summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add a note on systemd shortcomings in rootless containersMichal Sekletar2019-09-18
| | | | | | | | | Document that it is expected for some of the systemd API's to not work correctly/at all in rootless containers. Fixes: #3957 Signed-off-by: Michal Sekletar <msekleta@redhat.com>
* Merge pull request #4052 from rhatdan/exitcodeOpenShift Merge Robot2019-09-17
|\ | | | | Fix exit code failure
| * System-test: Temporarily disable 030-runChris Evich2019-09-17
| | | | | | | | | | | | | | | | | | | | While investigating issue https://github.com/containers/libpod/issues/4044 there is no sense subjecting forward progress elsewhere. Skip the test with a note temporarily, until a resolution to 4044 and any other related issues is found and fix implemented. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Fix exit code failureDaniel J Walsh2019-09-17
|/ | | | | | Be less precise on the exit code and lot the exit code to the journal when it fails. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4034 from rhatdan/relabelOpenShift Merge Robot2019-09-17
|\ | | | | Add 'relabel' to --mount options
| * Add 'relabel' to --mount optionsDaniel J Walsh2019-09-16
| | | | | | | | | | | | | | | | | | Currently if a user specifies a --mount option, their is no way to tell SELinux to relabel the mount point. This patch addes the relabel=shared and relabel=private options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4037 from mheon/bump_1.6.0_rc1OpenShift Merge Robot2019-09-17
|\ \ | | | | | | Bump to v1.6.0-RC1
| * | Bump Gitvalidation epochMatthew Heon2019-09-16
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Bump to v1.6.0-devMatthew Heon2019-09-16
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Bump to v1.6.0-rc1v1.6.0-rc1Matthew Heon2019-09-16
| |/ | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #4035 from mheon/unmount_unmounted_is_safeOpenShift Merge Robot2019-09-16
|\ \ | | | | | | Unmounting a container that is already unmounted is OK
| * | Unmounting a container that is already unmounted is OKMatthew Heon2019-09-16
| |/ | | | | | | | | | | | | | | | | | | | | | | We should not be throwing errors because the operation we wanted to perform is already done. Now, it is definitely strange that a container is actually unmounted, but shows as mounted in the DB - if this reoccurs in a way where we can investigate, it's worth tearing into. Fixes #4033 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #4043 from haircommander/preserve-fd-fixOpenShift Merge Robot2019-09-16
|\ \ | | | | | | exec: fix --preserve-fds
| * | exec: fix --preserve-fdsPeter Hunt2019-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were two problems with preserve fds. libpod didn't open the fds before passing _OCI*PIPE to conmon. This caused libpod to talk on the preserved fds, rather than the pipes, with conmon talking on the pipes. This caused a hang. Libpod also didn't convert an int to string correctly, so it would further fail. Fix these and add a unit test to make sure we don't regress in the future Note: this test will not pass on crun until crun supports --preserve-fds Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3941 from gabibeyer/fix_unit_testOpenShift Merge Robot2019-09-16
|\ \ \ | | | | | | | | fix unit test using strings.Contains
| * | | fix unit test to use Expectgabi beyer2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Expect function does not return a result of True or False depending on the value of the first instance, but instead requires a comparison using ".To(", so change to use ".To(ContainSubstring(" Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
* | | | Merge pull request #4038 from giuseppe/enable-sandbox-slirp4netnsOpenShift Merge Robot2019-09-16
|\ \ \ \ | |_|/ / |/| | | networking: use --enable-sandbox if available
| * | | networking: use --enable-sandbox if availableGiuseppe Scrivano2019-09-16
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | if slirp4netns supports sandboxing, enable it. It automatically creates a new mount namespace where slirp4netns will run and have limited access to the host resources. It needs slirp4netns 0.4.1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4031 from QazerLab/masterOpenShift Merge Robot2019-09-16
|\ \ \ | |/ / |/| | Skip spec_test for rootless envs without cgroup v2.
| * | Check for rootless before checking cgroups version in spec_test.Danila Kiver2019-09-15
| | | | | | | | | | | | Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
| * | Skip spec_test for rootless envs without cgroup v2.Danila Kiver2019-09-14
| | | | | | | | | | | | Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
* | | Merge pull request #4026 from rhatdan/copyOpenShift Merge Robot2019-09-14
|\ \ \ | | | | | | | | Fix default to pause in podman cp
| * | | Fix default to pause in podman cpDaniel J Walsh2019-09-13
| |/ / | | | | | | | | | | | | | | | | | | | | | We want to default to secure when running containers as root, in rootless, we need to change the default if the system does not support cgroup v1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #4030 from mheon/release_notes_1.6.0OpenShift Merge Robot2019-09-14
|\ \ \ | |/ / |/| | Update release notes for v1.6.0
| * | Update release notes for v1.6.0Matthew Heon2019-09-13
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4023 from TomSweeneyRedHat/dev/tsweeney/buildah1.11.2_vendorOpenShift Merge Robot2019-09-13
|\ \ \ | |/ / |/| | Vendor Buildah 1.11.2
| * | Vendor Bulidah 1.11.2TomSweeneyRedHat2019-09-13
| | | | | | | | | | | | | | | | | | Vendor in Buildah 1.11.2 into libpod/Podman Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4022 from baude/remotepushgetrtOpenShift Merge Robot2019-09-13
|\ \ \ | | | | | | | | get runtime for podman-remote push earlier
| * | | get runtime for podman-remote push earlierbaude2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent client side panics, we should get the runtime earlier in the process of push. Fixes: #4013 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #4018 from giuseppe/fix-error-message-rootlessOpenShift Merge Robot2019-09-13
|\ \ \ \ | | | | | | | | | | rootless: report the correct error
| * | | | rootless: report the correct errorGiuseppe Scrivano2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not shadow the err variable so that the correct error message can be reported when utils.RunUnderSystemdScope fails. Closes: https://github.com/containers/libpod/issues/4012 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #4006 from rhatdan/rootlessOpenShift Merge Robot2019-09-13
|\ \ \ \ \ | | | | | | | | | | | | Report errors when trying to pause rootless containers
| * | | | | Report errors when trying to pause rootless containersDaniel J Walsh2019-09-13
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you are running a rootless container on cgroupV1 you can not pause the container. We need to report the proper error if this happens. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3934 from rhatdan/waitOpenShift Merge Robot2019-09-13
|\ \ \ \ \ | |_|_|/ / |/| | | | Podman-remote run should wait for exit code
| * | | | Podman-remote run should wait for exit codeDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change matches what is happening on the podman local side and should eliminate a race condition. Also exit commands on the server side should start to return to client. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | Use exit code constantsDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have leaked the exit number codess all over the code, this patch removes the numbers to constants. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3942 from jwhonce/issue/3829OpenShift Merge Robot2019-09-13
|\ \ \ \ \ | |_|/ / / |/| | | | Stop glob'ing on podman cp
| * | | | Do not support wildcards on cpJhon Honce2019-09-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | * symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #4010 from haircommander/regsiter-laterOpenShift Merge Robot2019-09-13
|\ \ \ \ | | | | | | | | | | exec: Register resize func a bit later
| * | | | exec: Register resize func a bit laterPeter Hunt2019-09-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | if we register the resize func too early, it attempts to read from the 'ctl' file before it exists. this causes the func to error, and the resize to not go through. Fix this by registering resize func later for conmon. This, along with a conmon fix, will allow exec to know the terminal size at startup Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #3978 from baude/networkremoveOpenShift Merge Robot2019-09-12
|\ \ \ \ | |_|/ / |/| | | enhance podman network rm
| * | | enhance podman network rmbaude2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | when removing a podman network, we need to make sure we delete the network interface if one was ever created (by running a container). also, when removing networks, we check if any containers are using the network. if they are, we error out unless the user provides a 'force' option which will remove the containers in question. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4009 from baude/execrmsocketOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | clean up after healthcheck execs
| * | | clean up after healthcheck execsbaude2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | when executing a healthcheck, we were not cleaning up after exec's use of a socket. we now remove the socket file and ignore if for reason it does not exist. Fixes: #3962 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3986 from debarshiray/wip/rishi/test-podman-exec-tty-onlcrOpenShift Merge Robot2019-09-12
|\ \ \ | |_|/ |/| | Test that PTYs created by 'podman exec --tty' have the ONLCR flag
| * | Test that PTYs created by 'podman exec --tty' have the ONLCR flagDebarshi Ray2019-09-12
| | | | | | | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | Merge pull request #3998 from cevich/idiot_proof_systemd_unitOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | Prevent podman varlink socket fight
| * | | Prevent podman varlink socket fightChris Evich2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3997 from QiWang19/sigpathOpenShift Merge Robot2019-09-12
|\ \ \ | | | | | | | | fix podman sign signature store for rootless
| * | | fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | | | | | | | | | | | | | | | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>