| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Oops. PR #6693 (sdnotify) added tests, but they were disabled
due to broken crun on f31. I tried for three weeks to get a
magic CI:IMG PR to update crun on the CI VMs ... but in that
time I forgot to actually enable those new tests.
This PR removes a 'skip', replacing it with a check that systemd
is running plus one more to make sure our runtime is crun. It
looks like sdnotify just doesn't work on Ubuntu (it hangs), and
my guess is that it's a crun/runc issue.
I also changed the test image from fedora:latest to :31, because,
sigh, fedora:latest removed the systemd-notify tool.
WARNING WARNING WARNING: the symptom of a missing systemd-notify
is that podman will hang forever, not even stopped by the timeout
command in podman_run! (Filed: #7316). This means that if the
sdnotify-in-container test ever fails, the symptom will be that
Cirrus itself will time out (2 hours?). This is horrible. I
don't know what to do about it other than push for a fix for 7316.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
podman.service: use sdnotify
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 2b6dd3fb4384 set the killmode of the podman.service to the
systemd default which ultimately lead to the problem that systemd
will kill *all* processes inside the unit's cgroup and hence kill
all containers whenever the service is stopped.
Fix it by setting the type to sdnotify and the killmode to process.
`podman system service` will send the necessary notify messages
when the NOTIFY_SOCKET is set and unset it right after to prevent
the backend and container runtimes from jumping in between and send
messages as well.
Fixes: #7294
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
run, create: add new security-opt proc-opts
|
| |/
| |
| |
| |
| |
| |
| | |
it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
Fix hang when `path` doesn't exist
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I'm not sure if this is an OS-specific issue, but on CentOS 8, if `path`
doesn't exist, this hangs while waiting to read from this socket, even
though the socket is closed by the `reexec_in_user_namespace`. Switching
to a pipe fixes the problem, and pipes shouldn't be an issue since this is
Linux-specific code.
Signed-off-by: Jonathan Dieter <jonathan.dieter@spearline.com>
|
|\ \
| | |
| | | |
podman save use named pipe
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman save uses named pipe as output path, not directly using /dev/stdout.
fix #7017
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Change /sys/fs/cgroup/systemd mount to rprivate
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I used the wrong propagation first time around because I forgot
that rprivate is the default propagation. Oops. Switch to
rprivate so we're using the default.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add support for setting the CIDR when using slirp4netns
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support for the --cidr parameter that is supported
by slirp4netns since v0.3.0. This allows the user to change
the ip range that is used for the network inside the container.
Signed-off-by: Adis Hamzić <adis@hamzadis.com>
|
|\ \ \
| | | |
| | | | |
add xz as a recommended pkg
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
xz package is required by buildah and podman when building a
image and ADD a tar.xz file archive is used
See https://github.com/containers/buildah/issues/2525
Signed-off-by: Job Cespedes Ortiz <jobcespedes@gmail.com>
|
|\ \ \
| | | |
| | | | |
podman-remote fixes for msi and client
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
correct small typo that sets the path on windows via the msi xml.
in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Makefile: use full path for ginkgo
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Without this change, I get:
```
ginkgo \
-r \
\
--skipPackage test/e2e,pkg/apparmor,test/endpoint,pkg/bindings,hack \
--cover \
--covermode atomic \
--coverprofile coverprofile \
--outputdir .coverage \
--tags " selinux systemd exclude_graphdriver_devicemapper seccomp" \
--succinct
/bin/sh: line 1: ginkgo: command not found
```
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \
| | | | |
| | | | | |
add event for image build
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
upon image build completion, a new image type event is written for "build". more intricate details, like pulling an image, that might be done by build must be implemented in different vendored packages only after libpod is split from podman.
Fixes: #7022
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add parameter verification for api creation network
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| | | | |
| | | | | |
Replace deepcopy on history results
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly.
Fixes: #7122
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update nix pin with `make nixpkgs`
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also sync nix `packageOverrides` across skopeo/buildah/podman/cri-o for
utilizing local build cache.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Ensure correct propagation for cgroupsv1 systemd cgroup
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On cgroups v1 systems, we need to mount /sys/fs/cgroup/systemd
into the container. We were doing this with no explicit mount
propagation tag, which means that, under some circumstances, the
shared mount propagation could be chosen - which, combined with
the fact that we need a mount to mask
/sys/fs/cgroup/systemd/release_agent in the container, means we
would leak a never-ending set of mounts under
/sys/fs/cgroup/systemd/ on container restart.
Fortunately, the fix is very simple - hardcode mount propagation
to something that won't leak.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
[CI:DOCS] cross-reference .rst files
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There are a bunch of *.rst files in docs/source, linking sometimes
to man pages and sometimes to other .rst files. These files each
have entries of the following form:
:doc:`foo <link-to-foo>` Description of foo
...for all podman sub and sub-subcommands 'foo'.
Read all .rst files and make sure that:
- all entries in a given file are in alphabetical order
- all link-to-foo targets point to existing doc files
- every subcommand known by 'podman help' has a corresponding
doc entry in a .rst file
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For each podman*.md file with a subcommand table (podman,
podman-container, etc), assert that the subcommand list
is sorted.
Change is bigger than it should be, because it switches from
nice clean local per-function error counting to using a nasty
global.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Enable systemd mode for /usr/local/sbin/init
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman 1.6.2 changed systemd mode auto-detection from commands ending in
``init`` to hard-coded paths ``/sbin/init`` and ``/usr/sbin/init``. This
broke FreeIPA container. ``podman run`` and ``podman create`` now
activate systemd mode when the command is ``/usr/local/sbin/init``.
Fixes: https://github.com/containers/podman/issues/7287
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|\ \ \
| | | |
| | | | |
Allow specifying seccomp profiles for privileged containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To sync the behavior between AppArmor and seccomp it is now possible to
also specify seccomp profiles for privileged containers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix handling of working dir
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Buildah and podman build can create images without a working dir.
FROM fedora
WORKDIR /test
If you build this image with caching twice, the second time the image
will not have a working dir.
Similarly if you execute
podman run --workdir /foobar fedora
It blows up since the workingdir is not created automatically.
Finally there was duplicated code for getting the workingdir
out of an image, that this PR removes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add the `Status` field in the ps --format=json
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Add missing pages for docs.podman.io
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Lots of references to man pages missing from docs.podman.io
Also fix sort order in man pages and other documents.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Img Pull - Error pass through
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Included old error + wrapped
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Allign container image storage configuration with Buildah
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Kirill Shirinkin <kirill@hey.com>
|
|\ \ \
| | | |
| | | | |
Do not use image CMD if user gave ENTRYPOINT
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This matches Docker behavior, and seems to make sense - the CMD
may have been specific to the original entrypoint and probably
does not make sense if it was changed.
While we're in here, greatly simplify the logic for populating
the SpecGen's Command. We create the full command when making the
OCI spec, so the client should not be doing any more than setting
it to the Command the user passed in, and completely ignoring
ENTRYPOINT.
Fixes #7115
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Remove TEST_ from TEST_REMOTE_*
|