| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rootless cni namespace needs a valid /etc/resolv.conf file. On some
distros is a symlink to somewhere under /run. Because the kernel will
follow the symlink before mounting, it is not possible to mount a file
at exactly /etc/resolv.conf. We have to ensure that the link target will
be available in the rootless cni mount ns.
Fixes #10855
Also fixed a bug in the /var/lib/cni directory lookup logic. It used
`filepath.Base` instead of `filepath.Dir` and thus looping infinitely.
Fixes #10857
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Fixed notation for macOS
|
| |
| |
| |
| | |
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
|
|\ \
| | |
| | | |
podman diff accept two images or containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First, make podman diff accept optionally a second argument. This allows
the user to specify a second image/container to compare the first with.
If it is not set the parent layer will be used as before.
Second, podman container diff should only use containers and podman
image diff should only use images. Previously, podman container diff
would use the image when both an image and container with this name
exists.
To make this work two new parameters have been added to the api. If they
are not used the previous behaviour is used. The same applies to the
bindings.
Fixes #10649
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |_|/
|/| | |
bump cobra to v1.2.1 and update the shell completion scripts
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The new cobra v1.2.0 release brings a number of bug fixes for shell
completion scripts. Regenerate the scripts with `make completions`
to sync them with the upstream version, currently we have some custom
ones to avoid some upstream bugs. Because the new cobra version has
all fixes we should use the upstream scripts.
Add a check to CI to ensure we always use the up to date scripts.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #9730
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman service reaper
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new service reaper package. Podman currently does not reap all
child processes. The slirp4netns and rootlesskit processes are not
reaped. The is not a problem for local podman since the podman process
dies before the other processes and then init will reap them for us.
However with podman system service it is possible that the podman
process is still alive after slirp died. In this case podman has to reap
it or the slirp process will be a zombie until the service is stopped.
The service reaper will listen in an extra goroutine on SIGCHLD. Once it
receives this signal it will try to reap all pids that were added with
`AddPID()`. While I would like to just reap all children this is not
possible because many parts of the code use `os/exec` with `cmd.Wait()`.
If we reap before `cmd.Wait()` things can break, so reaping everything
is not an option.
[NO TESTS NEEDED]
Fixes #9777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Create podman temp dir on machine start
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the tempdir for the OS does not have a podman/, machine start will fail. An example would be after a reboot. We now create the podman dir if it does not exist.
Fixes #10824
[NO TESTS NEEDED]
Signed-off-by: baude <baude@baudes-Mac-mini.localdomain>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
[CI:DOCS] podman search: clarify that results depend on implementation
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Clarify in the man page that podman-search is not generally realiable
way of determining the presence/existence of an image. The results of
the v1 and the v2 endpoints depend on the implementation of each
registry; the semantics are not really specified. Some registries may
not support search at all as it's not part of the OCI dist spec.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1978556
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
vendor containers/common@main
|
| | |
| | |
| | |
| | |
| | |
| | | |
v1.2.0 is breaking CI (see containers/podman/pull/10844).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
Pull in fixes for local image lookups.
Fixes: #10835
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Implement --archive flag for podman cp
|
| |/
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| |/
|/| |
podman: ignore ESRCH from kill
|
|/
|
|
|
|
|
|
| |
Closes: https://github.com/containers/podman/issues/10826
[NO TESTS NEEDED] Fixes a race condition
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Handle advanced --network options in podman play kube
|
|/
|
|
|
|
|
|
| |
Since Podman create/run can support this, so should play.
Fixes: https://github.com/containers/podman/issues/10807
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Cirrus: Fixes due to master->main rename
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
vendor containers/common@7482cf851dcc
|
| |
| |
| |
| |
| |
| |
| | |
Make sure that image events are written *after* execution.
Fixes: #10812
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add CNI rootless networking troubleshooting for v2.2.1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A CNI container image is required for rootless networking
in V2.2.1 (RHEL 8.3.1) and through v3.0.1. Add a note in the
troubleshooting guide with a pointer to the documenation
for that.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| |_|/
|/| | |
reset: remove external containers on podman system reset
|
| | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.32.4
Bump github.com/containers/storage from 1.32.3 to 1.32.4
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5)
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Enhance system connection add URL input
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
* Add support for the tcp and unix schemes in connection URLs.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |/ /
|/| | |
[NO TESTS NEEDED] Make system connection ls deterministic
|
| | |
| | |
| | |
| | |
| | |
| | | |
Sort system connection ls by name, making the output deterministic. Previously, we were just iterating through a map, which caused CI flakes.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.2
Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2)
---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |/ /
|/| | |
Makefile: remove install.cni
|
| |/
| |
| |
| |
| |
| |
| | |
We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist
so install.cni isn't needed either.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \
| |/
|/| |
[NO TEST NEEDED] prefix `ETCDIR` with `${PREFIX}/`
|
|/
|
|
|
|
| |
`ETCDIR` isn't prefixed and led to dangling files in `DESTDIR/etc`
Signed-off-by: Tobias Wendorff <1864057+tobwen@users.noreply.github.com>
|
|\
| |
| | |
read secret config from config file if no user data.
|
| |
| |
| |
| | |
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
feat: read secret config from config file if the user hasn't entered
explicit config values
feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values
fix: show driver options in `podman secret inspect`
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
|
|\ \
| | |
| | | |
remove `pkg/registries`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pull the trigger on the `pkg/registries` package which acted as a proxy
for `c/image/pkg/sysregistriesv2`. Callers should be using the packages
from c/image directly, if needed at all.
Also make use of libimage's SystemContext() method which returns a copy
of a system context, further reducing the risk of unintentionally
altering global data.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
pkg/systemd: don't require LISTEN_FDNAMES for socket activation
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
LISTEN_FDNAMES is optional, the docs for sd_listen_fds() says:
This information is read from the $LISTEN_FDNAMES variable, which
**may** contain a colon-separated list of names.
emphasis mine (indeed, the cited coreos code also suggests it is optional).
This actually results in bug, since the default
/contrib/systemd/system/podman.socket file doesn't set a
FileDescriptorName=. podman when run with this systemd configuration
*always* starts in unix socket mode since SocketActivated() will return
false because the name is missing.
The bug is a race with a very small window: between when podman does the
unlink() and when it re-binds the socket later in the code, requests made
during this time will fail since nothing is listening. There's another
small race when the service stops and systemd realizes it and starts
listening again.
However, small this window we managed to hit it :).
Let's fix this by ignoring LISTEN_FDNAMES. Since the code in
cmd/podman/system/service_abi.go:restService() ignores this value anyway
when setting up the socket activated stuff, there's no real loss here.
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
|