| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
we need to check if we are able to mount the container as part of the
mount command itself.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Incorporate image and default environment variables in play kube
|
|/
|
|
|
|
| |
Also put Environment variable parsing from image data into a helper function
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
oci: fix umount of /sys/kernel
|
| |
| |
| |
| |
| |
| |
| | |
if the mount was already umounted as part of the cleanup (i.e. being a
submount), the umount would fail.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Revert "rootless: set controlling terminal for podman in the userns"
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 531514e8231e7f42efb7e7992d62e516f9577363.
Closes: https://github.com/containers/libpod/issues/2926
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
RFC: Make hooks sort order locale-independent
|
| | |
| | |
| | |
| | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't sort OCI hooks using the locale collation order; it does not
make sense for the same system-wide directory to be interpreted differently
depending on the user's LC_COLLATE setting, and the language-specific
collation order can even change over time.
Besides, the current collation order determination code has never worked
with the most common LC_COLLATE values like en_US.UTF-8.
Ideally, we would like to just order based on Unicode code points
to be reliably stable, but the existing implementation is case-insensitive,
so we are forced to rely on the unicode case mapping tables at least.
(This gives up on canonicalization and width-insensitivity, potentially
breaking users who rely on these previously documented properties.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Use the same SELinux label for CRIU log files
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The SELinux label for the CRIU dump.log was explicitly set in Podman.
The label for the restore.log, however, not. This just moves the code
to label the log file into a function and calls that functions during
checkpoint and restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| | | |
| | | | |
Adding uidmap to install steps for ubuntu
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
|
|\ \ \ \
| | | | |
| | | | | |
remote-client checkpoint/restore
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add the ability for the remote client to be able to checkpoint and
restore containers.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
rootless: do not block SIGTSTP
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
we were previously proxying all the signals, but doing that for
SIGTSTP prevented the main process to be stopped by the tty.
Closes: https://github.com/containers/libpod/issues/2775
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
create: fix segfault if container name already exists
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
do not try to use ctr if there was an error. It fixes a segfault when
there is already a container with the same name.
regression introduced by: ba65301c955454e47c3893ca548f18a845a4c4a9
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
pull: fix a couple of issues
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Closes: https://github.com/containers/libpod/issues/2785
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
we were printing something like:
(0x1840f00,0xc00041bba0)
Closes: https://github.com/containers/libpod/issues/2710
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman-remote generate kube
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allow the ability to generate kube YAML from the podman remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Use GetContainer instead of LookupContainer for full ID
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
All IDs in libpod are stored as a full container ID. We can get a
container by full ID faster with GetContainer (which directly
retrieves) than LookupContainer (which finds a match, then
retrieves). No reason to use Lookup when we have full IDs present
and available.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
new uidmap BATS test: fix
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Various problems, one of which was causing the test to fail
completely (otherwise I wouldn't have caught the others):
- option is --uidmap, not --uidmapping
- run_podman cannot be piped (| grep /sys/kernel). That's
an unfortunate limitation of BATS. Any invocation of 'run'
saves results to $output, which then has to be tested
in a separate step.
- do so, using 'run' and 'grep' and 'is' to produce
readable messages on failure
- remove "$expected_rc", that looks like a copy/paste bug
from a few lines above.
Skip entire test if rootless. (The one without --net=host
passes, but it also passes with older podman as both root
and rootless. I don't think it's actually testing anything,
but agree with leaving it in to catch weird regressions).
We really need to get these tests running in CI.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix README.md -> rootless.md link
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
BATS tests: start supporting podman-remote
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
podman-remote now supports rm! That's what we needed to start
running BATS tests.
Although most tests don't actually work, some do, and maybe
the rest will start working over time. For now, disable them.
The only significant difference found is that podman-remote
strips fractional seconds from timestamps in JSON output.
Probably not something worth caring about.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
adding additional apt-get update, needed for ubuntu install
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
imagefilter dangling handling corrected
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
imagefilter dangling=<value> shall not be ignored.
this PR handles the value and returns images accordingly.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
Fixes for podman-remote run and attach
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes the ability to run (create,start) a container and attach to its
console correctly. We can now also exit from the console without
hanging the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add --include-volumes flag to 'podman commit'
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The 'docker commit' will never include a container's volumes when
committing, without an explicit request through '--change'.
Podman, however, defaulted to including user volumes as image
volumes.
Make this behavior depend on a new flag, '--include-volumes',
and make the default behavior match Docker.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Print header for 'podman images' even with no images present
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes #2877
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Expand debugging for container cleanup errors
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | | |
userns: prevent /sys/kernel/* paths in the container
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
when we run in a user namespace, there are cases where we have not
enough privileges to mount a fresh sysfs on /sys. To circumvent this
limitation, we rbind /sys from the host. This carries inside of the
container also some mounts we probably don't want to. We are also
limited by the kernel to use rbind instead of bind, as allowing a bind
would uncover paths that were not previously visible.
This is a slimmed down version of the intermediate mount namespace
logic we had before, where we only set /sys to slave, so the umounts
done to the storage by the cleanup process are propagated back to the
host. We also don't setup any new directory, so there is no
additional cleanup to do.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|