| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1524
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
We added a timeout for convenience, but most invocations don't
care about it. Refactor it into WaitWithTimeout() and add a
Wait() that doesn't require a timeout and uses the default.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1527
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1519
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor create subparser to share arguments with run subparser
* Add argparse.*Action subclasses to reduce duplicate code in parsers
* Using BooleanAction now accept True/False value as expected
* .pylintrc added to loosen variable name policing
* Update AbstractBaseAction to remove unset arguments before
transmitting to podman service
* Align logging messages to podman output
* Renamed global argument from --user to --username, to avoid conflict
with create/run podman commands
* Add new subcommands: run, create, history, import, info, push,
restart and search
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1519
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1466
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Most container images assume there are at least 65536 UIDs/GIDs
available. Raise an error if there are not enough IDs allocated to
the current user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1520
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Fixes issues with builtin volumes having correct ownership and permissions
when doing podman builds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1525
Approved by: giuseppe
|
|
|
|
|
|
|
|
|
|
|
|
| |
This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617
Introduce it back as it solves the pull of an image that is not yet in
the storage when using create/run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1521
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1507
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1507
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
so that we can also join the requested namespace.
Closes: https://github.com/containers/libpod/issues/1453
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1507
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1507
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a group of inodes that get created when running a container
if they do not exist.
containerMounts = map[string]bool{
"/dev": true,
"/etc/hostname": true,
"/etc/hosts": true,
"/etc/resolv.conf": true,
"/proc": true,
"/run": true,
"/run/.containerenv": true,
"/run/secrets": true,
"/sys": true,
}
If the destination inode does not exist, libpod/runc will create the inode.
This can cause programs like podman diff to see the image as having changed,
when actually it has not. This patch ignores changes in these inodes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1508
Approved by: giuseppe
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1517
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also update some missing fields libpod.conf obtions in man pages.
Fix sort order of security options and add a note about disabling
labeling.
When a process requests a new label. libpod needs to reserve all
labels to make sure that their are no conflicts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1406
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
We don't want to allow users to write to /etc/resolv.conf or /etc/hosts if in read
only mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1510
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1515
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
when running as rootless, report as such.
resolves: #1509
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1514
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1513
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
This will cause /proc inside of the container to match the mount options
of the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1511
Approved by: baude
|
|\
| |
| | |
Add python-varlink to the Fedora openshift image
|
|/
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1504
Approved by: mheon
|
|\
| |
| | |
Vendor in latest containers/buildah
|
|/
|
|
|
|
| |
Switch from projectatomic/buildah to containers/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When image is not tagged, we should just set the imageName to the
image.ID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1501
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Fixes #1481
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1496
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When managing the containers with systemd, it takes a bit more than
250ms to have podman creating the pidfile.
Increasing the value to 1 second will avoid timeout issues when running
a lot of containers managed by systemd.
This patch was tested in a VM with 56 services (OpenStack) deployed by
TripleO and managed by systemd.
Fixes #1495
Signed-off-by: Emilien Macchi <emilien@redhat.com>
Closes: #1497
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Firstly, when adding the privileged catch-all resource device,
first remove the spec's default catch-all resource device.
Second, remove our default rootfs propogation config - Docker
does not set this by default, so I don't think we should either.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1491
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
|
| |
We seem to be having a few flakes on namespace sharing.
Adding this test to make sure sharing with the host is working correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1485
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ALso cleanup files section or podman man page
Add description of policy.json
Sort alphabetically.
Add more info on oci hooks
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1487
Approved by: umohnani8
|
|\
| |
| | |
Bump to 0.9.2.1
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
Update release notes for 0.9.2.1
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Buildah
Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link
Print out a digest message on successful push.
We should not drop the Bounding set when running as a non priv user in podman build
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1483
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Containers image has a fix docker tarfile: use the cached digest if existing
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1482
Approved by: rhatdan
|
|\
| |
| | |
Bump to 0.9.2
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
Update release notes for 0.9.2
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
rootless: do not raise an error if the entrypoint is specified
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not error out when the storage is not initialized and the
entrypoint command is not available for the specified image. Check it
when we re-exec in an user namespace and can access the storage.
Closes: https://github.com/containers/libpod/issues/1452
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Don't mount /dev/* if user mounted /dev
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|