summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #2912 from adrianreber/labelOpenShift Merge Robot2019-04-14
|\ | | | | Use the same SELinux label for CRIU log files
| * Use the same SELinux label for CRIU log filesAdrian Reber2019-04-12
| | | | | | | | | | | | | | | | | | The SELinux label for the CRIU dump.log was explicitly set in Podman. The label for the restore.log, however, not. This just moves the code to label the log file into a function and calls that functions during checkpoint and restore. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #2916 from vsoch/add/ubuntu-uidmap-installOpenShift Merge Robot2019-04-13
|\ \ | | | | | | Adding uidmap to install steps for ubuntu
| * | adding uidmap to install steps for ubuntuVanessa Sochat2019-04-12
| | | | | | | | | | | | Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
* | | Merge pull request #2830 from baude/remotecheckpointOpenShift Merge Robot2019-04-13
|\ \ \ | | | | | | | | remote-client checkpoint/restore
| * | | remote-client checkpoint/restorebaude2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability for the remote client to be able to checkpoint and restore containers. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2915 from giuseppe/rootless-do-not-block-sigtstpOpenShift Merge Robot2019-04-13
|\ \ \ \ | | | | | | | | | | rootless: do not block SIGTSTP
| * | | | rootless: do not block SIGTSTPGiuseppe Scrivano2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were previously proxying all the signals, but doing that for SIGTSTP prevented the main process to be stopped by the tty. Closes: https://github.com/containers/libpod/issues/2775 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: set controlling terminal for podman in the usernsGiuseppe Scrivano2019-04-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2910 from giuseppe/fix-create-2-containersOpenShift Merge Robot2019-04-13
|\ \ \ \ \ | | | | | | | | | | | | create: fix segfault if container name already exists
| * | | | | create: fix segfault if container name already existsGiuseppe Scrivano2019-04-12
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not try to use ctr if there was an error. It fixes a segfault when there is already a container with the same name. regression introduced by: ba65301c955454e47c3893ca548f18a845a4c4a9 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2911 from giuseppe/fix-pull-errorsOpenShift Merge Robot2019-04-12
|\ \ \ \ \ | |_|_|_|/ |/| | | | pull: fix a couple of issues
| * | | | pull: exit with error if the image is not foundGiuseppe Scrivano2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | pull: remove cryptic error messageGiuseppe Scrivano2019-04-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were printing something like: (0x1840f00,0xc00041bba0) Closes: https://github.com/containers/libpod/issues/2710 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2903 from baude/remotegenkubeOpenShift Merge Robot2019-04-12
|\ \ \ \ | | | | | | | | | | podman-remote generate kube
| * | | | podman-remote generate kubebaude2019-04-12
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Allow the ability to generate kube YAML from the podman remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2913 from mheon/get_instead_of_lookupOpenShift Merge Robot2019-04-12
|\ \ \ \ | |_|_|/ |/| | | Use GetContainer instead of LookupContainer for full ID
| * | | Use GetContainer instead of LookupContainer for full IDMatthew Heon2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All IDs in libpod are stored as a full container ID. We can get a container by full ID faster with GetContainer (which directly retrieves) than LookupContainer (which finds a match, then retrieves). No reason to use Lookup when we have full IDs present and available. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2907 from edsantiago/uidmap_test_fixOpenShift Merge Robot2019-04-12
|\ \ \ \ | |_|_|/ |/| | | new uidmap BATS test: fix
| * | | new uidmap BATS test: fixEd Santiago2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various problems, one of which was causing the test to fail completely (otherwise I wouldn't have caught the others): - option is --uidmap, not --uidmapping - run_podman cannot be piped (| grep /sys/kernel). That's an unfortunate limitation of BATS. Any invocation of 'run' saves results to $output, which then has to be tested in a separate step. - do so, using 'run' and 'grep' and 'is' to produce readable messages on failure - remove "$expected_rc", that looks like a copy/paste bug from a few lines above. Skip entire test if rootless. (The one without --net=host passes, but it also passes with older podman as both root and rootless. I don't think it's actually testing anything, but agree with leaving it in to catch weird regressions). We really need to get these tests running in CI. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #2904 from rhatdan/rootlessOpenShift Merge Robot2019-04-11
|\ \ \ \ | | | | | | | | | | Fix README.md -> rootless.md link
| * | | | Fix README.md -> rootless.md linkDaniel J Walsh2019-04-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2889 from edsantiago/batsOpenShift Merge Robot2019-04-11
|\ \ \ \ \ | | | | | | | | | | | | BATS tests: start supporting podman-remote
| * | | | | BATS tests: start supporting podman-remoteEd Santiago2019-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote now supports rm! That's what we needed to start running BATS tests. Although most tests don't actually work, some do, and maybe the rest will start working over time. For now, disable them. The only significant difference found is that podman-remote strips fractional seconds from timestamps in JSON output. Probably not something worth caring about. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #2906 from vsoch/update/ubuntu-installOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | adding additional apt-get update, needed for ubuntu install
| * | | | | adding additional update, needed for installVanessa Sochat2019-04-11
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
* | | | | Merge pull request #2885 from kunalkushwaha/image-dangling-filter-fixOpenShift Merge Robot2019-04-11
|\ \ \ \ \ | | | | | | | | | | | | imagefilter dangling handling corrected
| * | | | | imagefilter dangling handling correctedKunal Kushwaha2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | imagefilter dangling=<value> shall not be ignored. this PR handles the value and returns images accordingly. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
* | | | | | Merge pull request #2902 from baude/remoteattachfixesOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Fixes for podman-remote run and attach
| * | | | | Fixes for podman-remote run and attachbaude2019-04-11
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the ability to run (create,start) a container and attach to its console correctly. We can now also exit from the console without hanging the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2895 from mheon/commit_no_default_include_volumesOpenShift Merge Robot2019-04-11
|\ \ \ \ \ | | | | | | | | | | | | Add --include-volumes flag to 'podman commit'
| * | | | | Add --include-volumes flag to 'podman commit'Matthew Heon2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'docker commit' will never include a container's volumes when committing, without an explicit request through '--change'. Podman, however, defaulted to including user volumes as image volumes. Make this behavior depend on a new flag, '--include-volumes', and make the default behavior match Docker. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #2879 from mheon/header_on_no_imagesOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Print header for 'podman images' even with no images present
| * | | | | | Print header for 'podman images' even with no imagesMatthew Heon2019-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #2877 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | | Merge pull request #2901 from mheon/improve_debug_on_cleanup_errOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Expand debugging for container cleanup errors
| * | | | | | | Expand debugging for container cleanup errorsMatthew Heon2019-04-11
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #2899 from giuseppe/prevent-sys-fs-kernel-paths-in-usernsOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | userns: prevent /sys/kernel/* paths in the container
| * | | | | | spec: mask /sys/kernel when bind mounting /sysGiuseppe Scrivano2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | oci: add /sys/kernel to the masked pathsGiuseppe Scrivano2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | userns: prevent /sys/kernel/* paths in the containerGiuseppe Scrivano2019-04-11
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when we run in a user namespace, there are cases where we have not enough privileges to mount a fresh sysfs on /sys. To circumvent this limitation, we rbind /sys from the host. This carries inside of the container also some mounts we probably don't want to. We are also limited by the kernel to use rbind instead of bind, as allowing a bind would uncover paths that were not previously visible. This is a slimmed down version of the intermediate mount namespace logic we had before, where we only set /sys to slave, so the umounts done to the storage by the cleanup process are propagated back to the host. We also don't setup any new directory, so there is no additional cleanup to do. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2893 from TomSweeneyRedHat/dev/tsweeney/commandsfixOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Add demo script and cast to images
| * | | | | Add demo script and cast to imagesTomSweeneyRedHat2019-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a pointer to the script and asciinema cast for the images command to the commands.md file. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #2896 from giuseppe/fix-segfault-reloadOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | rootless: fix segfault on refresh if there are containers
| * | | | | | rootless: fix segfault on refresh if there are containersGiuseppe Scrivano2019-04-10
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | create immediately a namespace if we need a refresh. This is necessary to access the rootless storage. Closes: https://github.com/containers/libpod/issues/2894 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2883 from baude/remoteclifixesOpenShift Merge Robot2019-04-11
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Initial remote flag clean up
| * | | | | Initial remote flag clean upbaude2019-04-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The remote client should not honor most of the local podman "global" options. Many of them are only applicable to where the podman backend is actually running. Also, removing some options for push and pull that also are not applicable to the remote client environment. Additionally, take some of the code from main and pop it into functions that can be called whether local or not. This helps the remote client and darwin builds. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2892 from edsantiago/healthcheck_typo_fixOpenShift Merge Robot2019-04-10
|\ \ \ \ \ | |/ / / / |/| | | | (minor): fix misspelled 'Healthcheck'
| * | | | (minor): fix misspelled 'Healthcheck'Ed Santiago2019-04-10
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #2874 from baude/varlinktermOpenShift Merge Robot2019-04-10
|\ \ \ \ | | | | | | | | | | Add the ability to attach remotely to a container
| * | | | Add the ability to attach remotely to a containerbaude2019-04-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, you can now podman-remote run -it. There are some bugs that need to be ironed out but I would prefer to merge this so we can make both progress on start and exec as well as the bugs. * when doing podman-remote run -it foo /bin/bash, you have to press enter to get the prompt to display. with the localized podman, we had to teach it connect to the console first and then start the container so we did not miss anything. * when executing "exit" in the console, we get a hard lockup likely because nobody knows what to do. * custom detach keys are not supported * podman-remote run -it alpine ls does not currently work. only dropping to a shell works. Signed-off-by: baude <bbaude@redhat.com>