| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Docker performs a copy up, it first verifies that the volume
being copied into is empty; thus, for volumes that have been
modified elsewhere (e.g. manually copying into then), the copy up
will not be performed at all. Duplicate this behavior in Podman
by checking if the volume is empty before copying.
Furthermore, move setting copyup to false further up. This will
prevent a potential race where copy up could happen more than
once if Podman was killed after some files had been copied but
before the DB was updated.
This resolves CVE-2020-1726.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
docs: add workaround for --device with rootless containers (II)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update documentation for crun >= 0.11.
See https://github.com/containers/crun/commit/6df930821d80a8e151674f0fda1321fba93bb92d
Fixes #4477
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\ \
| | |
| | | |
Simplify image object creation
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... because both callers only care about that aspect of the
return value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... so that _all_ Image objects are created in a single place
that is easy to update.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of the function updating image.InputName (the only reason for it
to need an image), have it return the updated value separately.
This will allow simplifying the constructors of Image further.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All ways to create an Image{} have a non-nil .image field, and it
is never set to nil, so this is dead code.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All code creating an Image by looking up a name now uses
Runtime.NewFromLocal.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is not _trivially_ safe because newImage.getLocalImage()
modifies newImage.ImageName, but we overwrite that value anyway.
So, this should not change behavior, and it will make future refactoring
easier to verify.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... so that there ultimately is only one constructor.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add backend code for pod network options
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds network-related options to the pod in the database. We
are going to add the CLI frontend in further patches.
In short, this should greatly improve the ability of pods to
configure networking, once the CLI parsing is added.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
Add mirroring dockerfiles
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is needed to provide this image under quay.io/libpod/ namespace
to provide some resiliency to automated testing (should other
repositories be unavailable)
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Update readme to 1.8.0 release
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Refactor runtime functions to pass options structure
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This makes the code easier to read but should not change the overall
behavior.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/image/v5-5.2.1
build(deps): bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.2.0...v5.2.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
LibpodAPI.BuildImage: don't require a name for the new image
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When we finish building an image, we try to look up its ID by looking up
the image using the name that we were asked to assign to the image. If
we weren't asked to assign a name to the image, that would produce an
error. The BuildImage() API we're using returns the image's ID anyway,
so we can skip the lookup and just return the ID directly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Bump to v1.8.0
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS]update contrib systemd user
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
one more update
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Move podman-service to podman-system-service
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #5108
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS]fix systemd files for apiv2
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
the paths and instructions for running the new api via systemd needed updates due to a change in the command.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
[CI:DOCS] Update release notes for final release of v1.8.0
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Only modify conmon cgroup if we have running containers
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If there are no running containers - for example, if the pod was
just created - the cgroup in question may not exist (under
certain circumstances that we're not 100% sure about). However,
regardless, we don't need to set a PID limit, as nothing will be
making cleanup processes (no running conmon processes), so not
changing the cgroup is safe regardless.
Fixes #5072
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Special case memory-swap=-1
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We document that memory-swap==-1 means unlimited, but currently we
won't allow the user to specify the -1 value.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Move install.md to podman.io, leave link page
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The installation instructions for podman were on this site and a
second copy on podman.io. I've created https://github.com/containers/podman.io/pull/193
which has a merging of the installation instructions from both sites.
Since the one on podman.io was created a few months ago, we've had a number
of divergences. Maintaining only one copy should assist with that problem
plus make it easier for people updating them.
This PR should NOT be merged before the one in podman.io.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
fix swagger docs and make sure docs validation runs
|
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/onsi/ginkgo-1.12.0
build(deps): bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.11.0...v1.12.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
vendor github.com/containers/image/v5@v5.2.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes a build regression on CentOS 7 and RHEL 7 with older gpgme
versions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
See release notes:
https://github.com/containers/image/releases/tag/v5.2.0
Fixes: #4877
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add Containerfile location e2e test
|