| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]
Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
In a systemd unit dollar and percent signs are used for variables. A backslash
is used for escape sequences. If any of these characters are used in the create
command we have to properly escape them so systemd does not try to interpret them.
Fixes #9176
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `--network` flag is parsed differently for `podman pod create`.
This causes confusion and problems for users. The extra parsing
logic ignored unsupported network options such as `none`,
`container:...` and `ns:...` and instead interpreted them as cni
network names.
Tests are added to ensure the correct errors are shown.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Eclipse and Intellij Docker plugin determines the state of the
container via the Status field, returned from /containers/json call.
Podman always returns empty string, and because of that, both IDEs
show the wrong state of the container.
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1915332
```
According to the Docker docs, the consistency option should be ignored on Linux.
the possible values are 'cached', 'delegated', and 'consistent', but they should be ignored equally.
This is a widely used option in scripts run by developer machines, as this makes file I/O less horribly slow on MacOS.
```
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when creating kubernetes yaml from containers and pods, we should honor
any custom dns settings the user provided. in the case of generate kube,
these would be provided by --dns, --dns-search, and --dns-opt. if
multiple containers are involved in the generate, the options will be
cumulative and unique with the exception of dns-opt.
when replaying a kube file that has kubernetes dns information, we now
also add that information to the pod creation.
the options for dnspolicy is not enabled as there seemed to be no direct
correlation between kubernetes and podman.
Fixes: #9132
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It is fairly common for certain cgroups controllers to
not be enabled on a system. We should Warn when this happens
versus failing, when doing podman stats command. This way users
can get information from the other controllers.
Fixes: https://github.com/containers/podman/issues/8588
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Gerard Braad <me@gbraad.nl>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
Fix CVE-2021-20199 for Podman v3.0
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
set the source IP to the slirp4netns address instead of 127.0.0.1 when
using rootlesskit.
Closes: https://github.com/containers/podman/issues/5138
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
[v3.0] Gating tests: diff test: workaround for RHEL8 failure
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RHEL8 rootless gating tests are inconsistently failing with:
$ podman diff --format json -l
#
{"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]}
# #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# #| FAIL: added
# #| expected: '/pMOm1Q0fnN'
# #| actual: '/sys/fs'
# #| > '/sys/fs/cgroup'
# #| > '/pMOm1Q0fnN'
# #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Reason: PR #8561, I think (something to do with /sys on RHEL).
Workaround: ignore '/sys/fs' in diffs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Bump to containers/common v0.33.2
|
| |/ /
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
[3.0] podman build --pull: refine help message and docs
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refine and correct the wording of the `--pull` flag in the help message
and the docs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[3.0]add macvlan as a supported network driver
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
instead of using the --macvlan to indicate that you want to make a
macvlan network, podman network create now honors the driver name of
*macvlan*. Any options to macvlan, like the parent device, should be
specified as a -o option. For example, -o parent=eth0.
the --macvlan option was marked as deprecated in the man page but is
still supported for the duration of 3.0.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[v3.0] Use cachix for static build & include podman-remote build
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Prior to this commit, the "Static Build" task only produced a
`bin/podman`. Update this to also include a `bin/podman-remote`
binary.
Update the pr-should-include-tests checker to ignore the `nix`
directory, which isn't applicable.
Lastly, restore the static build task to 'required' for CI success.
Leaving the comment inplace in case it needs to be bypassed in the
future on short notice.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It looks like we always hit the caching issue in Cirrus CI described
within #8313. A solution around that is to use cachix, which has been
pre-populated from my local machine.
To push all (runtime and build) dependencies, we can leverage a
pre-populated store by:
```
> nix-store -qR --include-outputs $(nix-instantiate nix/default.nix) | cachix push podman
```
The cache can be re-used by everybody to rapidly build static Podman
binaries: https://app.cachix.org/cache/podman
[NO TESTS NEEDED]
Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
|
| |\ \ \
| |/ /
|/| | |
[v3.0] Cirrus: Fix running Validate task on branches
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Followup to 4c60523
Despite skipping the `Smoke` check, it was observed on a *new* branch,
the `validate` task (specifically `git-validation`) will fail. This
is because:
* `$CIRRUS_LAST_GREEN_CHANGE` will be empty on a new branch.
* `$CIRRUS_BASE_SHA` is always empty for runs triggered by branch-push
* `$EPOCH_TEST_COMMIT` will be set to `YOU_FOUND_A_BUG`.
Fix this by eliminating the `Smoke` task entirely, simplifying all
the `make validate` operations into the `validate` cirrus task. Ensure
this task does not run when a new branch or tag is pushed.
Also, eliminate the `$CIRRUS_BUILD_ID` value as it's confusing and not
actually used anywhere. It was formerly used for building VM images,
but this has moved to another repo entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| | |
| | | |
Backports for v3.0 RC2
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure that bindings are in sync with the code. The check is similar
to what's already being done with `make vendor`, so integrate the two.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of implicitly generating the bindings, make it explicit, similar
to `make vendor`. This should prevent redundant and possibly error
prone generations. A following commit will shield CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Go gods did not shine upon us trying to understand what's going on
in #9000. The symptom is that `go generate` did not add required
imports to a generated file, ultimately breaking subsequent compilation.
While it still remains unclear *why* Go is behaving like that, the
symptom disappears when `go generate` runs in module mode; that is
without `-mod=vendor` and without `GO111MODULE=off`. This was
reproducible on two separate machines (Ubuntu and Fedora).
Also, when facing an unset GOPATH, set it to Go's default (i.e.,
$HOME/go) and make sure that GOBIN is in PATH since `goimports`
is required by `go generate`.
Fixes: #9000
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Run `go generate ./pkg/bindings/...` once for all bindings instead of
generating them separately. This should speed up bindings generation
as a given package is visited only once, and it fixes #8989 by dropping
the use of pushd and popd.
Fixes: #8989
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Set `-mod=vendor` when generating the bindings. We expect all
dependencies to be vendored already. This should slightly speed
up the bindings generation and prevent redundant network accesses.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the container create command contains an argument with double
curly braces the golang template parsing can fail since it tries
to interpret the value as variable. To fix this change the default
delimiter for the internal template to `{{{{`.
Fixes #9034
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There was a potential race where two handlers could be added at
the same time. Go Maps are not thread-safe, so that could do
unpleasant things. Add a mutex to keep things safe.
Also, swap the order or Register and Start for the handlers in
Libpod runtime created. As written, there was a small gap between
Start and Register where SIGTERM/SIGINT would be completely
ignored, instead of stopping Podman. Swapping the two closes this
gap.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A container's workdir can be specified via the CLI via `--workdir` and
via an image config with the CLI having precedence.
Since images have a tendency to specify workdirs without necessarily
shipping the paths with the root FS, make sure that Podman creates the
workdir. When specified via the CLI, do not create the path, but check
for its existence and return a human-friendly error.
NOTE: `crun` is performing a similar check that would yield exit code
127. With this change, however, Podman performs the check and yields
exit code 126. Since this is specific to `crun`, I do not consider it
to be a breaking change of Podman.
Fixes: #9040
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add an API to libpod to resolve a path on the container. We can
refactor the code that was originally written for copy. Other
functions are requiring a proper path resolution, so libpod seems
like a reasonable home for sharing that code.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when inspecting a container that is only connected to the default
network, we should populate the default network in the container inspect
information.
Fixes: #6618
Signed-off-by: baude <bbaude@redhat.com>
MH: Small fixes, added another test
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes #9120
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Docker has, for unclear reasons, three separate fields in their
Create Container struct in which volumes can be placed. Right now
we support two of those - Binds and Mounts, which (roughly)
correspond to `-v` and `--mount` respectively. Unfortunately, we
did not support the third, `Volumes`, which is used for anonymous
named volumes created by `-v` (e.g. `-v /test`). It seems that
volumes listed here are *not* included in the remaining two from
my investigation, so it should be safe to just append them into
our handling of the `Binds` (`-v`) field.
Fixes #8649
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure to write error from conmon on the hijacked http connection.
This fixes issues where errors were not reported on the client side,
for instance, when specified command was not found on the container.
To future generations: I am sorry. The code is complex, and there are
many interdependencies among the concurrent goroutines. I added more
complexity on top but I don't have a good idea of how to reduce
complexity in the available time.
Fixes: #8281
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
[v3.0] Add support for rootless network-aliases and static ip/mac
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure we pass the network aliases as capability args to the
cnitool in the rootless-cni-infra container. Also update the
dnsname plugin in the cni-infra container.
Fixes #8567
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Make sure we pass the ip and mac address as CNI_ARGS to
the cnitool which is executed in the rootless-cni-infra
container.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
[3.0] disable dnsname when --internal
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when doing a network creation, the dnsname plugin should be disabled
when the --internal bool is set. a warning is displayed if this
happens and docs are updated.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Unlike the container storage all e2e test are using the same cni
config directory. This causes problems if the network name already
exists. Using random names will make the second run pass even if the
first failed. This is only done to prevent full CI failures.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
[CI:DOCS]Correct static API html path
|
