| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Report errors when trying to pause rootless containers
|
| |
| |
| |
| |
| |
| |
| |
| | |
If you are running a rootless container on cgroupV1
you can not pause the container. We need to report the proper error
if this happens.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Podman-remote run should wait for exit code
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change matches what is happening on the podman local side
and should eliminate a race condition.
Also exit commands on the server side should start to return to client.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have leaked the exit number codess all over the code, this patch
removes the numbers to constants.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Stop glob'ing on podman cp
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* symlink processing and wildcarding led to unexpected files
being copied
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
exec: Register resize func a bit later
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
if we register the resize func too early, it attempts to read from the 'ctl' file before it exists. this causes the func to error, and the resize to not go through.
Fix this by registering resize func later for conmon. This, along with a conmon fix, will allow exec to know the terminal size at startup
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| |_|/
|/| | |
enhance podman network rm
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when removing a podman network, we need to make sure we delete the
network interface if one was ever created (by running a container).
also, when removing networks, we check if any containers are using the
network. if they are, we error out unless the user provides a 'force'
option which will remove the containers in question.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
clean up after healthcheck execs
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when executing a healthcheck, we were not cleaning up after exec's use
of a socket. we now remove the socket file and ignore if for reason it
does not exist.
Fixes: #3962
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Test that PTYs created by 'podman exec --tty' have the ONLCR flag
|
| | |
| | |
| | |
| | | |
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
Prevent podman varlink socket fight
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When enabled, it's desired for the podman-varlink process to startup on
boot or upon socket-activation, whichever happens first. However,
with `KillMode=none` systemd will never kill any podman-varlink
processes. This makes it easily possible for multiple podman-varlink
processes to be running, and fight each other to service a single socket.
---
For example:
Prior to this commit, this will result in four podman-varlink processes
being run:
```
systemctl enable io.podman.socket
systemctl enable io.podman.service
systemctl start io.podman.socket
systemctl start io.podman.service
systemctl start io.podman.service
```
Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default
is 90). This results in podman-varlink exiting on its own after a minute
of being idle (--timeout=60000). Alternatively, systemd will manage the
service stop by sending a SIGTERM, then if podman-varlink has not exited
within `TimeoutStopSec`, a SIGKILL will be sent.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix podman sign signature store for rootless
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Store the the signature under graphroot when using rootless podman image sign.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Add further fields to StorageContainer
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will be used when we allow 'podman ps' to display info on
storage containers instead of Libpod containers.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Support building Windows msi file
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update Makefile per review comments
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Update Makefile to build msi
* Add podman.wxs to define podman.msi
* Version information provided by Makefile
* Add podman.bat wrapper for podman-remote-windows.exe to ensure environment
* Add wix xml schemas for reference
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: automatically create a systemd scope
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when running as rootless, use the user session bus. It is already
implemented in the pkg/cgroups so just re-use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
linux: fix systemd with --cgroupns=private
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When --cgroupns=private is used we need to mount a new cgroup file
system so that it points to the correct namespace.
Needs: https://github.com/containers/crun/pull/88
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Touch up some bad grammar in rootless doc
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
After my last update for the 'Shortcomings of Rootless Podman' was merged,
I spotted a few grammatical nits that this corrects.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
Cirrus: Fix unnecessary setsebool
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
By mistake this was added to run for the image-building-VM and is not
supported. Kill it.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add cgroup v2 info to rootless tutorial
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adding cgroup v2 information to the rootless tutorial. Will post it to a Google Doc
to for easier review comments.
https://docs.google.com/document/d/1hrxU-CYhrKDjMf6cIRuegbyY9pkDv-AlEF-i0I8_kdk
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| |/ /
|/| | |
podman-remote image trust is broken
|
|/ /
| |
| |
| |
| |
| | |
We should not be making it available, it does nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Volume lookup needs to include state to unmarshal into
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Lookup was written before volume states merged, but merged after,
and CI didn't catch the obvious failure here. Without a valid
state, we try to unmarshall into a null pointer, and 'volume rm'
is completely broken because of it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |/ /
|/| | |
add lint and manpage check to make validate
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
make validate now runs golangci-lint and the man-page-checker to ensure
a PR is ready for our CI system.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Do not prune images being used by a container
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman is not the only user of containers/storage, and as such we
cannot rely on our database as the sole source of truth when
pruning images. If images do not show as in use from Podman's
perspective, but subsequently fail to remove because they are
being used by a container, they're probably being used by Buildah
or another c/storage client.
Since the images in question are in use, we shouldn't error on
failure to prune them - we weren't supposed to prune them in the
first place.
Fixes: #3983
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
Add `ContainerManager` annotation to created containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change adds the following annotation to every container created by
podman:
```json
"Annotations": {
"io.containers.manager": "libpod"
}
```
Target of this annotaions is to indicate which project in the containers
ecosystem is the major manager of a container when applications share
the same storage paths. This way projects can decide if they want to
manipulate the container or not. For example, since CRI-O and podman are
not using the same container library (libpod), CRI-O can skip podman
containers and provide the end user more useful information.
A corresponding end-to-end test has been adapted as well.
Relates to: https://github.com/cri-o/cri-o/pull/2761
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \
| | | | |
| | | | | |
Support running containers without CGroups
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
When first mounting any named volume, copy up
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously, we only did this for volumes created at the same time
as the container. However, this is not correct behavior - Docker
does so for all named volumes, even those made with
'podman volume create' and mounted into a container later.
Fixes #3945
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|