summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix bug where `podman mount` didn't error as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | We require that rootless `podman mount` be run inside a shell spawned by `podman unshare` (which gives us a mount namespace which actually lets other commands use the mounted filesystem). The fix is simple - we need to mark the command as requiring the rootless user namespace not be configured, so we can test for it later as part of the mount code and error if we needed to make one. Disable rootless tests as part of this - they were never expected to work. Fixes #6856 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6871 from mheon/202_backportsOpenShift Merge Robot2020-07-06
|\ | | | | Backports for v2.0.2
| * Fix imports to ensure v2 is used with libpodMatthew Heon2020-07-06
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Update release notes for v2.0.2Matthew Heon2020-07-06
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * specgen: fix order for setting rlimitsRalf Haferkamp2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
| * Ensure umask is set appropriately for 'system service'Matthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * generate systemd: improve pod-flags filterValentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | When generating systemd unit for pods, we need to remove certain pod-related flags from the containers' create commands. Make sure to account for all the syntax including a single argument with key and value being split by `=`. Fixes: #6766 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound ↵Maximilian Müller2020-07-06
| | | | | | | | | | | | instead of nil Signed-off-by: Maximilian Müller <maxm123@techie.com>
| * Fixes --remote flag issuesJhon Honce2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --remote, --url and --identity are now anchored to podman command. Subcommands should no longer have issues * TraverseChildren now set to V1 expectations * Latest flag now has helper function. Now has consistent usage. * IsRemote() uses cobra parser to determin if --remote is given * Moved validation functions from parser pkg to validate pkg * Fixes #6598 Fixes #6704 Signed-off-by: Jhon Honce <jhonce@redhat.com> <MH: Fixed import issues> Signed-off-by: Matt Heon <matthew.heon@pm.me>
| * Set console mode for windowsBrent Baude2020-07-06
| | | | | | | | | | | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com> <MH: Tweaked imports to compile> Signed-off-by: Matt Heon <matthew.heon@pm.me>
| * Allow empty host port in --publish flagMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add a note on the APIs supported by `system service`Matthew Heon2020-07-06
| | | | | | | | | | | | | | | | This makes it clear that we target compatibility with a specific Docker version (v1.40), but do not reject other versions. It also adds a link to documentation on the Podman-specific API. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * fix: Don't override entrypoint if it's `nil`maybe-sybr2020-07-06
| | | | | | | | | | | | | | This change ensures that we only override a container's entrypoint if it is set to something other than `nil`. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
| * Set TMPDIR to /var/tmp by default if not setDaniel J Walsh2020-07-06
| | | | | | | | | | | | | | | | | | Containers/image will use TMPDIR for the location of pulled layer blobs. If TMPDIR is not set, it will use /tmp. Since this is known to be of limited space on most systems, we change the default to /var/tmp if the user has not told the tools where to store temporary files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * test: add tests for --user and volumesValentin Rothberg2020-07-06
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * container: move volume chown after spec generationGiuseppe Scrivano2020-07-06
| | | | | | | | | | | | | | | | | | move the chown for newly created volumes after the spec generation so the correct UID/GID are known. Closes: https://github.com/containers/libpod/issues/5698 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * libpod: volume copyup honors namespace mappingsGiuseppe Scrivano2020-07-06
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Fix `system service` panic from early hangup in eventsMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | We weren't actually halting the goroutine that sent events, so it would continue sending even when the channel closed (the most notable cause being early hangup - e.g. Control-c on a curl session). Use a context to cancel the events goroutine and stop sending events. Fixes #6805 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * stop podman service in e2e testsBrent Baude2020-07-06
| | | | | | | | | | | | when running e2e tests, each test knows to stop its service when running remote; however, during setup and teardown remote services were not being killed when we were done with them. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Print errors from individual containers in podsMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The infra/abi code for pods was written in a flawed way, assuming that the map[string]error containing individual container errors was only set when the global error for the pod function was nil; that is not accurate, and we are actually *guaranteed* to set the global error when any individual container errors. Thus, we'd never actually include individual container errors, because the infra code assumed that err being set meant everything failed and no container operations were attempted. We were originally setting the cause of the error to something nonsensical ("container already exists"), so I made a new error indicating that some containers in the pod failed. We can then ignore that error when building the report on the pod operation and actually return errors from individual containers. Unfortunately, this exposed another weakness of the infra code, which was discarding the container IDs. Errors from individual containers are not guaranteed to identify which container they came from, hence the use of map[string]error in the Pod API functions. Rather than restructuring the structs we return from pkg/infra, I just wrapped the returned errors with a message including the ID of the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * auto-update: clarify systemd-unit requirementsValentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | Clarify in the help message and the man page that auto updates only work with systemd units that are similar to the ones from `generate systemd --new`. Units that merely start/stop a container do not work as they will use the same image. Fixes: #6793 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * podman ps truncate the commandPaul Holzinger2020-07-06
| | | | | | | | | | | | | | | | | | With a long create command the output from ps is basically unreadable. This is a regression that was introduced with Podman 2.0. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #6870 from rhatdan/v2.0OpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Pids-limit should only be set if the user set it
| * Pids-limit should only be set if the user set itDaniel J Walsh2020-07-06
|/ | | | | | | | | | Currently we are sending over pids-limits from the user even if they never modified the defaults. The pids limit should be set at the server side unless modified by the user. This issue has led to failures on systems that were running with cgroups V1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6865 from vrothberg/2.0-v2-moduleOpenShift Merge Robot2020-07-06
|\ | | | | [2.0] move go module to v2
| * move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to github.com/containers/libpod/v2. The renaming of the imports was done via gomove [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6860 from rhatdan/v2.0OpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Vendor containers/common v0.14.4
| * Vendor containers/common v0.14.4Daniel J Walsh2020-07-06
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6849 from TomSweeneyRedHat/dev/tsweeney/ib_v1.1.6_v2OpenShift Merge Robot2020-07-06
|\ | | | | Bump to imagebuilder v1.1.6 on v2 branch
| * Bump to imagebuilder v1.1.6 on v2 branchTomSweeneyRedHat2020-07-02
|/ | | | | | | | As the title says. Addresses: https://github.com/containers/buildah/issues/2424 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #6802 from lsm5/v2.0-registry-port-numberOpenShift Merge Robot2020-06-29
|\ | | | | Account for non-default port number in image name (backported from master)
| * Account for non-default port number in image nameLokesh Mandvekar2020-06-27
|/ | | | | | | | | | | | | | | Previously, if an image was tagged with the format $REGISTRY:$PORT/$REPO:$TAG, then `podman images` would display $PORT/$REPO:$TAG under the "TAG" field. This commit correctly displays $REGISTRY:$PORT/$REPO under the "REPOSITORY" field while the "TAG" field only displays $TAG. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> Fixes: gh#6665 (cherry picked from commit 71f6dd47ddce82545865739cb3382c0beb3f65a4)
* Merge pull request #6792 from baude/2.0swaggerOpenShift Merge Robot2020-06-26
|\ | | | | [CI:DOCS]Add swagger.yaml to docs/
| * [CI:DOCS]Add swagger.yaml to docs/Brent Baude2020-06-26
|/ | | | | | Adding the swagger.yaml to the docs directory so that we can version the read-the-docs API information. also, change the links to be relative in nature and point to the new swagger. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6782 from mheon/bump_201OpenShift Merge Robot2020-06-25
|\ | | | | [CI:DOCS] Bump to v2.0.1
| * Bump to v2.0.2-devMatthew Heon2020-06-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v2.0.1v2.0.1Matthew Heon2020-06-25
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6780 from mheon/even_more_201_backportsOpenShift Merge Robot2020-06-25
|\ | | | | Even more v2.0.1 backports
| * Update release notes with further v2.0.1 changesMatthew Heon2020-06-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Fix inspect to display multiple label: changesDaniel J Walsh2020-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Set syslog for exit commands on log-level=debugMatthew Heon2020-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Friendly amendment for pr 6751Ed Santiago2020-06-25
| | | | | | | | | | | | More robust system test for podman run/create docker-archive Signed-off-by: Ed Santiago <santiago@redhat.com>
| * podman run/create: support all transportsValentin Rothberg2020-06-25
| | | | | | | | | | | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * systemd generate: allow manual restart of container units in podsValentin Rothberg2020-06-25
| | | | | | | | | | | | | | | | Allow manual restarts of container units that are part of a pod. This allows for configuring these containers for auto updates. Fixes: #6770 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Revert sending --remote flag to containersJhon Honce2020-06-25
| | | | | | | | | | | | * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-25
|/ | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6776 from vrothberg/2.0-vendor-commonOpenShift Merge Robot2020-06-25
|\ | | | | [2.0] vendor github.com/containers/common@v0.14.3
| * vendor github.com/containers/common@v0.14.3Valentin Rothberg2020-06-25
|/ | | | | | Includes several fixes for config parsing and AppArmor. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6758 from mheon/v2.0.1_backportsOpenShift Merge Robot2020-06-24
|\ | | | | V2.0.1 backports
| * Update release notes for v2.0.1Matthew Heon2020-06-24
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>