| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Fix possible rootless netns cleanup race
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rootlessNetNS.Cleanup() has an issue with how it detects if cleanup
is needed, reading the container state is not good ebough because
containers are first stopped and than cleanup will be called. So at one
time two containers could wait for cleanup but the second one will fail
because the first one triggered already the cleanup thus making rootless
netns unavailable for the second container resulting in an teardown
error. Instead of checking the container state we need to check the
netns state.
Secondly, podman unshare --rootless-netns should not do the cleanup.
This causes more issues than it is worth fixing. Users also might want
to use this to setup the namespace in a special way. If unshare also
cleans this up right away we cannot do this.
[NO NEW TESTS NEEDED]
Fixes #12459
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
e2e tmpdir cleanup
|
| | |
| | |
| | |
| | |
| | |
| | | |
...they're not actually used for anything
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Images were being cached in /tmp, with no option to
override. Now $PODMAN_TEST_IMAGE_CACHE_DIR can be
used to point to a user-preferred location. If unset,
try $TMPDIR before settling on /tmp.
Also: refactor the logic for determining the tarball name.
Also: include registry name in tarball name.
Also: clean up unused/unnecessary code
Also: do not echo "Restoring..." if we're not actually restoring.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
...and remove other uses of "crio". They're confusing
and misleading. (I'm sure it made sense at one time)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fixed the containerfile not found during remote build
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Add ashley-cui, lsm5 and floutoc to owners
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
e2e: yet more cleanup of BeTrue/BeFalse
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Thanks to Paul for teaching me about HaveKey()
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[NO NEW TESTS NEEDED] Refactor podman container command output
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Leverage new report.Formatter allowing better compatibility from
podman command output.
See #10974
See #12455
Depends on containers/common#831
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Implement 'podman run --blkio-weight-device'
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`--blkio-weight-device` is not fully implemented and this causes an
unexpected panic when specified because an entry is put into an
uninitialized map at parsing.
This fix implements the `--blkio-weight-device` and adds a system test.
When creating a spec generator on a client, a major number and a minor
number of a device cannot be set. So, these numbers are inspected on a
server and set to a runtime spec.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman, push: expose --compression-format
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
support overriding the compression format at push time.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
container, cgroup: detect pid termination
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the /proc/$PID/cgroup file doesn't exist, then it is likely the
container was terminated in the meanwhile so report ErrCtrStopped that
is already handled instead of ENOENT.
commit a66f40b4df039e94572fa38c070207a435cfa466 introduced the regression.
Closes: https://github.com/containers/podman/issues/12457
[NO NEW TESTS NEEDED] it solves a race in the CI that is difficult to reproduce.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
top: parse ps(1) args correctly
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
The arguments of ps(1) should be shlexed.
Fixes: #12452
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
More BeTrue cleanup
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
...done manually, not via sed, because some of the inner
expressions include nested commas.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Write a BeValidJSON() matcher, and replace IsJSONOutputValid():
sed -i -e 's/Expect(\(.*\)\.IsJSONOutputValid()).To(BeTrue())/Expect(\1.OutputToString())\.To(BeValidJSON())/' test/e2e/*_test.go
(Plus a few manual tweaks)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
tunnel: allow `remote` and `API` to accept `--secrets`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman remote must treat build secrets as part of context directory. If
secret path is absolute path on host copy it to tar file and pass it to
remote server.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following commit makes sure that `build` api can accept external
secret and allows currently `NOOP` `podman-remote build -t tag
--secret id=mysecret,src=/path/on/remote` to become functional.
Just like `docker` following api is a hidden field and only exposed to
`podman-remote` but could document it if it needs exposed on `swagger`.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
systemd: replace multi-user with default.target
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
compat API: allow enforcing short-names resolution to Docker Hub
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-names
Fixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Only open save output file with WRONLY
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The previous code fails on a MAC when opening /dev/stdout
Fixes: https://github.com/containers/podman/issues/12402
[NO NEW TESTS NEEDED] No easy way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] List /etc/containers/certs.d as default for --cert-path
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Helps Document https://github.com/containers/podman/issues/10116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Bindings test: emit GIT_COMMIT, for links in logs
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a magic 'echo' to runner.sh, displaying $GIT_COMMIT in
a special syntax. The logformatter script, seeing this,
will hyperlink error messages to the failing source file.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Move the chown to after the ADDs
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I have noticed that the containers.conf file in the /home/podman
directory is owned by root and not Podman. This change fixes the
ownership.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
compat: Add compatiblity with `Docker/Moby` API for scenarios where build fails.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In order to maintain compatiblity with `moby API` we must the field
`errorDetail` which is primary error reporting field with stream.
Currently podman is using `error` which is already deprecated by moby.
Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147
[NO NEW TESTS NEEDED]
We can't test this in podman CI since we dont have a docker client.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
fix: parsing of HostConfig.Mounts for container create
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
e2e tests: enable golint
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
...and fix problems found therewith.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
fix: error reporting for archive endpoint
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Returning 500 when copying to read-only destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|