summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* volumes: do not recurse when chowningGiuseppe Scrivano2020-07-31
| | | | | | | | | | | | | keep the file ownership when chowning and honor the user namespace mappings. Closes: https://github.com/containers/podman/issues/7130 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> <MH: Fixed conflicts from cherry pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add {{.RunningFor}} placeholder in ps --formatAshley Cui2020-07-31
| | | | | | For docker compatibility Signed-off-by: Ashley Cui <acui@redhat.com>
* fix swapped mem_usage/percent fieldsPaul Holzinger2020-07-31
| | | | | | Correct the wrong field assignment in `podman stats --format=json`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Ensure that 'rmi --force' evicts Podman containersMatthew Heon2020-07-31
| | | | | | | | | | | | | | | | | | | | | The logic for `podman rmi --force` includes a bit of code that will remove Libpod containers using Libpod's container removal logic - this ensures that they're cleanly and completely removed. For other containers (Buildah, CRI-O, etc) we fall back to manually removing the containers using the image from c/storage. Unfortunately, our logic for invoking the Podman removal function had an error, and it did not properly handle cases where we were force-removing an image with >1 name. Force-removing such images by ID guarantees their removal, not just an untag of a single name; our code for identifying whether to remove containers did not proper detect this case, so we fell through and deleted the Podman containers as storage containers, leaving traces of them in the Libpod DB. Fixes #7153 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Don't crash when giving bogus format commandsDaniel J Walsh2020-07-31
| | | | | | | | | | | | | | | | | | | | Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed compile after cherry pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Binding the same container port to >1 host port is OKMatthew Heon2020-07-31
| | | | | | | | | | | The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-31
| | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add newline to output in error messageAnthony Sottile2020-07-31
| | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* When chowning we should not follow symbolic linkDaniel J Walsh2020-07-31
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* replace the html/template package with text/templatePaul Holzinger2020-07-31
| | | | | | | | | Currently some commands use the html/template package. This can lead to invalid output. e.g. `system df --verbose` will print `&lt;none&gt;` instead of `<none>` with an untaged image. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* The `podman start --attach` command should not print IDMatthew Heon2020-07-31
| | | | | | | | | | | | | | | | | Somewhere in the Podman v2 rewrite, we allowed `podman start --attach` to print the container ID of the started container after exiting from the attach session (via detach key or the container exiting naturally). We should never print the ID when `--attach` is given, which makes the fix simple - make the print statement conditional on `--attach` not being present. Wierdly, this only happened with `--interactive` was given to `podman start`. I don't know why that is, but this resolves the issue without having to dig any deeper, so I'm content. Fixes #7055 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix exit code example in podman-run.1.mdErik Sjölund2020-07-31
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #7166 from vrothberg/2.0-backportsOpenShift Merge Robot2020-07-31
|\ | | | | 2.0 backports
| * Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-31
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Bump github.com/rootless-containers/rootlesskit from 0.9.5 to 0.10.0Akihiro Suda2020-07-31
| | | | | | | | | | | | Fix #7016 via https://github.com/rootless-containers/rootlesskit/pull/157 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * compat/info.go: TrimPrefix(CGroupsVersion, "v")Akihiro Suda2020-07-31
| | | | | | | | | | | | For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * Fix building from http or '-' optionsDaniel J Walsh2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fix `podman image search` missing descriptionRalf Haferkamp2020-07-31
|/ | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* Merge pull request #7089 from vrothberg/2.0-fix-7078OpenShift Merge Robot2020-07-27
|\ | | | | [2.0] events parsing fix #7078
| * test/apiv2: add a simple events testValentin Rothberg2020-07-27
| | | | | | | | | | | | | | Add a simple test to exercise the events API without the "filters" parameter. Prevents regressing on #7078. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * API events: fix parsing errorValentin Rothberg2020-07-27
|/ | | | | | | | Fix an error where an absent "filters" parameter led to JSON parsing errors. Fixes: #7078 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7069 from mheon/bump_203OpenShift Merge Robot2020-07-23
|\ | | | | Bump to v2.0.3
| * Bump to v2.0.4-devMatthew Heon2020-07-23
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v2.0.3v2.0.3Matthew Heon2020-07-23
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7054 from mheon/backports_203OpenShift Merge Robot2020-07-23
|\ | | | | Backports and Release Notes for v2.0.3
| * Drop a nonfunctional test in test/apiv2Matthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | I'm somewhat reluctant to do this, but the file has diverged majorly from master, and the amount of stuff we've backported (versus not backported) makes me very hesitant to try cherry picking more from master in the hope that it will start working. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Update release notes for v2.0.3Matthew Heon2020-07-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix handling of entrypointDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * log API: add context to allow for cancellingValentin Rothberg2020-07-22
| | | | | | | | | | | | | | | | | | Add a `context.Context` to the log APIs to allow for cancelling streaming (e.g., via `podman logs -f`). This fixes issues for the remote API where some go routines of the server will continue writing and produce nothing but heat and waste CPU cycles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * fix API: Create container with an invalid configurationzhangguanzhang2020-07-22
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
| * Remove all instances of named return "err" from LibpodMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was inspired by https://github.com/cri-o/cri-o/pull/3934 and much of the logic for it is contained there. However, in brief, a named return called "err" can cause lots of code confusion and encourages using the wrong err variable in defer statements, which can make them work incorrectly. Using a separate name which is not used elsewhere makes it very clear what the defer should be doing. As part of this, remove a large number of named returns that were not used anywhere. Most of them were once needed, but are no longer necessary after previous refactors (but were accidentally retained). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix: Correct connection counters for hijacked connectionsKorhonen Sami (Samlink)2020-07-22
| | | | | | | | | | | | | | | | | | | | This patch fixes connection counters for v2 endpoints Idletracker was moved to a new package to prevent package cycle. Hijacking code still remains in wrong place and should be moved later to isolated package Signed-off-by: Sami Korhonen <skorhone@gmail.com>
| * Fix: Hijacking v2 endpoints to follow rfc 7230 semanticsKorhonen Sami (Samlink)2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this patch v2 hijacking endpoints, exec/start and containers/attach follow rfc 7230 specification. Connection will only be upgraded, if client specifies upgrade headers: For tcp connections: Connection: Upgrade Upgrade: tcp For unix socket connections: Connection: Upgrade Upgrade: sock There are currently no checks if upgrade type actually matches with available protocols. Implementation just protocol that client requested Signed-off-by: Sami Korhonen <skorhone@gmail.com>
| * Remove hijacked connections from active connections listKorhonen Sami (Samlink)2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | StateHijacked is a terminal state. If hijacked connection is registered as an active connection, connection will never be unregistered. This causes two issues First issue is that active connection counters are off. Second issue is a resource leak caused by connection object that is stored to a map. After this patch hijacked connections are no longer visible in counters. If a counter for hijacked connections is required, podman must track connections returned by Hijacker.Hijack() It might make sense to develop abstraction layer for hijacking - and move all hijacking related code to a separate package. Hijacking code is prone to resource leaks and it should be thoroughly tested. Signed-off-by: Sami Korhonen <skorhone@gmail.com>
| * version/info: format: allow more json variantsValentin Rothberg2020-07-22
| | | | | | | | | | | | | | | | | | Allow more variants to yield json output for `podman version` and `podman info`. Instead of comparing strings, use a regex and add unit and e2e tests. Fixes: #6927 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix container and pod create commands for remote createMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In `podman inspect` output for containers and pods, we include the command that was used to create the container. This is also used by `podman generate systemd --new` to generate unit files. With remote podman, the generated create commands were incorrect since we sourced directly from os.Args on the server side, which was guaranteed to be `podman system service` (or some variant thereof). The solution is to pass the command along in the Specgen or PodSpecgen, where we can source it from the client's os.Args. This will still be VERY iffy for mixed local/remote use (doing a `podman --remote run ...` on a remote client then a `podman generate systemd --new` on the server on the same container will not work, because the `--remote` flag will slip in) but at the very least the output of `podman inspect` will be correct. We can look into properly handling `--remote` (parsing it out would be a little iffy) in a future PR. Signed-off-by: Matthew Heon <matthew.heon@pm.me> <MH: Fixed build after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Mask out /sys/dev to prevent information leak from the hostDaniel J Walsh2020-07-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Ensure sig-proxy default is propagated in startMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | We properly determined what sig-proxy should be set to, but we never passed that along to the backend. As such, cases where the default swapped (mostly when `--attach` was specified but the `--sig-proxy` flag was not) were not handled correctly Fixes #6928 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add SystemdMode to inspect for containersMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to determine if the container auto-detected that systemd was in use, and correctly activated systemd integration. Use this to wire up some integration tests to verify that systemd integration is working properly. Signed-off-by: Matthew Heon <matthew.heon@pm.me> <MH: Fixed Compile after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * When determining systemd mode, use full commandMatthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were only using the Command field in specgen when determining whether to enable systemd if systemd=true (the default) was used. This does not include the entrypoint, and does not include any entrypoint/command sourced from the image - so an image could be running systemd and we'd not correctly detect this. Using the full, final command resolves this and matches Podman v1.9.x behavior. Fixes #6920 Signed-off-by: Matthew Heon <matthew.heon@pm.me> <MH: Fixed compile after backport> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix lintMatthew Heon2020-07-22
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Populate remaining unused fields in `pod inspect`Matthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | We were hard-coding two fields to false, instead of grabbing their value from the pod config, which means that `pod inspect` would print the wrong value always. Fixes #6968 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Include infra container information in `pod inspect`Matthew Heon2020-07-22
| | | | | | | | | | | | | | | | | | | | We had a field for this in the inspect data, but it was never being populated. Because of this, `podman pod inspect` stopped showing port bindings (and other infra container settings). Add code to populate the infra container inspect data, and add a test to ensure we don't regress again. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * play-kube: add suport for "IfNotPresent" pull typeTristan Cacqueray2020-07-22
| | | | | | | | | | | | | | | | This change prevents this exception when loading a pod spec using the "IfNotPresent" pull policy: Error: invalid pull type "IfNotPresent" Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
| * docs: user namespace can't be shared in podsSagi Shnaidman2020-07-22
| | | | | | | | | | | | | | | | When running "podman pod create --share user" the errors appears: Error: User sharing functionality not supported on pod level Fix docs and remove 'user' from shareable parameters. Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
| * Fix "Error: unrecognized protocol \"TCP\" in port mapping"Akihiro Suda2020-07-22
| | | | | | | | | | | | | | | | "TCP" in upper characters was not recognized as a valid protocol name. Fix #6948 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * Error on rootless mac and ip addressesBrent Baude2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125. Fixes: #6972 Signed-off-by: Brent Baude <bbaude@redhat.com> <MH: Fixed build after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix & add notes regarding problematic language in codebaseAshley Cui2020-07-22
| | | | | | | | | | | | | | | | Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies. For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA Signed-off-by: Ashley Cui <acui@redhat.com>
| * abi: set default umask and rlimitsGiuseppe Scrivano2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | the code got lost in the migration to podman 2.0, reintroduce it. Closes: https://github.com/containers/podman/issues/6989 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> <MH: Fixed build> Signed-off-by: Matthew Heon <matthew.heon@pm.me>