| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Force a CNI Delete on refreshing containers
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CNI expects that a DELETE be run before re-creating container
networks. If a reboot occurs quickly enough that containers can't
stop and clean up, that DELETE never happens, and Podman
currently wipes the old network info and thinks the state has
been entirely cleared. Unfortunately, that may not be the case on
the CNI side. Some things - like IP address reservations - may
not have been cleared.
To solve this, manually re-run CNI Delete on refresh. If the
container has already been deleted this seems harmless. If not,
it should clear lingering state.
Fixes: #3759
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Handle conflict between volumes and --read-only-tmpfs
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a named volume is mounted on any of the tmpfs filesystems
created by read-only tmpfs, it caused a conflict that was not
resolved prior to this.
Fixes BZ1755119
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add release notes for new-in-RC2 changes
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
play kube: Only support pod kind in k8s yaml
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Since we only really support playing pods, and no other kubernetes types
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| | | |
| | | | |
rootless: Rearrange setup of rootless containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add two unit tests to determine whether mounts are being listed
correctly. One tests that a created container is not listed
until mounted. The second checks that running containers are
mounted, and then no longer listed as mounted when they stop
running. The final test creates three containers, mounts two,
and checks that mount correctly only lists the two mounted.
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To 'avoid unknown FS magic on "/run/user/1000/netns/...": 1021994'
make the network namespace bind-mount recursively shared, so the
mount is back-propogated to the host.
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update documentation to show Kata Containers support is no longer
a limitation with merging of commit 486a5b9
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to run Podman with VM-based runtimes unprivileged, the
network must be set up prior to the container creation. Therefore
this commit modifies Podman to run rootless containers by:
1. create a network namespace
2. pass the netns persistent mount path to the slirp4netns
to create the tap inferface
3. pass the netns path to the OCI spec, so the runtime can
enter the netns
Closes #2897
Signed-off-by: Gabi Beyer <gabrielle.n.beyer@intel.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
system tests: run test: reenable and fix
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Test had incorrectly been disabled for all podman; it
should've been disabled only for podman-remote. Fixed
that, and fixed the problem that was causing failures:
podman-remote is gobbling up stdin (#4095), so no
tests were actually being run at all, or only one.
Fixed by redirecting input on the run_podman invocation.
Added, as backup, a confirmation mechanism to ensure
that all expected tests are being run.
Note that test is reenabled, but the output check is
disabled for podman-remote due to #4096; this at least
lets us check exit status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
runtime: fix logic to disable SDNotify
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Fix the logic when getting the runtime for varlink to actually disable
SDNotify support.
Fixes: #4005
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Cirrus: Push snap continuously
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
|
| |/
| |
| |
| | |
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
|
|\ \
| | |
| | | |
execuser: look at the source for /etc/{passwd,group} overrides
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
look if there are bind mounts that can shadow the /etc/passwd and
/etc/group files. In that case, look at the bind mount source.
Closes: https://github.com/containers/libpod/pull/4068#issuecomment-533782941
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Document the 'system' event types for 'podman events'
|
|/ /
| |
| |
| |
| |
| | |
Fixes: #4002
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
Cirrus: More podbot/success improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fix one disused and two missing required env. vars.
* Slightly optomize processing of commit-author names
* Fix problem of printing duplicate author names when there are multiple
commits.
* Fix bot's IRC connection timeout too short.
* Add a single retry of IRC connection after 5-second delay.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
We need to convert libpod.conf files in user homedir for cgroupv2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If a user upgrades to a machine that defaults to a cgroups V2 machine
and has a libpod.conf file in their homedir that defaults to OCI Runtime runc,
then we want to change it one time to crun.
runc as of this point does not work on cgroupV2 systems. This patch will
eventually be removed but is needed until runc has support.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add support for testing with the latest Ubuntu release
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The images build correctly but neither integration or remote client
tests pass. Temporarily disable Ubuntu 19 testing until both are
ready to be supported.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Also, minor update to prevent harmless 'Fatal: not a git repo' error.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the latest Ubuntu version into the testing matrix
and image-build workflow. This is also needed to support
other containers projects which share use of VM images
from this one.
Update package lists to include needs for contianers/storage
use of images.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
container: make sure $HOME is always set
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the HOME environment variable is not set, make sure it is set to
the configuration found in the container /etc/passwd file.
It was previously depending on a runc behavior that always set HOME
when it is not set. The OCI runtime specifications do not require
HOME to be set so move the logic to libpod.
Closes: https://github.com/debarshiray/toolbox/issues/266
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
Cirrus: Update podbot credentials
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixed a typo.
Also script was grabbing quotes and other non-email-address junk
while looping. Filter before and after to make sure we get 'em all.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
tests: use crun package
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
fix trivial type for event logger
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: #4062
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Move rootless and Mac to Tutorials page
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
As the title says.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Support podman-remote help on windows
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update scipts to produce darwin and windows output
* Update batch file to re-direct help requests to browser
* Add pandoc filter for markdown to html links
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Clean destination paths during mount generation
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We identify and resolve conflicts in paths using destination path
matches. We require exact matches, largely for performance
reasons (we use maps to efficiently access, keyed by
destination). This usually works fine, until you get mounts that
are targetted at /output and /output/ - the same path, but not
the same string.
Use filepath.Clean() aggressively to try and solve this.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|