summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Cirrus: Track VM Image calling GCE projectChris Evich2019-06-05
| | | | | | | | | | With multiple `containers` projects updating VM Image metadata, it would be very difficult to discover which Cirrus-CI setup was responsible. Add the GCE project name to the list of metadata labels to update when this container runs. This will give more context as to which images are currently in use. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3265 from baude/noremotecOpenShift Merge Robot2019-06-05
|\ | | | | remove -c for podman remote global options
| * remove -c for podman remote global optionsbaude2019-06-04
| | | | | | | | | | | | it conflicts with commit Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3259 from cevich/cull_f28OpenShift Merge Robot2019-06-05
|\ \ | |/ |/| Cirrus: Disable testing on F28 (EOL)
| * Cirrus: Disable testing on F28 (EOL)Chris Evich2019-06-04
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3231 from baude/remoteclientconfOpenShift Merge Robot2019-06-04
|\ \ | | | | | | podman-remote.conf enablement
| * | podman-remote.conf enablementbaude2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability for the podman remote client to use a configuration file which describes its connections. users can now define a connection the configuration and then call it by name like: podman-remote -c connection1 and the destination and user will be derived from the configuration file. if no -c is provided, we look for a connection in the configuration file designated as 'default'. If the configuration file has only one connection, it will be deemed the 'default'. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3260 from TomSweeneyRedHat/dev/tsweeney/buildah1.8.3OpenShift Merge Robot2019-06-04
|\ \ \ | |_|/ |/| | Vendor Buildah v1.8.3
| * | Vendor Buildah v1.8.3TomSweeneyRedHat2019-06-04
|/ / | | | | | | | | | | Vendor in Buildah v1.8.3 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #3225 from haraldh/virtwriterOpenShift Merge Robot2019-06-04
|\ \ | | | | | | pkg/varlinkapi/virtwriter/virtwriter.go: simplify func Reader
| * | pkg/varlinkapi/virtwriter/virtwriter.go: simplify func ReaderHarald Hoyer2019-06-03
| | | | | | | | | | | | Signed-off-by: Harald Hoyer <harald@redhat.com>
* | | Merge pull request #3249 from baude/testtimingOpenShift Merge Robot2019-06-04
|\ \ \ | | | | | | | | fix timing issues with some tests
| * | | fix timing issues with some testsbaude2019-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some integration tests are inherently problematic due to timing issues. one such case is running a valid health check on container that runs nginx. while the container may be running, nginx may not have finished executing itself and therefore the healthcheck fails. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3251 from giuseppe/join-block-signalsOpenShift Merge Robot2019-06-04
|\ \ \ \ | | | | | | | | | | rootless: block signals on re-exec
| * | | | rootless: block signals on re-execGiuseppe Scrivano2019-06-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we are allowed to use only signal safe functions between a fork of a multithreaded application and the next execve. Since setenv(3) is not signal safe, block signals. We are already doing it for creating a new namespace. This is mostly a cleanup since reexec_in_user_namespace_wait is used only only to join existing namespaces when we have not a pause.pid file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3156 from TomSweeneyRedHat/dev/tsweeney/podmanimageOpenShift Merge Robot2019-06-04
|\ \ \ \ | | | | | | | | | | Create Dockerfiles for podmanimage
| * | | | Create Dockerfiles for podmanimageTomSweeneyRedHat2019-06-01
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Dockerfiles necessary to create the stable, testing and upstream container images on quay.io/user/podman. Once this is commited, I will set up those images such that they will be built with every git commit. stable - Latest Fedora release image testing - Latest release on bohdi Fedora testing upstream - Latest version in upstream podman Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #3217 from edsantiago/cirrus_cleanupOpenShift Merge Robot2019-06-03
|\ \ \ \ | | | | | | | | | | cirrus: minor cleanup and refactoring
| * | | | cirrus: minor cleanup and refactoringEd Santiago2019-06-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...with the goal of (very soon) reusing this code, in #2947, to run system tests in CI. This is the cleanest way I can think of to do so without duplication or a large maintenance burden. Changes are: - replace references to 'ginkgo' with 'integration'. That target is already in Makefile, and is not only more readable, it's also more abstract. There is no reason for this level of code to know about ginkgo. - allow rootless_test.sh to accept an argument, that being the name of the test suite to run (default: integration). #2947 will enable 'system'. - allow integration_test.sh to serve multiple purposes, by checking its filename. #2947 will add a symlink, system_test.sh, which will then cascade down to invoke system tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #3081 from baude/remotecommitOpenShift Merge Robot2019-06-03
|\ \ \ \ | |_|/ / |/| | | podman remote-client commit
| * | | podman remote-client commitbaude2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to commit a container to an image using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3250 from marcusmueller/podman_man_page_mixupOpenShift Merge Robot2019-06-03
|\ \ \ \ | |_|/ / |/| | | Manpage: fix podman-varlink and -version mixup
| * | | manpage: podman-tool table: un-confuse version and varlinkMarcus Müller2019-06-02
|/ / / | | | | | | | | | Signed-off-by: Marcus Müller <marcus@hostalia.de>
* | | Merge pull request #3244 from giuseppe/cleanups-rootless-joinOpenShift Merge Robot2019-06-01
|\ \ \ | | | | | | | | rootless: some cleanups for rootless_linux.c
| * | | rootless: use TEMP_FAILURE_RETRY macroGiuseppe Scrivano2019-05-31
| | | | | | | | | | | | | | | | | | | | | | | | avoid checking for EINTR for every syscall that could block. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: fix return typeGiuseppe Scrivano2019-05-31
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: make sure the buffer is NUL terminatedGiuseppe Scrivano2019-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | after we read from the pause PID file, NUL terminate the buffer to avoid reading garbage from the stack. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3236 from baude/testsplitrootlessOpenShift Merge Robot2019-06-01
|\ \ \ \ | |/ / / |/| | | split rootless local and remote testing
| * | | split rootless local and remote testingbaude2019-05-31
| | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3246 from mheon/run_the_testsOpenShift Merge Robot2019-05-31
|\ \ \ \ | | | | | | | | | | Small fix to readme to force tests to run
| * | | | Fix podman cp test by reordering operationsMatthew Heon2019-05-31
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | Small fix to readme to force tests to runMatthew Heon2019-05-31
|/ / / / | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3227 from giuseppe/fix-warning-rootlessOpenShift Merge Robot2019-05-31
|\ \ \ \ | | | | | | | | | | rootless: skip check fo /etc/containers/registries.conf
| * | | | rootless: skip check fo /etc/containers/registries.confGiuseppe Scrivano2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the warning can be confusing when used in rootless mode as the unprivileged user has no way for setting it up. Closes: https://github.com/containers/libpod/issues/2955 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3224 from haraldh/varlink_upgradeOpenShift Merge Robot2019-05-31
|\ \ \ \ \ | | | | | | | | | | | | Fix for varlink upgrade connections
| * | | | | Fix the varlink upgraded callsHarald Hoyer2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although an upgraded call is requested, the server has to send at least one reply (can be an error) and the client has to check the reply, before assuming an upgraded connection. Signed-off-by: Harald Hoyer <harald@redhat.com>
* | | | | | Merge pull request #3238 from mheon/no_tmpcopyup_devOpenShift Merge Robot2019-05-31
|\ \ \ \ \ \ | | | | | | | | | | | | | | Do not set tmpcopyup on /dev
| * | | | | | Do not set tmpcopyup on /devMatthew Heon2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #3229 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #3147 from baude/testimagecacheOpenShift Merge Robot2019-05-30
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | use imagecaches for local tests
| * | | | | | | use imagecaches for local testsbaude2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when doing localized tests (not varlink), we can use secondary image stores as read-only image caches. this cuts down on test time significantly because each test does not need to restore the images from a tarball anymore. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | | | Merge pull request #3214 from mheon/resolve_symlinks_in_cpOpenShift Merge Robot2019-05-30
|\ \ \ \ \ \ \ \ | |_|_|_|_|/ / / |/| | | | | | | Resolve symlinks in cp
| * | | | | | | Fix podman cp testsMatthew Heon2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Error when trying to copy into a running rootless ctrMatthew Heon2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't pause them, so if that's requested, throw an error. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | We can't pause rootless containers during cpMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless containers can't be paused (no CGroups, so no freezer). We could try and emulate this with a SIGSTOP to all PIDs in the container, but that's inherently racy, so let's avoid it for now. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Fix bug in e2e tests for podman cpMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Tolerate non-running containers in paused cpMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Add test to ensure symlinks are resolved in ctr scopeMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Add --pause to podman cp manpage and bash completionsMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Pause containers while copying into themMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Should fix CVE-2018-15664 for Podman. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | | | Use securejoin to merge paths in `podman cp`Matthew Heon2019-05-29
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Securejoin ensures that paths are resolved in the container, not on the host. Fixes #3211 Signed-off-by: Matthew Heon <matthew.heon@pm.me>