| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Use the same SELinux label for CRIU log files
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SELinux label for the CRIU dump.log was explicitly set in Podman.
The label for the restore.log, however, not. This just moves the code
to label the log file into a function and calls that functions during
checkpoint and restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| | |
| | | |
Adding uidmap to install steps for ubuntu
|
| | |
| | |
| | |
| | | |
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
|
|\ \ \
| | | |
| | | | |
remote-client checkpoint/restore
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add the ability for the remote client to be able to checkpoint and
restore containers.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: do not block SIGTSTP
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
we were previously proxying all the signals, but doing that for
SIGTSTP prevented the main process to be stopped by the tty.
Closes: https://github.com/containers/libpod/issues/2775
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
create: fix segfault if container name already exists
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
do not try to use ctr if there was an error. It fixes a segfault when
there is already a container with the same name.
regression introduced by: ba65301c955454e47c3893ca548f18a845a4c4a9
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
pull: fix a couple of issues
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes: https://github.com/containers/libpod/issues/2785
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
we were printing something like:
(0x1840f00,0xc00041bba0)
Closes: https://github.com/containers/libpod/issues/2710
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
podman-remote generate kube
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Allow the ability to generate kube YAML from the podman remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Use GetContainer instead of LookupContainer for full ID
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All IDs in libpod are stored as a full container ID. We can get a
container by full ID faster with GetContainer (which directly
retrieves) than LookupContainer (which finds a match, then
retrieves). No reason to use Lookup when we have full IDs present
and available.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|_|/
|/| | | |
new uidmap BATS test: fix
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Various problems, one of which was causing the test to fail
completely (otherwise I wouldn't have caught the others):
- option is --uidmap, not --uidmapping
- run_podman cannot be piped (| grep /sys/kernel). That's
an unfortunate limitation of BATS. Any invocation of 'run'
saves results to $output, which then has to be tested
in a separate step.
- do so, using 'run' and 'grep' and 'is' to produce
readable messages on failure
- remove "$expected_rc", that looks like a copy/paste bug
from a few lines above.
Skip entire test if rootless. (The one without --net=host
passes, but it also passes with older podman as both root
and rootless. I don't think it's actually testing anything,
but agree with leaving it in to catch weird regressions).
We really need to get these tests running in CI.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix README.md -> rootless.md link
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
BATS tests: start supporting podman-remote
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
podman-remote now supports rm! That's what we needed to start
running BATS tests.
Although most tests don't actually work, some do, and maybe
the rest will start working over time. For now, disable them.
The only significant difference found is that podman-remote
strips fractional seconds from timestamps in JSON output.
Probably not something worth caring about.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
adding additional apt-get update, needed for ubuntu install
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
imagefilter dangling handling corrected
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
imagefilter dangling=<value> shall not be ignored.
this PR handles the value and returns images accordingly.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Fixes for podman-remote run and attach
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes the ability to run (create,start) a container and attach to its
console correctly. We can now also exit from the console without
hanging the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add --include-volumes flag to 'podman commit'
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The 'docker commit' will never include a container's volumes when
committing, without an explicit request through '--change'.
Podman, however, defaulted to including user volumes as image
volumes.
Make this behavior depend on a new flag, '--include-volumes',
and make the default behavior match Docker.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Print header for 'podman images' even with no images present
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes #2877
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Expand debugging for container cleanup errors
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | | |
userns: prevent /sys/kernel/* paths in the container
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
when we run in a user namespace, there are cases where we have not
enough privileges to mount a fresh sysfs on /sys. To circumvent this
limitation, we rbind /sys from the host. This carries inside of the
container also some mounts we probably don't want to. We are also
limited by the kernel to use rbind instead of bind, as allowing a bind
would uncover paths that were not previously visible.
This is a slimmed down version of the intermediate mount namespace
logic we had before, where we only set /sys to slave, so the umounts
done to the storage by the cleanup process are propagated back to the
host. We also don't setup any new directory, so there is no
additional cleanup to do.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Add demo script and cast to images
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add a pointer to the script and asciinema cast for the
images command to the commands.md file.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
rootless: fix segfault on refresh if there are containers
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
create immediately a namespace if we need a refresh. This is
necessary to access the rootless storage.
Closes: https://github.com/containers/libpod/issues/2894
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Initial remote flag clean up
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The remote client should not honor most of the local podman "global"
options. Many of them are only applicable to where the podman backend
is actually running.
Also, removing some options for push and pull that also are not
applicable to the remote client environment.
Additionally, take some of the code from main and pop it into functions
that can be called whether local or not. This helps the remote client
and darwin builds.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
(minor): fix misspelled 'Healthcheck'
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add the ability to attach remotely to a container
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also, you can now podman-remote run -it. There are some bugs that need
to be ironed out but I would prefer to merge this so we can make both
progress on start and exec as well as the bugs.
* when doing podman-remote run -it foo /bin/bash, you have to press
enter to get the prompt to display. with the localized podman, we had to
teach it connect to the console first and then start the container so we
did not miss anything.
* when executing "exit" in the console, we get a hard lockup likely
because nobody knows what to do.
* custom detach keys are not supported
* podman-remote run -it alpine ls does not currently work. only
dropping to a shell works.
Signed-off-by: baude <bbaude@redhat.com>
|