summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #5187 from vrothberg/pkg-seccompOpenShift Merge Robot2020-02-12
|\ | | | | add pkg/seccomp
| * add pkg/seccompValentin Rothberg2020-02-12
| | | | | | | | | | | | | | | | Add pkg/seccomp to consolidate all seccomp-policy related code which is currently scattered across multiple packages and complicating the creatconfig refactoring. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5168 from mheon/do_not_overwrite_volumesOpenShift Merge Robot2020-02-12
|\ \ | | | | | | Do not copy up when volume is not empty
| * | Do not copy up when volume is not emptyMatthew Heon2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Docker performs a copy up, it first verifies that the volume being copied into is empty; thus, for volumes that have been modified elsewhere (e.g. manually copying into then), the copy up will not be performed at all. Duplicate this behavior in Podman by checking if the volume is empty before copying. Furthermore, move setting copyup to false further up. This will prevent a potential race where copy up could happen more than once if Podman was killed after some files had been copied but before the DB was updated. This resolves CVE-2020-1726. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5185 from vrothberg/v2-pull-fixOpenShift Merge Robot2020-02-12
|\ \ \ | |_|/ |/| | [CI:DOCS] api: pull: fix reference parsing
| * | api: pull: fix reference parsingValentin Rothberg2020-02-12
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #5184 from vrothberg/refactor-pullOpenShift Merge Robot2020-02-12
|\ \ \ | |/ / |/| | cmd/podman/pull: refactor code
| * | cmd/podman/pull: refactor codeValentin Rothberg2020-02-12
|/ / | | | | | | | | | | | | | | Refactor and simplify the code in cmd/podman/pull.go to address a couple of issues w.r.t. how the arguments were passed. Also make sure to always use the c/image API for parsing instead of working around it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5144 from marusak/doc_fixesOpenShift Merge Robot2020-02-12
|\ \ | | | | | | [CI:DOCS] podman system service doc fixes
| * | bash-completions: Add missing subcommands in 'podman system'Matej Marusak2020-02-10
| | | | | | | | | | | | Signed-off-by: Matej Marusak <mmarusak@redhat.com>
| * | doc: Fix examples for 'podman system service'Matej Marusak2020-02-10
| | | | | | | | | | | | Signed-off-by: Matej Marusak <mmarusak@redhat.com>
* | | Merge pull request #5175 from baude/apiv2eventsOpenShift Merge Robot2020-02-12
|\ \ \ | | | | | | | | apiv2 stream events
| * | | apiv2 stream eventsBrent Baude2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #5165 from edsantiago/test_apiv2OpenShift Merge Robot2020-02-12
|\ \ \ \ | | | | | | | | | | API v2 tests: catch up to moving target
| * | | | API v2 tests: catch up to moving targetEd Santiago2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots has changed since I first checked this in: * Switch to new podman system service invocation * /containers API has changed drastically * /pods API has some fixes; check for them (e.g. container-exists is now 409 Conflict, not 500) * One test ('?invalidparam=x') still doesn't work; comment it out so we can get everything passing. Also, some work on the test framework itself: * Cleaner port-open testing (the bash /dev/tcp check). * Add a 'podman' function to invoke local podman and log its output. The above two allow us to: * Get rid of stderr special-casing Furthermore: * t() no longer needs leading '.'; this allows jq features such as 'length' and perhaps other filters * special-case handling of 204 and 304: rfc2616 demands that they return no message body; assert that it is so. * new root & rootless helper functions (check server) * remove the "unlikely to work" message for rootless; it seems to be working fine * fix pod tests for rootless * BUT: add a bolder FIXME because the ID field seems wrong Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #5176 from edsantiago/304_is_not_an_errorOpenShift Merge Robot2020-02-12
|\ \ \ \ \ | |/ / / / |/| | | | HTTP 304 (NotModified) is not an error!
| * | | | HTTP 304 (NotModified) is not an error!Ed Santiago2020-02-11
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even after #5169, my test logs kept showing: ERRO[0004] unable to write json: "http: request method or response status code does not allow body" Cause: overly-helpful code trying to treat condition as an error and include a diagnostic message. This is forbidden per rfc2616. This PR fixes the faulty response, as well as three others found via: $ ack 'Error.*NotMod' (4 hits total) $ ack 'Error.*NoCont' (no hits) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #5169 from edsantiago/apiv2_pod_status_codesOpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | API v2: pods: fix two incorrect return codes
| * | | | API v2: pods: fix two incorrect return codesEd Santiago2020-02-11
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) /pods/<X>/exists - is documented to return 204, and that's the correct value, but until now it has been returning 200. 2) /pods/create - return 409 (conflict), not 500, when pod already exists Also: in WriteResponse(), if code is 204 (No Content) or 304 (Not Modified), emit the status code only but no content-type headers nor content. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #5083 from vrothberg/v2-libpod-image-endpointsOpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | v2 api: /libpod/images/{import,load,pull}
| * | | | swagger: fix /libpod/images/{import,load,pull}Valentin Rothberg2020-02-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | v2 api: /libpod/images/importValentin Rothberg2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/import endpoint Tested manually with curl: curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar" Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | v2 api: /libpod/images/loadValentin Rothberg2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/load endpoint. Tested manually with curl: curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar" Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | v2 api: /libpod/images/pullValentin Rothberg2020-02-10
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/pull endpoint and correct the swagger docs. The reference parameter is mandatory and must either be a c/image/docker/reference or a reference to the "docker://" transport as the pull endpoint is meant to only support pulling images from a registry. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5132 from sujil02/testOpenShift Merge Robot2020-02-11
|\ \ \ \ | |_|/ / |/| | | Add test cases to validate remove and list images api.
| * | | Add test cases to validate remove and list images api.Sujil022020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Includes testcase to validate list image api count as we create and delete images Include testcase to validate remove image api responses with container instance, etc. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #5068 from baude/newimagestestOpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | replace prow images test
| * | | | replace prow images testBrent Baude2020-02-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | this is a container-based approach to verifying we can build an rpm based on the contrib spec. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #5159 from baude/apiv2cockpit1OpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | Rewire ListContainers for APIv2 libpod
| * | | | Rewire ListContainers for APIv2 libpodBrent Baude2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | consumers of the api remarked how they would prefer a more strongly typed data structure from list containers oon the libpod side of things. for example, events should be consumable and consistent timestamps. also, for the sake of compatibility, it is helpful to have the json named atttributes for Id to not be ID. listcontainers on the libpod side no longer strongly uses the the ps cli to obtain information but we do benefit from turning on the ability to list the last X containers, something CLI does not have yet. we also flipped the bit on defaulting to truncated output in the return. thanks to the efforts of the cockpit team to help us here. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5161 from vrothberg/revert-96ab0c64b4e3OpenShift Merge Robot2020-02-11
|\ \ \ \ \ | |/ / / / |/| | | | container create: relax os/arch checks
| * | | | container create: relax os/arch checksValentin Rothberg2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Relax the os/arch checks when creating a container and only info-log mismatches instead of erroring out. There are too many images used in the wild which do not set their arch correctly correctly. Erroring out has hit users sufficiently enough to justify relaxing the errors and only log to at least inform the users and image vendors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #5164 from vrothberg/fix-3878OpenShift Merge Robot2020-02-11
|\ \ \ \ \ | | | | | | | | | | | | podman build -f completions
| * | | | | podman build -f completionsValentin Rothberg2020-02-11
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also cleanup the code a bit. There's no --runtime flag for build. Fixes: #3878 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #5162 from vrothberg/fix-4814OpenShift Merge Robot2020-02-11
|\ \ \ \ \ | |/ / / / |/| | | | Make: s/uname -o/uname -s/
| * | | | Make: s/uname -o/uname -s/Valentin Rothberg2020-02-11
|/ / / / | | | | | | | | | | | | | | | | | | | | uname -o doesn't seem to work on Mac OS. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5156 from mheon/fix_entrypoint_formatOpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | Remove incorrect validation of --change for commit
| * | | | Remove incorrect validation of --change for commitMatthew Heon2020-02-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The validation logic was failing on properly-formatted changes. There's already validation in Commit itself, so no need to duplicate. Fixes #5148 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #5112 from cevich/only_prune_from_masterOpenShift Merge Robot2020-02-11
|\ \ \ \ | | | | | | | | | | Cirrus: Never run prune on other branches
| * | | | Cirrus: Never run prune on other branchesChris Evich2020-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is needed because the prune container image will be built from other branches as they are made. If the behavior of this or the imgts image diverges from that of master, random VM images could be "cleaned" unexpectedly. By hard-coding this task to the master branch only, it should never run anywhere else. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #5137 from mgoltzsche/masterOpenShift Merge Robot2020-02-11
|\ \ \ \ \ | | | | | | | | | | | | Fix varlink code generation target.
| * | | | | Fix varlink code generation target.Max Goltzsche2020-02-09
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #5130. varlink code generation was skipped when `uname -o` did not print "GNU/Linux". However on some Linux systems (e.g. alpine) only "Linux" is printed which results in cmd/podman/varlink/iopodman.go not being generated. Thus the Makefile target condition has been changed to match "Linux". Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
* | | | | Merge pull request #5155 from TomSweeneyRedHat/cocOpenShift Merge Robot2020-02-11
|\ \ \ \ \ | |_|_|/ / |/| | | | Update Code of Conduct to Containers variant
| * | | | [CI:DOCS] Update Code of Conduct to Containers variantTomSweeneyRedHat2020-02-10
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As the title says. I renamed the old file from the lower case to the upper case name. This makes it appear higher up in the listing on GitHub and also is in line with the rest of the containers projects. Due to this change, I also had to change a few references in a couple of build related files. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #5143 from stefanb2/topic-pr-4477-2OpenShift Merge Robot2020-02-10
|\ \ \ \ | | | | | | | | | | docs: add workaround for --device with rootless containers (II)
| * | | | docs: add workaround for --device with rootless containers (II)Stefan Becker2020-02-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update documentation for crun >= 0.11. See https://github.com/containers/crun/commit/6df930821d80a8e151674f0fda1321fba93bb92d Fixes #4477 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* | | | Merge pull request #5122 from mtrmac/image-object-creationOpenShift Merge Robot2020-02-10
|\ \ \ \ | | | | | | | | | | Simplify image object creation
| * | | | Modify Runtime.getImage to return a storage.ImageMiloslav Trmač2020-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... because both callers only care about that aspect of the return value. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Document an aspect of newFromStorage behaviorMiloslav Trmač2020-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Introduce a Runtime.newImage constructorMiloslav Trmač2020-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ... so that _all_ Image objects are created in a single place that is easy to update. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>