| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| | |
change from unixnano to unix for ps created --format json
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when printing out json format, we mistakenly changed the Created field
output to be a time.time in a different commit. This allows for
override of the Created field to be a unix ts as type int64.
Fixes: #9315
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
[3.0] make layer-tree lookup errors non-fatal
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Internally, Podman constructs a tree of layers in containers/storage to
quickly compute relations among layers and hence images. To compute the
tree, we intersect all local layers with all local images. So far,
lookup errors have been fatal which has turned out to be a mistake since
it seems fairly easy to cause storage corruptions, for instance, when
killing builds. In that case, a (partial) image may list a layer which
does not exist (anymore). Since the errors were fatal, there was no
easy way to clean up and many commands were erroring out.
To improve usability, turn the fatal errors into warnings that guide the
user into resolving the issue. In this case, a `podman system reset`
may be the approriate way for now.
[NO TESTS NEEDED] because I have no reliable way to force it.
[1] https://github.com/containers/podman/issues/8148#issuecomment-778253474
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Bump c/storage to v1.24.6
|
| |/ /
| |
| |
| |
| |
| | |
Addresses RHBZ#1924562.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
[backport v3.0] hardening flags for fedora rpmbuilds
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm
binaries.
The flags used are the same as those in the official Fedora rpms.
Setting the flags in upstream spec would provide early warnings for
flag adjustments or other hardening issues.
(cherry picked from commit 21deafba85b21aa76ccd464c620dfa45085fc90f)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \
| | | |
| | | | |
[3.0] utils: takes the longest path on cgroup v1
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
now getCgroupProcess takes the longest path on cgroup v1, instead of
complaining if the paths are different.
This should help when --cgroups=split is used on cgroup v1 and the
process cgroups look like:
$ cat /proc/self/cgroup
11:pids:/user.slice/user-0.slice/session-4.scope
10:blkio:/
9:cpuset:/
8:devices:/user.slice
7:freezer:/
6:memory:/user.slice/user-0.slice/session-4.scope
5:net_cls,net_prio:/
4:hugetlb:/
3:cpu,cpuacct:/
2:perf_event:/
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 660a06f2f79fc1edf68e286ee452ceb9dcd5e03a)
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 1b5f3ed24d367cc30432b8a260d1e9465b979c2b)
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 9196a5ce36a559cc0d10230194f93a61b40e870a)
|
| |/ / /
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit f4fd25a005ae00afe7574bd4eb9a428a6b5c81dd)
|
| |\ \ \
| |/ /
|/| | |
Bump to v3.0 Final
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The old copy-up implementation was very unhappy with symlinks,
which could cause containers to fail to start for unclear reasons
when a directory we wanted to copy-up contained one. Rewrite to
use the Buildah Copier, which is more recent and should be both
safer and less likely to blow up over links.
At the same time, fix a deadlock in copy-up for volumes requiring
mounting - the Mountpoint() function tried to take the
already-acquired volume lock.
Fixes #6003
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When doing a container inspect on a container with unlimited ulimits,
the value should be -1. But because the OCI spec requires the ulimit
value to be uint64, we were displaying the inspect values as a uint64 as
well. Simple change to display as an int64.
Fixes: #9303
Signed-off-by: baude <bbaude@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The c/storage library is subject to TOCTOUs as the central container and
image storage may be shared by many instances of many tools. As shown
in #6510, it's fairly easy to have multiple instances of Podman running
in parallel and yield image-lookup errors when removing them.
The underlying issue is the TOCTOU of removal being split into multiple
stages of first reading the local images and then removing them. Some
images may already have been removed in between the two stages. To make
image removal more robust, handle errors at stage two when a given image
is not present (anymore) in the storage.
Fixes: #6510
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the --rootfs flag is set podman create/run expect a host
path as first argument. The shell completion should provide
path completion in that case.
[NO TESTS NEEDED]
This can manually be verified with `podman run --rootfs [TAB]`.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
[3.0] vendor github.com/containers/image v5.10.2
|
| | | |
| | |
| | |
| | |
| | | |
Fixes: #8559
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add default template functions
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
For commands that use the golang template library directly add the
compatible template functions
Fixes #8773
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
[v3.0] Backport final breaking API change to v3.0
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
<MH: Regenerate bindings>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
<MH: Regenerated bindings>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove bindings that are not handled over the API.
Leaving this one to not use image pull, since this would
break progress handling. We should revisit this in the
future.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using the compatability tests on kill, the kill
function goes into an infinite wait loop taking all of the CPU.
This change will use the correct wait function and exit properly.
Fixes: https://github.com/containers/podman/issues/9206
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
Cleanup and pass proper bindings. Remove cli options from
podman-remote push. Cleanup manifest push.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixup the bindings and the handling of the --external --por and --sort
flags.
The --storage option was renamed --external, make sure we use
external up and down the stack.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently podman implements --override-arch and --overide-os
But Podman has made these aliases for --arch and --os. No
reason to have to specify --override, since it is clear what
the user intends.
Currently if the user specifies an --override-arch field but the
image was previously pulled for a different Arch, podman run uses
the different arch. This PR also fixes this issue.
Fixes: https://github.com/containers/podman/issues/8001
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
implement remote API for --all and --ignore flags for podman stop
implement remote API for --all flags for podman stop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I found several problems with container remove
podman-remote rm --all
Was not handled
podman-remote rm --ignore
Was not handled
Return better errors when attempting to remove an --external container.
Currently we return the container does not exists, as opposed to container
is an external container that is being used.
This patch also consolidates the tunnel code to use the same code for
removing the container, as the local API, removing duplication of code
and potential problems.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Bump to v3.0.0-RC3
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Backports for v3.0,0-RC3
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes #9175
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line. Otherwise, we just do a
presence check. Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir. That
caused a regression when running on a read-only root fs.
Fixes: #9230
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
