summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #2631 from giuseppe/fix-race-rmOpenShift Merge Robot2019-03-13
|\ | | | | rm: fix cleanup race
| * rm: fix cleanup raceGiuseppe Scrivano2019-03-13
|/ | | | | | | | | | | | | we fire the cleanup process asynchronously so we might race with a command like: podman run --rm --name foo ... && podman run --rm --name foo Fix it by ensuring the container is deleted before we exit. This will race with the "cleanup" process, but it is fine as one of the two commands will fail with ErrNoSuchCtr while the other succeeds. Closes: https://github.com/containers/libpod/issues/2619 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2621 from mheon/event_on_deathOpenShift Merge Robot2019-03-13
|\ | | | | Add event on container death
| * Add event on container deathMatthew Heon2019-03-13
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2622 from baude/protectdarwinOpenShift Merge Robot2019-03-13
|\ \ | | | | | | Add gating tasks
| * | Add gating tasksbaude2019-03-13
| |/ | | | | | | | | | | | | | | | | | | | | to protect against regressions, we need to add a few gating tasks: * build with varlink * build podman-remote * build podman-remote-darwin we already have a gating task for building without varlink Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2629 from edsantiago/add-events-to-podman-1OpenShift Merge Robot2019-03-13
|\ \ | | | | | | Add 'podman events' to podman(1)
| * | Add 'podman events' to podman(1)Ed Santiago2019-03-13
| |/ | | | | | | | | | | | | | | | | Also: enforce noSubArgs for podman events Also: remove unnecessary '[flags]' from Use message (Cobra adds it automatically) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #2628 from TomSweeneyRedHat/dev/tsweeney/bigvendorbuildah2OpenShift Merge Robot2019-03-13
|\ \ | |/ |/| Vendor docker/docker, fsouza and more #2
| * Vendor docker/docker, fsouza and more #2TomSweeneyRedHat2019-03-13
|/ | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Vendors in fsouza/docker-client, docker/docker and a few more related. Of particular note, changes to the TweakCapabilities() function from docker/docker along with the parse.IDMappingOptions() function from Buildah. Please pay particular attention to the related changes in the call from libpod to those functions during the review. Passes baseline tests.
* Merge pull request #2625 from rhatdan/vendorOpenShift Merge Robot2019-03-13
|\ | | | | Update vendor of Buildah and imagebuilder
| * Update vendor of Buildah and imagebuilderDaniel J Walsh2019-03-13
|/ | | | | | Fixes the testing issues we are hitting. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2623 from edsantiago/podman_top_typoOpenShift Merge Robot2019-03-13
|\ | | | | minor typo fix in 'podman top' usage
| * minor typo fix in 'podman top' usageEd Santiago2019-03-12
|/ | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #2562 from baude/healtcheckphase2OpenShift Merge Robot2019-03-12
|\ | | | | healthcheck phase 2
| * healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2585 from giuseppe/build-honor-netOpenShift Merge Robot2019-03-12
|\ \ | | | | | | build: honor --net
| * | slirp4netns: add builtin DNS server to resolv.confGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | build: honor --netGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when --net is specified, pass it down to Buildah. Depends on: https://github.com/containers/buildah/pull/1395 Closes: https://github.com/containers/libpod/issues/2572 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2610 from vrothberg/vendor-psgoOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | vendor psgo v1.2
| * | | vendor psgo v1.2Valentin Rothberg2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The psgo library now be used concurrently by multiple goroutines without interferring with another. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #2612 from KKoukiou/api-doc-fixOpenShift Merge Robot2019-03-11
|\ \ \ \ | | | | | | | | | | Fix broken link in API.md
| * | | | Fix broken link in io.podman.varlinkKaterina Koukiou2019-03-11
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Link to InspectImage was broken. Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
* | | | Merge pull request #2587 from mheon/update_troubleshootingOpenShift Merge Robot2019-03-11
|\ \ \ \ | | | | | | | | | | Update troubleshooting guide for Podman-in-Podman
| * | | | Update troubleshooting guide for Podman-in-PodmanMatthew Heon2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a small section on the bad things that can happen if you don't mount in our temporary directories. Fixes #1602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | Add event logging to libpod, even display to podman
| * | | | | Add event logging to libpod, even display to podmanbaude2019-03-11
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2609 from QiWang19/moveformatsOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | move formats pkg to and vendor from buildah
| * | | | | move formats pkg to and vendor from buildahQi Wang2019-03-11
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #2593 from mheon/scrub_tmpfs_linksOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | Ensure that tmpfs mounts do not have symlinks
| * | | | | Ensure that tmpfs mounts do not have symlinksMatthew Heon2019-03-11
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting a tmpfs, runc attempts to make the directory it will be mounted at. Unfortunately, Golang's os.MkdirAll deals very poorly with symlinks being part of the path. I looked into fixing this in runc, but it's honestly much easier to just ensure we don't trigger the issue on our end. Fixes BZ #1686610 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #2613 from rhatdan/selinuxOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | |_|_|/ / |/| | | | Fix SELinux on host shared systems in userns
| * | | | Fix SELinux on host shared systems in usernsDaniel J Walsh2019-03-11
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you turn on --net=host on a rootless container and have selinux-policy installed in the image, tools running with SELinux will see that the system is SELinux enabled in rootless mode. This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour. This patch also fixes the fact that if you shared --pid=host we were not masking over certin /proc paths. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2578 from baude/movecreateOpenShift Merge Robot2019-03-11
|\ \ \ \ | |/ / / |/| | | preparation for remote-client create container
| * | | preparation for remote-client create containerbaude2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2611 from nalind/buffer-stdin-importOpenShift Merge Robot2019-03-11
|\ \ \ \ | |_|/ / |/| | | Buffer stdin to a file when importing "-"
| * | | Buffer stdin to a file when importing "-"Nalin Dahyabhai2019-03-11
|/ / / | | | | | | | | | | | | | | | | | | | | | When importing an image from a file somewhere, we already know how to download data from a URL to a file, so do the same for stdin, in case it's unexpectedly large. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | rootless: fix stop and rm when the container is running with uid != 0
| * | | rootless: fix pod stop|rm if uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | join the user namespace where the pod is running, so that we can both manage the storage and correctly send the kill signal to a process which is not running as root in the namespace. Closes: https://github.com/containers/libpod/issues/2577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: fix rm when uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: disable pod statsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: do not create automatically a userns for pod killGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | errors: fix error cause comparisonGiuseppe Scrivano2019-03-11
| | |/ | |/| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2597 from jwhonce/issue/2016OpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | Initialize field in InfoHost struct
| * | | Initialize field in InfoHost structJhon Honce2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #2016 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #2538 from giuseppe/slirp4netns-pathOpenShift Merge Robot2019-03-11
|\ \ \ \ | |_|_|/ |/| | | libpod: allow to configure path to the slirp4netns binary
| * | | libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2604 from giuseppe/allow-single-mappingsOpenShift Merge Robot2019-03-11
|\ \ \ | |_|/ |/| | rootless: allow single ID mappings
| * | rootless: allow single mappingsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>