summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add troubleshooting statement for homedirs mounted noexecDaniel J Walsh2019-01-13
| | | | | | | | This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1651228 Users were surprised when they were not able to run a contianer on a noexec homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2148 from rhatdan/storage-optOpenShift Merge Robot2019-01-12
|\ | | | | Set default storage options from mounts.conf file.
| * Set default storage options from mounts.conf file.Daniel J Walsh2019-01-12
| | | | | | | | | | | | | | | | | | We were never loading the storage.conf file to grab mountOptions. This is causing us to not use metacopyup option when running with overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2145 from baude/playcontainerintopodOpenShift Merge Robot2019-01-12
|\ \ | |/ |/| podman play kube: add containers to pod
| * podman play kube: add containers to podbaude2019-01-11
| | | | | | | | | | | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2138 from giuseppe/rootless-pod-fixOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| rootless: fix usage of create --pod=new:FOO
| * rootless: create the userns immediately when creating a new podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2124 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: join both userns and mount namespace with --podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | When --pod is specified then join both the user and mount namespace for the pod so we can initialize the storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * spec: add nosuid,noexec,nodev to ro bind mountGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | runc fails to change the ro mode of a rootless bind mount if the other flags are not kept. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ \ | | | | | | Add varlink support for prune
| * | Add varlink support for prunebaude2019-01-10
| |/ | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ | | | | | | remote-client support for images
| * | remote-client support for imagesbaude2019-01-10
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2102 from vrothberg/vendor-updateOpenShift Merge Robot2019-01-11
|\ \ \ | | | | | | | | vendor: update everything
| * | | vendor: update everythingValentin Rothberg2019-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * If possible, update each dependency to the latest available version. * Use releases over commit IDs and avoid vendoring branches. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | vendor make targetValentin Rothberg2019-01-11
|/ / / | | | | | | | | | | | | | | | | | | Add a `make vendor` target calls `vndr` with a specified whitelist to avoid deleting important files (currently the varlink/go project). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2105 from mheon/jsoniterOpenShift Merge Robot2019-01-11
|\ \ \ | |_|/ |/| | Use jsoniter instead of easyjson
| * | Replace tab with spaces in MarshalIndent in libpodMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | The json-iterator package will panic on attempting to use MarshalIndent with a non-space indentation. This is sort of silly but swapping from tabs to spaces is not a big issue for us, so let's work around the silly panic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Remove one more usage of encoding/json in libpodMatthew Heon2019-01-10
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Update vendor.conf for jsoniter vendor changesMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | The vndr tool isn't updating vendor.conf so do it manually. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Move all libpod/ JSON references over to jsoniterMatthew Heon2019-01-10
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Update json-iterator vendor to v1.1.5Matthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | We already have it vendored for a Kube package we import, but we want a more recent version with additional bugfixes over the 1.0 release we originally had. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Remove easyjson in preparation for switch to jsoniterMatthew Heon2019-01-10
|/ / | | | | | | | | | | | | | | | | The jsoniter library does not require code generation, which is a massive advantage over easyjson (it's also about the same in performance). Begin moving over to it by removing the existing easyjson code. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2131 from mheon/restore_storage_defaultsOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Use defaults if paths are not specified in storage.conf
| * | Use defaults if paths are not specified in storage.confMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless Podman, if storage.conf exists but does not specify one or both of RunRoot and GraphRoot, set them to rootless defaults so we don't end up with an unusable configuration. Fixes #2125 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Fix handling of nil volumes
| * | | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | Fix 'image trust' from PR1899
| * | | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | | | | | | | | | | | | fix up sigstore path
| * | | | | fix up sigstore pathQi Wang2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
| * | | | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCEGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2119 from jwhonce/wip/python_podmanOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Move python code from contrib to it's own repo python-podman
| * | | | | | Move python code from contrib to it's own repo python-podmanJhon Honce2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | | | Merge pull request #2129 from cevich/timestampOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Cirrus: (Minor) Print timestamp
| * | | | | | (Minor) Cirrus: Print timestamp at startChris Evich2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also record into a file in case a later reference is required Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #2128 from mheon/pr_testOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Trivial readme updates
| * | | | | | Trivial readme updatesMatthew Heon2019-01-10
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #2111 from rhatdan/signOpenShift Merge Robot2019-01-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix up image sign and trust
| * | | | | | Fix up image sign and trustDaniel J Walsh2019-01-09
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add completions Fix man pages fix code in sign to answer PR Comments. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #2121 from giuseppe/always-cleanup-rootless-containersMatthew Heon2019-01-10
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | createconfig: always cleanup a rootless container
| * | | | | createconfig: always cleanup a rootless containerGiuseppe Scrivano2019-01-10
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the rootless container storage is always mounted in a different mount namespace, owned by the unprivileged user. Even if it is mounted, a process running in another namespace cannot reuse the already mounted storage. Make sure the storage is always cleaned up once the container terminates. This has worked with vfs since there is no real mounted storage. Closes: https://github.com/containers/libpod/issues/2112 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2122 from giuseppe/sign-fixesOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | | | | | | | | | | | | sign: some fixes
| * | | | | sign: make all error messages lowercaseGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | sign: use filepath.Join instead of fmt.SprintfGiuseppe Scrivano2019-01-10
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2095 from rhatdan/completionsOpenShift Merge Robot2019-01-10
|\ \ \ \ \ | |/ / / / |/| | | | Add Validate completions
| * | | | Add Validate completionsDaniel J Walsh2019-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman 0.12.0 we have invalid completions. These should have been caught during testing. This check will throw an error if the completions do not successfully execute. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ \ \ \ | |_|_|_|/ |/| | | | apparmor: apply default profile at container initialization
| * | | | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 08:30:54 +0000