| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
Document that it is expected for some of the systemd API's to not work
correctly/at all in rootless containers.
Fixes: #3957
Signed-off-by: Michal Sekletar <msekleta@redhat.com>
|
|\
| |
| | |
Fix exit code failure
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While investigating issue
https://github.com/containers/libpod/issues/4044 there is no sense
subjecting forward progress elsewhere. Skip the test with a note
temporarily, until a resolution to 4044 and any other related issues
is found and fix implemented.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
|
|
| |
Be less precise on the exit code and lot the exit code to the journal when it fails.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Add 'relabel' to --mount options
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently if a user specifies a --mount option, their is no way to tell SELinux
to relabel the mount point.
This patch addes the relabel=shared and relabel=private options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Bump to v1.6.0-RC1
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Unmounting a container that is already unmounted is OK
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We should not be throwing errors because the operation we wanted
to perform is already done. Now, it is definitely strange that a
container is actually unmounted, but shows as mounted in the DB -
if this reoccurs in a way where we can investigate, it's worth
tearing into.
Fixes #4033
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
exec: fix --preserve-fds
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There were two problems with preserve fds.
libpod didn't open the fds before passing _OCI*PIPE to conmon. This caused libpod to talk on the preserved fds, rather than the pipes, with conmon talking on the pipes. This caused a hang.
Libpod also didn't convert an int to string correctly, so it would further fail.
Fix these and add a unit test to make sure we don't regress in the future
Note: this test will not pass on crun until crun supports --preserve-fds
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix unit test using strings.Contains
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The Expect function does not return a result of True or False
depending on the value of the first instance, but instead requires
a comparison using ".To(", so change to use ".To(ContainSubstring("
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
networking: use --enable-sandbox if available
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
if slirp4netns supports sandboxing, enable it.
It automatically creates a new mount namespace where slirp4netns will
run and have limited access to the host resources.
It needs slirp4netns 0.4.1.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Skip spec_test for rootless envs without cgroup v2.
|
| | |
| | |
| | |
| | | |
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
|\ \ \
| | | |
| | | | |
Fix default to pause in podman cp
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We want to default to secure when running containers as root,
in rootless, we need to change the default if the system does not
support cgroup v1.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Update release notes for v1.6.0
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |/ /
|/| | |
Vendor Buildah 1.11.2
|
| | |
| | |
| | |
| | |
| | |
| | | |
Vendor in Buildah 1.11.2 into libpod/Podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
get runtime for podman-remote push earlier
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to prevent client side panics, we should get the runtime earlier in the
process of push.
Fixes: #4013
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: report the correct error
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
do not shadow the err variable so that the correct error message can
be reported when utils.RunUnderSystemdScope fails.
Closes: https://github.com/containers/libpod/issues/4012
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Report errors when trying to pause rootless containers
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If you are running a rootless container on cgroupV1
you can not pause the container. We need to report the proper error
if this happens.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Podman-remote run should wait for exit code
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This change matches what is happening on the podman local side
and should eliminate a race condition.
Also exit commands on the server side should start to return to client.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We have leaked the exit number codess all over the code, this patch
removes the numbers to constants.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Stop glob'ing on podman cp
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
* symlink processing and wildcarding led to unexpected files
being copied
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
exec: Register resize func a bit later
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if we register the resize func too early, it attempts to read from the 'ctl' file before it exists. this causes the func to error, and the resize to not go through.
Fix this by registering resize func later for conmon. This, along with a conmon fix, will allow exec to know the terminal size at startup
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
enhance podman network rm
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when removing a podman network, we need to make sure we delete the
network interface if one was ever created (by running a container).
also, when removing networks, we check if any containers are using the
network. if they are, we error out unless the user provides a 'force'
option which will remove the containers in question.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
clean up after healthcheck execs
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when executing a healthcheck, we were not cleaning up after exec's use
of a socket. we now remove the socket file and ignore if for reason it
does not exist.
Fixes: #3962
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Test that PTYs created by 'podman exec --tty' have the ONLCR flag
|
| | |
| | |
| | |
| | | |
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
Prevent podman varlink socket fight
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When enabled, it's desired for the podman-varlink process to startup on
boot or upon socket-activation, whichever happens first. However,
with `KillMode=none` systemd will never kill any podman-varlink
processes. This makes it easily possible for multiple podman-varlink
processes to be running, and fight each other to service a single socket.
---
For example:
Prior to this commit, this will result in four podman-varlink processes
being run:
```
systemctl enable io.podman.socket
systemctl enable io.podman.service
systemctl start io.podman.socket
systemctl start io.podman.service
systemctl start io.podman.service
```
Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default
is 90). This results in podman-varlink exiting on its own after a minute
of being idle (--timeout=60000). Alternatively, systemd will manage the
service stop by sending a SIGTERM, then if podman-varlink has not exited
within `TimeoutStopSec`, a SIGKILL will be sent.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix podman sign signature store for rootless
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Store the the signature under graphroot when using rootless podman image sign.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|