| Commit message (Collapse) | Author | Age |
|\
| |
| | |
rm: fix cleanup race
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
we fire the cleanup process asynchronously so we might race with a
command like: podman run --rm --name foo ... && podman run --rm --name foo
Fix it by ensuring the container is deleted before we exit. This
will race with the "cleanup" process, but it is fine as one of the two
commands will fail with ErrNoSuchCtr while the other succeeds.
Closes: https://github.com/containers/libpod/issues/2619
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Add event on container death
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add gating tasks
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to protect against regressions, we need to add a few gating tasks:
* build with varlink
* build podman-remote
* build podman-remote-darwin
we already have a gating task for building without varlink
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Add 'podman events' to podman(1)
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Also: enforce noSubArgs for podman events
Also: remove unnecessary '[flags]' from Use message (Cobra
adds it automatically)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
Vendor docker/docker, fsouza and more #2
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Vendors in fsouza/docker-client, docker/docker and
a few more related. Of particular note, changes to the TweakCapabilities()
function from docker/docker along with the parse.IDMappingOptions() function
from Buildah. Please pay particular attention to the related changes in
the call from libpod to those functions during the review.
Passes baseline tests.
|
|\
| |
| | |
Update vendor of Buildah and imagebuilder
|
|/
|
|
|
|
| |
Fixes the testing issues we are hitting.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
minor typo fix in 'podman top' usage
|
|/
|
|
| |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
healthcheck phase 2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
integration of healthcheck into create and run as well as inspect.
healthcheck enhancements are as follows:
* add the following options to create|run so that non-docker images can
define healthchecks at the container level.
* --healthcheck-command
* --healthcheck-retries
* --healthcheck-interval
* --healthcheck-start-period
* podman create|run --healthcheck-command=none disables healthcheck as
described by an image.
* the healthcheck itself and the healthcheck "history" can now be
observed in podman inspect
* added the wiring for healthcheck history which logs the health history
of the container, the current failed streak attempts, and log entries
for the last five attempts which themselves have start and stop times,
result, and a 500 character truncated (if needed) log of stderr/stdout.
The timings themselves are not implemented in this PR but will be in
future enablement (i.e. next).
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
build: honor --net
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when --net is specified, pass it down to Buildah.
Depends on: https://github.com/containers/buildah/pull/1395
Closes: https://github.com/containers/libpod/issues/2572
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor psgo v1.2
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The psgo library now be used concurrently by multiple goroutines without
interferring with another.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix broken link in API.md
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Link to InspectImage was broken.
Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update troubleshooting guide for Podman-in-Podman
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a small section on the bad things that can happen if you
don't mount in our temporary directories.
Fixes #1602
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add event logging to libpod, even display to podman
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In lipod, we now log major events that occurr. These events
can be displayed using the `podman events` command. Each
event contains:
* Type (container, image, volume, pod...)
* Status (create, rm, stop, kill, ....)
* Timestamp in RFC3339Nano format
* Name (if applicable)
* Image (if applicable)
The format of the event and the varlink endpoint are to not
be considered stable until cockpit has done its enablement.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
move formats pkg to and vendor from buildah
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Ensure that tmpfs mounts do not have symlinks
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When mounting a tmpfs, runc attempts to make the directory it
will be mounted at. Unfortunately, Golang's os.MkdirAll deals
very poorly with symlinks being part of the path. I looked into
fixing this in runc, but it's honestly much easier to just ensure
we don't trigger the issue on our end.
Fixes BZ #1686610
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Fix SELinux on host shared systems in userns
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently if you turn on --net=host on a rootless container
and have selinux-policy installed in the image, tools running with
SELinux will see that the system is SELinux enabled in rootless mode.
This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour.
This patch also fixes the fact that if you shared --pid=host we were not
masking over certin /proc paths.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
preparation for remote-client create container
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
to prepare for being able to remotely run a container, we need to
perform a refactor to get code out of main because it is not
reusable. the shared location is a good starting spot though
eventually some will likely end up in pkg/spec/ at some point.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Buffer stdin to a file when importing "-"
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When importing an image from a file somewhere, we already know how to
download data from a URL to a file, so do the same for stdin, in case
it's unexpectedly large.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \
| | | |
| | | | |
rootless: fix stop and rm when the container is running with uid != 0
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
join the user namespace where the pod is running, so that we can both
manage the storage and correctly send the kill signal to a process
which is not running as root in the namespace.
Closes: https://github.com/containers/libpod/issues/2577
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
let the process running as euid != 0 pass down an argument to the
process running in the user namespace. This will be useful for
commands like rm -a that needs to join different namespaces, so that
we can re-exec separately for each of them.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Initialize field in InfoHost struct
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #2016
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
libpod: allow to configure path to the slirp4netns binary
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
allow to configure the path to the network-cmd binary, either via an
option flag --network-cmd-path or through the libpod.conf
configuration file.
This is currently used to customize the path to the slirp4netns
binary.
Closes: https://github.com/containers/libpod/issues/2506
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
rootless: allow single ID mappings
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
we were playing safe and not allowed any container to have less than
65536 mappings. There are a couple of reasons to change it:
- it blocked libpod to work in an environment where
newuidmap/newgidmap are not available, or not configured.
- not allowed to use different partitions of subuids, where each user
has less than 65536 ids available.
Hopefully this change in containers/storage:
https://github.com/containers/storage/pull/303
will make error clearers if there are not enough IDs for the image
that is being used.
Closes: https://github.com/containers/libpod/issues/1651
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|