summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: fix --pid=host without --privilegedGiuseppe Scrivano2019-02-08
| | | | | | | When using --pid=host don't try to cover /proc paths, as they are coming from the /proc bind mounted from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Do not unmarshal into c.config.SpecMatthew Heon2019-02-08
| | | | | | | | | | | | | We try to keep c.config immutable, but Go doesn't really agree with me that things other than strings and ints can be immutable, so occasionally things like this slip through. When unmarshalling the OCI spec from disk, do it into a separate struct, to ensure we don't make lasting modifications to the spec in the Container struct (which could affect container restart). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman-inspect: don't ignore errorsValentin Rothberg2019-02-08
| | | | | | | | | Return errors when executing the --format templates. Otherwise, Podman will just silently ignore them and not print any output that could guide user into solving the issue. Fixes: #2159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Ensure that wait exits on state transitionMatthew Heon2019-02-08
| | | | | | | | | | | When waiting for a container, there is a long interval between status checks - plenty long enough for the container in question to start, then subsequently be cleaned up and returned to Created state to be restarted. As such, we can't wait on container state to go to Stopped or Exited - anything that is not Running or Paused indicates the container is dead. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2146 from mheon/release_v1.0Matthew Heon2019-01-11
|\ | | | | Bump to v1.0
| * Update gitvalidation epochMatthew Heon2019-01-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v1.0.1-devMatthew Heon2019-01-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v1.0.0v1.0.0Matthew Heon2019-01-11
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2144 from mheon/release_notes_v1.0OpenShift Merge Robot2019-01-11
|\ | | | | Update release notes for v1.0
| * Update release notes for v1.0Matthew Heon2019-01-11
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2140 from mheon/fix_easyjsonOpenShift Merge Robot2019-01-11
|\ | | | | Regenerate EasyJSON to fix JSON issues
| * Remove clientintegration from MakefileMatthew Heon2019-01-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Regenerate EasyJSON to fix JSON issuesMatthew Heon2019-01-11
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2133 from cevich/v1.0Matthew Heon2019-01-10
|\ | | | | Cirrus: Post-Merge Testing for v1.0 Branch
| * Cirrus: Post-Merge Testing for v1.0 BranchChris Evich2019-01-10
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #2136 from mheon/revert_1235Matthew Heon2019-01-10
|\ \ | | | | | | Revert #1235 SHM locking for v1.0
| * | Update gitvalidation to avoid reverts w/o signoffsMatthew Heon2019-01-10
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Revert "Merge pull request #1235 from mheon/shm_locking"Matthew Heon2019-01-10
|/ / | | | | | | | | | | | | This reverts commit bf5f779331870d31863c486619daae3fcea458eb, reversing changes made to 6868b5aa1444404113bc6a4582203fbbf89490c2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2134 from containers/revert-2083-shm_locking_fixesMatthew Heon2019-01-10
|\ \ | | | | | | Revert "Address lingering review comments from SHM locking PR"
| * | Revert "Address lingering review comments from SHM locking PR"Matthew Heon2019-01-10
| | |
* | | Merge pull request #2132 from containers/revert-2115-shmMatthew Heon2019-01-10
|\ \ \ | |/ / |/| | Revert "If you fail to open shm lock then attempt to create it"
| * | Revert "If you fail to open shm lock then attempt to create it"Matthew Heon2019-01-10
|/ /
* | Merge pull request #2131 from mheon/restore_storage_defaultsOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Use defaults if paths are not specified in storage.conf
| * | Use defaults if paths are not specified in storage.confMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless Podman, if storage.conf exists but does not specify one or both of RunRoot and GraphRoot, set them to rootless defaults so we don't end up with an unusable configuration. Fixes #2125 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Fix handling of nil volumes
| * | | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | Fix 'image trust' from PR1899
| * | | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | | | | | | | | | | | | fix up sigstore path
| * | | | | fix up sigstore pathQi Wang2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
| * | | | | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCEGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #2119 from jwhonce/wip/python_podmanOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Move python code from contrib to it's own repo python-podman
| * | | | | | | Move python code from contrib to it's own repo python-podmanJhon Honce2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | | Merge pull request #2129 from cevich/timestampOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Cirrus: (Minor) Print timestamp
| * | | | | | | (Minor) Cirrus: Print timestamp at startChris Evich2019-01-10
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also record into a file in case a later reference is required Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #2128 from mheon/pr_testOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Trivial readme updates
| * | | | | | Trivial readme updatesMatthew Heon2019-01-10
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #2111 from rhatdan/signOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix up image sign and trust
| * | | | | | Fix up image sign and trustDaniel J Walsh2019-01-09
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add completions Fix man pages fix code in sign to answer PR Comments. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #2121 from giuseppe/always-cleanup-rootless-containersMatthew Heon2019-01-10
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | createconfig: always cleanup a rootless container
| * | | | | createconfig: always cleanup a rootless containerGiuseppe Scrivano2019-01-10
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the rootless container storage is always mounted in a different mount namespace, owned by the unprivileged user. Even if it is mounted, a process running in another namespace cannot reuse the already mounted storage. Make sure the storage is always cleaned up once the container terminates. This has worked with vfs since there is no real mounted storage. Closes: https://github.com/containers/libpod/issues/2112 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2122 from giuseppe/sign-fixesOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | | | | | | | | | | | | sign: some fixes
| * | | | | sign: make all error messages lowercaseGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | sign: use filepath.Join instead of fmt.SprintfGiuseppe Scrivano2019-01-10
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2095 from rhatdan/completionsOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | |/ / / / |/| | | | Add Validate completions
| * | | | Add Validate completionsDaniel J Walsh2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman 0.12.0 we have invalid completions. These should have been caught during testing. This check will throw an error if the completions do not successfully execute. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ \ \ \ | |_|_|_|/ |/| | | | apparmor: apply default profile at container initialization
| * | | | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | libpod/image: Use ParseNormalizedNamed in RepoDigestsW. Trevor King2019-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid generating quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and similar when the image name is already digest-based [1]. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not). [1]: https://github.com/containers/libpod/issues/2086 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #2106 Approved by: rhatdan
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-31 03:20:24 +0000