| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Set syslog for exit commands on log-level=debug
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a flag, --syslog, for telling logrus to log to syslog as
well as to the terminal. Previously, this flag also set the exit
command for containers to use `--syslog` (otherwise all output
from exit commands is lost). I attempted to replicate this with
Podman v2.0, but quickly ran into circular import hell (the flag
is defined in cmd/podman, I needed it in cmd/podman/containers,
cmd/podman imports cmd/podman/containers already, etc). Instead,
let's just set the syslog flag automatically on
`--log-level=debug` so we log exit commands automatically when
debug-level logs are requested. This is consistent with Conmon
and seems to make sense.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fix inspect to display multiple label: changes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the user runs a container like
podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ...
Podman inspect was only showing the second option
This change will show
"SecurityOpt": [
"label=type:spc_t,label=level:s0:c60",
"seccomp=unconfined"
],
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
utils: drop default mapping when running uid!=0
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this is a leftover from the first implementation of rootless. This
code is never hit by podman rootless anymore as podman automatically
creates a user namespace now.
Fixes an issue with podman remote when used with uid != 0.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Set stop signal to 15 when not explicitly set
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When going through the output of `podman inspect` to try and
identify another issue, I noticed that Podman 2.0 was setting
StopSignal to 0 on containers by default. After chasing it
through the command line and SpecGen, I determined that we were
actually not setting a default in Libpod, which is strange
because I swear we used to do that. I re-added the disappeared
default and now all is well again.
Also, while I was looking for the bug in SpecGen, I found a bunch
of TODOs that have already been done. Eliminate the comments for
these.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
podman untag: error if tag doesn't exist
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Throw an error if a specified tag does not exist. Also make sure that
the user input is normalized as we already do for `podman tag`.
To prevent regressions, add a set of end-to-end and systemd tests.
Last but not least, update the docs and add bash completions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Reformat inspect network settings
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reformat ports of inspect network settings to compatible with docker inspect. Close #5380
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
APIv2: Return `StatusCreated` from volume creation
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The swagdoc in `register_volumes.go` already correctly notes that a 201
should be returned upon success, so we only need to change the handler
to match the spec.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
APIv2:fix: Remove `/json` from compat network EPs
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
BATS tests: new too-many-arguments test
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
...plus a few others. And fixes to actual parsing.
If a command's usage message includes '...' in the
argument list, assume it can take unlimited arguments.
Nothing we can check.
For all others, though, the ALL-CAPS part on the
right-hand side of the usage message will define
an upper bound on the number of arguments accepted
by the command. So in our 'podman --help' test,
generate N+1 args and run that command. We expect
a 125 exit status and a suitably helpful error message.
Not all podman commands or subcommands were checking,
so I fixed that. And, fixed some broken usage messages
(all-caps FLAGS, and '[flags]' at the end of 'ARGS').
Add new checks to the help test to prevent those in
the future.
Plus a little refactoring/cleanup where necessary.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix ssh-agent support
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* An identity of "" implies ssh-agent and user/password to be used
* Fixed example
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
libpod: specify mappings to the storage
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
specify the mappings in the container configuration to the storage
when creating the container so that the correct mappings can be
configured.
Regression introduced with Podman 2.0.
Closes: https://github.com/containers/libpod/issues/6735
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
APIv2:doc: Fix swagger doc to refer to volumes
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
|\ \ \
| | | |
| | | | |
Add podman network to bash command completions
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
network commands were not supported in command completions.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix typo.
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Peter Oliver <git@mavit.org.uk>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add tests for --privileged with other flags
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
With Podman v2.0, we broke (or thought we were going to break)
using `--privileged` with `--group-add` and `--security-opt`
(specifically using `--security-opt` for SELinux config).
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
system tests: invoke with abs path to podman
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reversion of one part of #6679: my handling of 'realpath'
would not work when $PODMAN is 'podman-remote --url etc'.
Trying to handle that case got unmaintainable; so instead
let's just force 'make {local,remote}system' to invoke
with a full PODMAN path. This breaks down if someone
runs the tests with a manual 'bats' invocation, but I
think I'm the only one who ever does that.
Since podman path will now be very long in the logs,
add code to logformatter to abbreviate it like we do
for the ginkgo logs.
And, one thing that has bugged me for a long time:
in the error logs, show a different prompt ('#' vs '$')
to distinguish root vs rootless. This should make it
much easier to see at-a-glance whether a log file
is root or not. Add tests for it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add JSON output field for ps
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
the toolbox team needs a field in our ps json that represents a human readable time.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
V2 podman system connection
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Implement command
* Refactor podman-remote to pull from containers.conf by default
* podman-remote defaults to --remote being true
* Write podman-system-connection.1.md
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
image load: no args required
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disable the args requirement of `image load`. Instead of requiring a
lower bound, we really need an upper one with at most 1 argument.
Extend the system tests to prevent future regressions.
Fixes: #6718
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
system tests: new rm, build tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- rm: confirm 'rm' and 'rm -f' on running container
- build: shotgun test of workdir, cmd, env, labels
The new build test cd's to a temporary directory, which broke
test invocations using a relative path (./bin/podman). Added
code to detect relative paths and convert them to absolute.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Re-add PODMAN_USERNS environment variable
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This was lost during the Podman 2.0 migration. Turns out to be a
very easy fix, fortunately - we want to use the environment var
if not explicitly overridden.
Fixes #6705
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
libpod/containers/json: alias last -> limit
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support both `last` and `limit` for in the containers listing endpoint.
We intended to use `limit` which is also mentioned in the docs, but the
implementation ended up using `last` as the http parameter; likely being
caused by the CLI using `--last`. To avoid any regression, we decided
for supporting both and aliasing `last`.
Fixes: #6413
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add --preservefds to podman run
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Fix conflicts between privileged and other flags
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `--privileged` flag does not conflict with `--group-add`
(this one was breaking Toolbox) and does not conflict with most
parts of `--security-opt` (this was breaking Openstack).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|