summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Vendor in latest opencontainers/selinuxDaniel J Walsh2019-01-18
| | | | | | | | | | | This will now verify labels passed in by the user. Will also prevent users from accidently relabeling their homedir. podman run -ti -v ~/home/user:Z fedora sh Is not a good idea. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2186 from giuseppe/rootless-fix-pid-hostOpenShift Merge Robot2019-01-18
|\ | | | | rootless: fix --pid=host without --privileged
| * rootless: fix --pid=host without --privilegedGiuseppe Scrivano2019-01-18
| | | | | | | | | | | | | | When using --pid=host don't try to cover /proc paths, as they are coming from the /proc bind mounted from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2181 from vrothberg/issue-2159OpenShift Merge Robot2019-01-18
|\ \ | |/ |/| podman-inspect: don't ignore errors
| * podman-inspect: don't ignore errorsValentin Rothberg2019-01-18
| | | | | | | | | | | | | | | | | | Return errors when executing the --format templates. Otherwise, Podman will just silently ignore them and not print any output that could guide user into solving the issue. Fixes: #2159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #2185 from mheon/specfromstate_fixOpenShift Merge Robot2019-01-18
|\ \ | | | | | | Do not unmarshal into c.config.Spec
| * | Do not unmarshal into c.config.SpecMatthew Heon2019-01-18
|/ / | | | | | | | | | | | | | | | | | | | | | | | | We try to keep c.config immutable, but Go doesn't really agree with me that things other than strings and ints can be immutable, so occasionally things like this slip through. When unmarshalling the OCI spec from disk, do it into a separate struct, to ensure we don't make lasting modifications to the spec in the Container struct (which could affect container restart). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2149 from afbjorklund/bridgeOpenShift Merge Robot2019-01-18
|\ \ | |/ |/| Add bridge support, for the varlink connection
| * Add bridge support, for the varlink connectionAnders F Björklund2019-01-13
| | | | | | | | | | | | | | | | | | | | Read the $PODMAN_VARLINK_BRIDGE environment variable (normally looks like: "ssh user@host varlink bridge") Also respect $PODMAN_VARLINK_ADDRESS as an override, if using a different podman socket than the default. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #2178 from sysrich/patch-1OpenShift Merge Robot2019-01-18
|\ \ | | | | | | Add openSUSE Kubic to install.md
| * | Add openSUSE Kubic to install.mdRichard Brown2019-01-17
|/ / | | | | | | Signed-off-by: Richard Brown <RBrownCCB@opensuse.org>
* | Merge pull request #2165 from rhatdan/mountOpenShift Merge Robot2019-01-17
|\ \ | | | | | | Add --latest and --all to podman mount/umount
| * | Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | | | | | | | | | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2166 from rhatdan/installOpenShift Merge Robot2019-01-16
|\ \ \ | | | | | | | | Installing podman
| * | | Installing podmanDaniel J Walsh2019-01-16
| | | | | | | | | | | | | | | | | | | | | | | | Add documentation on how to install a packaged version of podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2147 from mheon/update_readme_and_epochOpenShift Merge Robot2019-01-16
|\ \ \ \ | | | | | | | | | | Update readme for v1.0.0
| * | | | Update README for v1.0.0Matthew Heon2019-01-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also bump gitvalidation epoch - we usually do this every release, but v1.0.0 is on a branch so we need a separate commit for master Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #2162 from rhatdan/vendorOpenShift Merge Robot2019-01-16
|\ \ \ \ \ | |/ / / / |/| | | | Vendor in latest containers/storage
| * | | | Vendor in containers/storageDaniel J Walsh2019-01-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix issues with metacopyup when specifying new usernamespace. Also fixes issues with zfs back end. Rest of changes come from running make vendor. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> ` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2169 from mheon/ensure_wait_doesnot_hangOpenShift Merge Robot2019-01-16
|\ \ \ \ \ | |_|_|/ / |/| | | | Ensure that wait exits on state transition
| * | | | Ensure that wait exits on state transitionMatthew Heon2019-01-16
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When waiting for a container, there is a long interval between status checks - plenty long enough for the container in question to start, then subsequently be cleaned up and returned to Created state to be restarted. As such, we can't wait on container state to go to Stopped or Exited - anything that is not Running or Paused indicates the container is dead. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2079 from giuseppe/multiple-runtimesOpenShift Merge Robot2019-01-16
|\ \ \ \ | |_|/ / |/| | | oci: allow to define multiple OCI runtimes
| * | | config: store the runtime used to create each containerGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | libpod: allow multiple oci runtimesVincent Batts2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This deprecates the libpod.conf variable of `runtime_path=`, and now has `runtimes=`, like a map for naming the runtime, preparing for a `--runtime` flag to `podman run` (i.e. runc, kata, etc.) Reference: https://github.com/containers/libpod/issues/1750 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | | | Merge pull request #2163 from rhatdan/coverityOpenShift Merge Robot2019-01-16
|\ \ \ \ | | | | | | | | | | Cleanup coverity scan issues
| * | | | Cleanup coverity scan issuesDaniel J Walsh2019-01-15
| | |/ / | |/| | | | | | | | | | | | | | | | | | If realloc fails, then buffer will be leaked, this change frees up the buffer. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2164 from baude/wehateruntimeOpenShift Merge Robot2019-01-16
|\ \ \ \ | |/ / / |/| | | podman-remote enable containers
| * | | Embed runtime struct in super localRuntimebaude2019-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We clean up the code by eliminating stuttering references when we embed the runtime struct into localRuntime. Makes for less change in the future as well. ++ jhonce Signed-off-by: baude <bbaude@redhat.com>
| * | | Collaberative podman-remote container existsbaude2019-01-15
|/ / / | | | | | | | | | | | | | | | | | | Began frameout of container super structs for adapted methods. This allows for the use of container exists. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2161 from baude/remotehistoryOpenShift Merge Robot2019-01-15
|\ \ \ | | | | | | | | add support for podman-remote history
| * | | add support for podman-remote historybaude2019-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this adds support to get the history for an image and its layers using podman-remote. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2160 from baude/localRuntimerenameOpenShift Merge Robot2019-01-15
|\ \ \ \ | |/ / / |/| | | Rename localRuntime to runtime in cmd/podman
| * | | Rename localRuntime to runtime in cmd/podmanbaude2019-01-15
|/ / / | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2156 from baude/remotermiOpenShift Merge Robot2019-01-15
|\ \ \ | | | | | | | | podman remote client -- add rmi
| * | | podman remote integrations testsbaude2019-01-15
| | | | | | | | | | | | | | | | | | | | | | | | add exists and rmi tests back in ... Signed-off-by: baude <bbaude@redhat.com>
| * | | podman remote client -- add rmibaude2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | allow the podman remote client to delete images Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2024 from cevich/fix_git_ci_vmOpenShift Merge Robot2019-01-15
|\ \ \ \ | |/ / / |/| | | [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scp
| * | | [skip ci] Hack: Fix get_ci_vm.sh w/ gcloud ssh/scpChris Evich2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, using the ssh command directly required obtaining the external IP of the VM and was then subject to the local configuration. If the local configuration and/or ssh keys are incorrect, these commands would fail, preventing automatic setup of the VM. Fix this by using the gcloud ssh and scp wrappers. Unfortunately rsync couldn't be made to work in this situation, so use a tarball to transfer the local repository to the VM. Lastly, execute `setup_environment.sh` script, then drop the caller into a bash shell sitting in the remote `$GOSRC` directory. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #2155 from baude/remotetestenableOpenShift Merge Robot2019-01-14
|\ \ \ \ | | | | | | | | | | Run integrations test with remote-client
| * | | | Run integrations test with remote-clientbaude2019-01-14
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2153 from mheon/update_for_1.0OpenShift Merge Robot2019-01-14
|\ \ \ \ | | | | | | | | | | Update master branch with v1.0 changes from 1.0 branch
| * | | | Update master branch with v1.0 changes from 1.0 branchMatthew Heon2019-01-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Grab release notes, changelog, and version changes so master is up to date. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2152 from rhatdan/noexecOpenShift Merge Robot2019-01-14
|\ \ \ \ | |/ / / |/| | | Add local storage.conf example to troubleshoot
| * | | Add local storage.conf example to troubleshootDaniel J Walsh2019-01-14
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2117 from mtrmac/no-imagePartsOpenShift Merge Robot2019-01-14
|\ \ \ | |/ / |/| | RFC: Mostly replace imageParts
| * | Remove imageParts.{isTagged,registry,name,tag}Miloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Finally, these members no longer have any users. Future users should usually call referenceWithRegistry / normalizedReference, and work with the returned value, instead of reintroducing these variables. Similarly, direct uses of unnormalizedRef should be rare (only for cases where the registry and/or path truly does not matter). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Clarify comments about isRegistry a bit.Miloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Use imageParts.unnormalizedRef in GetImageBaseNameMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | ... to remove the last user of imageParts.name. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | FIXME? Introduce imageParts.suspiciousRefNameTagValuesForSearchMiloslav Trmač2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Image.MatchRepoTag and findImageInRepoTags do some kind of heuristic search; the motivation and design of both, and how they should deal with digests, is not obvious to me. Instead of figuring that out now, just factor it out into a scary-named method and leave the "tag" value (with its "latest"/"none" value) alone. Similarly, the .registry and .name fields should typically not be used; users should use either hasRegistry or normalized reference types; so, isolate the difficult-to-understand search code, and computation of these values, into this new search-specific helper. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>