summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #4006 from rhatdan/rootlessOpenShift Merge Robot2019-09-13
|\ | | | | Report errors when trying to pause rootless containers
| * Report errors when trying to pause rootless containersDaniel J Walsh2019-09-13
| | | | | | | | | | | | | | | | If you are running a rootless container on cgroupV1 you can not pause the container. We need to report the proper error if this happens. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3934 from rhatdan/waitOpenShift Merge Robot2019-09-13
|\ \ | | | | | | Podman-remote run should wait for exit code
| * | Podman-remote run should wait for exit codeDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | This change matches what is happening on the podman local side and should eliminate a race condition. Also exit commands on the server side should start to return to client. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Use exit code constantsDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | We have leaked the exit number codess all over the code, this patch removes the numbers to constants. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3942 from jwhonce/issue/3829OpenShift Merge Robot2019-09-13
|\ \ \ | |_|/ |/| | Stop glob'ing on podman cp
| * | Do not support wildcards on cpJhon Honce2019-09-12
| | | | | | | | | | | | | | | | | | | | | * symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #4010 from haircommander/regsiter-laterOpenShift Merge Robot2019-09-13
|\ \ \ | | | | | | | | exec: Register resize func a bit later
| * | | exec: Register resize func a bit laterPeter Hunt2019-09-12
| | |/ | |/| | | | | | | | | | | | | | | | | | | if we register the resize func too early, it attempts to read from the 'ctl' file before it exists. this causes the func to error, and the resize to not go through. Fix this by registering resize func later for conmon. This, along with a conmon fix, will allow exec to know the terminal size at startup Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3978 from baude/networkremoveOpenShift Merge Robot2019-09-12
|\ \ \ | |_|/ |/| | enhance podman network rm
| * | enhance podman network rmbaude2019-09-12
| |/ | | | | | | | | | | | | | | | | | | when removing a podman network, we need to make sure we delete the network interface if one was ever created (by running a container). also, when removing networks, we check if any containers are using the network. if they are, we error out unless the user provides a 'force' option which will remove the containers in question. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4009 from baude/execrmsocketOpenShift Merge Robot2019-09-12
|\ \ | | | | | | clean up after healthcheck execs
| * | clean up after healthcheck execsbaude2019-09-12
| |/ | | | | | | | | | | | | | | | | | | when executing a healthcheck, we were not cleaning up after exec's use of a socket. we now remove the socket file and ignore if for reason it does not exist. Fixes: #3962 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3986 from debarshiray/wip/rishi/test-podman-exec-tty-onlcrOpenShift Merge Robot2019-09-12
|\ \ | | | | | | Test that PTYs created by 'podman exec --tty' have the ONLCR flag
| * | Test that PTYs created by 'podman exec --tty' have the ONLCR flagDebarshi Ray2019-09-12
| | | | | | | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | Merge pull request #3998 from cevich/idiot_proof_systemd_unitOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | Prevent podman varlink socket fight
| * | | Prevent podman varlink socket fightChris Evich2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3997 from QiWang19/sigpathOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | fix podman sign signature store for rootless
| * | | fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | | | | | | | | | | | | | | | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #3989 from mheon/storage_containers_add_infoOpenShift Merge Robot2019-09-12
|\ \ \ \ | |_|_|/ |/| | | Add further fields to StorageContainer
| * | | Add further fields to StorageContainerMatthew Heon2019-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This will be used when we allow 'podman ps' to display info on storage containers instead of Libpod containers. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #3999 from jwhonce/wip/msiOpenShift Merge Robot2019-09-12
|\ \ \ \ | | | | | | | | | | Support building Windows msi file
| * | | | Add podman icon to installerJhon Honce2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update Makefile per review comments Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * | | | Support building Windows msi fileJhon Honce2019-09-11
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update Makefile to build msi * Add podman.wxs to define podman.msi * Version information provided by Makefile * Add podman.bat wrapper for podman-remote-windows.exe to ensure environment * Add wix xml schemas for reference Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #3959 from giuseppe/rootless-use-systemd-scopeOpenShift Merge Robot2019-09-12
|\ \ \ \ | | | | | | | | | | rootless: automatically create a systemd scope
| * | | | rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | utils: use the user session for systemdGiuseppe Scrivano2019-09-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | when running as rootless, use the user session bus. It is already implemented in the pkg/cgroups so just re-use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4004 from giuseppe/fix-private-cgroup-systemdOpenShift Merge Robot2019-09-12
|\ \ \ \ | |_|_|/ |/| | | linux: fix systemd with --cgroupns=private
| * | | linux: fix systemd with --cgroupns=privateGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When --cgroupns=private is used we need to mount a new cgroup file system so that it points to the correct namespace. Needs: https://github.com/containers/crun/pull/88 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4003 from TomSweeneyRedHat/dev/tsweeney/rootlessup2OpenShift Merge Robot2019-09-12
|\ \ \ \ | |/ / / |/| | | Touch up some bad grammar in rootless doc
| * | | Touch up some bad grammar in rootless docTomSweeneyRedHat2019-09-12
|/ / / | | | | | | | | | | | | | | | | | | After my last update for the 'Shortcomings of Rootless Podman' was merged, I spotted a few grammatical nits that this corrects. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #3994 from cevich/fix_img_build_seboolOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | Cirrus: Fix unnecessary setsebool
| * | | Cirrus: Fix unnecessary setseboolChris Evich2019-09-11
| |/ / | | | | | | | | | | | | | | | | | | By mistake this was added to run for the image-building-VM and is not supported. Kill it. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3968 from TomSweeneyRedHat/dev/tsweeney/rootlessupOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | Add cgroup v2 info to rootless tutorial
| * | | Add cgroup v2 info to rootless tutorialTomSweeneyRedHat2019-09-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Adding cgroup v2 information to the rootless tutorial. Will post it to a Google Doc to for easier review comments. https://docs.google.com/document/d/1hrxU-CYhrKDjMf6cIRuegbyY9pkDv-AlEF-i0I8_kdk Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #3996 from rhatdan/trustOpenShift Merge Robot2019-09-12
|\ \ \ | |/ / |/| | podman-remote image trust is broken
| * | podman-remote image trust is brokenDaniel J Walsh2019-09-11
|/ / | | | | | | | | | | We should not be making it available, it does nothing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3988 from mheon/fix_lookup_volumeOpenShift Merge Robot2019-09-11
|\ \ | | | | | | Volume lookup needs to include state to unmarshal into
| * | Volume lookup needs to include state to unmarshal intoMatthew Heon2019-09-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | Lookup was written before volume states merged, but merged after, and CI didn't catch the obvious failure here. Without a valid state, we try to unmarshall into a null pointer, and 'volume rm' is completely broken because of it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3973 from baude/validateupdateOpenShift Merge Robot2019-09-11
|\ \ \ | |/ / |/| | add lint and manpage check to make validate
| * | add lint and manpage check to make validatebaude2019-09-10
| | | | | | | | | | | | | | | | | | | | | make validate now runs golangci-lint and the man-page-checker to ensure a PR is ready for our CI system. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3984 from mheon/prune_no_in_use_errorOpenShift Merge Robot2019-09-11
|\ \ \ | | | | | | | | Do not prune images being used by a container
| * | | Do not prune images being used by a containerMatthew Heon2019-09-10
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman is not the only user of containers/storage, and as such we cannot rely on our database as the sole source of truth when pruning images. If images do not show as in use from Podman's perspective, but subsequently fail to remove because they are being used by a container, they're probably being used by Buildah or another c/storage client. Since the images in question are in use, we shouldn't error on failure to prune them - we weren't supposed to prune them in the first place. Fixes: #3983 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3927 from openSUSE/manager-annotationsOpenShift Merge Robot2019-09-11
|\ \ \ | | | | | | | | Add `ContainerManager` annotation to created containers
| * | | Add `ContainerManager` annotation to created containersSascha Grunert2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the following annotation to every container created by podman: ```json "Annotations": { "io.containers.manager": "libpod" } ``` Target of this annotaions is to indicate which project in the containers ecosystem is the major manager of a container when applications share the same storage paths. This way projects can decide if they want to manipulate the container or not. For example, since CRI-O and podman are not using the same container library (libpod), CRI-O can skip podman containers and provide the end user more useful information. A corresponding end-to-end test has been adapted as well. Relates to: https://github.com/cri-o/cri-o/pull/2761 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ \ \ \ | | | | | | | | | | Support running containers without CGroups
| * | | | Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #3961 from mheon/copy_volume_contentsOpenShift Merge Robot2019-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | When first mounting any named volume, copy up
| * | | | When first mounting any named volume, copy upMatthew Heon2019-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we only did this for volumes created at the same time as the container. However, this is not correct behavior - Docker does so for all named volumes, even those made with 'podman volume create' and mounted into a container later. Fixes #3945 Signed-off-by: Matthew Heon <matthew.heon@pm.me>