summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Don't mount /dev/tty* inside privileged containers running systemdDan Čermák2022-09-22
| | | | | | | | | | | | | | According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take control over /dev/ttyN if exported, which can cause conflicts with the host's tty in privileged containers. Thus we will not expose these to privileged containers in systemd mode, as this is a bad idea according to systemd's maintainers. Additionally, this commit adds a bats regression test to check that no /dev/ttyN are present in a privileged container in systemd mode This fixes https://github.com/containers/podman/issues/15878 Signed-off-by: Dan Čermák <dcermak@suse.com>
* Merge pull request #15870 from idleroamer/podman-saveOpenShift Merge Robot2022-09-22
|\ | | | | podman-save: Add signature-policy flag
| * cli: Add signature-policy flag to podman save😎Mostafa Emami2022-09-21
| | | | | | | | | | | | | | | | Allow overwrite of the signature-policy file by passing signature-policy flag to podman save command Closes: https://github.com/containers/podman/issues/15869 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
* | Merge pull request #15894 from edsantiago/reenable_some_aarch64_testsOpenShift Merge Robot2022-09-22
|\ \ | | | | | | System tests: reenable some skipped aarch64 tests
| * | System tests: reenable some skipped aarch64 testsEd Santiago2022-09-21
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | Background: in order to add aarch64 tests, we had to add emergency skips to a lot of failing tests. No attempt was ever made to understand why they were failing. Fast forward to today, I filed #15888 just to see if tests are still failing. Looks like a number of them are fixed. (Yes, magically). Remove those skips. See: #15074, #15277 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15890 from cevich/more_ioutil_fixesOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Fix a few missed io/ioutil -> os updates
| * | Fix a few missed io/ioutil -> os updatesChris Evich2022-09-21
|/ / | | | | | | | | | | Ref: https://github.com/containers/podman/pull/15871 Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #15871 from cevich/replace_ioutilOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Replace deprecated ioutil
| * | Replace deprecated ioutilChris Evich2022-09-20
| |/ | | | | | | | | | | | | | | | | | | Package `io/ioutil` was deprecated in golang 1.16, preventing podman from building under Fedora 37. Fortunately, functionality identical replacements are provided by the packages `io` and `os`. Replace all usage of all `io/ioutil` symbols with appropriate substitutions according to the golang docs. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #15837 from rhatdan/formatOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Improve generate systemd format
| * | Improve generate systemd formatDaniel J Walsh2022-09-21
| |/ | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14897 Followup to #13814 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #15856 from dfr/freebsd-copyOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Add support for 'podman cp' on FreeBSD
| * | libpod: Implement 'podman cp' for FreeBSDDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | libpod: Move jointMountAndExec to container_copy_linux.goDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also moves the logic for resolving paths in running and stopped containers tp container_copy_linux.go. On FreeBSD, we can execute the function argument to joinMountAndExec directly using host-relative paths since the host mount namespace includes all the container mounts. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | libpod: Move part of (*Container).stat to container_stat_linux.goDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The logic that treats running containers differently from stopped containers is not needed on FreeBSD where the container mounts live in a global mount namespace. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | libpod: Move container_copy_linux.go to container_copy_common.goDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | libpod: Move container_stat_linux.go to container_stat_common.goDoug Rabson2022-09-20
| |/ | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15842 from ashley-cui/seclabelsOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Add labels to secrets
| * | Add labels to secretsAshley Cui2022-09-20
| | | | | | | | | | | | | | | | | | | | | Add --label/-l label flag to secret create, and show labels when inspecting secrets. Also allow labeling secrets via libpod/compat API. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #15866 from boaz0/closes_15746OpenShift Merge Robot2022-09-21
|\ \ \ | |_|/ |/| | Fix podman-remote run --attach stdin to show container ID
| * | Fix podman-remote run --attach stdin to show container IDBoaz Shuster2022-09-20
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #15859 from edsantiago/docs_format_eventsOpenShift Merge Robot2022-09-19
|\ \ \ | | | | | | | | [CI:DOCS] man pages: document some --format options
| * | | man pages: document some --format optionsEd Santiago2022-09-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Baby steps toward merging #14046: document Go format options for podman events. This is deliberately imperfect. I am not the right person to document these. I am simply the person who is getting a skeleton framework in place. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15072 from rhatdan/contextOpenShift Merge Robot2022-09-19
|\ \ \ \ | |/ / / |/| | | Add support for podman context as alias to podman system connection
| * | | Add support for podman context as alias to podman system connectionDaniel J Walsh2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Alias podman --context -> podman --connection podman context use -> podman system connection default podman context rm -> podman system connection rm podman context create -> podman system connection add podman context ls ->podman system connection ls podman context inspect ->podman system connection ls --json (For specified connections) Podman context is a hidden command, but can be used for existing scripts that assume Docker under the covers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15844 from rhatdan/selinuxOpenShift Merge Robot2022-09-19
|\ \ \ \ | | | | | | | | | | label.Relabel third option is shared not recurse
| * | | | label.Relabel third option is shared not recurseDaniel J Walsh2022-09-17
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no option in Selinux labeling to only relabel the top level of a directory. The option is to either label the path shared or not shared. Changing to make sure future engineers do not assume that recurse can work. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15839 from cdoern/cloneOpenShift Merge Robot2022-09-17
|\ \ \ \ | | | | | | | | | | podman container clone env patch
| * | | | podman container clone env patchCharlie Doern2022-09-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone was failing when env variables had multiple `=` in them. Switch split to splitn resolves #15836 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15833 from ↵OpenShift Merge Robot2022-09-16
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/coreos/go-systemd/v22-22.4.0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
| * | | | build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0dependabot[bot]2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.3.2...v22.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #15823 from rhatdan/dns-optOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | | | | | | | | | | | | Default to --dns-option to match Docker and Buildah
| * | | | | Default to --dns-option to match Docker and BuildahDaniel J Walsh2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Existing tests cover this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #15775 from cevich/gitlab_nightlyOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ | | | | | | | | | | | | | | Cirrus: Move gitlab test to cirrus-cron "main"
| * | | | | | Cirrus: Move gitlab test to cirrus-cron "main"Chris Evich2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little need to execute this test for (nearly) every PR. Further, since it always executes the *latest* upstream tests, there's no need to run it on any branch other than `main`. Arrange for it to only execute for the `main` cirrus-cron trigger. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #15173 from carljmosca/mainOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] added docs for installing certificate authority
| * | | | | | | added docs for installing certficate authorityCarl J. Mosca2022-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Carl J. Mosca <carljmosca@gmail.com>
* | | | | | | | Merge pull request #15755 from edsantiago/docs_for_formatsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | [CI:DOCS] man pages: document some --format options
| * | | | | | | [CI:DOCS] man pages: document some --format optionsEd Santiago2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Baby steps toward merging #14046: document a few of the Go format command-line options. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15812 from sstosh/checkpoint-export-rawinputOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | remote: checkpoint --export prints a rawInput or an error on remote
| * | | | | | | remote: checkpoint --export prints a rawInput or an error on remoteToshiki Sonoda2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes `container checkpoint --export` to print a rawInput or an error. Fixes: #15743 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | | | Merge pull request #15776 from cevich/no_ubuntu_unitOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Cirrus: Only run unit-testing on Fedora.
| * | | | | | | | Cirrus: Only run unit-testing on Fedora.Chris Evich2022-09-14
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little practical reason to execute unit-level testing on multiple platforms, since there's so little platform interaction. Remove the unit-test runs on Ubuntu, only execute on root-full and root-less Fedora. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | | Merge pull request #15817 from edsantiago/docs_dedup_dnsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | [CI:DOCS] Man pages: Refactor common options: --dns
| * | | | | | | | Man pages: Refactor common options: --dnsEd Santiago2022-09-15
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only between podman-build, create, and run. podman-pod-create is too different. As usual I went with the podman-run version. This means keeping the word "flag" (which should be "option"), for ease of review. I will fix in my in-progress cleanup PR. For podman-build, I removed "during the build" and changed it to a note for that man page only. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15829 from edsantiago/shlintOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Cleanup: fix problems reported by shell lint
| * | | | | | | | Cleanup: fix problems reported by shell lintEd Santiago2022-09-15
| | |_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15616, which is not usable as it is (way, way, way too much noise) but actually found a few real nits that should be fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15825 from edsantiago/fix_readthedocsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | [CI:DOCS] Fix broken titles on readthedocs
| * | | | | | | | Fix broken titles on readthedocsEd Santiago2022-09-15
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15621, which (correctly) removed parentheses from md files. Turns out, a hidden part of our readthedocs process depended on those parentheses. Update that step so it handles the new, correct, <space><section-number> format. Also update local-testing documentation in README, and clean it up a little. Fixes: #15822 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15722 from edsantiago/treadmill_improvementsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | [CI:DOCS] Buildah treadmill script: various fixes