| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Refactor ImagesPull the same way the ImagesPush and ManifestPush are
done.
[NO NEW TESTS NEEDED]
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\
| |
| | |
podman kube generate - add actual tests
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This exposed a nasty bug in our system-test setup: Ubuntu (runc)
was writing a scratch containers.conf file, and setting CONTAINERS_CONF
to point to it. This was well-intentionedly introduced in #10199 as
part of our long sad history of not testing runc. What I did not
understand at that time is that CONTAINERS_CONF is **dangerous**:
it does not mean "I will read standard containers.conf and then
override", it means "I will **IGNORE** standard containers.conf
and use only the settings in this file"! So on Ubuntu we were
losing all the default settings: capabilities, sysctls, all.
Yes, this is documented in containers.conf(5) but it is such
a huge violation of POLA that I need to repeat it.
In #14972, as yet another attempt to fix our runc crisis, I
introduced a new runc-override mechanism: create a custom
/etc/containers/containers.conf when OCI_RUNTIME=runc.
Unlike the CONTAINERS_CONF envariable, the /etc file
actually means what you think it means: "read the default
file first, then override with the /etc file contents".
I.e., we get the desired defaults. But I didn't remember
this helpers.bash workaround, so our runc testing has
actually been flawed: we have not been testing with
the system containers.conf. This commit removes the
no-longer-needed and never-actually-wanted workaround,
and by virtue of testing the cap-drops in kube generate,
we add a regression test to make sure this never happens
again.
It's a little scary that we haven't been testing capabilities.
Also scary: this PR requires python, for converting yaml to json.
I think that should be safe: python3 'import yaml' and 'json'
works fine on a RHEL8.7 VM from 1minutetip.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
libpod: Add FreeBSD support for ConmonOCIRuntime
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also adds FreeBSD equivalents to the functions moved to
oci_conmon*_linux.go. For openUnixSocket, we create a temporary symlink
to shorten the path to something that fits into sockaddr_un.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This function depends on linux-specific functionality in /proc/fd to
allow connecting to local domain sockets with pathnames too long for
sockaddr_un.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
oci_conmon_linux.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | |/
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
Reword --exit-policy option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
|
| |\ \ \
| |_|/
|/| | |
runtime: parse conmon-rs version
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
it detects conmon-rs.
[NO NEW TESTS NEEDED] no functionalities added.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
sort hc.Binds returned from compat api
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add podman stats --no-trunc option
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is for compatibility with Docker.
Partial fix for https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Add podman manifest create -a. Alias for --amend:Docker compatibility
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix podman kube generate --help to show correct help message
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Cirrus: add podman_machine_aarch64
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Run machine tests on every PR as label-driven machine test
triggering is currently hard to predict and debug.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \ \
| |/ / /
|/| | | |
Add non-linux build stubs for libpod
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The O_PATH flag is a recent addition to the open syscall and is not
present in darwin or in FreeBSD releases before 13.1. The constant is
not present in the FreeBSD version of x/sys/unix since that package
supports FreeBSD 12.3 and later.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This removes a use of state.NetNS which is a linux-specific field defined
in container_linux.go from the generic container_internal.go, allowing
that to build on non-linux platforms.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Note: this makes info.go linux-only since it mixes linux-specific and
generic code. This should be addressed in a separate refactoring PR.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \
| | | |
| | | | |
Add restart --cidfile, --filter
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \
| | | | |
| | | | | |
podman manifest create: accept --amend and --insecure flags
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
utils: Add missing symbols for FreeBSD
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \
| | | | |
| | | | | |
system tests: fix broken runc test
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Followup to #14613, which was never actually tested until this
week in RHEL8 gating tests (see issue #15337).
* add missing backslash in '|' expression
* allow extra text after error (e.g., "invalid argument")
No way to test this until it makes its way into RHEL8,
so, fingers crossed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add compatibility support for --debug flag from docker
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
This is another fix for https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Man pages: refactor common options: --annotation
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Refactor the --annotation option, but only between podman create,
kube play, and run.
This does not include:
* podman build:
- usage is in terms of images, not containers/pods
* manifest add, manifest annotate:
- usage is in terms of images, not containers/pods
- also, wording is slightly different
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Add "podman kube generate" command
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
Man pages: refactor common options: arch
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Smaller, more reviewable chunks.
This is just one option, --arch. Future PRs may, if the reviewing
is easy, include multiple options. This one includes fixes to
the preprocessor script, though:
* big oops, I was not handling '<<something pod|something>>'
where 'pod' appears other than the beginning of the string.
* I was also not handling 'container<<| or pod>>', where one
side was empty.
* Behavior change: <<subcommand>>, on podman-pod-foo,
becomes just 'foo' (not 'pod foo'). This will be useful
in a future PR where we refactor --pod-id-file.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Cirrus: Update podman-machine comment
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Replace TODO comment with helpful hint for future maintainers.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
