random content diff --git a/test/system/700-play.bats b/test/system/700-play.bats index 7f35877aa..2b05cdd84 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -98,6 +98,16 @@ RELABEL="system_u:object_r:container_file_t:s0" run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host" run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml + run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}" + infraID="$output" + run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID + is "$output" "slirp4netns" "network mode slirp4netns is set for the container" + run_podman pod rm -f test_pod + run_podman play kube --network none $PODMAN_TMPDIR/test.yaml + run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}" + infraID="$output" + run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID + is "$output" "none" "network mode none is set for the container" run_podman pod rm -f test_pod } diff --git a/test/system/helpers.bash b/test/system/helpers.bash index bd9471ace..28ea924bb 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -278,6 +278,23 @@ function wait_for_ready { wait_for_output 'READY' "$@" } +###################### +# random_free_port # Pick an available port within a specified range +###################### +function random_free_port() { + local range=${1:-5000-5999} + + local port + for port in $(shuf -i ${range}); do + if ! { exec {unused_fd}<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then + echo $port + return + fi + done + + die "Could not find open port in range $range" +} + ################### # wait_for_port # Returns once port is available on host ################### @@ -288,7 +305,7 @@ function wait_for_port() { # Wait while [ $_timeout -gt 0 ]; do - { exec 5<> /dev/tcp/$host/$port; } &>/dev/null && return + { exec {unused_fd}<> /dev/tcp/$host/$port; } &>/dev/null && return sleep 1 _timeout=$(( $_timeout - 1 )) done diff --git a/test/system/helpers.t b/test/system/helpers.t index 190e8ba35..b83d9a89b 100755 --- a/test/system/helpers.t +++ b/test/system/helpers.t @@ -213,8 +213,16 @@ declare -a lines=( ) check_same_dev "zero-line output" - # END remove_same_dev_warning ############################################################################### +# BEGIN random_free_port + +# Assumes that 16700 is open +found=$(random_free_port 16700-16700) + +check_result "$found" "16700" "random_free_port" + +# END random_free_port +############################################################################### exit $rc diff --git a/test/testvol/main.go b/test/testvol/main.go index 14f253aa7..721f47bcd 100644 --- a/test/testvol/main.go +++ b/test/testvol/main.go @@ -224,13 +224,13 @@ func (d *DirDriver) Remove(req *volume.RemoveRequest) error { vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Did not find volume %s", req.Name) - return errors.Errorf("no volume with name %s found") + return errors.Errorf("no volume with name %s found", req.Name) } logrus.Debugf("Found volume %s", req.Name) if len(vol.mounts) > 0 { logrus.Debugf("Cannot remove %s, is mounted", req.Name) - return errors.Errorf("volume %s is mounted and cannot be removed") + return errors.Errorf("volume %s is mounted and cannot be removed", req.Name) } delete(d.volumes, req.Name) diff --git a/test/upgrade/helpers.bash b/test/upgrade/helpers.bash index 41d9279e6..16fedb053 100644 --- a/test/upgrade/helpers.bash +++ b/test/upgrade/helpers.bash @@ -9,3 +9,11 @@ setup() { teardown() { : } + +# skip a test when the given version is older than the currently tested one +skip_if_version_older() { + # use ${PODMAN_UPGRADE_FROM##v} to trim the leading "v" + if printf '%s\n%s\n' "${PODMAN_UPGRADE_FROM##v}" "$1" | sort --check=quiet --version-sort; then + skip "${2-test is only meaningful when upgrading from $1 or later}" + fi +} diff --git a/test/upgrade/test-upgrade.bats b/test/upgrade/test-upgrade.bats index ca478e263..5cb302a85 100644 --- a/test/upgrade/test-upgrade.bats +++ b/test/upgrade/test-upgrade.bats @@ -21,9 +21,7 @@ if [ -z "${RANDOM_STRING_1}" ]; then export LABEL_CREATED=$(random_string 16) export LABEL_FAILED=$(random_string 17) export LABEL_RUNNING=$(random_string 18) - - # FIXME: randomize this - HOST_PORT=34567 + export HOST_PORT=$(random_free_port) fi # Version string of the podman we're actually testing, e.g. '3.0.0-dev-d1a26013' @@ -44,7 +42,8 @@ setup() { false fi - export _PODMAN_TEST_OPTS="--root=$PODMAN_UPGRADE_WORKDIR/root --runroot=$PODMAN_UPGRADE_WORKDIR/runroot --tmpdir=$PODMAN_UPGRADE_WORKDIR/tmp" + # cgroup-manager=systemd does not work inside a container + export _PODMAN_TEST_OPTS="--cgroup-manager=cgroupfs --root=$PODMAN_UPGRADE_WORKDIR/root --runroot=$PODMAN_UPGRADE_WORKDIR/runroot --tmpdir=$PODMAN_UPGRADE_WORKDIR/tmp" } ############################################################################### @@ -76,8 +75,8 @@ setup() { cat >| $pmscript <<EOF #!/bin/bash -# cgroup-manager=systemd does not work inside a container -opts="--cgroup-manager=cgroupfs --events-backend=file $_PODMAN_TEST_OPTS" +# events-backend=journald does not work inside a container +opts="--events-backend=file $_PODMAN_TEST_OPTS" set -ex @@ -95,22 +94,17 @@ podman \$opts run --name mydonecontainer $IMAGE echo ++$RANDOM_STRING_1++ podman \$opts run --name myfailedcontainer --label mylabel=$LABEL_FAILED \ $IMAGE sh -c 'exit 17' || true -# FIXME: add "-p $HOST_PORT:80" -# ...I tried and tried, and could not get this to work. I could never -# connect to the port from the host, nor even from the podman_parent -# container; I could never see the port listed in 'ps' nor 'inspect'. -# And, finally, I ended up in a state where the container wouldn't -# even start, and via complicated 'podman logs' found out: -# httpd: bind: Address in use -# So I just give up for now. -# podman \$opts run -d --name myrunningcontainer --label mylabel=$LABEL_RUNNING \ + --network bridge \ + -p $HOST_PORT:80 \ -v $pmroot/var/www:/var/www \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 podman \$opts pod create --name mypod +podman \$opts network create mynetwork + echo READY while :;do if [ -e /stop ]; then @@ -140,6 +134,7 @@ EOF # # mount /etc/containers/storage.conf to use the same storage settings as on the host # mount /dev/shm because the container locks are stored there + # mount /var/lib/cni and /etc/cni/net.d for cni networking # $PODMAN run -d --name podman_parent --pid=host \ --privileged \ @@ -149,6 +144,9 @@ EOF -v /etc/containers/storage.conf:/etc/containers/storage.conf \ -v /dev/fuse:/dev/fuse \ -v /run/crun:/run/crun \ + -v /run/netns:/run/netns:rshared \ + -v /var/lib/cni:/var/lib/cni \ + -v /etc/cni/net.d:/etc/cni/net.d \ -v /dev/shm:/dev/shm \ -v $pmroot:$pmroot \ $OLD_PODMAN $pmroot/setup @@ -187,7 +185,7 @@ EOF is "${lines[1]}" "mycreatedcontainer--Created----$LABEL_CREATED" "created" is "${lines[2]}" "mydonecontainer--Exited (0).*----<no value>" "done" is "${lines[3]}" "myfailedcontainer--Exited (17) .*----$LABEL_FAILED" "fail" - is "${lines[4]}" "myrunningcontainer--Up .*----$LABEL_RUNNING" "running" + is "${lines[4]}" "myrunningcontainer--Up .*--0.0.0.0:$HOST_PORT->80/tcp--$LABEL_RUNNING" "running" # For debugging: dump containers and IDs if [[ -n "$PODMAN_UPGRADE_TEST_DEBUG" ]]; then @@ -212,6 +210,30 @@ failed | exited | 17 done < <(parse_table "$tests") } +@test "network - curl" { + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on running container" +} + +# IMPORTANT: connect should happen before restart, we want to check +# if we can connect on an existing running container +@test "network - connect" { + skip_if_version_older 2.2.0 + run_podman network connect mynetwork myrunningcontainer + run_podman network disconnect podman myrunningcontainer + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on container with second network connected" +} + +@test "network - restart" { + # restart the container and check if we can still use the port + run_podman stop -t0 myrunningcontainer + run_podman start myrunningcontainer + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on restarted container" +} + + @test "logs" { run_podman logs mydonecontainer is "$output" "++$RANDOM_STRING_1++" "podman logs on stopped container" @@ -235,7 +257,7 @@ failed | exited | 17 run_podman pod inspect mypod is "$output" ".*mypod.*" - run_podman --cgroup-manager=cgroupfs pod start mypod + run_podman pod start mypod is "$output" "[0-9a-f]\\{64\\}" "podman pod start" run_podman pod ps @@ -245,7 +267,7 @@ failed | exited | 17 run_podman pod stop mypod is "$output" "[0-9a-f]\\{64\\}" "podman pod stop" - run_podman --cgroup-manager=cgroupfs pod rm mypod + run_podman pod rm mypod # FIXME: CI runs show this (non fatal) error: # Error updating pod <ID> conmon cgroup PID limit: open /sys/fs/cgroup/libpod_parent/<ID>/conmon/pids.max: no such file or directory # Investigate how to fix this (likely a race condition) @@ -257,7 +279,7 @@ failed | exited | 17 @test "start" { - run_podman --cgroup-manager=cgroupfs start -a mydonecontainer + run_podman start -a mydonecontainer is "$output" "++$RANDOM_STRING_1++" "start on already-run container" } @@ -295,6 +317,8 @@ failed | exited | 17 run_podman logs podman_parent run_podman rm -f podman_parent + run_podman network rm -f mynetwork + umount $PODMAN_UPGRADE_WORKDIR/root/overlay || true rm -rf $PODMAN_UPGRADE_WORKDIR diff --git a/troubleshooting.md b/troubleshooting.md index 686166da0..a6c014625 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -881,3 +881,29 @@ def signal_listener(): if __name__ == "__main__": signal_listener() ``` +### 30) Podman run fails with `ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user` or `Error: error creating tmpdir: mkdir /run/user/1000: permission denied`. + +A failure is encountered when performing `podman run` with a warning `XDG_RUNTIME_DIR is pointing to a path which is not writable. Most likely podman will fail.` + +#### Symptom + +A rootless container is being invoked with cgroup configuration as `cgroupv2` for user with missing or invalid **systemd session**. + +Example cases +```bash +# su user1 -c 'podman images' +ERRO[0000] XDG_RUNTIME_DIR directory "/run/user/0" is not owned by the current user +``` +```bash +# su - user1 -c 'podman images' +Error: error creating tmpdir: mkdir /run/user/1000: permission denied +``` + +#### Solution + +Podman expects a valid login session for the `rootless+cgroupv2` use-case. Podman execution is expected to fail if the login session is not present. In most cases, podman will figure out a solution on its own but if `XDG_RUNTIME_DIR` is pointing to a path that is not writable execution will most fail. Typical scenarious of such cases are seen when users are trying to use Podman with `su - <user> -c '<podman-command>`, or `sudo -l` and badly configured systemd session. + +Resolution steps + +* Before invoking Podman command create a valid login session for your rootless user using `loginctl enable-linger <username>` +* If `loginctl` is unavailable you can also try logging in via `ssh` i.e `ssh <username>@localhost`. diff --git a/vendor/github.com/godbus/dbus/v5/README.markdown b/vendor/github.com/godbus/dbus/v5/README.md index 1fb2eacaa..5c2412583 100644 --- a/vendor/github.com/godbus/dbus/v5/README.markdown +++ b/vendor/github.com/godbus/dbus/v5/README.md @@ -14,14 +14,12 @@ D-Bus message bus system. ### Installation -This packages requires Go 1.7. If you installed it and set up your GOPATH, just run: +This packages requires Go 1.12 or later. It can be installed by running the command below: ``` -go get github.com/godbus/dbus +go get github.com/godbus/dbus/v5 ``` -If you want to use the subpackages, you can install them the same way. - ### Usage The complete package documentation and some simple examples are available at @@ -30,10 +28,12 @@ The complete package documentation and some simple examples are available at gives a short overview over the basic usage. #### Projects using godbus -- [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library. +- [fyne](https://github.com/fyne-io/fyne) a cross platform GUI in Go inspired by Material Design. +- [fynedesk](https://github.com/fyne-io/fynedesk) a full desktop environment for Linux/Unix using Fyne. - [go-bluetooth](https://github.com/muka/go-bluetooth) provides a bluetooth client over bluez dbus API. -- [playerbm](https://github.com/altdesktop/playerbm) a bookmark utility for media players. - [iwd](https://github.com/shibumi/iwd) go bindings for the internet wireless daemon "iwd". +- [notify](https://github.com/esiqveland/notify) provides desktop notifications over dbus into a library. +- [playerbm](https://github.com/altdesktop/playerbm) a bookmark utility for media players. Please note that the API is considered unstable for now and may change without further notice. diff --git a/vendor/github.com/godbus/dbus/v5/auth.go b/vendor/github.com/godbus/dbus/v5/auth.go index 283487a0e..eb0b2f434 100644 --- a/vendor/github.com/godbus/dbus/v5/auth.go +++ b/vendor/github.com/godbus/dbus/v5/auth.go @@ -75,9 +75,9 @@ func (conn *Conn) Auth(methods []Auth) error { s = s[1:] for _, v := range s { for _, m := range methods { - if name, data, status := m.FirstData(); bytes.Equal(v, name) { + if name, _, status := m.FirstData(); bytes.Equal(v, name) { var ok bool - err = authWriteLine(conn.transport, []byte("AUTH"), v, data) + err = authWriteLine(conn.transport, []byte("AUTH"), v) if err != nil { return err } @@ -194,11 +194,14 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo } conn.uuid = string(s[1]) return nil, true + case state == waitingForOk && string(s[0]) == "DATA": + err = authWriteLine(conn.transport, []byte("DATA")) + if err != nil { + return err, false + } case state == waitingForOk && string(s[0]) == "REJECTED": return nil, false - case state == waitingForOk && (string(s[0]) == "DATA" || - string(s[0]) == "ERROR"): - + case state == waitingForOk && string(s[0]) == "ERROR": err = authWriteLine(conn.transport, []byte("CANCEL")) if err != nil { return err, false diff --git a/vendor/github.com/godbus/dbus/v5/conn.go b/vendor/github.com/godbus/dbus/v5/conn.go index 29fe018ad..cb8966a74 100644 --- a/vendor/github.com/godbus/dbus/v5/conn.go +++ b/vendor/github.com/godbus/dbus/v5/conn.go @@ -478,14 +478,24 @@ func (conn *Conn) sendMessageAndIfClosed(msg *Message, ifClosed func()) { conn.outInt(msg) } err := conn.outHandler.sendAndIfClosed(msg, ifClosed) - conn.calls.handleSendError(msg, err) if err != nil { - conn.serialGen.RetireSerial(msg.serial) + conn.handleSendError(msg, err) } else if msg.Type != TypeMethodCall { conn.serialGen.RetireSerial(msg.serial) } } +func (conn *Conn) handleSendError(msg *Message, err error) { + if msg.Type == TypeMethodCall { + conn.calls.handleSendError(msg, err) + } else if msg.Type == TypeMethodReply { + if _, ok := err.(FormatError); ok { + conn.sendError(err, msg.Headers[FieldDestination].value.(string), msg.Headers[FieldReplySerial].value.(uint32)) + } + } + conn.serialGen.RetireSerial(msg.serial) +} + // Send sends the given message to the message bus. You usually don't need to // use this; use the higher-level equivalents (Call / Go, Emit and Export) // instead. If msg is a method call and NoReplyExpected is not set, a non-nil diff --git a/vendor/github.com/godbus/dbus/v5/decoder.go b/vendor/github.com/godbus/dbus/v5/decoder.go index ede91575b..89bfed9d1 100644 --- a/vendor/github.com/godbus/dbus/v5/decoder.go +++ b/vendor/github.com/godbus/dbus/v5/decoder.go @@ -10,14 +10,16 @@ type decoder struct { in io.Reader order binary.ByteOrder pos int + fds []int } // newDecoder returns a new decoder that reads values from in. The input is // expected to be in the given byte order. -func newDecoder(in io.Reader, order binary.ByteOrder) *decoder { +func newDecoder(in io.Reader, order binary.ByteOrder, fds []int) *decoder { dec := new(decoder) dec.in = in dec.order = order + dec.fds = fds return dec } @@ -53,7 +55,7 @@ func (dec *decoder) Decode(sig Signature) (vs []interface{}, err error) { vs = make([]interface{}, 0) s := sig.str for s != "" { - err, rem := validSingle(s, 0) + err, rem := validSingle(s, &depthCounter{}) if err != nil { return nil, err } @@ -150,7 +152,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { if len(sig.str) == 0 { panic(FormatError("variant signature is empty")) } - err, rem := validSingle(sig.str, 0) + err, rem := validSingle(sig.str, &depthCounter{}) if err != nil { panic(err) } @@ -161,7 +163,11 @@ func (dec *decoder) decode(s string, depth int) interface{} { variant.value = dec.decode(sig.str, depth+1) return variant case 'h': - return UnixFDIndex(dec.decode("u", depth).(uint32)) + idx := dec.decode("u", depth).(uint32) + if int(idx) < len(dec.fds) { + return UnixFD(dec.fds[idx]) + } + return UnixFDIndex(idx) case 'a': if len(s) > 1 && s[1] == '{' { ksig := s[2:3] @@ -219,7 +225,7 @@ func (dec *decoder) decode(s string, depth int) interface{} { v := make([]interface{}, 0) s = s[1 : len(s)-1] for s != "" { - err, rem := validSingle(s, 0) + err, rem := validSingle(s, &depthCounter{}) if err != nil { panic(err) } diff --git a/vendor/github.com/godbus/dbus/v5/encoder.go b/vendor/github.com/godbus/dbus/v5/encoder.go index adfbb75c5..015b26cd5 100644 --- a/vendor/github.com/godbus/dbus/v5/encoder.go +++ b/vendor/github.com/godbus/dbus/v5/encoder.go @@ -5,28 +5,33 @@ import ( "encoding/binary" "io" "reflect" + "strings" + "unicode/utf8" ) // An encoder encodes values to the D-Bus wire format. type encoder struct { out io.Writer + fds []int order binary.ByteOrder pos int } // NewEncoder returns a new encoder that writes to out in the given byte order. -func newEncoder(out io.Writer, order binary.ByteOrder) *encoder { - return newEncoderAtOffset(out, 0, order) +func newEncoder(out io.Writer, order binary.ByteOrder, fds []int) *encoder { + enc := newEncoderAtOffset(out, 0, order, fds) + return enc } // newEncoderAtOffset returns a new encoder that writes to out in the given // byte order. Specify the offset to initialize pos for proper alignment // computation. -func newEncoderAtOffset(out io.Writer, offset int, order binary.ByteOrder) *encoder { +func newEncoderAtOffset(out io.Writer, offset int, order binary.ByteOrder, fds []int) *encoder { enc := new(encoder) enc.out = out enc.order = order enc.pos = offset + enc.fds = fds return enc } @@ -75,6 +80,9 @@ func (enc *encoder) Encode(vs ...interface{}) (err error) { // encode encodes the given value to the writer and panics on error. depth holds // the depth of the container nesting. func (enc *encoder) encode(v reflect.Value, depth int) { + if depth > 64 { + panic(FormatError("input exceeds depth limitation")) + } enc.align(alignment(v.Type())) switch v.Kind() { case reflect.Uint8: @@ -97,7 +105,14 @@ func (enc *encoder) encode(v reflect.Value, depth int) { enc.binwrite(uint16(v.Uint())) enc.pos += 2 case reflect.Int, reflect.Int32: - enc.binwrite(int32(v.Int())) + if v.Type() == unixFDType { + fd := v.Int() + idx := len(enc.fds) + enc.fds = append(enc.fds, int(fd)) + enc.binwrite(uint32(idx)) + } else { + enc.binwrite(int32(v.Int())) + } enc.pos += 4 case reflect.Uint, reflect.Uint32: enc.binwrite(uint32(v.Uint())) @@ -112,9 +127,21 @@ func (enc *encoder) encode(v reflect.Value, depth int) { enc.binwrite(v.Float()) enc.pos += 8 case reflect.String: - enc.encode(reflect.ValueOf(uint32(len(v.String()))), depth) + str := v.String() + if !utf8.ValidString(str) { + panic(FormatError("input has a not-utf8 char in string")) + } + if strings.IndexByte(str, byte(0)) != -1 { + panic(FormatError("input has a null char('\\000') in string")) + } + if v.Type() == objectPathType { + if !ObjectPath(str).IsValid() { + panic(FormatError("invalid object path")) + } + } + enc.encode(reflect.ValueOf(uint32(len(str))), depth) b := make([]byte, v.Len()+1) - copy(b, v.String()) + copy(b, str) b[len(b)-1] = 0 n, err := enc.out.Write(b) if err != nil { @@ -124,20 +151,23 @@ func (enc *encoder) encode(v reflect.Value, depth int) { case reflect.Ptr: enc.encode(v.Elem(), depth) case reflect.Slice, reflect.Array: - if depth >= 64 { - panic(FormatError("input exceeds container depth limit")) - } // Lookahead offset: 4 bytes for uint32 length (with alignment), // plus alignment for elements. n := enc.padding(0, 4) + 4 offset := enc.pos + n + enc.padding(n, alignment(v.Type().Elem())) var buf bytes.Buffer - bufenc := newEncoderAtOffset(&buf, offset, enc.order) + bufenc := newEncoderAtOffset(&buf, offset, enc.order, enc.fds) for i := 0; i < v.Len(); i++ { bufenc.encode(v.Index(i), depth+1) } + + if buf.Len() > 1<<26 { + panic(FormatError("input exceeds array size limitation")) + } + + enc.fds = bufenc.fds enc.encode(reflect.ValueOf(uint32(buf.Len())), depth) length := buf.Len() enc.align(alignment(v.Type().Elem())) @@ -146,13 +176,10 @@ func (enc *encoder) encode(v reflect.Value, depth int) { } enc.pos += length case reflect.Struct: - if depth >= 64 && v.Type() != signatureType { - panic(FormatError("input exceeds container depth limit")) - } switch t := v.Type(); t { case signatureType: str := v.Field(0) - enc.encode(reflect.ValueOf(byte(str.Len())), depth+1) + enc.encode(reflect.ValueOf(byte(str.Len())), depth) b := make([]byte, str.Len()+1) copy(b, str.String()) b[len(b)-1] = 0 @@ -176,9 +203,6 @@ func (enc *encoder) encode(v reflect.Value, depth int) { case reflect.Map: // Maps are arrays of structures, so they actually increase the depth by // 2. - if depth >= 63 { - panic(FormatError("input exceeds container depth limit")) - } if !isKeyType(v.Type().Key()) { panic(InvalidTypeError{v.Type()}) } @@ -189,12 +213,13 @@ func (enc *encoder) encode(v reflect.Value, depth int) { offset := enc.pos + n + enc.padding(n, 8) var buf bytes.Buffer - bufenc := newEncoderAtOffset(&buf, offset, enc.order) + bufenc := newEncoderAtOffset(&buf, offset, enc.order, enc.fds) for _, k := range keys { bufenc.align(8) bufenc.encode(k, depth+2) bufenc.encode(v.MapIndex(k), depth+2) } + enc.fds = bufenc.fds enc.encode(reflect.ValueOf(uint32(buf.Len())), depth) length := buf.Len() enc.align(8) diff --git a/vendor/github.com/godbus/dbus/v5/export.go b/vendor/github.com/godbus/dbus/v5/export.go index 2447b51d4..522334715 100644 --- a/vendor/github.com/godbus/dbus/v5/export.go +++ b/vendor/github.com/godbus/dbus/v5/export.go @@ -26,6 +26,27 @@ var ( } ) +func MakeNoObjectError(path ObjectPath) Error { + return Error{ + "org.freedesktop.DBus.Error.NoSuchObject", + []interface{}{fmt.Sprintf("No such object '%s'", string(path))}, + } +} + +func MakeUnknownMethodError(methodName string) Error { + return Error{ + "org.freedesktop.DBus.Error.UnknownMethod", + []interface{}{fmt.Sprintf("Unknown / invalid method '%s'", methodName)}, + } +} + +func MakeUnknownInterfaceError(ifaceName string) Error { + return Error{ + "org.freedesktop.DBus.Error.UnknownInterface", + []interface{}{fmt.Sprintf("Object does not implement the interface '%s'", ifaceName)}, + } +} + func MakeFailedError(err error) *Error { return &Error{ "org.freedesktop.DBus.Error.Failed", @@ -128,6 +149,11 @@ func (conn *Conn) handleCall(msg *Message) { ifaceName, _ := msg.Headers[FieldInterface].value.(string) sender, hasSender := msg.Headers[FieldSender].value.(string) serial := msg.serial + + if len(name) == 0 { + conn.sendError(ErrMsgUnknownMethod, sender, serial) + } + if ifaceName == "org.freedesktop.DBus.Peer" { switch name { case "Ping": @@ -135,29 +161,26 @@ func (conn *Conn) handleCall(msg *Message) { case "GetMachineId": conn.sendReply(sender, serial, conn.uuid) default: - conn.sendError(ErrMsgUnknownMethod, sender, serial) + conn.sendError(MakeUnknownMethodError(name), sender, serial) } return } - if len(name) == 0 { - conn.sendError(ErrMsgUnknownMethod, sender, serial) - } object, ok := conn.handler.LookupObject(path) if !ok { - conn.sendError(ErrMsgNoObject, sender, serial) + conn.sendError(MakeNoObjectError(path), sender, serial) return } iface, exists := object.LookupInterface(ifaceName) if !exists { - conn.sendError(ErrMsgUnknownInterface, sender, serial) + conn.sendError(MakeUnknownInterfaceError(ifaceName), sender, serial) return } m, exists := iface.LookupMethod(name) if !exists { - conn.sendError(ErrMsgUnknownMethod, sender, serial) + conn.sendError(MakeUnknownMethodError(name), sender, serial) return } args, err := conn.decodeArguments(m, sender, msg) diff --git a/vendor/github.com/godbus/dbus/v5/message.go b/vendor/github.com/godbus/dbus/v5/message.go index 6a925367e..dd86aff4f 100644 --- a/vendor/github.com/godbus/dbus/v5/message.go +++ b/vendor/github.com/godbus/dbus/v5/message.go @@ -118,11 +118,7 @@ type header struct { Variant } -// DecodeMessage tries to decode a single message in the D-Bus wire format -// from the given reader. The byte order is figured out from the first byte. -// The possibly returned error can be an error of the underlying reader, an -// InvalidMessageError or a FormatError. -func DecodeMessage(rd io.Reader) (msg *Message, err error) { +func DecodeMessageWithFDs(rd io.Reader, fds []int) (msg *Message, err error) { var order binary.ByteOrder var hlength, length uint32 var typ, flags, proto byte @@ -142,7 +138,7 @@ func DecodeMessage(rd io.Reader) (msg *Message, err error) { return nil, InvalidMessageError("invalid byte order") } - dec := newDecoder(rd, order) + dec := newDecoder(rd, order, fds) dec.pos = 1 msg = new(Message) @@ -166,7 +162,7 @@ func DecodeMessage(rd io.Reader) (msg *Message, err error) { if hlength+length+16 > 1<<27 { return nil, InvalidMessageError("message is too long") } - dec = newDecoder(io.MultiReader(bytes.NewBuffer(b), rd), order) + dec = newDecoder(io.MultiReader(bytes.NewBuffer(b), rd), order, fds) dec.pos = 12 vs, err = dec.Decode(Signature{"a(yv)"}) if err != nil { @@ -196,7 +192,7 @@ func DecodeMessage(rd io.Reader) (msg *Message, err error) { sig, _ := msg.Headers[FieldSignature].value.(Signature) if sig.str != "" { buf := bytes.NewBuffer(body) - dec = newDecoder(buf, order) + dec = newDecoder(buf, order, fds) vs, err := dec.Decode(sig) if err != nil { return nil, err @@ -207,12 +203,32 @@ func DecodeMessage(rd io.Reader) (msg *Message, err error) { return } -// EncodeTo encodes and sends a message to the given writer. The byte order must -// be either binary.LittleEndian or binary.BigEndian. If the message is not -// valid or an error occurs when writing, an error is returned. -func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error { +// DecodeMessage tries to decode a single message in the D-Bus wire format +// from the given reader. The byte order is figured out from the first byte. +// The possibly returned error can be an error of the underlying reader, an +// InvalidMessageError or a FormatError. +func DecodeMessage(rd io.Reader) (msg *Message, err error) { + return DecodeMessageWithFDs(rd, make([]int, 0)); +} + +type nullwriter struct{} + +func (nullwriter) Write(p []byte) (cnt int, err error) { + return len(p), nil +} + +func (msg *Message) CountFds() (int, error) { + if len(msg.Body) == 0 { + return 0, nil + } + enc := newEncoder(nullwriter{}, nativeEndian, make([]int, 0)) + err := enc.Encode(msg.Body...) + return len(enc.fds), err +} + +func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds []int, err error) { if err := msg.IsValid(); err != nil { - return err + return make([]int, 0), err } var vs [7]interface{} switch order { @@ -221,12 +237,16 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error { case binary.BigEndian: vs[0] = byte('B') default: - return errors.New("dbus: invalid byte order") + return make([]int, 0), errors.New("dbus: invalid byte order") } body := new(bytes.Buffer) - enc := newEncoder(body, order) + fds = make([]int, 0) + enc := newEncoder(body, order, fds) if len(msg.Body) != 0 { - enc.Encode(msg.Body...) + err = enc.Encode(msg.Body...) + if err != nil { + return + } } vs[1] = msg.Type vs[2] = msg.Flags @@ -239,17 +259,28 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) error { } vs[6] = headers var buf bytes.Buffer - enc = newEncoder(&buf, order) - enc.Encode(vs[:]...) + enc = newEncoder(&buf, order, enc.fds) + err = enc.Encode(vs[:]...) + if err != nil { + return + } enc.align(8) body.WriteTo(&buf) if buf.Len() > 1<<27 { - return InvalidMessageError("message is too long") + return make([]int, 0), InvalidMessageError("message is too long") } if _, err := buf.WriteTo(out); err != nil { - return err + return make([]int, 0), err } - return nil + return enc.fds, nil +} + +// EncodeTo encodes and sends a message to the given writer. The byte order must +// be either binary.LittleEndian or binary.BigEndian. If the message is not +// valid or an error occurs when writing, an error is returned. +func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) (err error) { + _, err = msg.EncodeToWithFDs(out, order); + return err; } // IsValid checks whether msg is a valid message and returns an diff --git a/vendor/github.com/godbus/dbus/v5/sig.go b/vendor/github.com/godbus/dbus/v5/sig.go index 2d326cebc..41a039812 100644 --- a/vendor/github.com/godbus/dbus/v5/sig.go +++ b/vendor/github.com/godbus/dbus/v5/sig.go @@ -34,7 +34,7 @@ type Signature struct { func SignatureOf(vs ...interface{}) Signature { var s string for _, v := range vs { - s += getSignature(reflect.TypeOf(v)) + s += getSignature(reflect.TypeOf(v), &depthCounter{}) } return Signature{s} } @@ -42,11 +42,19 @@ func SignatureOf(vs ...interface{}) Signature { // SignatureOfType returns the signature of the given type. It panics if the // type is not representable in D-Bus. func SignatureOfType(t reflect.Type) Signature { - return Signature{getSignature(t)} + return Signature{getSignature(t, &depthCounter{})} } // getSignature returns the signature of the given type and panics on unknown types. -func getSignature(t reflect.Type) string { +func getSignature(t reflect.Type, depth *depthCounter) (sig string) { + if !depth.Valid() { + panic("container nesting too deep") + } + defer func() { + if len(sig) > 255 { + panic("signature exceeds the length limitation") + } + }() // handle simple types first switch t.Kind() { case reflect.Uint8: @@ -74,7 +82,7 @@ func getSignature(t reflect.Type) string { case reflect.Float64: return "d" case reflect.Ptr: - return getSignature(t.Elem()) + return getSignature(t.Elem(), depth) case reflect.String: if t == objectPathType { return "o" @@ -90,17 +98,20 @@ func getSignature(t reflect.Type) string { for i := 0; i < t.NumField(); i++ { field := t.Field(i) if field.PkgPath == "" && field.Tag.Get("dbus") != "-" { - s += getSignature(t.Field(i).Type) + s += getSignature(t.Field(i).Type, depth.EnterStruct()) } } + if len(s) == 0 { + panic("empty struct") + } return "(" + s + ")" case reflect.Array, reflect.Slice: - return "a" + getSignature(t.Elem()) + return "a" + getSignature(t.Elem(), depth.EnterArray()) case reflect.Map: if !isKeyType(t.Key()) { panic(InvalidTypeError{t}) } - return "a{" + getSignature(t.Key()) + getSignature(t.Elem()) + "}" + return "a{" + getSignature(t.Key(), depth.EnterArray().EnterDictEntry()) + getSignature(t.Elem(), depth.EnterArray().EnterDictEntry()) + "}" case reflect.Interface: return "v" } @@ -118,7 +129,7 @@ func ParseSignature(s string) (sig Signature, err error) { } sig.str = s for err == nil && len(s) != 0 { - err, s = validSingle(s, 0) + err, s = validSingle(s, &depthCounter{}) } if err != nil { sig = Signature{""} @@ -144,7 +155,7 @@ func (s Signature) Empty() bool { // Single returns whether the signature represents a single, complete type. func (s Signature) Single() bool { - err, r := validSingle(s.str, 0) + err, r := validSingle(s.str, &depthCounter{}) return err != nil && r == "" } @@ -164,15 +175,38 @@ func (e SignatureError) Error() string { return fmt.Sprintf("dbus: invalid signature: %q (%s)", e.Sig, e.Reason) } +type depthCounter struct { + arrayDepth, structDepth, dictEntryDepth int +} + +func (cnt *depthCounter) Valid() bool { + return cnt.arrayDepth <= 32 && cnt.structDepth <= 32 && cnt.dictEntryDepth <= 32 +} + +func (cnt depthCounter) EnterArray() *depthCounter { + cnt.arrayDepth++ + return &cnt +} + +func (cnt depthCounter) EnterStruct() *depthCounter { + cnt.structDepth++ + return &cnt +} + +func (cnt depthCounter) EnterDictEntry() *depthCounter { + cnt.dictEntryDepth++ + return &cnt +} + // Try to read a single type from this string. If it was successful, err is nil // and rem is the remaining unparsed part. Otherwise, err is a non-nil // SignatureError and rem is "". depth is the current recursion depth which may // not be greater than 64 and should be given as 0 on the first call. -func validSingle(s string, depth int) (err error, rem string) { +func validSingle(s string, depth *depthCounter) (err error, rem string) { if s == "" { return SignatureError{Sig: s, Reason: "empty signature"}, "" } - if depth > 64 { + if !depth.Valid() { return SignatureError{Sig: s, Reason: "container nesting too deep"}, "" } switch s[0] { @@ -187,10 +221,10 @@ func validSingle(s string, depth int) (err error, rem string) { i++ rem = s[i+1:] s = s[2:i] - if err, _ = validSingle(s[:1], depth+1); err != nil { + if err, _ = validSingle(s[:1], depth.EnterArray().EnterDictEntry()); err != nil { return err, "" } - err, nr := validSingle(s[1:], depth+1) + err, nr := validSingle(s[1:], depth.EnterArray().EnterDictEntry()) if err != nil { return err, "" } @@ -199,7 +233,7 @@ func validSingle(s string, depth int) (err error, rem string) { } return nil, rem } - return validSingle(s[1:], depth+1) + return validSingle(s[1:], depth.EnterArray()) case '(': i := findMatching(s, '(', ')') if i == -1 { @@ -208,7 +242,7 @@ func validSingle(s string, depth int) (err error, rem string) { rem = s[i+1:] s = s[1:i] for err == nil && s != "" { - err, s = validSingle(s, depth+1) + err, s = validSingle(s, depth.EnterStruct()) } if err != nil { rem = "" @@ -236,7 +270,7 @@ func findMatching(s string, left, right rune) int { // typeFor returns the type of the given signature. It ignores any left over // characters and panics if s doesn't start with a valid type signature. func typeFor(s string) (t reflect.Type) { - err, _ := validSingle(s, 0) + err, _ := validSingle(s, &depthCounter{}) if err != nil { panic(err) } diff --git a/vendor/github.com/godbus/dbus/v5/transport_generic.go b/vendor/github.com/godbus/dbus/v5/transport_generic.go index 718a1ff02..a08e2813c 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_generic.go +++ b/vendor/github.com/godbus/dbus/v5/transport_generic.go @@ -41,10 +41,12 @@ func (t genericTransport) ReadMessage() (*Message, error) { } func (t genericTransport) SendMessage(msg *Message) error { - for _, v := range msg.Body { - if _, ok := v.(UnixFD); ok { - return errors.New("dbus: unix fd passing not enabled") - } + fds, err := msg.CountFds() + if err != nil { + return err + } + if fds != 0 { + return errors.New("dbus: unix fd passing not enabled") } return msg.EncodeTo(t, nativeEndian) } diff --git a/vendor/github.com/godbus/dbus/v5/transport_unix.go b/vendor/github.com/godbus/dbus/v5/transport_unix.go index c7cd02f97..2212e7fa7 100644 --- a/vendor/github.com/godbus/dbus/v5/transport_unix.go +++ b/vendor/github.com/godbus/dbus/v5/transport_unix.go @@ -113,7 +113,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) { if _, err := io.ReadFull(t.rdr, headerdata[4:]); err != nil { return nil, err } - dec := newDecoder(bytes.NewBuffer(headerdata), order) + dec := newDecoder(bytes.NewBuffer(headerdata), order, make([]int, 0)) dec.pos = 12 vs, err := dec.Decode(Signature{"a(yv)"}) if err != nil { @@ -147,7 +147,7 @@ func (t *unixTransport) ReadMessage() (*Message, error) { if err != nil { return nil, err } - msg, err := DecodeMessage(bytes.NewBuffer(all)) + msg, err := DecodeMessageWithFDs(bytes.NewBuffer(all), fds) if err != nil { return nil, err } @@ -179,21 +179,21 @@ func (t *unixTransport) ReadMessage() (*Message, error) { } func (t *unixTransport) SendMessage(msg *Message) error { - fds := make([]int, 0) - for i, v := range msg.Body { - if fd, ok := v.(UnixFD); ok { - msg.Body[i] = UnixFDIndex(len(fds)) - fds = append(fds, int(fd)) - } + fdcnt, err := msg.CountFds() + if err != nil { + return err } - if len(fds) != 0 { + if fdcnt != 0 { if !t.hasUnixFDs { return errors.New("dbus: unix fd passing not enabled") } - msg.Headers[FieldUnixFDs] = MakeVariant(uint32(len(fds))) - oob := syscall.UnixRights(fds...) + msg.Headers[FieldUnixFDs] = MakeVariant(uint32(fdcnt)) buf := new(bytes.Buffer) - msg.EncodeTo(buf, nativeEndian) + fds, err := msg.EncodeToWithFDs(buf, nativeEndian) + if err != nil { + return err + } + oob := syscall.UnixRights(fds...) n, oobn, err := t.UnixConn.WriteMsgUnix(buf.Bytes(), oob, nil) if err != nil { return err diff --git a/vendor/github.com/vbauerster/mpb/v7/bar.go b/vendor/github.com/vbauerster/mpb/v7/bar.go index 95d4439f8..22f608317 100644 --- a/vendor/github.com/vbauerster/mpb/v7/bar.go +++ b/vendor/github.com/vbauerster/mpb/v7/bar.go @@ -268,32 +268,32 @@ func (b *Bar) SetPriority(priority int) { // if bar is already in complete state. If drop is true bar will be // removed as well. func (b *Bar) Abort(drop bool) { - if drop { - b.container.dropBar(b) // It is safe to call this multiple times with the same bar - } select { case b.operateState <- func(s *bState) { if s.completed == true { return } if drop { - b.cancel() - return - } - go func() { - var uncompleted int - b.container.traverseBars(func(bar *Bar) bool { - if b != bar && !bar.Completed() { - uncompleted++ - return false + go b.container.dropBar(b) + } else { + go func() { + var uncompleted int + b.container.traverseBars(func(bar *Bar) bool { + if b != bar && !bar.Completed() { + uncompleted++ + return false + } + return true + }) + if uncompleted == 0 { + select { + case b.container.refreshCh <- time.Now(): + case <-b.container.done: + } } - return true - }) - if uncompleted == 0 { - b.container.refreshCh <- time.Now() - } - b.cancel() - }() + }() + } + b.cancel() }: <-b.done case <-b.done: diff --git a/vendor/github.com/vbauerster/mpb/v7/go.mod b/vendor/github.com/vbauerster/mpb/v7/go.mod index 7b177d0db..1ecbbe062 100644 --- a/vendor/github.com/vbauerster/mpb/v7/go.mod +++ b/vendor/github.com/vbauerster/mpb/v7/go.mod @@ -4,7 +4,7 @@ require ( github.com/VividCortex/ewma v1.2.0 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d github.com/mattn/go-runewidth v0.0.13 - golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e + golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 ) go 1.14 diff --git a/vendor/github.com/vbauerster/mpb/v7/go.sum b/vendor/github.com/vbauerster/mpb/v7/go.sum index 45584e0bf..a964dcccd 100644 --- a/vendor/github.com/vbauerster/mpb/v7/go.sum +++ b/vendor/github.com/vbauerster/mpb/v7/go.sum @@ -6,5 +6,5 @@ github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 h1:GkvMjFtXUmahfDtashnc1mnrCtuBVcwse5QV2lUk/tI= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go index abbec2d44..b56886f26 100644 --- a/vendor/golang.org/x/sys/cpu/cpu.go +++ b/vendor/golang.org/x/sys/cpu/cpu.go @@ -56,6 +56,7 @@ var X86 struct { HasAVX512BF16 bool // Advanced vector extension 512 BFloat16 Instructions HasBMI1 bool // Bit manipulation instruction set 1 HasBMI2 bool // Bit manipulation instruction set 2 + HasCX16 bool // Compare and exchange 16 Bytes HasERMS bool // Enhanced REP for MOVSB and STOSB HasFMA bool // Fused-multiply-add instructions HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers. diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go index 54ca4667f..5ea287b7e 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_x86.go +++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go @@ -39,6 +39,7 @@ func initOptions() { {Name: "avx512bf16", Feature: &X86.HasAVX512BF16}, {Name: "bmi1", Feature: &X86.HasBMI1}, {Name: "bmi2", Feature: &X86.HasBMI2}, + {Name: "cx16", Feature: &X86.HasCX16}, {Name: "erms", Feature: &X86.HasERMS}, {Name: "fma", Feature: &X86.HasFMA}, {Name: "osxsave", Feature: &X86.HasOSXSAVE}, @@ -73,6 +74,7 @@ func archInit() { X86.HasPCLMULQDQ = isSet(1, ecx1) X86.HasSSSE3 = isSet(9, ecx1) X86.HasFMA = isSet(12, ecx1) + X86.HasCX16 = isSet(13, ecx1) X86.HasSSE41 = isSet(19, ecx1) X86.HasSSE42 = isSet(20, ecx1) X86.HasPOPCNT = isSet(23, ecx1) diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go index 8c5357683..8d5f294c4 100644 --- a/vendor/golang.org/x/sys/unix/syscall_illumos.go +++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go @@ -162,6 +162,14 @@ func (l *Lifreq) GetLifruInt() int { return *(*int)(unsafe.Pointer(&l.Lifru[0])) } +func (l *Lifreq) SetLifruUint(d uint) { + *(*uint)(unsafe.Pointer(&l.Lifru[0])) = d +} + +func (l *Lifreq) GetLifruUint() uint { + return *(*uint)(unsafe.Pointer(&l.Lifru[0])) +} + func IoctlLifreq(fd int, req uint, l *Lifreq) error { return ioctl(fd, req, uintptr(unsafe.Pointer(l))) } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 2839435e3..df8628e57 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -66,6 +66,10 @@ func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) { return fchmodat(dirfd, path, mode) } +func InotifyInit() (fd int, err error) { + return InotifyInit1(0) +} + //sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL //sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL @@ -168,27 +172,7 @@ func Utimes(path string, tv []Timeval) error { //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) func UtimesNano(path string, ts []Timespec) error { - if ts == nil { - err := utimensat(AT_FDCWD, path, nil, 0) - if err != ENOSYS { - return err - } - return utimes(path, nil) - } - if len(ts) != 2 { - return EINVAL - } - err := utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0) - if err != ENOSYS { - return err - } - // If the utimensat syscall isn't available (utimensat was added to Linux - // in 2.6.22, Released, 8 July 2007) then fall back to utimes - var tv [2]Timeval - for i := 0; i < 2; i++ { - tv[i] = NsecToTimeval(TimespecToNsec(ts[i])) - } - return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0]))) + return UtimesNanoAt(AT_FDCWD, path, ts, 0) } func UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) error { @@ -1229,11 +1213,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { func Accept(fd int) (nfd int, sa Sockaddr, err error) { var rsa RawSockaddrAny var len _Socklen = SizeofSockaddrAny - // Try accept4 first for Android, then try accept for kernel older than 2.6.28 nfd, err = accept4(fd, &rsa, &len, 0) - if err == ENOSYS { - nfd, err = accept(fd, &rsa, &len) - } if err != nil { return } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go index 91317d749..2df04e398 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go @@ -59,7 +59,6 @@ func Pipe2(p []int, flags int) (err error) { //sysnb Geteuid() (euid int) = SYS_GETEUID32 //sysnb Getgid() (gid int) = SYS_GETGID32 //sysnb Getuid() (uid int) = SYS_GETUID32 -//sysnb InotifyInit() (fd int, err error) //sys Ioperm(from int, num int, on int) (err error) //sys Iopl(level int) (err error) //sys Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go index 85cd97da0..ff0acde69 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go @@ -21,17 +21,6 @@ package unix //sysnb Getgid() (gid int) //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) -//sysnb inotifyInit() (fd int, err error) - -func InotifyInit() (fd int, err error) { - // First try inotify_init1, because Android's seccomp policy blocks the latter. - fd, err = InotifyInit1(0) - if err == ENOSYS { - fd, err = inotifyInit() - } - return -} - //sys Ioperm(from int, num int, on int) (err error) //sys Iopl(level int) (err error) //sys Lchown(path string, uid int, gid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go index b961a620e..094aaaddc 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -26,11 +26,7 @@ func Pipe(p []int) (err error) { return EINVAL } var pp [2]_C_int - // Try pipe2 first for Android O, then try pipe for kernel 2.6.23. err = pipe2(&pp, 0) - if err == ENOSYS { - err = pipe(&pp) - } p[0] = int(pp[0]) p[1] = int(pp[1]) return @@ -86,7 +82,6 @@ func Seek(fd int, offset int64, whence int) (newoffset int64, err error) { //sysnb Geteuid() (euid int) = SYS_GETEUID32 //sysnb Getgid() (gid int) = SYS_GETGID32 //sysnb Getuid() (uid int) = SYS_GETUID32 -//sysnb InotifyInit() (fd int, err error) //sys Lchown(path string, uid int, gid int) (err error) = SYS_LCHOWN32 //sys Listen(s int, n int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go index 4b977ba44..3fb41f95d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go @@ -211,10 +211,6 @@ func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) { rsa.Service_name_len = uint64(length) } -func InotifyInit() (fd int, err error) { - return InotifyInit1(0) -} - // dup2 exists because func Dup3 in syscall_linux.go references // it in an unreachable path. dup2 isn't available on arm64. func dup2(oldfd int, newfd int) error diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go index 27aee81d9..7079b435d 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go @@ -221,10 +221,6 @@ func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) { rsa.Service_name_len = uint64(length) } -func InotifyInit() (fd int, err error) { - return InotifyInit1(0) -} - //sys poll(fds *PollFd, nfds int, timeout int) (n int, err error) func Poll(fds []PollFd, timeout int) (n int, err error) { diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go index 21d74e2fb..5bc171e62 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go @@ -60,7 +60,6 @@ func Syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) //sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error) -//sysnb InotifyInit() (fd int, err error) //sys Ioperm(from int, num int, on int) (err error) //sys Iopl(level int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go index 6f1fc581e..1810a7279 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go @@ -23,7 +23,6 @@ import ( //sysnb Geteuid() (euid int) //sysnb Getgid() (gid int) //sysnb Getuid() (uid int) -//sysnb InotifyInit() (fd int, err error) //sys Ioperm(from int, num int, on int) (err error) //sys Iopl(level int) (err error) //sys Lchown(path string, uid int, gid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go index 5259a5fea..b7662dea7 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go @@ -22,7 +22,6 @@ package unix //sysnb Getgid() (gid int) //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) = SYS_UGETRLIMIT //sysnb Getuid() (uid int) -//sysnb InotifyInit() (fd int, err error) //sys Ioperm(from int, num int, on int) (err error) //sys Iopl(level int) (err error) //sys Lchown(path string, uid int, gid int) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go index 8ef821e5d..e2ae1ec8b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go @@ -192,10 +192,6 @@ func (rsa *RawSockaddrNFCLLCP) SetServiceNameLen(length int) { rsa.Service_name_len = uint64(length) } -func InotifyInit() (fd int, err error) { - return InotifyInit1(0) -} - func Pause() error { _, err := ppoll(nil, 0, nil, nil) return err diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go index a1c0574b5..646fde8e2 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go @@ -25,7 +25,6 @@ import ( //sysnb Getgid() (gid int) //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) -//sysnb InotifyInit() (fd int, err error) //sys Lchown(path string, uid int, gid int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) //sys Pause() (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go index de14b8898..b9a250902 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go @@ -20,7 +20,6 @@ package unix //sysnb Getgid() (gid int) //sysnb Getrlimit(resource int, rlim *Rlimit) (err error) //sysnb Getuid() (uid int) -//sysnb InotifyInit() (fd int, err error) //sys Lchown(path string, uid int, gid int) (err error) //sys Listen(s int, n int) (err error) //sys Lstat(path string, stat *Stat_t) (err error) diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 135e3a47a..8894c4af4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -231,6 +231,8 @@ const ( BPF_PSEUDO_FUNC = 0x4 BPF_PSEUDO_KFUNC_CALL = 0x2 BPF_PSEUDO_MAP_FD = 0x1 + BPF_PSEUDO_MAP_IDX = 0x5 + BPF_PSEUDO_MAP_IDX_VALUE = 0x6 BPF_PSEUDO_MAP_VALUE = 0x2 BPF_RET = 0x6 BPF_RSH = 0x70 @@ -1635,11 +1637,12 @@ const ( NFNL_MSG_BATCH_END = 0x11 NFNL_NFA_NEST = 0x8000 NFNL_SUBSYS_ACCT = 0x7 - NFNL_SUBSYS_COUNT = 0xc + NFNL_SUBSYS_COUNT = 0xd NFNL_SUBSYS_CTHELPER = 0x9 NFNL_SUBSYS_CTNETLINK = 0x1 NFNL_SUBSYS_CTNETLINK_EXP = 0x2 NFNL_SUBSYS_CTNETLINK_TIMEOUT = 0x8 + NFNL_SUBSYS_HOOK = 0xc NFNL_SUBSYS_IPSET = 0x6 NFNL_SUBSYS_NFTABLES = 0xa NFNL_SUBSYS_NFT_COMPAT = 0xb @@ -1929,6 +1932,12 @@ const ( PR_PAC_GET_ENABLED_KEYS = 0x3d PR_PAC_RESET_KEYS = 0x36 PR_PAC_SET_ENABLED_KEYS = 0x3c + PR_SCHED_CORE = 0x3e + PR_SCHED_CORE_CREATE = 0x1 + PR_SCHED_CORE_GET = 0x0 + PR_SCHED_CORE_MAX = 0x4 + PR_SCHED_CORE_SHARE_FROM = 0x3 + PR_SCHED_CORE_SHARE_TO = 0x2 PR_SET_CHILD_SUBREAPER = 0x24 PR_SET_DUMPABLE = 0x4 PR_SET_ENDIAN = 0x14 @@ -2295,6 +2304,7 @@ const ( SECCOMP_MODE_DISABLED = 0x0 SECCOMP_MODE_FILTER = 0x2 SECCOMP_MODE_STRICT = 0x1 + SECRETMEM_MAGIC = 0x5345434d SECURITYFS_MAGIC = 0x73636673 SEEK_CUR = 0x1 SEEK_DATA = 0x3 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index cca248d1d..697811a46 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -309,6 +309,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 9521a4804..7d8d93bfc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -310,6 +310,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index ddb40a40d..f707d5089 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -316,6 +316,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 3df31e0d4..3a67a9c85 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -306,6 +306,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 179c7d68d..a7ccef56c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -309,6 +309,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 84ab15a85..f7b7cec91 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -309,6 +309,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 6aa064da5..4fcacf958 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -309,6 +309,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 960650f2b..6f6c223a2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -309,6 +309,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0x100 SO_PASSCRED = 0x11 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 7365221d0..59e522bcf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -364,6 +364,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 5967db35c..d4264a0f7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -368,6 +368,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index f88869849..21cbec1dd 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -368,6 +368,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x14 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 8048706f3..9b05bf12f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -297,6 +297,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index fb7859417..bd82ace09 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -372,6 +372,7 @@ const ( SO_MARK = 0x24 SO_MAX_PACING_RATE = 0x2f SO_MEMINFO = 0x37 + SO_NETNS_COOKIE = 0x47 SO_NOFCS = 0x2b SO_OOBINLINE = 0xa SO_PASSCRED = 0x10 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 81e18d23f..1f8bded56 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -363,6 +363,7 @@ const ( SO_MARK = 0x22 SO_MAX_PACING_RATE = 0x31 SO_MEMINFO = 0x39 + SO_NETNS_COOKIE = 0x50 SO_NOFCS = 0x27 SO_OOBINLINE = 0x100 SO_PASSCRED = 0x2 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go index e37096e4d..716ce2958 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go @@ -181,17 +181,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go index 9919d8486..c62e1d0f2 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go @@ -191,17 +191,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func inotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go index 076754d48..e336dcf8c 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go @@ -340,17 +340,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Lchown(path string, uid int, gid int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go index 4703cf3c3..a8aa7963e 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go @@ -544,17 +544,6 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go index d13d6da01..92ab46bc5 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go @@ -544,17 +544,6 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go index 927cf1a00..01520b5fb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go @@ -161,17 +161,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go index da8ec0396..a289e993b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go @@ -191,17 +191,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go index 083f493bb..1072c7220 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go @@ -191,17 +191,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Ioperm(from int, num int, on int) (err error) { _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go index bb347407d..6875a51b6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go @@ -191,17 +191,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Lchown(path string, uid int, gid int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go index 8edc517e1..5657375bd 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go @@ -180,17 +180,6 @@ func Getuid() (uid int) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT -func InotifyInit() (fd int, err error) { - r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0) - fd = int(r0) - if e1 != 0 { - err = errnoErr(e1) - } - return -} - -// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT - func Lchown(path string, uid int, gid int) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index eb3afe678..aa7ce85d1 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -439,7 +439,9 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_MEMFD_SECRET = 447 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index 8e7e3aedc..b83032638 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -361,7 +361,9 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_MEMFD_SECRET = 447 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 0e6ebfef0..d75f65a0a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -403,6 +403,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index cd2a3ef41..8b02f09e9 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -306,7 +306,9 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 + SYS_MEMFD_SECRET = 447 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 773640b83..026695abb 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -424,6 +424,7 @@ const ( SYS_PROCESS_MADVISE = 4440 SYS_EPOLL_PWAIT2 = 4441 SYS_MOUNT_SETATTR = 4442 + SYS_QUOTACTL_FD = 4443 SYS_LANDLOCK_CREATE_RULESET = 4444 SYS_LANDLOCK_ADD_RULE = 4445 SYS_LANDLOCK_RESTRICT_SELF = 4446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index 86a41e568..7320ba958 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -354,6 +354,7 @@ const ( SYS_PROCESS_MADVISE = 5440 SYS_EPOLL_PWAIT2 = 5441 SYS_MOUNT_SETATTR = 5442 + SYS_QUOTACTL_FD = 5443 SYS_LANDLOCK_CREATE_RULESET = 5444 SYS_LANDLOCK_ADD_RULE = 5445 SYS_LANDLOCK_RESTRICT_SELF = 5446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 77f5728da..45082dd67 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -354,6 +354,7 @@ const ( SYS_PROCESS_MADVISE = 5440 SYS_EPOLL_PWAIT2 = 5441 SYS_MOUNT_SETATTR = 5442 + SYS_QUOTACTL_FD = 5443 SYS_LANDLOCK_CREATE_RULESET = 5444 SYS_LANDLOCK_ADD_RULE = 5445 SYS_LANDLOCK_RESTRICT_SELF = 5446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index dcd926513..570a857a5 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -424,6 +424,7 @@ const ( SYS_PROCESS_MADVISE = 4440 SYS_EPOLL_PWAIT2 = 4441 SYS_MOUNT_SETATTR = 4442 + SYS_QUOTACTL_FD = 4443 SYS_LANDLOCK_CREATE_RULESET = 4444 SYS_LANDLOCK_ADD_RULE = 4445 SYS_LANDLOCK_RESTRICT_SELF = 4446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index d5ee2c935..638498d62 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -431,6 +431,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index fec32207c..702beebfe 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -403,6 +403,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index 53a89b206..bfc87ea44 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -403,6 +403,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 0db9fbba5..a390e147d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -305,6 +305,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index 378e6ec8b..3e791e6cd 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -368,6 +368,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index 58e72b0cb..78802a5cf 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -382,6 +382,7 @@ const ( SYS_PROCESS_MADVISE = 440 SYS_EPOLL_PWAIT2 = 441 SYS_MOUNT_SETATTR = 442 + SYS_QUOTACTL_FD = 443 SYS_LANDLOCK_CREATE_RULESET = 444 SYS_LANDLOCK_ADD_RULE = 445 SYS_LANDLOCK_RESTRICT_SELF = 446 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 878141d6d..4b73bb3b6 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -2356,8 +2356,8 @@ const ( SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 - SOF_TIMESTAMPING_LAST = 0x4000 - SOF_TIMESTAMPING_MASK = 0x7fff + SOF_TIMESTAMPING_LAST = 0x8000 + SOF_TIMESTAMPING_MASK = 0xffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -2933,7 +2933,7 @@ const ( DEVLINK_CMD_TRAP_POLICER_NEW = 0x47 DEVLINK_CMD_TRAP_POLICER_DEL = 0x48 DEVLINK_CMD_HEALTH_REPORTER_TEST = 0x49 - DEVLINK_CMD_MAX = 0x49 + DEVLINK_CMD_MAX = 0x4d DEVLINK_PORT_TYPE_NOTSET = 0x0 DEVLINK_PORT_TYPE_AUTO = 0x1 DEVLINK_PORT_TYPE_ETH = 0x2 @@ -3156,7 +3156,7 @@ const ( DEVLINK_ATTR_RELOAD_ACTION_INFO = 0xa2 DEVLINK_ATTR_RELOAD_ACTION_STATS = 0xa3 DEVLINK_ATTR_PORT_PCI_SF_NUMBER = 0xa4 - DEVLINK_ATTR_MAX = 0xa4 + DEVLINK_ATTR_MAX = 0xa9 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3452,7 +3452,7 @@ const ( ETHTOOL_MSG_CABLE_TEST_ACT = 0x1a ETHTOOL_MSG_CABLE_TEST_TDR_ACT = 0x1b ETHTOOL_MSG_TUNNEL_INFO_GET = 0x1c - ETHTOOL_MSG_USER_MAX = 0x20 + ETHTOOL_MSG_USER_MAX = 0x21 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3483,7 +3483,7 @@ const ( ETHTOOL_MSG_CABLE_TEST_NTF = 0x1b ETHTOOL_MSG_CABLE_TEST_TDR_NTF = 0x1c ETHTOOL_MSG_TUNNEL_INFO_GET_REPLY = 0x1d - ETHTOOL_MSG_KERNEL_MAX = 0x21 + ETHTOOL_MSG_KERNEL_MAX = 0x22 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 diff --git a/vendor/modules.txt b/vendor/modules.txt index ab186c1e4..b314944d4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -348,7 +348,7 @@ github.com/ghodss/yaml github.com/go-logr/logr # github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 github.com/go-task/slim-sprig -# github.com/godbus/dbus/v5 v5.0.4 +# github.com/godbus/dbus/v5 v5.0.5 github.com/godbus/dbus/v5 # github.com/gogo/protobuf v1.3.2 github.com/gogo/protobuf/gogoproto @@ -612,7 +612,7 @@ github.com/vbauerster/mpb/v6 github.com/vbauerster/mpb/v6/cwriter github.com/vbauerster/mpb/v6/decor github.com/vbauerster/mpb/v6/internal -# github.com/vbauerster/mpb/v7 v7.1.3 => github.com/mtrmac/mpb/v7 v7.0.5-0.20210831125917-6bcc64f93d02 +# github.com/vbauerster/mpb/v7 v7.1.4 github.com/vbauerster/mpb/v7 github.com/vbauerster/mpb/v7/cwriter github.com/vbauerster/mpb/v7/decor @@ -675,7 +675,7 @@ golang.org/x/net/proxy golang.org/x/net/trace # golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sync/semaphore -# golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 +# golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34 golang.org/x/sys/cpu golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader |