| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
No reason to do it in util/ anymore. It's always going to be a
subdirectory of c/storage graph root by default, so we can just
set it after the return.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
There are some cases where we might not be properly adjusting the
volume path after setting the storage graph root. Ensure that we
always set volume path to be a child of graph root.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of passing in defaults via WithStorageConfig after
computing them in cmd/podman/libpodruntime, do all defaults in
libpod itself.
This can alleviate ordering issues which caused settings in the
libpod config (most notably, volume path) to be ignored.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
volume: do not create a volume if there is a bind
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
if there is already a bind mount specified for the target, do not
create a new volume.
Regression introduced by 52df1fa7e054d577e8416d1d46db1741ad324d4a
Closes: https://github.com/containers/libpod/issues/2441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Only remove image volumes when removing containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When removing volumes with rm --volumes we want to only remove
volumes that were created with the container. Volumes created
separately via 'podman volume create' should not be removed.
Also ensure that --rm implies volumes will be removed.
Fixes #2441
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
start pod containers recursively
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when using the play kube command, we need to make sure that containers
with dependancies are started in proper order. in this case, the infra
container must be started first.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix podman logs -l
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
'podman logs -l' was no longer working. This fixes it by replacing
&waitCommand.Latest with &logsCommand.Latest.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor containers/image v1.5
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes are race condition in the blobinfocache when copying images
leading to a panic().
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Volume path fixes
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This ensures we won't overwrite it when it's set in the config we
load from disk.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If this doesn't match, we end up not being able to access named
volumes mounted into containers, which is bad. Use the same
validation that we use for other critical paths to ensure this
one also matches.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We want named volumes to be created in a subdirectory of the
c/storage graph root, the same as the libpod root directory is
now. As such, we need to adjust its location when the graph root
changes location.
Also, make a change to how we set the default. There's no need to
explicitly set it every time we initialize via an option - that
might conflict with WithStorageConfig setting it based on graph
root changes. Instead, just initialize it in the default config
like our other settings.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |/ /
|/| | |
[skip ci]Introduce how to start to hack on libpod.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduce a new part inside the contribution guide
who explain how to start to hack on libpod:
- setup environment
- install tools
- using make
- building podman
- test your changes locally
Signed-off-by: Hervé Beraud <hberaud@redhat.com>
|
|\ \ \
| | | |
| | | | |
[skip ci] readme/docs update
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r260200694
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Based on user feedback, refine the "Out of scope" section regarding
`docker-compose`:
* Explain why Podman uses Kubernetes YAML.
* Explain how `podman-play-kube` and `podman-generate-kube` fit into the
picture.
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r259996507
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix one (of two) SELinux denials during checkpointing
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CRIU creates a log file during checkpointing in .../userdata/dump.log.
The problem with this file is, is that CRIU injects a parasite code into
the container processes and this parasite code also writes to the same
log file. At this point a process from the inside of the container is
trying to access the log file on the outside of the container and
SELinux prohibits this. To enable writing to the log file from the
injected parasite code, this commit creates an empty log file and labels
the log file with c.MountLabel(). CRIU uses existing files when writing
it logs so the log file label persists and now, with the correct label,
SELinux no longer blocks access to the log file.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
oci: improve error message when the OCI runtime is not found
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
We were previously returning the not so nice error directly from
conmon.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
README: update "out of scope" section
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also mention that Podman does/will not support `docker-compose`.
Fixes: https://github.com/containers/libpod/issues/746#issuecomment-467011211
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add num_locks to the default libpod config
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow adjusting number of locks in libpod.conf via an already
available knob we previously didn't expose in the default config
file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
podman-remote pod pause|unpause|restart
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
enable the ability for the remote client to pause, unpause, and
restart pods.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
podman-remote create|ps
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
enable the podman-remote client to be able to create and list
pods on a remote system.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix up handling of user defined network namespaces
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
podman: fix ro bind mounts if no* opts are on the source
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[skip-ci] README.md: rephrase Buildah description
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Rephrase the description of Buildah to make some core attributes
(e.g., rootless, Dockerfile-less build, etc.) more obvious.
Addresses: [#1349 (comment)](https://github.com/containers/buildah/issues/1349#issuecomment-466096550)
Cherry-pick-from: https://github.com/containers/buildah/pull/1362
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Change exit code to 1 on podman rmi nosuch image
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make it easy for scripts to determine if an image removal
failure. If only errors were no such image exit with 1
versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Change exit code to 1 on podman rm nosuch container
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Make it easy for scripts to determine if a container removal
fails versus the container did not exist.
If only errors were no such container exit with 1 versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
In shared networkNS /etc/resolv.conf&/etc/hosts should be shared
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We should just bind mount the original containers /etc/resolv.conf and /etchosts
into the new container. Changes in the resolv.conf and hosts should be seen
by all containers, This matches Docker behaviour.
In order to make this work the labels on these files need to have a shared
SELinux label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
remove duplicate commands in main
|