| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to modify /etc/passwd to add an entry for the user in
question, but at the same time we don't want to require the
container provide a /etc/passwd (a container with a single,
statically linked binary and nothing else is perfectly fine and
should be allowed, for example). We could create the passwd file
if it does not exist, but if the container doesn't provide one,
it's probably better not to make one at all. Gate changes to
/etc/passwd behind a stat() of the file in the container
returning cleanly.
Fixes #7515
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We added code to create a `/etc/passwd` file that we bind-mount
into the container in some cases (most notably,
`--userns=keep-id` containers). This, unfortunately, was not
persistent, so user-added users would be dropped on container
restart. Changing where we store the file should fix this.
Further, we want to ensure that lookups of users in the container
use the right /etc/passwd if we replaced it. There was already
logic to do this, but it only worked for user-added mounts; it's
easy enough to alter it to use our mounts as well.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
V2.0: Futher --remote flag backports
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
--remote pre-check was providing usage context, which was also being
provided by the root podman command.
Fixes #7273
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- new sanity checks for podman-remote:
- first, confirm that when PODMAN is "-remote",
we actually talk to a server (validated by
presence of "Server:" string in "podman version").
- second, add test for #7212, in which we run
"podman --remote" (podman with --remote flag,
not podman-remote command) and make sure --remote
is allowed both as the first option and also
with other flag options preceding.
- new test for "podman image tree" (piggybacking on
top of a "podman build" test, because that gives
us lots of layers).
- skip "podman exec - basic test" when remote. It is consistently
causing CI failures, breaking all of CI, due to #7241.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
| |
Use cobra.Command.FParseErrWhitelist to no longer require --remote to be
the first argument in flags when using CLI
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Enable --remote flag v2.0
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Bump to v2.0.6-rc1
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
[CI:DOCS] remote doc fixes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for multi level subcommands.
e.g. podman system connection.
Update the flags and add note for containers.conf.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
sed syntax on mac is different
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Bump c/common to v0.14.10 and c/conmon to v2.0.20
|
| |/ /
| |
| |
| |
| |
| | |
As the title says.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \
| | |
| | | |
abi: trim init command
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
without it the systemd detection fails.
Closes: https://github.com/containers/podman/issues/7441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
podman-remote fixes for msi and client
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
correct small typo that sets the path on windows via the msi xml.
in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Undo v2.0 branch hacks
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This includes an important patch to fix a CI issue where the
cleanup process's unmount of a container was not being
registered by `podman system service`.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 44e5d0c1e8272f92d0fa6d41075a0127b241f003. We
temporarily disabled this for the last few backports for 2.0.5,
given how painful the libpod->podman move made things. We do not
want to keep this around long-term, each commit should be
required to build.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit ae2ee65eff71c5780e4484f1316dbbdd87bf1760.
This was a horrible hack that we did for time reasons, to get
2.0.5 out on schedule; now that it has been merged into c/storage
properly we no longer need or want it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
run test: use explicit uid/gid
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes Fedora gating test failure: if the host tests are running
under UID 1000, --userns=keep-id will (of course) add current
user as 1000, and the in-container 'adduser' will assign 1001.
To prevent that, assign UID 4242 (and hope that that's not
our calling user's UID).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| |/
|/| |
Final v2.0.5 backports
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need this release out by end of day, so we don't have time to
do this right. Disable the vendor task and manually add c/storage
PR #698 to the vendored copy of c/storage to make the tests pass.
Once #698 merges into c/storage, we need to remove this commit
and backport it to the v1.20 stable branch, then cut a release
there.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Really. I promise. No more after this.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This should help alleviate races where the pod is not fully
cleaned up before subsequent API calls happen.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most Libpod containers are made via `pkg/specgen/generate` which
includes code to generate an appropriate exit command which will
handle unmounting the container's storage, cleaning up the
container's network, etc. There is one notable exception: pod
infra containers, which are made entirely within Libpod and do
not touch pkg/specgen. As such, no cleanup process, network never
cleaned up, bad things can happen.
There is good news, though - it's not that difficult to add this,
and it's done in this PR. Generally speaking, we don't allow
passing options directly to the infra container at create time,
but we do (optionally) proxy a pre-approved set of options into
it when we create it. Add ExitCommand to these options, and set
it at time of pod creation using the same code we use to generate
exit commands for normal containers.
Fixes #7103
Signed-off-by: Matthew Heon <mheon@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes:
* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P
Signed-off-by: Brent Baude <bbaude@redhat.com>
<MH: Fixed cherry pick conflicts and compile>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Vendor in containers/common v0.14.9
|
| |/
|
|
|
|
|
| |
This will fix the localions of the containers.conf file
on Windows and MacOS Boxes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
In podman 1.* regression on --cap-add
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
In podman 1.0 if you executed a command like:
podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80
It would work, and the user dwalsh would get the capability, in
podman 2.0, only root and the binding set gets the capability.
This change restores us back to the way podman 1.0 worked.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Lets try this again: v2.0.5 backports, round 2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax")
Commit 4c75fe3f70ed passes all net options to the pod but forgot
to unset the options for the container creation. This leads to
erros when using flags like `--ip` since we tried setting
the ip on the pod and container which obviously fails.
I didn't notice the bug because we don't throw an error when
specifing port bindings on a container which joins the pods
network namespace. (#7373)
Also allow the use of `--hostname` and pass that option to the
pod and unset it for the container. The container has to use
the pods hostname anyway. This would error otherwise.
Added tests to prevent regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* override --url and/or --identity fields from containers.conf
* --connection flag has higher precedence than ActiveService from
containers.conf. Which is set via podman system connection default
* Add newline to error message printed on stderr
* Added --connection to bash completion and documentation
* Updated bindings to query server in case of no path or /
Closes #jira-991
Fixes #7276
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Squashed commits to work around CI issue
<MH: Fixed rebase conflicts on v2.0>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option.
Fixes: #7127
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
