summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #15856 from dfr/freebsd-copyOpenShift Merge Robot2022-09-21
|\ | | | | Add support for 'podman cp' on FreeBSD
| * libpod: Implement 'podman cp' for FreeBSDDoug Rabson2022-09-20
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move jointMountAndExec to container_copy_linux.goDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | This also moves the logic for resolving paths in running and stopped containers tp container_copy_linux.go. On FreeBSD, we can execute the function argument to joinMountAndExec directly using host-relative paths since the host mount namespace includes all the container mounts. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move part of (*Container).stat to container_stat_linux.goDoug Rabson2022-09-20
| | | | | | | | | | | | | | | | | | | | The logic that treats running containers differently from stopped containers is not needed on FreeBSD where the container mounts live in a global mount namespace. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move container_copy_linux.go to container_copy_common.goDoug Rabson2022-09-20
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move container_stat_linux.go to container_stat_common.goDoug Rabson2022-09-20
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15842 from ashley-cui/seclabelsOpenShift Merge Robot2022-09-21
|\ \ | | | | | | Add labels to secrets
| * | Add labels to secretsAshley Cui2022-09-20
| | | | | | | | | | | | | | | | | | | | | Add --label/-l label flag to secret create, and show labels when inspecting secrets. Also allow labeling secrets via libpod/compat API. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #15866 from boaz0/closes_15746OpenShift Merge Robot2022-09-21
|\ \ \ | |_|/ |/| | Fix podman-remote run --attach stdin to show container ID
| * | Fix podman-remote run --attach stdin to show container IDBoaz Shuster2022-09-20
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #15859 from edsantiago/docs_format_eventsOpenShift Merge Robot2022-09-19
|\ \ \ | | | | | | | | [CI:DOCS] man pages: document some --format options
| * | | man pages: document some --format optionsEd Santiago2022-09-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Baby steps toward merging #14046: document Go format options for podman events. This is deliberately imperfect. I am not the right person to document these. I am simply the person who is getting a skeleton framework in place. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15072 from rhatdan/contextOpenShift Merge Robot2022-09-19
|\ \ \ \ | |/ / / |/| | | Add support for podman context as alias to podman system connection
| * | | Add support for podman context as alias to podman system connectionDaniel J Walsh2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Alias podman --context -> podman --connection podman context use -> podman system connection default podman context rm -> podman system connection rm podman context create -> podman system connection add podman context ls ->podman system connection ls podman context inspect ->podman system connection ls --json (For specified connections) Podman context is a hidden command, but can be used for existing scripts that assume Docker under the covers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15844 from rhatdan/selinuxOpenShift Merge Robot2022-09-19
|\ \ \ \ | | | | | | | | | | label.Relabel third option is shared not recurse
| * | | | label.Relabel third option is shared not recurseDaniel J Walsh2022-09-17
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no option in Selinux labeling to only relabel the top level of a directory. The option is to either label the path shared or not shared. Changing to make sure future engineers do not assume that recurse can work. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15839 from cdoern/cloneOpenShift Merge Robot2022-09-17
|\ \ \ \ | | | | | | | | | | podman container clone env patch
| * | | | podman container clone env patchCharlie Doern2022-09-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone was failing when env variables had multiple `=` in them. Switch split to splitn resolves #15836 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #15833 from ↵OpenShift Merge Robot2022-09-16
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/coreos/go-systemd/v22-22.4.0 build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0
| * | | | build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.4.0dependabot[bot]2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.3.2 to 22.4.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.3.2...v22.4.0) --- updated-dependencies: - dependency-name: github.com/coreos/go-systemd/v22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #15823 from rhatdan/dns-optOpenShift Merge Robot2022-09-16
|\ \ \ \ \ | | | | | | | | | | | | Default to --dns-option to match Docker and Buildah
| * | | | | Default to --dns-option to match Docker and BuildahDaniel J Walsh2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Existing tests cover this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #15775 from cevich/gitlab_nightlyOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ | | | | | | | | | | | | | | Cirrus: Move gitlab test to cirrus-cron "main"
| * | | | | | Cirrus: Move gitlab test to cirrus-cron "main"Chris Evich2022-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little need to execute this test for (nearly) every PR. Further, since it always executes the *latest* upstream tests, there's no need to run it on any branch other than `main`. Arrange for it to only execute for the `main` cirrus-cron trigger. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #15173 from carljmosca/mainOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] added docs for installing certificate authority
| * | | | | | | added docs for installing certficate authorityCarl J. Mosca2022-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Carl J. Mosca <carljmosca@gmail.com>
* | | | | | | | Merge pull request #15755 from edsantiago/docs_for_formatsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | [CI:DOCS] man pages: document some --format options
| * | | | | | | [CI:DOCS] man pages: document some --format optionsEd Santiago2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Baby steps toward merging #14046: document a few of the Go format command-line options. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15812 from sstosh/checkpoint-export-rawinputOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | remote: checkpoint --export prints a rawInput or an error on remote
| * | | | | | | remote: checkpoint --export prints a rawInput or an error on remoteToshiki Sonoda2022-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit fixes `container checkpoint --export` to print a rawInput or an error. Fixes: #15743 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | | | | Merge pull request #15776 from cevich/no_ubuntu_unitOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Cirrus: Only run unit-testing on Fedora.
| * | | | | | | | Cirrus: Only run unit-testing on Fedora.Chris Evich2022-09-14
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's little practical reason to execute unit-level testing on multiple platforms, since there's so little platform interaction. Remove the unit-test runs on Ubuntu, only execute on root-full and root-less Fedora. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | | Merge pull request #15817 from edsantiago/docs_dedup_dnsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | [CI:DOCS] Man pages: Refactor common options: --dns
| * | | | | | | | Man pages: Refactor common options: --dnsEd Santiago2022-09-15
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only between podman-build, create, and run. podman-pod-create is too different. As usual I went with the podman-run version. This means keeping the word "flag" (which should be "option"), for ease of review. I will fix in my in-progress cleanup PR. For podman-build, I removed "during the build" and changed it to a note for that man page only. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15829 from edsantiago/shlintOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Cleanup: fix problems reported by shell lint
| * | | | | | | | Cleanup: fix problems reported by shell lintEd Santiago2022-09-15
| | |_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15616, which is not usable as it is (way, way, way too much noise) but actually found a few real nits that should be fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15825 from edsantiago/fix_readthedocsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | [CI:DOCS] Fix broken titles on readthedocs
| * | | | | | | | Fix broken titles on readthedocsEd Santiago2022-09-15
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #15621, which (correctly) removed parentheses from md files. Turns out, a hidden part of our readthedocs process depended on those parentheses. Update that step so it handles the new, correct, <space><section-number> format. Also update local-testing documentation in README, and clean it up a little. Fixes: #15822 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15722 from edsantiago/treadmill_improvementsOpenShift Merge Robot2022-09-16
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | [CI:DOCS] Buildah treadmill script: various fixes
| * | | | | | | Buildah treadmill script: various fixesEd Santiago2022-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...gathered up from the last few months of almost-daily runs. The principal difference is, ditching the git-am approach in favor of git-cherry-pick. It's so much nicer! I keep forgetting how clumsy git-am is. With the new approach, saved checkpoints are kept as git branches, not in an easy-to-lose text file. And, conflict resolution is MUCH EASIER. (Conflict resolution is necessary when, e.g., the treadmill PR includes fixes for some new vendoring that buildah has done but not podman, then podman vendors in that same module but fixes broken tests in a different way than I did). Also a lot of smaller fixes for bugs reported by @Luap99. Thank you for testing and for letting me know of problems! Cursory review is OK: this will not break anything in the repo, and I've been testing/finetuning these changes heavily over the past month or two. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | Merge pull request #15821 from ↵OpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | vrothberg/revert-c20abf12c714f359c7bbb291c444530f70cb1185 Revert "generate systemd: drop ExecStop"
| * | | | | | | | Revert "generate systemd: drop ExecStop"Valentin Rothberg2022-09-15
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit c20abf12c714f359c7bbb291c444530f70cb1185. In the absence of `ExecStop` step, systemd will send the stop/kill signals to the main PID while I asummed that systemd would jump directly to an ExecStopPost step instead. Hence revert the commit to let Podman take care of stopping rather than systemd. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | | | Merge pull request #15757 from mheon/fix_15526OpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Introduce graph-based pod container removal
| * | | | | | | Introduce graph-based pod container removalMatthew Heon2022-09-14
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Originally, during pod removal, we locked every container in the pod at once, did a number of validity checks to ensure everything was safe, and then removed all the containers in the pod. A deadlock was recently discovered with this approach. In brief, we cannot lock the entire pod (or much more than a single container at a time) without causing a deadlock. As such, we converted to an approach where we just looped over each container in the pod, removing them individually. Unfortunately, this removed a lot of the validity checking of the earlier approach, allowing for a lot of unintended bad things. Infra containers could be removed while containers in the pod still depended on them, for example. There's no easy way to do validity checks while in a simple loop, so I implemented a version of our graph-traversal logic that currently handles pod start. This version acts in the reverse order of startup: startup starts from containers which depend on nothing and moves outwards, while removal acts on containers which have nothing depend on them and moves inwards. By doing graph traversal, we can guarantee that nothing is removed while something that depends on it still exists - so the infra container should be the last thing in a pod that is removed, for example. In the (unlikely) case that a graph of the pod's containers cannot be built (most likely impossible without database editing) the old method of pod removal has been retained to ensure that even misbehaving pods can be forcibly evicted from the state. I'm fairly confident that this resolves the problem, but there are a lot of assumptions around dependency structure built into the original pod removal code and I am not 100% sure I have captured all of them. Fixes #15526 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #15792 from dfr/freebsd-inspectOpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add support for 'podman inspect' on FreeBSD
| * | | | | | | libpod: Make getContainerInspectData work on FreeBSDDoug Rabson2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes setting EffectiveCaps and BoundingCaps conditional on whether the capabilites field in the spec is non-nil. This allows 'podman inspect' to work on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | libpod: Factor out platform-specfic code from generateInspectContainerHostConfigDoug Rabson2022-09-15
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | | | Merge pull request #15816 from vrothberg/15686-drop-execstopOpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | generate systemd: drop ExecStop
| * | | | | | | generate systemd: drop ExecStopValentin Rothberg2022-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the ExecStop step to simplify the generated units a bit. The extra ExecStopPost step was added by commit e5c343294424. If the main PID (i.e., conmon) is killed, systemd will not execute ExecStop (since the main PID is already down) but only execute the *Post steps. Credits to the late Ulrich Obergfell for tracking this issue down; he is missed. The ExecStop step can safely be dropped since the Post step will take of stopping (and removing) in any case. Context: #15686 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | | | Merge pull request #15815 from edsantiago/docs_dedup_no-streamOpenShift Merge Robot2022-09-15
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | [CI:DOCS] Man pages: refactor common options: 2 stats opts