summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: use SYS_renameat2 instead of __NR_renameat2Giuseppe Scrivano2019-11-06
| | | | | | use the correct definition for the syscall number. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4380 from giuseppe/rootless-create-cgroup-for-conmonOpenShift Merge Robot2019-10-30
|\ | | | | libpod, rootless: create cgroup for conmon
| * libpod, rootless: create cgroup for conmonGiuseppe Scrivano2019-10-30
| | | | | | | | | | | | | | | | always create a new cgroup for conmon also when running as rootless. We were previously creating one only when necessary, but that behaves differently than root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4379 from cevich/fix_upload_release_archiveOpenShift Merge Robot2019-10-30
|\ \ | | | | | | Cirrus: Fix upload_release_archive on branch or tag
| * | Cirrus: Fix upload_release_archive on branch or tagChris Evich2019-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cirrus-CI only sets `$CIRRUS_BASE_SHA` when testing PRs since the destination and it's state is easy to discover. However, when post-merge and/or tag-push testing, the previous state is not easily discoverable (changes have already merged). The `upload_release_archive` script incorrectly assumed this variable was always set, causing a constant stream of post-merge testing failures. Tweak the `is_release()` function to properly handle an empty `$CIRRUS_BASE_SHA` whether or not `$CIRRUS_TAG` is also set. Also update the unit-tests to check for this. Also account for a corner case where hack/get_ci_vm.sh is running on a VM w/o git. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #4305 from mheon/fix_volume_mountOpenShift Merge Robot2019-10-30
|\ \ \ | | | | | | | | Wait for `mount` command to finish when mounting volume
| * | | Wait for `mount` command to finish when mounting volumeMatthew Heon2019-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command.Start() just starts the command. That catches some errors, but the nasty ones - bad options and similar - happen when the command runs. Use CombinedOutput() instead - it waits for the command to exit, and thus catches non-0 exit of the `mount` command (invalid options, for example). STDERR from the `mount` command is directly used, which isn't necessarily the best, but we can't really get much more info on what went wrong. Fixes #4303 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4365 from cevich/safe_loadOpenShift Merge Robot2019-10-30
|\ \ \ \ | | | | | | | | | | Cirrus: Fix minor python deprecation warning
| * | | | Cirrus: Fix minor python deprecation warningChris Evich2019-10-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #4376 from giuseppe/drop-ostreeOpenShift Merge Robot2019-10-30
|\ \ \ \ \ | |_|_|/ / |/| | | | build: drop support for ostree
| * | | | build: drop support for ostreeGiuseppe Scrivano2019-10-30
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | it is going to be removed from containers/image as well, so no longer depend on it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4375 from vrothberg/staleOpenShift Merge Robot2019-10-30
|\ \ \ \ | | | | | | | | | | stale action: add exempt-issue-label
| * | | | stale action: add exempt-issue-labelValentin Rothberg2019-10-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Without the label, issues would be closed regardless of the "do-not-close" label. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4372 from rhatdan/execOpenShift Merge Robot2019-10-30
|\ \ \ \ | | | | | | | | | | Processes execed into container should match container label
| * | | | Processes execed into container should match container labelDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Processes execed into a container were not being run with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #4369 from baude/golandautocodecorrectionsOpenShift Merge Robot2019-10-30
|\ \ \ \ \ | | | | | | | | | | | | goland autocorrections
| * | | | | goland autocorrectionsbaude2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | just ran the autocorrect code corrections from goland and it found a few nits. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #4377 from vrothberg/fix-seccompOpenShift Merge Robot2019-10-30
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | seccomp: use github.com/seccomp/containers-golang
| * | | | | seccomp: use github.com/seccomp/containers-golangValentin Rothberg2019-10-30
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the github.com/seccomp/containers-golang library instead of the docker package. The docker package has changed and silently broke on F31. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4310 from nalind/manifest-listsOpenShift Merge Robot2019-10-29
|\ \ \ \ \ | |_|/ / / |/| | | | Move to containers/image v5, support manifest lists
| * | | | Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | images: distinguish between tags and digestsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | API: report multiple digests for imagesNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | image: don't get confused by listsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an image can be opened as an ImageSource but not an Image, handle the case where it's an image list all by itself, the case where it's an image for a different architecture/OS combination, or the case where it's both. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | Add e2e tests for manifest list supportNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test that when we pull using tag or digest references from locations that are manifest lists, that we can inspect using the references that we used for pulling, that the tags show up in the RepoTag list when we inspect an image that was pulled using a tag, and that the list and instance digests always both show up in the RepoDigest list. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * | | | bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #4319 from cevich/limit_releasesOpenShift Merge Robot2019-10-29
|\ \ \ \ | | | | | | | | | | Cirrus: Only upload tagged releases
| * | | | Cirrus: Only upload tagged releasesChris Evich2019-10-29
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit, every push to master had it's builds packaged and uploaded to google storage. This is a waste, since potential users are only ever concerned about tagged releases. Unfortunately because the release process involves humans with potentially multiple human and automation steps happening in parallel, it's easy for automation to not detect a tagged release, or trigger on development|pre-release tags. Fix this in `upload_release_archive.sh` using a new unit-tested function `is_release()`. This acts as the definitive authority on whether or not a specific commit rage or `$CIRRUS_TAG` value constitutes something worthy of upload. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #4366 from AkihiroSuda/fix-embed-versionOpenShift Merge Robot2019-10-29
|\ \ \ \ | |_|/ / |/| | | Makefile: fix embedding gitCommit
| * | | Makefile: fix embedding gitCommitAkihiro Suda2019-10-29
| |/ / | | | | | | | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | Merge pull request #3792 from haircommander/minimum-conmonOpenShift Merge Robot2019-10-29
|\ \ \ | |/ / |/| | require conmon v2.0.1
| * | update conmon to v2.0.2 in in_podman imagePeter Hunt2019-10-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | bump cirrus imagesPeter Hunt2019-10-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | require conmon v2.0.1Peter Hunt2019-10-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | require conmon v2.0.0Peter Hunt2019-10-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #4110 from mheon/fix_sigproxy_testsOpenShift Merge Robot2019-10-29
|\ \ \ | | | | | | | | Fix sig-proxy=false test and use image cache
| * | | Fix sig-proxy=false test and use image cacheMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pulling fedora-minimal was potentially causing timeouts, which is bad. Using the cache avoids that. Sig-proxy=false test was entirely nonfunctional - I think we didn't update it when we fixed sig-proxy=true to be less racy. It was still passing, which is concerning. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #4360 from rhatdan/spellOpenShift Merge Robot2019-10-29
|\ \ \ \ | | | | | | | | | | Fix spelling mistakes
| * | | | Fix spelling mistakesDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #4187 from baude/dnspluginenableOpenShift Merge Robot2019-10-29
|\ \ \ \ \ | | | | | | | | | | | | enable dnsplugin for network create
| * | | | | enable dnsplugin for network createbaude2019-10-28
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when users create a new network and the dnsname plugin can be found by podman, we will enable container name resolution on the new network. there is an option to opt *out* as well. tests cannot be added until we solve the packaging portion of the dnsname plugin. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #4356 from containers/vrothberg-staleOpenShift Merge Robot2019-10-29
|\ \ \ \ \ | | | | | | | | | | | | GitHub stale action
| * | | | | GitHub stale actionValentin Rothberg2019-10-28
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a GitHub action to mark issues and PRs as stale and to eventually close them after a grace period. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4350 from giuseppe/slirp4netnslogOpenShift Merge Robot2019-10-29
|\ \ \ \ \ | |/ / / / |/| | | | libpod: if slirp4netns fails, return its stderr
| * | | | libpod: if slirp4netns fails, return its outputGiuseppe Scrivano2019-10-29
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | read the slirp4netns stderr and propagate it in the error when the process fails. Replace: https://github.com/containers/libpod/pull/4338 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4355 from mheon/ensure_stateOpenShift Merge Robot2019-10-28
|\ \ \ \ | | | | | | | | | | Add ensureState helper for checking container state
| * | | | Add ensureState helper for checking container stateMatthew Heon2019-10-28
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a lot of checks for container state scattered throughout libpod. Many of these need to ensure the container is in one of a given set of states so an operation may safely proceed. Previously there was no set way of doing this, so we'd use unique boolean logic for each one. Introduce a helper to standardize state checks. Note that this is only intended to replace checks for multiple states. A simple check for one state (ContainerStateRunning, for example) should remain a straight equality, and not use this new helper. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #4331 from mheon/sane_rename_errorOpenShift Merge Robot2019-10-28
|\ \ \ \ | | | | | | | | | | Return a better error for volume name conflicts
| * | | | Return a better error for volume name conflictsMatthew Heon2019-10-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you try and create a new volume with the name of a volume that already exists, you presently get a thoroughly unhelpful error from `mkdir` as the volume attempts to create the directory it will be mounted at. An EEXIST out of mkdir is not particularly helpful to Podman users - it doesn't explain that the name is already taken by another volume. The solution here is potentially racy as the runtime is not locked, so someone else could take the name while we're still getting things set up, but that's a narrow timing window, and we will still return an error - just an error that's not as good as this one. Signed-off-by: Matthew Heon <matthew.heon@pm.me>