summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* allow the removal of storage imagesDaniel J Walsh2021-03-08
| | | | | | | | Sometimes if the system crashes while an image is being pulled containers/storage can get into a bad state. This PR allows the user to call into container storage to remove the image. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9627 from xatier/masterOpenShift Merge Robot2021-03-08
|\ | | | | [NO TESTS NEEDED] Bump pre-commit-hooks version
| * [NO TESTS NEEDED] Bump pre-commit-hooks versionxatier2021-03-05
| | | | | | | | Signed-off-by: xatier <xatierlike@gmail.com>
* | Merge pull request #9659 from ↵OpenShift Merge Robot2021-03-08
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.11.0 Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
| * | Bump github.com/onsi/gomega from 1.10.5 to 1.11.0Daniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.5 to 1.11.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.10.5...v1.11.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9592 from rhatdan/timestampOpenShift Merge Robot2021-03-08
|\ \ \ | | | | | | | | Numerous buildah fixes found by Ed's testing of buildah tests against podman.
| * | | build-argDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | podman build --build-arg should fall back to environmentDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9571 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Add support for podman build --ignorefileDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9570 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9649 from rhatdan/kubeOpenShift Merge Robot2021-03-08
|\ \ \ \ | |_|/ / |/| | | Allow users to generate a kubernetes yaml off non running containers
| * | | Allow users to generate a kubernetes yaml off non running containersDaniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you attempt to create a kube.yaml file off of a non running container where the container runs as a specific User, the creation fails because the storage container is not mounted. Podman is supposed to read the /etc/passwd entry inside of the container but since the container is not mounted, the c.State.Mountpoint == "". Podman incorrectly attempts to read /etc/passwd on the host, and fails if the specified user is not in the hosts /etc/passwd. This PR mounts the storage container, if it was not mounted so the read succeeds. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9658 from ↵OpenShift Merge Robot2021-03-08
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.15.1 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
| * | | | Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1dependabot-preview[bot]2021-03-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.0 to 1.15.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.15.0...v1.15.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9525 from vrothberg/pruneOpenShift Merge Robot2021-03-08
|\ \ \ \ | |/ / / |/| | | [NO TESTS NEEDED] Prune and debloat
| * | | turn hidden --trace into a NOPValentin Rothberg2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --trace has helped in early stages analyze Podman code. However, it's contributing to dependency and binary bloat. The standard go tooling can also help in profiling, so let's turn `--trace` into a NOP. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | pkg/terminal: use c/storage/pkg/homedirValentin Rothberg2021-03-08
|/ / / | | | | | | | | | | | | | | | This also prunes the dependency on `k8s.io/client-go`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9647 from mlegenovic/masterOpenShift Merge Robot2021-03-07
|\ \ \ | | | | | | | | Compat API: Fix the response of 'push image' endpoint
| * | | Correct compat images/{name}/push responseMilivoje Legenovic2021-03-07
| | |/ | |/| | | | | | | Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #9648 from jmguzik/unify-mount-constsOpenShift Merge Robot2021-03-07
|\ \ \ | |_|/ |/| | [NO TESTS NEEDED] Cleanup/unify mount consts
| * | replace local mount consts with libpod/defineJakub Guzik2021-03-07
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * | separate file with mount consts in libpod/defineJakub Guzik2021-03-07
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #9640 from TomSweeneyRedHat/dev/tsweeney/ctrnetwork091OpenShift Merge Robot2021-03-06
|\ \ \ | | | | | | | | Bump github.com/containernetworking/plugins to v0.9.1
| * | | Bump github.com/containernetworking/plugins to v0.9.1TomSweeneyRedHat2021-03-05
| |/ / | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #9641 from jmguzik/doc-build-fixOpenShift Merge Robot2021-03-06
|\ \ \ | |/ / |/| | [ci skip] Bad formatting fix in build documentation
| * | [ci skip] Bad formatting fix in build documentationJakub Guzik2021-03-06
|/ / | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9599 from rhatdan/selinuxOpenShift Merge Robot2021-03-05
|\ \ | | | | | | Add tests for selinux kvm/init labels
| * | Add tests for selinux kvm/init labelsDaniel J Walsh2021-03-04
| |/ | | | | | | | | | | spc_t tests should be able to run rootless as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9635 from rhatdan/stopOpenShift Merge Robot2021-03-05
|\ \ | | | | | | podman-remote stop -time 0 does not work
| * | podman-remote stop -time 0 does not workDaniel J Walsh2021-03-05
| | | | | | | | | | | | | | | | | | | | | | | | This patch will allow users to pass in the time 0. Currently the timeout will take 10 seconds if user passes in the 0 flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9624 from mheon/fix_9615OpenShift Merge Robot2021-03-05
|\ \ \ | |/ / |/| | [NO TESTS NEEDED] Do not return from c.stop() before re-locking
| * | Do not return from c.stop() before re-lockingMatthew Heon2021-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlocking an already unlocked lock is a panic. As such, we have to make sure that the deferred c.lock.Unlock() in c.StopWithTimeout() always runs on a locked container. There was a case in c.stop() where we could return an error after we unlock the container to stop it, but before we re-lock it - thus allowing for a double-unlock to occur. Fix the error return to not happen until after the lock has been re-acquired. Fixes #9615 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #9622 from jmguzik/network-rm-fixOpenShift Merge Robot2021-03-05
|\ \ \ | | | | | | | | Fix podman network rm (-f) workflow
| * | | Fix for podman network rm (-f) workflowJakub Guzik2021-03-05
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9628 from ↵OpenShift Merge Robot2021-03-05
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/buildah-1.19.7 Bump github.com/containers/buildah from 1.19.6 to 1.19.7
| * | | | Bump github.com/containers/buildah from 1.19.6 to 1.19.7dependabot-preview[bot]2021-03-05
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.19.6 to 1.19.7. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.19.6...v1.19.7) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9593 from vrothberg/cp-tmpOpenShift Merge Robot2021-03-05
|\ \ \ \ | |_|_|/ |/| | | podman cp: support copying on tmpfs mounts
| * | | podman cp: support copying on tmpfs mountsValentin Rothberg2021-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #9607 from mheon/fix_9523OpenShift Merge Robot2021-03-04
|\ \ \ \ | | | | | | | | | | Respect NanoCpus in Compat Create
| * | | | Respect NanoCpus in Compat CreateMatthew Heon2021-03-04
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The NanoCpus field in HostConfig was not wired up. It conflicts with CPU period and quota (it hard-codes period to a specific value and then sets the user-specified value as Quota). Fixes #9523 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #9598 from rhatdan/kvmOpenShift Merge Robot2021-03-04
|\ \ \ \ | | | | | | | | | | Check for supportsKVM based on basename of the runtime
| * | | | Check for supportsKVM based on basename of the runtimeDaniel J Walsh2021-03-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9582 This PR also adds tests to make sure SELinux labels match the runtime, or if init is specified works with the correct label. Add tests for selinux kvm/init labels Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9604 from mheon/fix_9510OpenShift Merge Robot2021-03-04
|\ \ \ \ | | | | | | | | | | Compat API: create volume source dirs on the host
| * | | | Compat API: create volume source dirs on the hostMatthew Heon2021-03-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It took a lot to figure out exactly how this should work, but I think I finally have it. My initial versions of this created the directory with the same owner as the user the container was run with, which was rather complicated - but after review against Docker, I have determined that is incorrect, and it's always made as root:root 0755 (Ubuntu's Docker, which I was using to try and test, is a snap - and as such it was sandboxed, and not actually placing directories it made in a place I could find?). This makes things much easier, since I just need to parse out source directories for binds and ensure they exist. Fixes #9510 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #9550 from baude/issue9517OpenShift Merge Robot2021-03-04
|\ \ \ \ | | | | | | | | | | Support label type dict on compat build
| * | | | Support label type dict on compat buildbaude2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compatibility endpoint for build labels should be of type dict (not list). For backwards compatibility, we support both. Fixes: #9517 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #9568 from wjt/podman-system-service-timeout-docsOpenShift Merge Robot2021-03-04
|\ \ \ \ \ | | | | | | | | | | | | [ci:docs] podman-system-service.1.md: fix timeout example
| * | | | | podman-system-service.1.md: fix timeout exampleWill Thompson2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rest of this document claims that the argument is called '--time', not '--timeout', and that the value is expressed in seconds. As currently written, the example (which ostensibly runs the API service for 5 seconds) uses the '--timeout' spelling (which actually does work, as an undocumented alias) and passes a value of '5000', which is more than an hour. Fix both. [NO TESTS NEEDED] as this is a simple documentation change. Signed-off-by: Will Thompson <wjt@endlessos.org>
* | | | | | Merge pull request #9617 from vrothberg/fix-9588OpenShift Merge Robot2021-03-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | image removal: ignore unknown-layer errors
| * | | | | | image removal: ignore unknown-layer errorsValentin Rothberg2021-03-04
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] as I have absolutely no idea how to force a reliable reproducer. Fixes: #9588 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>