summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #4086 from mheon/cni_del_on_refreshOpenShift Merge Robot2019-09-25
|\ | | | | Force a CNI Delete on refreshing containers
| * Force a CNI Delete on refreshing containersMatthew Heon2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CNI expects that a DELETE be run before re-creating container networks. If a reboot occurs quickly enough that containers can't stop and clean up, that DELETE never happens, and Podman currently wipes the old network info and thinks the state has been entirely cleared. Unfortunately, that may not be the case on the CNI side. Some things - like IP address reservations - may not have been cleared. To solve this, manually re-run CNI Delete on refresh. If the container has already been deleted this seems harmless. If not, it should clear lingering state. Fixes: #3759 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4103 from mheon/handle_volume_conflictOpenShift Merge Robot2019-09-25
|\ \ | | | | | | Handle conflict between volumes and --read-only-tmpfs
| * | Handle conflict between volumes and --read-only-tmpfsMatthew Heon2019-09-24
|/ / | | | | | | | | | | | | | | | | | | When a named volume is mounted on any of the tmpfs filesystems created by read-only tmpfs, it caused a conflict that was not resolved prior to this. Fixes BZ1755119 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4098 from mheon/release_notes_1.6.0_rc2OpenShift Merge Robot2019-09-24
|\ \ | | | | | | Add release notes for new-in-RC2 changes
| * | Add release notes for new-in-RC2 changesMatthew Heon2019-09-24
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4094 from haircommander/play-only-podOpenShift Merge Robot2019-09-24
|\ \ \ | | | | | | | | play kube: Only support pod kind in k8s yaml
| * | | play kube: Only support pod kind in k8s yamlPeter Hunt2019-09-24
| |/ / | | | | | | | | | | | | | | | Since we only really support playing pods, and no other kubernetes types Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3756 from gabibeyer/rootlessOrderingOpenShift Merge Robot2019-09-24
|\ \ \ | | | | | | | | rootless: Rearrange setup of rootless containers
| * | | add list mount testsgabi beyer2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add two unit tests to determine whether mounts are being listed correctly. One tests that a created container is not listed until mounted. The second checks that running containers are mounted, and then no longer listed as mounted when they stop running. The final test creates three containers, mounts two, and checks that mount correctly only lists the two mounted. Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
| * | | Make netns bind mount sharedgabi beyer2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To 'avoid unknown FS magic on "/run/user/1000/netns/...": 1021994' make the network namespace bind-mount recursively shared, so the mount is back-propogated to the host. Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
| * | | Add Kata Containers supportgabi beyer2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Update documentation to show Kata Containers support is no longer a limitation with merging of commit 486a5b9 Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
| * | | rootless: Rearrange setup of rootless containersGabi Beyer2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to run Podman with VM-based runtimes unprivileged, the network must be set up prior to the container creation. Therefore this commit modifies Podman to run rootless containers by: 1. create a network namespace 2. pass the netns persistent mount path to the slirp4netns to create the tap inferface 3. pass the netns path to the OCI spec, so the runtime can enter the netns Closes #2897 Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
* | | | Merge pull request #4097 from edsantiago/batsOpenShift Merge Robot2019-09-24
|\ \ \ \ | |_|/ / |/| | | system tests: run test: reenable and fix
| * | | system tests: run test: reenable and fixEd Santiago2019-09-24
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test had incorrectly been disabled for all podman; it should've been disabled only for podman-remote. Fixed that, and fixed the problem that was causing failures: podman-remote is gobbling up stdin (#4095), so no tests were actually being run at all, or only one. Fixed by redirecting input on the run_podman invocation. Added, as backup, a confirmation mechanism to ensure that all expected tests are being run. Note that test is reenabled, but the output check is disabled for podman-remote due to #4096; this at least lets us check exit status. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #4089 from vrothberg/fix-4005OpenShift Merge Robot2019-09-24
|\ \ \ | |/ / |/| | runtime: fix logic to disable SDNotify
| * | runtime: fix logic to disable SDNotifyValentin Rothberg2019-09-24
|/ / | | | | | | | | | | | | | | Fix the logic when getting the runtime for varlink to actually disable SDNotify support. Fixes: #4005 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #3969 from abitrolly/patch-1OpenShift Merge Robot2019-09-23
|\ \ | | | | | | Cirrus: Push snap continuously
| * | Cirrus: Add upload_snap to success dependenciesAnatoli Babenia2019-09-23
| | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | Cirrus: Add snapcraft credentialsAnatoli Babenia2019-09-23
| | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | Cirrus: Upload snap only on merges to masterAnatoli Babenia2019-09-23
| | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | Cirrus: Push snap continuouslyAnatoli Babenia2019-09-23
| |/ | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
* | Merge pull request #4074 from giuseppe/override-etc-passwd-groupOpenShift Merge Robot2019-09-23
|\ \ | | | | | | execuser: look at the source for /etc/{passwd,group} overrides
| * | exec: set HOME also with exec sessionsGiuseppe Scrivano2019-09-21
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | execuser: look at the source for /etc/{passwd,group} overridesGiuseppe Scrivano2019-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | look if there are bind mounts that can shadow the /etc/passwd and /etc/group files. In that case, look at the bind mount source. Closes: https://github.com/containers/libpod/pull/4068#issuecomment-533782941 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4083 from mheon/document_system_eventsOpenShift Merge Robot2019-09-23
|\ \ \ | |_|/ |/| | Document the 'system' event types for 'podman events'
| * | Document the 'system' event types for 'podman events'Matthew Heon2019-09-23
|/ / | | | | | | | | | | Fixes: #4002 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4071 from cevich/more_podbotOpenShift Merge Robot2019-09-22
|\ \ | |/ |/| Cirrus: More podbot/success improvements
| * Cirrus: More podbot/success improvementsChris Evich2019-09-20
| | | | | | | | | | | | | | | | | | | | | | * Fix one disused and two missing required env. vars. * Slightly optomize processing of commit-author names * Fix problem of printing duplicate author names when there are multiple commits. * Fix bot's IRC connection timeout too short. * Add a single retry of IRC connection after 5-second delay. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4029 from rhatdan/cgroupOpenShift Merge Robot2019-09-21
|\ \ | | | | | | We need to convert libpod.conf files in user homedir for cgroupv2
| * | We need to convert libpod.conf files in user homedir for cgroupv2Daniel J Walsh2019-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a user upgrades to a machine that defaults to a cgroups V2 machine and has a libpod.conf file in their homedir that defaults to OCI Runtime runc, then we want to change it one time to crun. runc as of this point does not work on cgroupV2 systems. This patch will eventually be removed but is needed until runc has support. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3754 from cevich/latest_ubuntuOpenShift Merge Robot2019-09-21
|\ \ \ | |/ / |/| | Add support for testing with the latest Ubuntu release
| * | Cirrus: Temporarily disable testing on Ubuntu 19Chris Evich2019-09-20
| | | | | | | | | | | | | | | | | | | | | | | | The images build correctly but neither integration or remote client tests pass. Temporarily disable Ubuntu 19 testing until both are ready to be supported. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Cirrus: disable Evil Units in base-imagesChris Evich2019-09-20
| | | | | | | | | | | | | | | | | | Also, minor update to prevent harmless 'Fatal: not a git repo' error. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Cirrus: Add latest ubuntuChris Evich2019-09-20
| |/ | | | | | | | | | | | | | | | | | | | | | | Add the latest Ubuntu version into the testing matrix and image-build workflow. This is also needed to support other containers projects which share use of VM images from this one. Update package lists to include needs for contianers/storage use of images. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4068 from giuseppe/always-set-homeOpenShift Merge Robot2019-09-21
|\ \ | |/ |/| container: make sure $HOME is always set
| * container: make sure $HOME is always setGiuseppe Scrivano2019-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | If the HOME environment variable is not set, make sure it is set to the configuration found in the container /etc/passwd file. It was previously depending on a runc behavior that always set HOME when it is not set. The OCI runtime specifications do not require HOME to be set so move the logic to libpod. Closes: https://github.com/debarshiray/toolbox/issues/266 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4070 from cevich/podbot_credsOpenShift Merge Robot2019-09-20
|\ \ | |/ |/| Cirrus: Update podbot credentials
| * Cirrus: Fix success scriptChris Evich2019-09-20
| | | | | | | | | | | | | | | | | | Fixed a typo. Also script was grabbing quotes and other non-email-address junk while looping. Filter before and after to make sure we get 'em all. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Update podbot credentialsChris Evich2019-09-20
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #4051 from giuseppe/use-crun-pkgOpenShift Merge Robot2019-09-20
|\ | | | | tests: use crun package
| * tests: use crun packageGiuseppe Scrivano2019-09-19
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4063 from baude/tomltypoOpenShift Merge Robot2019-09-20
|\ \ | | | | | | fix trivial type for event logger
| * | fix trivial type for event loggerbaude2019-09-19
| | | | | | | | | | | | | | | | | | Fixes: #4062 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4064 from TomSweeneyRedHat/dev/tsweeney/tutfixOpenShift Merge Robot2019-09-20
|\ \ \ | | | | | | | | Move rootless and Mac to Tutorials page
| * | | Move rootless and Mac to Tutorials pageTomSweeneyRedHat2019-09-19
| |/ / | | | | | | | | | | | | | | | As the title says. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4042 from jwhonce/wip/msiOpenShift Merge Robot2019-09-20
|\ \ \ | |/ / |/| | Support podman-remote help on windows
| * | Support podman-remote help on windowsJhon Honce2019-09-19
| | | | | | | | | | | | | | | | | | | | | | | | * Update scipts to produce darwin and windows output * Update batch file to re-direct help requests to browser * Add pandoc filter for markdown to html links Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #4060 from mheon/clean_pathsOpenShift Merge Robot2019-09-19
|\ \ \ | |/ / |/| | Clean destination paths during mount generation
| * | Clean destination paths during mount generationMatthew Heon2019-09-19
|/ / | | | | | | | | | | | | | | | | | | | | | | | | We identify and resolve conflicts in paths using destination path matches. We require exact matches, largely for performance reasons (we use maps to efficiently access, keyed by destination). This usually works fine, until you get mounts that are targetted at /output and /output/ - the same path, but not the same string. Use filepath.Clean() aggressively to try and solve this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>