| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
With multiple `containers` projects updating VM Image metadata,
it would be very difficult to discover which Cirrus-CI setup
was responsible. Add the GCE project name to the list
of metadata labels to update when this container runs. This
will give more context as to which images are currently in use.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
remove -c for podman remote global options
|
| |
| |
| |
| |
| |
| | |
it conflicts with commit
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Cirrus: Disable testing on F28 (EOL)
|
| |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
podman-remote.conf enablement
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability for the podman remote client to use a configuration file
which describes its connections. users can now define a connection the
configuration and then call it by name like:
podman-remote -c connection1
and the destination and user will be derived from the configuration
file. if no -c is provided, we look for a connection in the
configuration file designated as 'default'. If the configuration file
has only one connection, it will be deemed the 'default'.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Vendor Buildah v1.8.3
|
|/ /
| |
| |
| |
| |
| | |
Vendor in Buildah v1.8.3
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| | |
| | | |
pkg/varlinkapi/virtwriter/virtwriter.go: simplify func Reader
|
| | |
| | |
| | |
| | | |
Signed-off-by: Harald Hoyer <harald@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix timing issues with some tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
some integration tests are inherently problematic due to timing issues.
one such case is running a valid health check on container that runs
nginx. while the container may be running, nginx may not have finished
executing itself and therefore the healthcheck fails.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: block signals on re-exec
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
we are allowed to use only signal safe functions between a fork of a
multithreaded application and the next execve. Since setenv(3) is not
signal safe, block signals. We are already doing it for creating a
new namespace.
This is mostly a cleanup since reexec_in_user_namespace_wait is used
only only to join existing namespaces when we have not a pause.pid
file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Create Dockerfiles for podmanimage
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The Dockerfiles necessary to create the stable, testing and upstream container images
on quay.io/user/podman. Once this is commited, I will set up those images
such that they will be built with every git commit.
stable - Latest Fedora release image
testing - Latest release on bohdi Fedora testing
upstream - Latest version in upstream podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
cirrus: minor cleanup and refactoring
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
...with the goal of (very soon) reusing this code, in #2947,
to run system tests in CI. This is the cleanest way I can
think of to do so without duplication or a large maintenance
burden.
Changes are:
- replace references to 'ginkgo' with 'integration'. That
target is already in Makefile, and is not only more
readable, it's also more abstract. There is no reason
for this level of code to know about ginkgo.
- allow rootless_test.sh to accept an argument,
that being the name of the test suite to run
(default: integration). #2947 will enable 'system'.
- allow integration_test.sh to serve multiple purposes,
by checking its filename. #2947 will add a symlink,
system_test.sh, which will then cascade down to
invoke system tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
podman remote-client commit
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add the ability to commit a container to an image using the remote
client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Manpage: fix podman-varlink and -version mixup
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Marcus Müller <marcus@hostalia.de>
|
|\ \ \
| | | |
| | | | |
rootless: some cleanups for rootless_linux.c
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
avoid checking for EINTR for every syscall that could block.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
after we read from the pause PID file, NUL terminate the buffer to
avoid reading garbage from the stack.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
split rootless local and remote testing
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Small fix to readme to force tests to run
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: skip check fo /etc/containers/registries.conf
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
the warning can be confusing when used in rootless mode as the
unprivileged user has no way for setting it up.
Closes: https://github.com/containers/libpod/issues/2955
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix for varlink upgrade connections
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Although an upgraded call is requested, the server has to send at least
one reply (can be an error) and the client has to check the reply,
before assuming an upgraded connection.
Signed-off-by: Harald Hoyer <harald@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Do not set tmpcopyup on /dev
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes #3229
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
use imagecaches for local tests
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
when doing localized tests (not varlink), we can use secondary image
stores as read-only image caches. this cuts down on test time
significantly because each test does not need to restore the images from
a tarball anymore.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
Resolve symlinks in cp
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We can't pause them, so if that's requested, throw an error.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Rootless containers can't be paused (no CGroups, so no freezer).
We could try and emulate this with a SIGSTOP to all PIDs in the
container, but that's inherently racy, so let's avoid it for now.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Should fix CVE-2018-15664 for Podman.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Securejoin ensures that paths are resolved in the container, not
on the host.
Fixes #3211
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|