diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | RELEASE_NOTES.md | 31 | ||||
| -rw-r--r-- | changelog.txt | 62 | ||||
| -rw-r--r-- | pkg/rootless/rootless_linux.go | 29 |
4 files changed, 108 insertions, 16 deletions
@@ -3,7 +3,7 @@ export GOPROXY=https://proxy.golang.org GO ?= go DESTDIR ?= -EPOCH_TEST_COMMIT ?= 960f07b0f79e6d6f94842fd4892e775c319f0a39 +EPOCH_TEST_COMMIT ?= dc1f8b62b168e0815ed5e7eb7c61a26ec3a0c88c HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index bff9a5f14..0f2e748fa 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,36 @@ # Release Notes +## 1.6.2 +### Features +- Added a `--runtime` flag to `podman system migrate` to allow the OCI runtime for all containers to be reset, to ease transition to the `crun` runtime on CGroups V2 systems until `runc` gains full support +- The `podman rm` command can now remove containers in broken states which previously could not be removed +- The `podman info` command, when run without root, now shows information on UID and GID mappings in the rootless user namespace +- Added `podman build --squash-all` flag, which squashes all layers (including those of the base image) into one layer +- The `--systemd` flag to `podman run` and `podman create` now accepts a string argument and allows a new value, `always`, which forces systemd support without checking if the the container entrypoint is systemd + +### Bugfixes +- Fixed a bug where the `podman top` command did not work on systems using CGroups V2 ([#4192](https://github.com/containers/libpod/issues/4192)) +- Fixed a bug where rootless Podman could double-close a file, leading to a panic +- Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state +- Fixed a bug where `podman start --attach --sig-proxy=false` would still proxy signals into the container +- Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (`auth.json`), breaking `podman login` integration with `skopeo` and other tools using the containers/image library +- Fixed a bug where `podman ps --format=json` and `podman images --format=json` would display `null` when no results were returned, instead of valid JSON +- Fixed a bug where `podman build --squash` was incorrectly squashing all layers into one, instead of only new layers +- Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not ([#4248](https://github.com/containers/libpod/issues/4248)) +- Fixed a bug where volumes which failed to unmount could not be removed ([#4247](https://github.com/containers/libpod/issues/4247)) +- Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage +- Fixed a bug where `podman stats` was broken on systems running CGroups V2 when run rootless ([#4268](https://github.com/containers/libpod/issues/4268)) +- Fixed a bug where the `podman start` command would print the short container ID, instead of the full ID +- Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in `podman ps` and could not be removed via `podman rm` + +### Misc +- The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing `--pids-limit 0` to `podman create` and `podman run` +- The `podman network create` command now validates network names using the same regular expression as container and pod names +- The `--systemd` flag to `podman run` and `podman create` will now only enable systemd mode when the binary being run inside the container is `/sbin/init`, `/usr/sbin/init`, or ends in `systemd` (previously detected any path ending in `init` or `systemd`) +- Updated vendored Buildah to 1.11.3 +- Updated vendored containers/storage to 1.13.5 +- Updated vendored containers/image to 4.0.1 + ## 1.6.1 ### Bugfixes - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the `cgroupfs` CGroups manager diff --git a/changelog.txt b/changelog.txt index 8508d0d1c..dd3fcec82 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,65 @@ +- Changelog for v1.6.2-rc1 (2019-10-16) + * Add release notes for Podman 1.6.2 + * start: print full container ID + * Add a MissingRuntime implementation + * rootless v2 cannot collect network stats + * inspect: rename ImageID go field to Image + * systemd: accept also /sbin/init + * Unwrap errors before comparing them + * vendor github.com/containers/storage@v1.13.5 + * Ensure volumes can be removed when they fail to unmount + * Fix sample's JSON syntax error in oci-hooks.5.md + * change error wording when conmon fails without logs + * images: empty list is valid json with --format=json + * Allow giving path to Podman for cleanup command + * Touch up bad math in run man page + * Add squash-all, fix squash option in build + * tests: enable ps --size tests for rootless + * container: initialize results list + * Make user io.podman.service unit WantedBy=default.target + * rootless: do not set PIDs limit if --cgroup-manager=cgroupfs + * Update build man page with latest Buildah changes + * Fix default path for auth.json + * When restoring containers, reset cgroup path + * Migrate can move containers to a new runtime + * Move OCI runtime implementation behind an interface + * show uid_map in podman info + * cli: support --systemd=always + * systemd: expect full path /usr/sbin/init + * catch runc v2 error + * Respect --sig-proxy flag with podman start --attach + * rootless: automatically recreate the pause.pid file + * rootless: do not close files twice + * refresh: do not access network ns if not in the namespace + * Cirrus: Produce and collect varlink output + * io.podman.socket: drop Also=multi-user.target + * Cirrus: Remove broken/failing testing_crun task + * Cirrus: Use new VM cache images + * Cirrus: Install conmon in Fedora VMs + * vendor c/psgo@v1.3.2 + * troubleshooting: fix useradd no-log-init argument + * Setup a reasonable default for pids-limit 4096 + * Update c/image to v4.0.1 and buildah to 1.11.3 + * When evicting containers, perform a normal remove first + * Bump gopkg.in/yaml.v2 from 2.2.3 to 2.2.4 + * podman network create: validate user input + * Cirrus: Simplify package NVR logging + * Docs: Update links, add links to latest + * Cirrus: Fix log URIs & add optional $ALSO_FILENAME + * Raise start_test polling interval + * system tests: info: deal with hyphen in username + * Bump gitvalidation epoch + * Bump to v1.6.2-dev + * Apply changes also to the windows implementation + * System-tests: Use bash explicitly + * Podman 1.6.0 has been released, update the README + * Add api link to tutorials + * Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.3 + * Allow setting default parameters with env vars + * Avoid hard-coding path to varlink and podman + * Allow changing IdentityFile and to IgnoreHosts + * rm: add containers eviction with `rm --force` + - Changelog for v1.6.1 (2019-10-02) * Update release notes for v1.6.1 * Bump gitvalidation epoch diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 99307e8c4..59f2880c3 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -16,15 +16,14 @@ import ( "strconv" "strings" "sync" - "syscall" "unsafe" "github.com/containers/libpod/pkg/errorhandling" "github.com/containers/storage/pkg/idtools" - "github.com/docker/docker/pkg/signal" "github.com/godbus/dbus" "github.com/pkg/errors" "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ) /* @@ -130,7 +129,7 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) func readUserNs(path string) (string, error) { b := make([]byte, 256) - _, err := syscall.Readlink(path, b) + _, err := unix.Readlink(path, b) if err != nil { return "", err } @@ -143,7 +142,7 @@ func readUserNsFd(fd uintptr) (string, error) { func getParentUserNs(fd uintptr) (uintptr, error) { const nsGetParent = 0xb702 - ret, _, errno := syscall.Syscall(syscall.SYS_IOCTL, fd, uintptr(nsGetParent), 0) + ret, _, errno := unix.Syscall(unix.SYS_IOCTL, fd, uintptr(nsGetParent), 0) if errno != 0 { return 0, errno } @@ -179,7 +178,7 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) { for { nextFd, err := getParentUserNs(fd) if err != nil { - if err == syscall.ENOTTY { + if err == unix.ENOTTY { return os.NewFile(fd, "userns child"), nil } return nil, errors.Wrapf(err, "cannot get parent user namespace") @@ -191,14 +190,14 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) { } if ns == currentNS { - if err := syscall.Close(int(nextFd)); err != nil { + if err := unix.Close(int(nextFd)); err != nil { return nil, err } // Drop O_CLOEXEC for the fd. - _, _, errno := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_SETFD, 0) + _, _, errno := unix.Syscall(unix.SYS_FCNTL, fd, unix.F_SETFD, 0) if errno != 0 { - if err := syscall.Close(int(fd)); err != nil { + if err := unix.Close(int(fd)); err != nil { logrus.Errorf("failed to close file descriptor %d", fd) } return nil, errno @@ -206,7 +205,7 @@ func getUserNSFirstChild(fd uintptr) (*os.File, error) { return os.NewFile(fd, "userns child"), nil } - if err := syscall.Close(int(fd)); err != nil { + if err := unix.Close(int(fd)); err != nil { return nil, err } fd = nextFd @@ -394,7 +393,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, runtime.LockOSThread() defer runtime.UnlockOSThread() - fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_DGRAM, 0) + fds, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_DGRAM, 0) if err != nil { return false, -1, err } @@ -491,21 +490,21 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, signals := []os.Signal{} for sig := 0; sig < numSig; sig++ { - if sig == int(syscall.SIGTSTP) { + if sig == int(unix.SIGTSTP) { continue } - signals = append(signals, syscall.Signal(sig)) + signals = append(signals, unix.Signal(sig)) } gosignal.Notify(c, signals...) defer gosignal.Reset() go func() { for s := range c { - if s == signal.SIGCHLD || s == signal.SIGPIPE { + if s == unix.SIGCHLD || s == unix.SIGPIPE { continue } - if err := syscall.Kill(int(pidC), s.(syscall.Signal)); err != nil { + if err := unix.Kill(int(pidC), s.(unix.Signal)); err != nil { logrus.Errorf("failed to kill %d", int(pidC)) } } @@ -560,7 +559,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st lastErr = nil break } else { - fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_DGRAM, 0) + fds, err := unix.Socketpair(unix.AF_UNIX, unix.SOCK_DGRAM, 0) if err != nil { lastErr = err continue |