| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fix #7016 via https://github.com/rootless-containers/rootlesskit/pull/157
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
| |
For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When copying from a URL, podman will download and create a context
directory in a temporary file. The problem was that this directory
was being removed as soon as the function that created it was returned.
Later the build code would look for content in the temporary directory
and fail to find it, blowing up the build.
By pulling the extraction code back into the build function, we keep the
temporary directory around until the build completes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
| |\
| |
| | |
[2.0] events parsing fix #7078
|
| | |
| |
| |
| |
| |
| |
| | |
Add a simple test to exercise the events API without the "filters"
parameter. Prevents regressing on #7078.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
| |
Fix an error where an absent "filters" parameter led to JSON parsing
errors.
Fixes: #7078
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Bump to v2.0.3
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Backports and Release Notes for v2.0.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
I'm somewhat reluctant to do this, but the file has diverged
majorly from master, and the amount of stuff we've backported
(versus not backported) makes me very hesitant to try cherry
picking more from master in the hope that it will start working.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
If a user specifies an entrypoint of "" then we should not use the images
entrypoint.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a `context.Context` to the log APIs to allow for cancelling
streaming (e.g., via `podman logs -f`). This fixes issues for
the remote API where some go routines of the server will continue
writing and produce nothing but heat and waste CPU cycles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was inspired by https://github.com/cri-o/cri-o/pull/3934 and
much of the logic for it is contained there. However, in brief,
a named return called "err" can cause lots of code confusion and
encourages using the wrong err variable in defer statements,
which can make them work incorrectly. Using a separate name which
is not used elsewhere makes it very clear what the defer should
be doing.
As part of this, remove a large number of named returns that were
not used anywhere. Most of them were once needed, but are no
longer necessary after previous refactors (but were accidentally
retained).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch fixes connection counters for v2 endpoints
Idletracker was moved to a new package to prevent package cycle.
Hijacking code still remains in wrong place and should be moved
later to isolated package
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After this patch v2 hijacking endpoints, exec/start and
containers/attach follow rfc 7230 specification.
Connection will only be upgraded, if client specifies upgrade
headers:
For tcp connections:
Connection: Upgrade
Upgrade: tcp
For unix socket connections:
Connection: Upgrade
Upgrade: sock
There are currently no checks if upgrade type actually matches with
available protocols. Implementation just protocol that client
requested
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
StateHijacked is a terminal state. If hijacked connection
is registered as an active connection, connection will
never be unregistered. This causes two issues
First issue is that active connection counters are off.
Second issue is a resource leak caused by connection
object that is stored to a map.
After this patch hijacked connections are no longer
visible in counters. If a counter for hijacked
connections is required, podman must track
connections returned by Hijacker.Hijack()
It might make sense to develop abstraction layer for
hijacking - and move all hijacking related code to a
separate package. Hijacking code is prone to resource
leaks and it should be thoroughly tested.
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow more variants to yield json output for `podman version` and
`podman info`. Instead of comparing strings, use a regex and add
unit and e2e tests.
Fixes: #6927
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I
thought they were 1 and 0). As such, we were looking at whether
we wanted to print STDIN when we looked to print STDOUT. This
bool was set when `-i` was set in at the `podman exec` command
line, which masked the problem when it was set.
Fixes #6890
Fixes #6891
Fixes #6892
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In `podman inspect` output for containers and pods, we include
the command that was used to create the container. This is also
used by `podman generate systemd --new` to generate unit files.
With remote podman, the generated create commands were incorrect
since we sourced directly from os.Args on the server side, which
was guaranteed to be `podman system service` (or some variant
thereof). The solution is to pass the command along in the
Specgen or PodSpecgen, where we can source it from the client's
os.Args.
This will still be VERY iffy for mixed local/remote use (doing a
`podman --remote run ...` on a remote client then a
`podman generate systemd --new` on the server on the same
container will not work, because the `--remote` flag will slip
in) but at the very least the output of `podman inspect` will be
correct. We can look into properly handling `--remote` (parsing
it out would be a little iffy) in a future PR.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
<MH: Fixed build after cherry-pick>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We properly determined what sig-proxy should be set to, but we
never passed that along to the backend. As such, cases where the
default swapped (mostly when `--attach` was specified but the
`--sig-proxy` flag was not) were not handled correctly
Fixes #6928
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows us to determine if the container auto-detected that
systemd was in use, and correctly activated systemd integration.
Use this to wire up some integration tests to verify that systemd
integration is working properly.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
<MH: Fixed Compile after cherry-pick>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were only using the Command field in specgen when determining
whether to enable systemd if systemd=true (the default) was used.
This does not include the entrypoint, and does not include any
entrypoint/command sourced from the image - so an image could be
running systemd and we'd not correctly detect this. Using the
full, final command resolves this and matches Podman v1.9.x
behavior.
Fixes #6920
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
<MH: Fixed compile after backport>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We were hard-coding two fields to false, instead of grabbing
their value from the pod config, which means that `pod inspect`
would print the wrong value always.
Fixes #6968
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We had a field for this in the inspect data, but it was never
being populated. Because of this, `podman pod inspect` stopped
showing port bindings (and other infra container settings). Add
code to populate the infra container inspect data, and add a test
to ensure we don't regress again.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This change prevents this exception when loading a pod spec
using the "IfNotPresent" pull policy:
Error: invalid pull type "IfNotPresent"
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When running "podman pod create --share user" the errors appears:
Error: User sharing functionality not supported on pod level
Fix docs and remove 'user' from shareable parameters.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
"TCP" in upper characters was not recognized as a valid protocol name.
Fix #6948
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125.
Fixes: #6972
Signed-off-by: Brent Baude <bbaude@redhat.com>
<MH: Fixed build after cherry-pick>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies.
For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the code got lost in the migration to podman 2.0, reintroduce it.
Closes: https://github.com/containers/podman/issues/6989
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
<MH: Fixed build>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When an image has no name/tag system df will
error because it tries to parse an empty name.
This commit makes sure we only parse non
empty names and set the repository and tag
to "<none>" otherwise.
Closes #7015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| | |
generate kube title and descritopn was same as play kube for apiv2 docs
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently you can not apply an ApparmorProfile if you specify
--privileged. This patch will allow both to be specified
simultaniosly.
By default Apparmor should be disabled if the user
specifies --privileged, but if the user specifies --security apparmor:PROFILE,
with --privileged, we should do both.
Added e2e run_apparmor_test.go
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Bump github.com/containers/common to v0.14.6
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
[2.0] events fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
[2.0] Switch references from libpod.conf to containers.conf
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
