| Commit message (Collapse) | Author | Age |
|\
| |
| | |
get user and group information using securejoin and runc's user library
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
for the purposes of performance and security, we use securejoin to contstruct
the root fs's path so that symlinks are what they appear to be and no pointing
to something naughty.
then instead of chrooting to parse /etc/passwd|/etc/group, we now use the runc user/group
methods which saves us quite a bit of performance.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
truncate command output in ps by default
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
when the PS command was reworked for performance and formatting improvements,
i forgot to truncate the command field. Long container commands was throwing
the formatting off. we now truncated to 17 characters plus the elipses.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Use newer runc commit in VM images
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use image ubuntu-1804-bionic-v20180911-libpod-63a86a18 which was built
with RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
unmount: fix error logic
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Only return `ErrCtrStateInvalid` errors when the mount counter is equal
to 1. Also fix the "can't unmount [...] last mount[..]" error which
hasn't been returned when the error passed to `errors.Errorf()` is nil.
Fixes: #1695
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \ \
| | | | |
| | | | | |
CONTRIBUTING.md: add section about describing changes
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a section about describing changes in commit messages. GitHub tends
to drive the large part of discussions and change descriptions to the
corresponding pull requests and issues, but such information is lost in
the git history. Not providing sufficient information in commit
messages is painful for reviewing and can cause issues while debugging.
It also complicates studying source code, where reading commit messages
and the code's git history is a common approach to better understand the
code.
Following the descriptions should be enforced by the maintainers of the
libpod project. Pull requests containing commits without proper
descriptions should not be merged.
This change bases on the documentation of the Linux kernel v4.17:
https://www.kernel.org/doc/html/v4.17/process/submitting-patches.html
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
make various changes to ps output
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
for backwards compatibility and auto-test, we needed a few changes
that slipped in when i reworked ps to be faster to be reverted. the
follow behaviours were reverted:
1. the is_infra column was redacted. that appears to be a mistake on my
part.
2. a newline after ps prints its format was added
3. a newline prior to printing the headers was removed.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Sync default config with libpod.conf
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Only changed libpod.conf file, which might not even be in use.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Use two spaces to pad PS fields
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Ed has asked that we revert to using two spaces for padding between PS fields. I assume
this is for docker autotests.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Change ParseDevice to exported name
|
|/ /
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Vendor in latest containers/storage
|
| | |
| | |
| | |
| | |
| | |
| | | |
We need this to start testing metacopy up for podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Ensure test container in running state
|
| |/
| |
| |
| |
| |
| |
| |
| | |
* Save storage if tests fail
Fixes #1643
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Add tests for selinux labels
|
| |/
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
runlabel: run any command
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As discussed [1], the runlabel command should execute any command
specified in a label. The reasoning behind is that we cannot restrict
which options are passed to Podman which thereby has full access to the
host (runlabels must be used with care).
With the updated semantics, runlabel will substitute the commands with a
basepath equal to "docker" or "podman" with "/proc/self/exe", and
otherwise leave the command unchanged to execute any other command on
the host.
[1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \
| | | |
| | | | |
fix bug in rm -fa parallel deletes
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add --max-workers and heuristics for parallel operations
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add a global flag for --max-workers so users can limit the number
of parallel operations for a given function. also, when not limited
by max-workers, we implement a heuristic function that returns the
number of preferred parallel workers based on the number of CPUs and
the given operation.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
run performance improvements
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
run prepare() -- which consists of creating a network namespace and
mounting the container image is now run in parallel. This saves 25-40ms.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Increase security and performance when looking up groups
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We implement the securejoin method to make sure the paths to /etc/passwd and
/etc/group are not symlinks to something naughty or outside the container
image. And then instead of actually chrooting, we use the runc functions to
get information about a user. The net result is increased security and
a a performance gain from 41ms to 100us.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
downgrade runc due a rootless bug
|
|/
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Support auth file environment variable in podman build
|
| |
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Eat our own dogfood
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch all tests to use podman installed on the system, or Docker if podman
does not exist.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Explain the device format in man pages
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
create: fix writing cidfile when using rootless
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
prevent opening the same file twice, since we re-exec podman in
rootless mode. While at it, also solve a possible race between the
check for the file and writing to it. Another process could have
created the file in the meanwhile and we would just end up overwriting
it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
vendor: update container/storage
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add support for /usr/local installation
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \
| | | |
| | | | |
read conmon output and convert to json in two steps
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when reading the output from conmon using the JSON methods, it appears that
JSON marshalling is higher in pprof than it really is because the pipe is
"waiting" for a response. this gives us a clearer look at the real CPU/time
consumers.
Signed-off-by: baude <bbaude@redhat.com>
|