summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Quote URLNikolay Edigaryev2021-02-18
| | | | Signed-off-by: Nikolay Edigaryev <edigaryev@gmail.com>
* bindings: support simple types that implement fmt.Stringer interfaceNikolay Edigaryev2021-02-18
| | | | Signed-off-by: Nikolay Edigaryev <edigaryev@gmail.com>
* API: fix libpod's container wait endpoint condition conversionNikolay Edigaryev2021-02-18
| | | | Signed-off-by: Nikolay Edigaryev <edigaryev@gmail.com>
* Do not reset storage when running inside of a containerDaniel J Walsh2021-02-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if the host shares container storage with a container running podman, the podman inside of the container resets the storage on the host. This can cause issues on the host, as well as causes the podman command running the container, to fail to unmount /dev/shm. podman run -ti --rm --privileged -v /var/lib/containers:/var/lib/containers quay.io/podman/stable podman run alpine echo hello * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy Since podman is volume mounting in the graphroot, it will add a flag to /run/.containerenv to tell podman inside of container whether to reset storage or not. Since the inner podman is running inside of the container, no reason to assume this is a fresh reboot, so if "container" environment variable is set then skip reset of storage. Also added tests to make sure /run/.containerenv is runnig correctly. Fixes: https://github.com/containers/podman/issues/9191 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add missing early returns in compat APIRiyad Preukschas2021-02-18
| | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* [NO TESTS NEEDED] Refactor generated codeMatej Vasek2021-02-18
| | | | | | | | Extracted common functionality to util function. Signed-off-by: Matej Vasek <mvasek@redhat.com> <MH: Fixed cherry-pick conflicts>
* Enable more golangci-lint lintersPaul Holzinger2021-02-18
| | | | | | | | | | | | | | | | | Cleanup the golangci.yml file and enable more linters. `pkg/spec` and `iopodman.io` is history. The vendor directory is excluded by default. The dependencies dir was listed twice. Fix the reported problems in `pkg/specgen` because that was also excluded by `pkg/spec`. Enable the structcheck, typecheck, varcheck, deadcode and depguard linters. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Enable whitespace linterPaul Holzinger2021-02-18
| | | | | | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de> <MH: Fixed up cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Enable golint linterPaul Holzinger2021-02-18
| | | | | | | | Use the golint linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Enable stylecheck linterPaul Holzinger2021-02-18
| | | | | | | | | | | | Use the stylecheck linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de> <MH: Fix cherry-pick conflict> Signed-off-by: Matthew Heon <mheon@redhat.com>
* [NO TESTS NEEDED] Update linterMatej Vasek2021-02-18
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* apiv2: handle docker-java clients pullingIgor Korolev2021-02-18
| | | | | | | | | When docker-java calls images/create?fromImage=x, it expects two things for a successful response: that both "error" and "errorDetail" are not set, and that the "progress" message contains one of five hard-coded strings ("Download complete" being one of them). Signed-off-by: Igor Korolev <missterr@gmail.com>
* Fix superfluous response.WriteHeader call in WaitContainerLibpod()Nikolay Edigaryev2021-02-18
| | | | | | | | | | | | | | | When the query decoding fails at the beginning of WaitContainerLibpod(), the Error() sets the header but doesn't returns after that. This causes the execution flow to reach the WriteResponse() at the end of WaitContainerLibpod(), which attempts to set another header, thus causing the following error: http: superfluous response.WriteHeader call from github.com/containers/podman/pkg/api/handlers/utils.WriteResponse (handler.go:124) [NO TESTS NEEDED] Signed-off-by: Nikolay Edigaryev <edigaryev@gmail.com>
* fix dns resolution on ubuntubaude2021-02-18
| | | | | | ubuntu's dns seems a little odd and requires a fq name in its tests. Signed-off-by: baude <bbaude@redhat.com>
* e2e: fix network alias testValentin Rothberg2021-02-18
| | | | | | | | | | | The logic in the e2e test for multiple network aliases is indicating the test should wait for the containerized nginx to be ready. As this may take some time, the test does an exponential backoff starting at 2050ms. Fix the logic by removing the `Expect(...)` call during the exponential backoff. Otherwise, the test errors immediately. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix failing image e2e testValentin Rothberg2021-02-18
| | | | | | | | The timestamps of some images must have changed changing the number of expected filtered images. The test conditions seem fragile but for now it's more important to get CI back. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix broken podman generate systemd --new with podsPaul Holzinger2021-02-18
| | | | | | | | | | | The unit generation accidentally escaped the %t in the pod id file path. This is a regression caused by #9178. This was not caught by the tests because the test itself was wrong. It used a full path instead of the systemd variable %t like the actual code does. Fixes #9373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Don't chown workdir if it already existsDaniel J Walsh2021-02-18
| | | | | | | | | Currently podman is always chowning the WORKDIR to root:root This PR will return if the WORKDIR already exists. Fixes: https://github.com/containers/podman/issues/9387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* correct startup error messageValentin Rothberg2021-02-18
| | | | | | | | | | | | | The error message when failing to create an image engine unconditionally pointed to the Podman socket which is quite confusing when running locally. Move the error message to the point where the first ping to the service fails. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix create container: handle empty host portMatej Vasek2021-02-18
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* podman build: pass runtime to buildahValentin Rothberg2021-02-18
| | | | | | | | | | Make sure that Podman's default OCI runtime is passed to Buildah in `podman build`. In theory, Podman and Buildah should use the same defaults but the projects move at different speeds and it turns out we caused a regression in v3.0. Fixes: #9365 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* images/create: always pull imageValentin Rothberg2021-02-18
| | | | | | | | | The `images/create` endpoint should always attempt to pull a newer image. Previously, the local images was used which is not compatible with Docker and caused issues in the Gitlab CI. Fixes: #9232 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fix panic in pod creationbaude2021-02-18
| | | | | | | | | | when creating a pod with --infra-image and using a untagged image for the infra-image (none/none), the lookup for the image's name was creating a panic. Fixes: #9374 Signed-off-by: baude <bbaude@redhat.com>
* do not set empty $HOMEValentin Rothberg2021-02-18
| | | | | | | | | | | | | | | Make sure to not set an empty $HOME for containers and let it default to "/". https://github.com/containers/crun/pull/599 is required to fully address #9378. Partially-Fixes: #9378 Signed-off-by: Valentin Rothberg <rothberg@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* infra: downgrade warning to debugGiuseppe Scrivano2021-02-18
| | | | | | | | | | if the current process could not be moved to a different systemd cgroup do not raise a warning but debug message. [NO TESTS NEEDED] Closes: https://github.com/containers/podman/issues/9353 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ignore entrypoint=[\"\"]Daniel J Walsh2021-02-18
| | | | | | | | | | | | | We recieved an issue with an image that was built with entrypoint=[""] This blows up on Podman, but works on Docker. When we setup the OCI Runtime, we should drop entrypoint if it is == [""] https://github.com/containers/podman/issues/9377 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman ps --format '{{ .Size }}' requires --size optionDaniel J Walsh2021-02-18
| | | | | | | | | | | | Podman -s crashes when the user specifies the '{{ .Size }}` format on the podman ps command, without specifying the --size option. This PR will stop the crash and print out a logrus.Error stating that the caller should add the --size option. Fixes: https://github.com/containers/podman/issues/9408 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change source path resolution for volume copy-upMatthew Heon2021-02-18
| | | | | | | | | | | | | | | Instead of using the container's mountpoint as the base of the chroot and indexing from there by the volume directory, instead use the full path of what we want to copy as the base of the chroot and copy everything in it. This resolves the bug, ends up being a bit simpler code-wise (no string concatenation, as we already have the full path calculated for other checks), and seems more understandable than trying to resolve things on the destination side of the copy-up. Fixes #9354 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix an issue where copyup could fail with ENOENTMatthew Heon2021-02-18
| | | | | | | | | | | | | | | | | | This one is rather bizarre because it triggers only on some systems. I've included a CI test, for example, but I'm 99% sure we use images in CI that have volumes over empty directories, and the earlier patch to change copy-up implementation passed CI without complaint. I can reproduce this on a stock F33 VM, but that's the only place I have been able to see it. Regardless, the issue: under certain as-yet-unidentified environmental conditions, the copier.Get method will return an ENOENT attempting to stream a directory that is empty. Work around this by avoiding the copy altogether in this case. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #9349 from baude/v3unixtsOpenShift Merge Robot2021-02-13
|\ | | | | V3unixts [3.0 Backports]
| * change ps Created to unixbaude2021-02-12
| | | | | | | | | | | | | | | | change from unixnano to unix for ps created --format json [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
| * container ps json format miscuebaude2021-02-12
| | | | | | | | | | | | | | | | | | | | when printing out json format, we mistakenly changed the Created field output to be a time.time in a different commit. This allows for override of the Created field to be a unix ts as type int64. Fixes: #9315 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9346 from vrothberg/3.0-layer-tree-errorsOpenShift Merge Robot2021-02-13
|\ \ | | | | | | [3.0] make layer-tree lookup errors non-fatal
| * | make layer-tree lookup errors non-fatalValentin Rothberg2021-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Internally, Podman constructs a tree of layers in containers/storage to quickly compute relations among layers and hence images. To compute the tree, we intersect all local layers with all local images. So far, lookup errors have been fatal which has turned out to be a mistake since it seems fairly easy to cause storage corruptions, for instance, when killing builds. In that case, a (partial) image may list a layer which does not exist (anymore). Since the errors were fatal, there was no easy way to clean up and many commands were erroring out. To improve usability, turn the fatal errors into warnings that guide the user into resolving the issue. In this case, a `podman system reset` may be the approriate way for now. [NO TESTS NEEDED] because I have no reliable way to force it. [1] https://github.com/containers/podman/issues/8148#issuecomment-778253474 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9344 from mheon/cstorage_1246OpenShift Merge Robot2021-02-13
|\ \ \ | |_|/ |/| | Bump c/storage to v1.24.6
| * | Bump c/storage to v1.24.6Matthew Heon2021-02-12
|/ / | | | | | | | | | | Addresses RHBZ#1924562. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #9321 from lsm5/v3.0OpenShift Merge Robot2021-02-12
|\ \ | | | | | | [backport v3.0] hardening flags for fedora rpmbuilds
| * | hardening flags for fedora rpmbuildsLokesh Mandvekar2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm binaries. The flags used are the same as those in the official Fedora rpms. Setting the flags in upstream spec would provide early warnings for flag adjustments or other hardening issues. (cherry picked from commit 21deafba85b21aa76ccd464c620dfa45085fc90f) Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #9332 from giuseppe/cgroup-split-v1-backport-to-3.0OpenShift Merge Robot2021-02-12
|\ \ \ | | | | | | | | [3.0] utils: takes the longest path on cgroup v1
| * | | utils: takes the longest path on cgroup v1Giuseppe Scrivano2021-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | now getCgroupProcess takes the longest path on cgroup v1, instead of complaining if the paths are different. This should help when --cgroups=split is used on cgroup v1 and the process cgroups look like: $ cat /proc/self/cgroup 11:pids:/user.slice/user-0.slice/session-4.scope 10:blkio:/ 9:cpuset:/ 8:devices:/user.slice 7:freezer:/ 6:memory:/user.slice/user-0.slice/session-4.scope 5:net_cls,net_prio:/ 4:hugetlb:/ 3:cpu,cpuacct:/ 2:perf_event:/ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> (cherry picked from commit 660a06f2f79fc1edf68e286ee452ceb9dcd5e03a)
| * | | utils: create parent cgroupsGiuseppe Scrivano2021-02-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> (cherry picked from commit 1b5f3ed24d367cc30432b8a260d1e9465b979c2b)
| * | | utils: ignore unified on cgroupv1 if not presentGiuseppe Scrivano2021-02-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> (cherry picked from commit 9196a5ce36a559cc0d10230194f93a61b40e870a)
| * | | utils: skip empty linesGiuseppe Scrivano2021-02-12
|/ / / | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> (cherry picked from commit f4fd25a005ae00afe7574bd4eb9a428a6b5c81dd)
* | | Merge pull request #9327 from mheon/30_finalOpenShift Merge Robot2021-02-11
|\ \ \ | |/ / |/| | Bump to v3.0 Final
| * | Bump to v3.0.1-devMatthew Heon2021-02-11
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Bump to v3.0.0v3.0.0Matthew Heon2021-02-11
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Update release notes for v3.0 finalMatthew Heon2021-02-11
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Rewrite copy-up to use buildah CopierMatthew Heon2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old copy-up implementation was very unhappy with symlinks, which could cause containers to fail to start for unclear reasons when a directory we wanted to copy-up contained one. Rewrite to use the Buildah Copier, which is more recent and should be both safer and less likely to blow up over links. At the same time, fix a deadlock in copy-up for volumes requiring mounting - the Mountpoint() function tried to take the already-acquired volume lock. Fixes #6003 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Display correct value for unlimited ulimitbaude2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a container inspect on a container with unlimited ulimits, the value should be -1. But because the OCI spec requires the ulimit value to be uint64, we were displaying the inspect values as a uint64 as well. Simple change to display as an int64. Fixes: #9303 Signed-off-by: baude <bbaude@redhat.com>
| * | make `podman rmi` more robustValentin Rothberg2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The c/storage library is subject to TOCTOUs as the central container and image storage may be shared by many instances of many tools. As shown in #6510, it's fairly easy to have multiple instances of Podman running in parallel and yield image-lookup errors when removing them. The underlying issue is the TOCTOU of removal being split into multiple stages of first reading the local images and then removing them. Some images may already have been removed in between the two stages. To make image removal more robust, handle errors at stage two when a given image is not present (anymore) in the storage. Fixes: #6510 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>