| Commit message (Collapse) | Author | Age |
|\
| |
| | |
add pkg/seccomp
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add pkg/seccomp to consolidate all seccomp-policy related code which is
currently scattered across multiple packages and complicating the
creatconfig refactoring.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Do not copy up when volume is not empty
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When Docker performs a copy up, it first verifies that the volume
being copied into is empty; thus, for volumes that have been
modified elsewhere (e.g. manually copying into then), the copy up
will not be performed at all. Duplicate this behavior in Podman
by checking if the volume is empty before copying.
Furthermore, move setting copyup to false further up. This will
prevent a potential race where copy up could happen more than
once if Podman was killed after some files had been copied but
before the DB was updated.
This resolves CVE-2020-1726.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
[CI:DOCS] api: pull: fix reference parsing
|
| | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
cmd/podman/pull: refactor code
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Refactor and simplify the code in cmd/podman/pull.go to address a couple
of issues w.r.t. how the arguments were passed. Also make sure to
always use the c/image API for parsing instead of working around it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] podman system service doc fixes
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
|
|\ \ \
| | | |
| | | | |
apiv2 stream events
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
API v2 tests: catch up to moving target
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Lots has changed since I first checked this in:
* Switch to new podman system service invocation
* /containers API has changed drastically
* /pods API has some fixes; check for them (e.g.
container-exists is now 409 Conflict, not 500)
* One test ('?invalidparam=x') still doesn't work;
comment it out so we can get everything passing.
Also, some work on the test framework itself:
* Cleaner port-open testing (the bash /dev/tcp check).
* Add a 'podman' function to invoke local podman and
log its output.
The above two allow us to:
* Get rid of stderr special-casing
Furthermore:
* t() no longer needs leading '.'; this allows jq
features such as 'length' and perhaps other filters
* special-case handling of 204 and 304: rfc2616 demands
that they return no message body; assert that it is so.
* new root & rootless helper functions (check server)
* remove the "unlikely to work" message for rootless;
it seems to be working fine
* fix pod tests for rootless
* BUT: add a bolder FIXME because the ID field seems wrong
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
HTTP 304 (NotModified) is not an error!
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Even after #5169, my test logs kept showing:
ERRO[0004] unable to write json: "http: request method or response status code does not allow body"
Cause: overly-helpful code trying to treat condition as an
error and include a diagnostic message. This is forbidden
per rfc2616.
This PR fixes the faulty response, as well as three others
found via:
$ ack 'Error.*NotMod' (4 hits total)
$ ack 'Error.*NoCont' (no hits)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
API v2: pods: fix two incorrect return codes
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1) /pods/<X>/exists - is documented to return 204, and that's
the correct value, but until now it has been returning 200.
2) /pods/create - return 409 (conflict), not 500, when pod
already exists
Also: in WriteResponse(), if code is 204 (No Content) or 304
(Not Modified), emit the status code only but no content-type
headers nor content.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
v2 api: /libpod/images/{import,load,pull}
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement the /libpod/images/import endpoint
Tested manually with curl:
curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar"
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement the /libpod/images/load endpoint.
Tested manually with curl:
curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar"
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement the /libpod/images/pull endpoint and correct the swagger docs.
The reference parameter is mandatory and must either be a
c/image/docker/reference or a reference to the "docker://" transport as
the pull endpoint is meant to only support pulling images from a
registry.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add test cases to validate remove and list images api.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Includes testcase to validate list image api count as we create and delete images
Include testcase to validate remove image api responses with container instance, etc.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
replace prow images test
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
this is a container-based approach to verifying we can build an rpm based on the contrib spec.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Rewire ListContainers for APIv2 libpod
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
consumers of the api remarked how they would prefer a more strongly typed data structure from list containers oon the libpod side of things. for example, events should be consumable and consistent timestamps. also, for the sake of compatibility, it is helpful to have the json named atttributes for Id to not be ID.
listcontainers on the libpod side no longer strongly uses the the ps cli to obtain information but we do benefit from turning on the ability to list the last X containers, something CLI does not have yet. we also flipped the bit on defaulting to truncated output in the return.
thanks to the efforts of the cockpit team to help us here.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
container create: relax os/arch checks
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Relax the os/arch checks when creating a container and only info-log
mismatches instead of erroring out. There are too many images used
in the wild which do not set their arch correctly correctly. Erroring
out has hit users sufficiently enough to justify relaxing the errors
and only log to at least inform the users and image vendors.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman build -f completions
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also cleanup the code a bit. There's no --runtime flag for build.
Fixes: #3878
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Make: s/uname -o/uname -s/
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
uname -o doesn't seem to work on Mac OS.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Remove incorrect validation of --change for commit
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The validation logic was failing on properly-formatted changes.
There's already validation in Commit itself, so no need to
duplicate.
Fixes #5148
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Cirrus: Never run prune on other branches
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is needed because the prune container image will be built from
other branches as they are made. If the behavior of this or the imgts
image diverges from that of master, random VM images could be "cleaned"
unexpectedly. By hard-coding this task to the master branch only,
it should never run anywhere else.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix varlink code generation target.
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #5130.
varlink code generation was skipped when `uname -o` did not print "GNU/Linux".
However on some Linux systems (e.g. alpine) only "Linux" is printed
which results in cmd/podman/varlink/iopodman.go not being generated.
Thus the Makefile target condition has been changed to match "Linux".
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Update Code of Conduct to Containers variant
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As the title says. I renamed the old file from the lower case to the
upper case name. This makes it appear higher up in the listing on GitHub
and also is in line with the rest of the containers projects. Due to this
change, I also had to change a few references in a couple of build related
files.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
docs: add workaround for --device with rootless containers (II)
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update documentation for crun >= 0.11.
See https://github.com/containers/crun/commit/6df930821d80a8e151674f0fda1321fba93bb92d
Fixes #4477
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Simplify image object creation
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
... because both callers only care about that aspect of the
return value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
... so that _all_ Image objects are created in a single place
that is easy to update.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|