| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
the code got lost in the migration to podman 2.0, reintroduce it.
Closes: https://github.com/containers/podman/issues/6989
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/containers/common-0.16.0
Bump github.com/containers/common from 0.15.2 to 0.16.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.15.2 to 0.16.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.15.2...v0.16.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
allow switching of port-forward approaches in rootless/using slirp4netns
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Closes: https://github.com/containers/podman/issues/6912
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
do not pass network specific options through the network namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As of podman 1.8.0, because of commit da7595a, the default approach of providing
port-forwarding in rootless mode has switched (and been hard-coded) to rootlessport,
for the purpose of providing super performance. The side-effect of this switch is
source within the container to the port-forwarded service always appears to originate
from 127.0.0.1 (see issue #5138).
This commit allows a user to specify if they want to revert to the previous approach
of leveraging slirp4netns add_hostfwd() api which, although not as stellar performance,
restores usefulness of seeing incoming traffic origin IP addresses.
The change should be transparent; when not specified, rootlessport will continue to be
used, however if specifying --net slirp4netns:slirplisten the old approach will be used.
Note: the above may imply the restored port-forwarding via slirp4netns is not as
performant as the new rootlessport approach, however the figures shared in the original
commit that introduced rootlessport are as follows:
slirp4netns: 8.3 Gbps,
RootlessKit: 27.3 Gbps,
which are more than sufficient for many use cases where the origin of traffic is more
important than limits that cannot be reached due to bottlenecks elsewhere.
Signed-off-by: Aleks Mariusz <m.k@alek.cx>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.25.0incompatible
Bump github.com/uber/jaeger-client-go from 2.24.0+incompatible to 2.25.0+incompatible
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.24.0+incompatible to 2.25.0+incompatible.
- [Release notes](https://github.com/uber/jaeger-client-go/releases)
- [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber/jaeger-client-go/compare/v2.24.0...v2.25.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
The compat create endpoint should 404 on no such image
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This matches Docker behavior, and will make the Docker frontend
work with `podman system service` (Docker tries to create, then
if that fails with 404 sends a request to pull the image).
Fixes #6960
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| | | |
| | | | |
Fix `podman system connection` panic
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Bump k8s.io/api from 0.18.5 to 0.18.6
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.18.5 to 0.18.6.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.18.5...v0.18.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/conmon-2.0.19incompatible
Bump github.com/containers/conmon from 2.0.18+incompatible to 2.0.19+incompatible
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/conmon](https://github.com/containers/conmon) from 2.0.18+incompatible to 2.0.19+incompatible.
- [Release notes](https://github.com/containers/conmon/releases)
- [Changelog](https://github.com/containers/conmon/blob/master/changelog.txt)
- [Commits](https://github.com/containers/conmon/compare/v2.0.18...v2.0.19)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/k8s.io/apimachinery-0.18.6
Bump k8s.io/apimachinery from 0.18.5 to 0.18.6
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.18.5 to 0.18.6.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.18.5...v0.18.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
vendor golang.org/x/text@v0.3.3
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Fixes: CVE-2020-14040
Fixes: bugzilla.redhat.com/show_bug.cgi?id=1854718
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix & add notes regarding problematic language in codebase
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies.
For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Error on rootless mac and ip addresses
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125.
Fixes: #6972
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
system tests: check for masked-device leaks
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PR #6957 added a new path (/sys/devs) to an existing list
of masked mount points which an unprivileged container
should not be able to access. Here we add a test for
those: run 'stat' on those devices in the container,
and make sure that they are dummies.
This is kind of kludgy, and relies on heuristics that
may not be 100% accurate. It also adds duplication,
a list that must be kept in sync with the original
list in pkg/specgen/generate/config_linux.go.
I'd love to hear suggestions on how to do it better.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Preserve passwd on container restart
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We added code to create a `/etc/passwd` file that we bind-mount
into the container in some cases (most notably,
`--userns=keep-id` containers). This, unfortunately, was not
persistent, so user-added users would be dropped on container
restart. Changing where we store the file should fix this.
Further, we want to ensure that lookups of users in the container
use the right /etc/passwd if we replaced it. There was already
logic to do this, but it only worked for user-added mounts; it's
easy enough to alter it to use our mounts as well.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \
| |/ / /
|/| | | |
system tests: new tests for run, exec
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Issue #6735 : problem with multiple namespaces; confirms
combinations of --userns=keep-id, --privileged, --user=XX
- Issue #6829 : --userns=keep-id will add a /etc/passwd entry
- Issue #6593 : podman exec, with --userns=keep-id, errors
(test is currently skipped because issue remains live)
...and, addendum: add new helper function, remove_same_dev_warning.
Some CI systems issue a warning on podman run --privileged:
WARNING: The same type, major and minor should not be used for multiple devices.
We already had special-case code to ignore than in the SELinux
test, but now we're seeing it in the new run tests I added, so
I've refactored the "ignore this warning" code and written
tests for the removal code.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix "Error: unrecognized protocol \"TCP\" in port mapping"
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
"TCP" in upper characters was not recognized as a valid protocol name.
Fix #6948
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| |\ \ \ \
| | | | |
| | | | | |
docs: user namespace can't be shared in pods
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When running "podman pod create --share user" the errors appears:
Error: User sharing functionality not supported on pod level
Fix docs and remove 'user' from shareable parameters.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
APIv2 tests: fix race condition causing CI flake
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A newly-added test in #6835 was flaking in CI with:
not ok 143 [20-containers] DELETE libpod/containers/SHA
500 cannot remove container <sha> as it is running - running or paused containers cannot be removed without force: container state improper
Root cause: DELETE being run immediately after container start.
Although the container is short-lived, it does take time to
run and exit.
Solution: wait for container to exit (should be quick) before
deleting. This gives us a new test for the /wait endpoint.
Also: tweaked some comments for readability, removed unnecessary
container ps, added actual container status checks, and added
actual message checks to another test that was merely checking
exit status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
play-kube: add suport for "IfNotPresent" pull type
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change prevents this exception when loading a pod spec
using the "IfNotPresent" pull policy:
Error: invalid pull type "IfNotPresent"
Signed-off-by: Tristan Cacqueray <tdecacqu@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Include infra container information in `pod inspect`
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We were hard-coding two fields to false, instead of grabbing
their value from the pod config, which means that `pod inspect`
would print the wrong value always.
Fixes #6968
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We had a field for this in the inspect data, but it was never
being populated. Because of this, `podman pod inspect` stopped
showing port bindings (and other infra container settings). Add
code to populate the infra container inspect data, and add a test
to ensure we don't regress again.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Mask out /sys/dev to prevent information leak from the host
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.21.1
Bump github.com/containers/storage from 1.21.0 to 1.21.1
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.21.0 to 1.21.1.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.21.0...v1.21.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix handling of entrypoint
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
If a user specifies an entrypoint of "" then we should not use the images
entrypoint.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
