summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #4489 from lsm5/seccomp-separationOpenShift Merge Robot2019-11-11
|\ | | | | create a separate install target for seccomp
| * create a separate install target for seccompLokesh Mandvekar2019-11-10
|/ | | | | | | | | | podman in Fedora gets seccomp.json from containers-common while the one in Ubuntu PPA gets seccomp.json from containers-golang. This change will let me use install.config target unmodified in downstream packages. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Merge pull request #4408 from slimjim2234/masterOpenShift Merge Robot2019-11-08
|\ | | | | Fixed issue #4391; podman info --format '{{ json . }}'
| * Fixed the JSON go template format for the 'info' actionJimmy Crumpler2019-11-01
| | | | | | | | Signed-off-by: Jimmy Crumpler <slimjim2234@gmail.com>
* | Merge pull request #4337 from QiWang19/check_auth_pathOpenShift Merge Robot2019-11-08
|\ \ | | | | | | fix bug check nonexist authfile
| * | fix bug check nonexist authfileQi Wang2019-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use GetDefaultAuthFile() from buildah. For podman command(except login), if authfile does not exist returns error. close #4328 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #4427 from rst0git/docs-rm-vOpenShift Merge Robot2019-11-08
|\ \ \ | | | | | | | | docs: Update "podman container rm -v" description
| * | | docs: Update "podman container rm -v" descriptionRadostin Stoyanov2019-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit 52df1fa (Fix volume handling in podman) was implemented the --volume option for podman remove. However, its behaviour changed after 83db80c (Only remove image volumes when removing containers). This commit updates the description of this option to reflect the new behaviour. Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
* | | | Merge pull request #4453 from rhatdan/vendorOpenShift Merge Robot2019-11-08
|\ \ \ \ | | | | | | | | | | Add support for make vendor-in-container
| * | | | Add support for make vendor-in-containerDaniel J Walsh2019-11-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #4265 from haircommander/infra-namespaces-submitOpenShift Merge Robot2019-11-08
|\ \ \ \ \ | |/ / / / |/| | | | Split up create config handling of namespaces and security
| * | | | Split up create config handling of namespaces and securityPeter Hunt2019-11-07
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | As it stands, createconfig is a huge struct. This works fine when the only caller is when we create a container with a fully created config. However, if we wish to share code for security and namespace configuration, a single large struct becomes unweildy, as well as difficult to configure with the single createConfigToOCISpec function. This PR breaks up namespace and security configuration into their own structs, with the eventual goal of allowing the namespace/security fields to be configured by the pod create cli, and allow the infra container to share this with the pod's containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #4444 from TomSweeneyRedHat/dev/tsweeney/readthedocsOpenShift Merge Robot2019-11-08
|\ \ \ \ | | | | | | | | | | Add links to readthedocs on docs/readme
| * | | | Add links to readthedocs on docs/readmeTomSweeneyRedHat2019-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a couple of links to the new ReadTheDocs site for the libpod man pages from the docs/readme.md. Many users go to github.com/{project}/docs looking for the man pages for the project and their location is not evident on the current readme.md. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #4466 from giuseppe/notmpcopyupOpenShift Merge Robot2019-11-07
|\ \ \ \ \ | | | | | | | | | | | | mount: add new options nocopyup|copyup for tmpfs
| * | | | | mount: add new options nocopyup|copyup for tmpfsGiuseppe Scrivano2019-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a way to disable tmpcopyup for tmpfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4451 from giuseppe/set-macOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman: add support for specifying MAC
| * | | | | | test: add tests for --mac-addressGiuseppe Scrivano2019-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | cni: enable tuning pluginGiuseppe Scrivano2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | podman: add support for specifying MACJakub Filak2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I basically copied and adapted the statements for setting IP. Closes #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>
| * | | | | | vendor: updated ocicni for MAC addressJakub Filak2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `go get github.com/cri-o/ocicni@deac903fd99b6c52d781c9f42b8db3af7dcfd00a` I had to fix compilation errors in libpod/networking_linux.go --- ocicni.Networks has changed from string to the structure NetAttachment with the member Name (the former string value) and the member Ifname (optional). I don't think we can make use of Ifname here, so I just map the array of structures to array of strings - e.g. dropping Ifname. --- The function GetPodNetworkStatus no longer returns Result but it returns the wrapper structure NetResult which contains the former Result plus NetAttachment (Network name and Interface name). Again, I don't think we can make use of that information here, so I just added `.Result` to fix the build. --- Issue: #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>
| * | | | | | Makefile: add vendor-in-containerGiuseppe Scrivano2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #4378 from ↵OpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/json-iterator/go-1.1.8 Bump github.com/json-iterator/go from 1.1.7 to 1.1.8
| * | | | | | | Bump github.com/json-iterator/go from 1.1.7 to 1.1.8dependabot-preview[bot]2019-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/json-iterator/go](https://github.com/json-iterator/go) from 1.1.7 to 1.1.8. - [Release notes](https://github.com/json-iterator/go/releases) - [Commits](https://github.com/json-iterator/go/compare/v1.1.7...1.1.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | Merge pull request #4413 from ↵OpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.7.1 Bump github.com/onsi/gomega from 1.7.0 to 1.7.1
| * | | | | | | | Bump github.com/onsi/gomega from 1.7.0 to 1.7.1dependabot-preview[bot]2019-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.7.0...v1.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | | Merge pull request #4471 from ↵OpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.20.0+incompatible Bump github.com/uber/jaeger-client-go from 2.19.0+incompatible to 2.20.0+incompatible
| * | | | | | | | | Bump github.com/uber/jaeger-client-godependabot-preview[bot]2019-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.19.0+incompatible to 2.20.0+incompatible. - [Release notes](https://github.com/uber/jaeger-client-go/releases) - [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber/jaeger-client-go/compare/v2.19.0...v2.20.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | | | Merge pull request #4468 from nalind/image-digestsOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | podman images --digest: always list a digest
| * | | | | | | | | | podman images --digest: always list a digestNalin Dahyabhai2019-11-06
| |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we're asked to display image digests, always provide them if we have values that we can provide. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | | | | | | Merge pull request #4470 from vrothberg/fix-4463OpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | libpod/config: default: use `crun` on Cgroups v2
| * | | | | | | | | | libpod/config: default: use `crun` on Cgroups v2Valentin Rothberg2019-11-07
| |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running on a node with Cgroups v2, default to using `crun` instead of `runc`. Note that this only impacts the hard-coded default config. No user config will be over-written. Fixes: #4463 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | | | Merge pull request #4447 from rhatdan/runasuserOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Add support for RunAsUser and RunAsGroup
| * | | | | | | | | | Add support for RunAsUser and RunAsGroupDaniel J Walsh2019-11-06
| | |_|_|_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup options in the yaml file. This patch fixes this. This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if they are specified in the yaml file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | | | Merge pull request #4441 from rhatdan/detachOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Allow users to disable detach keys
| * | | | | | | | | | Allow users to disable detach keysDaniel J Walsh2019-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user specifies --detach-keys="", this will disable the feature. Adding define.DefaultDetachKeys to help screen to help identify detach keys. Updated man pages with additonal information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | | | | Merge pull request #4308 from openSUSE/kataOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / / |/| | | | | | | | | | Add Kata Containers runtimes to libpod.conf
| * | | | | | | | | | Add Kata Containers runtimes to libpod.confSascha Grunert2019-11-06
| | |_|_|_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the Kata Containers runtimes to the libpod.conf and adds additional documentation to it. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | | | | | | Merge pull request #4461 from giuseppe/fix-hangOpenShift Merge Robot2019-11-06
|\ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / |/| | | | | | | | | events: make sure the write channel is always closed
| * | | | | | | | | events: make sure the write channel is always closedGiuseppe Scrivano2019-11-06
| | |_|_|_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in case of errors, the channel is not closed, blocking the reader indefinitely. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1767663 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | | Merge pull request #4459 from giuseppe/fix-renameat-definitionOpenShift Merge Robot2019-11-06
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / |/| | | | | | | | rootless: use SYS_renameat2 instead of __NR_renameat2
| * | | | | | | | rootless: provide workaround for missing renameat2Giuseppe Scrivano2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on RHEL 7.7 renameat2 is not implemented for s390x, provide a workaround. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1768519 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | | rootless: use SYS_renameat2 instead of __NR_renameat2Giuseppe Scrivano2019-11-06
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use the correct definition for the syscall number. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | Merge pull request #4439 from junaruga/feature/install-ubuntuOpenShift Merge Robot2019-11-06
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Update installation - Ubuntu. [skip ci]
| * | | | | | | | Update installation - Ubuntu. [skip ci]Jun Aruga2019-11-05
| | |_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current podman deb package does not install /etc/containers/registries.conf . The added line is for compatibility of use cases with docker. Signed-off-by: Jun Aruga <jaruga@redhat.com>
* | | | | | | | Merge pull request #4457 from vrothberg/fix-4456OpenShift Merge Robot2019-11-06
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | | | | | help message: don't parse the config for cgroup-manager default
| * | | | | | | help message: don't parse the config for cgroup-manager defaultValentin Rothberg2019-11-06
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not generate an entire `config.Config` for displaying the default value for the --cgroup-manager flag and just default to systemd. Not using the `config.Config` is okay as 1) the value may change at runtime in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly parse the system config files and to generate the hard-coded default config, and 3) the log-level and other attributes are not yet set during init() causing undesirable side effects. Fixes: #4456 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #4370 from rhatdan/seccompOpenShift Merge Robot2019-11-05
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Set SELinux labels based on the security context in the kube.yaml
| * | | | | | | Set SELinux labels based on the security context in the kube.yamlDaniel J Walsh2019-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the kube.yaml specifieds the SELinux type or Level, we need the container to be launched with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #4374 from giuseppe/create-cgroupns-by-default-on-cgroupsv2OpenShift Merge Robot2019-11-05
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | namespaces: by default create cgroupns on cgroups v2