summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix Dockerfile dependencies for packer testsSascha Grunert2019-04-04
| | | | | | | | This commit adds unzip and python3-yaml to the Dockerfile, which are needed to run the tests in contrib/cirrus/packer within the libpod container image. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #2832 from mheon/rootless_size_errorsOpenShift Merge Robot2019-04-03
|\ | | | | --size does not work with rootless at present
| * --size does not work with rootless at presentMatthew Heon2019-04-03
| | | | | | | | | | | | | | | | | | | | We'd need to join multiple container's user namespaces, which is not possible for now. The rootless single userns patches under development by Giuseppe will fix this, but won't land in 1.2.x. For now, disable --size as rootless. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2651 from mheon/prevent_null_derefOpenShift Merge Robot2019-04-03
|\ \ | | | | | | Fix a potential segfault in podman search
| * | Fix a potential segfault in podman searchMatthew Heon2019-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When generating headers for search, we unconditionally access element 0 of an array, and I saw this segfault in our CI. There's no reason we have to do this, we're just going through it to get field names with reflect, so just make a new copy of the struct in question. Also, move this code, which is only for CLI display, into cmd/podman from libpod/image. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #2825 from baude/remotediffOpenShift Merge Robot2019-04-03
|\ \ \ | |/ / |/| | add remote-client diff
| * | add remote-client diffbaude2019-04-03
| |/ | | | | | | | | | | | | the remote client now can run the diff command to report changes, modifications, and deletions in an image or container. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2843 from cevich/bump_fedora_imageOpenShift Merge Robot2019-04-03
|\ \ | | | | | | Cirrus: Update F28 -> F29 container image
| * | Cirrus: Update F28 -> F29 container imageChris Evich2019-04-03
| |/ | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #2842 from cevich/improve_podman_pod_rmOpenShift Merge Robot2019-04-03
|\ \ | |/ |/| Improve podman pod rm -a test
| * Improve podman pod rm -a testChris Evich2019-04-03
|/ | | | | | | | | | | | | | | When running as a user, the order of removal is database ID dependent. This results in this test randomly failing. This condition was very difficult to debug and the test was missing two critical checks. One to confirm an expected error message was produced, and another to verify the expected running container, remains running. Fix the container and missing error-message checks, and vastly improve the debug-ability of this test. Fixing the random-failures requires intensive fixes in other areas, so that task will be left up to future work. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #2833 from cevich/podman_in_podmanOpenShift Merge Robot2019-04-03
|\ | | | | Cirrus: Support special-case modes of testing
| * Cirrus: Support special-case modes of testingChris Evich2019-04-03
|/ | | | | | | | | | | | | | | | | | | | | | Previously libpod CI was fairly straight-forward, run unit and integration tests in a standard set of 3 VMs. Off on the side was a single special case of running tests as an ordinary user. There is a desire to stop using the PAPR system to support testing inside of a container. Since having two special cases potentially invites more down the road, make provisions to handle them more gracefully. This commit introduces an environment variable: ``$SPECIALMODE``. It's value has the following meanings within the CI scripts: Mode 'none': Nothing special, business as usual (default) Mode 'rootless': Rootless testing Mode 'in_podman': Build container, run integration tests in it. This will make adding additional special-cases later easier, as well as extending the special cases in a Matrix across multiple OS's. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #2818 from mheon/update_versionOpenShift Merge Robot2019-04-01
|\ | | | | Update README with current version
| * Update README with current versionMatthew Heon2019-03-31
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2812 from rpjday/topic/rpjday/missing_option_hyphenOpenShift Merge Robot2019-03-31
|\ \ | | | | | | docs/podman-inspect.1.md: add missing option hyphen for "-t"
| * | docs/podman-inspect.1.md: add missing option hyphen for "-t"Robert P. J. Day2019-03-30
| | | | | | | | | | | | Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
* | | Merge pull request #2816 from rpjday/topic/rpjday/missing_hyphensOpenShift Merge Robot2019-03-31
|\ \ \ | |_|/ |/| | docs/podman*.md: fix numerous option typos and spacing errors
| * | docs/podman*.md: fix numerous option typos and spacing errorsRobert P. J. Day2019-03-31
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Cursory examination of man pages shows a number of typos: - missing hyphens - missing blank line - longer option should precede shorter option This is not an extensive fix, there's still a lot that could be cleaned up. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
* | Merge pull request #2807 from mheon/bump-1.2.0OpenShift Merge Robot2019-03-31
|\ \ | | | | | | Bump to v1.2.0
| * | Bump gitvalidation epochMatthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Bump to v1.3.0-devMatthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Bump to v1.2.0v1.2.0Matthew Heon2019-03-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2814 from rpjday/topic/rpjday/container_rmOpenShift Merge Robot2019-03-31
|\ \ \ | |_|/ |/| | docs/podman-rm.1.md: delete "Not yet implemented" msg for volume removal
| * | docs/podman-rm.1.md: delete "Not yet implemented" msg for volume removalRobert P. J. Day2019-03-30
|/ / | | | | | | | | | | Since this feature appears to be implemented, remove the qualifier. Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
* | Merge pull request #2804 from rhatdan/helpOpenShift Merge Robot2019-03-30
|\ \ | |/ |/| Capitalize global options help information
| * Capitalize global options help informationDaniel J Walsh2019-03-30
|/ | | | | | | --trace, --help and --version were not capatilized like the rest of the global options. This patch fixes this problem. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2803 from mheon/release_notes_v1.2.0OpenShift Merge Robot2019-03-29
|\ | | | | Update release notes for v1.2.0
| * Update release notes for v1.2.0Matthew Heon2019-03-29
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2801 from mheon/remove_wait_eventOpenShift Merge Robot2019-03-29
|\ \ | | | | | | Remove wait event
| * | Remove wait eventMatthew Heon2019-03-29
| |/ | | | | | | | | | | | | It's not necessary to log an event for a read-only operation like wait. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2802 from TomSweeneyRedHat/dev/tsweeney/buildah1.7.2OpenShift Merge Robot2019-03-29
|\ \ | | | | | | Vendor Buildah 1.7.2
| * | Vendor Buildah 1.7.2TomSweeneyRedHat2019-03-29
| |/ | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2800 from mheon/lock_events_fileOpenShift Merge Robot2019-03-29
|\ \ | |/ |/| Add locking to ensure events file is concurrency-safe
| * Add locking to ensure events file is concurrency-safeMatthew Heon2019-03-29
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2691 from baude/psdynamicOpenShift Merge Robot2019-03-29
|\ | | | | Add watch mode to podman ps
| * Add watch mode to podman psbaude2019-03-28
| | | | | | | | | | | | | | | | | | allows users to "watch" the output of podman ps on a set interval in seconds. in watch mode, the screen is cleared between intervals as well. podman -ps -w1 watches on 1 second intervals Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2635 from rhatdan/cacheOpenShift Merge Robot2019-03-29
|\ \ | | | | | | Set blob cache directory based on GraphDriver
| * | Cleanup image2 -> image for importsDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | Remove references to image2 in source code. Makes the code slightly more readable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Set blob cache directory based on GraphDriverDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in rootless containers, we end up not using the blob cache. We also don't store the blob cache based on the users specified graph storage. This change will cause the cache directory to be stored with the rest of the containe images. While doing this patch, I found that we had duplicated GetSystemContext in two places in libpod. I cleaned this up. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2797 from giuseppe/rootless-set-stickyOpenShift Merge Robot2019-03-29
|\ \ \ | | | | | | | | rootless: set sticky bit on rundir
| * | | utils: call GetRootlessRuntimeDir onceGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | use a sync.Once to potentially avoid multiple system calls everytime the function is called. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: set sticky bit on rundirGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | it prevents the directory to be auto pruned, according to the XDG specifications. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | oci: drop reference to runcGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | it can be any OCI runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2730 from giuseppe/userns-take-rid-of-intermediate-mountnsOpenShift Merge Robot2019-03-29
|\ \ \ \ | | | | | | | | | | userns: do not use an intermediate mount namespace
| * | | | test: test that an unprivileged user cannot access the storageEd Santiago2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | userns: do not use an intermediate mount namespaceGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have an issue in the current implementation where the cleanup process is not able to umount the storage as it is running in a separate namespace. Simplify the implementation for user namespaces by not using an intermediate mount namespace. For doing it, we need to relax the permissions on the parent directories and allow browsing them. Containers that are running without a user namespace, will still maintain mode 0700 on their directory. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | volumes: push the chown logic to runtime_volume_linux.goGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2793 from mheon/alter_name_regexOpenShift Merge Robot2019-03-29
|\ \ \ \ \ | |/ / / / |/| | | | Alter container/pod/volume name regexp to match Docker
| * | | | Alter container/pod/volume name regexp to match DockerMatthew Heon2019-03-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker's upstream name validation regex has two major differences from ours that we pick up in this PR. The first requires that the first character of a name is a letter or number, not a special character. The second allows periods in names. Signed-off-by: Matthew Heon <matthew.heon@pm.me>