summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Verify existence of auth file if specifiedDaniel J Walsh2021-04-16
| | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9572 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-16
| | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* [CI:DOCS] Update swagger definition of inspect manifestJhon Honce2021-04-16
| | | | | | | | | | * Changed reference in swagger to correct struture that was being returned. * Added summary to ManifestAddLibpod to clean up generated web site * Added serve target to Makefile, to aid in debugging generated web site Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-16
| | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Adjust libpod API Container Wait documentation to the codePablo Correa Gómez2021-04-16
| | | | | | Closes #9960 Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Add missing returnJhon Honce2021-04-16
| | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* [CI:DOCS] Fix formatting of podman-build man pageJonathan Wakely2021-04-16
| | | | | | | | An apostrophe as the first character of the line is a formatting request in troff, so the words "'Containerfile' or 'Dockerfile'" are not visible when viewing 'man podman-build'. Signed-off-by: Jonathan Wakely <jwakely@redhat.com>
* cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-16
| | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix slashes in socket URLsAnatoli Babenia2021-04-16
| | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
* [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-16
| | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* cgroup: do not set cgroup parent when rootless and cgroupfsGiuseppe Scrivano2021-04-16
| | | | | | | | | do not set the cgroup parent when running as rootless with cgroupfs, even if cgroup v2 is used. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947999 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Reflect current state of prune implementation in docsJakub Guzik2021-04-16
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Do not delete container twiceDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | | | | | 10 lines above we had // Set ContainerStateRemoving c.state.State = define.ContainerStateRemoving Which causes the state to not be the two checked states. Since the c.cleanup call already deleted the OCI state, this meant that we were calling cleanup, and hence the postHook hook twice. Fixes: https://github.com/containers/podman/issues/9983 [NO TESTS NEEDED] Since it would be difficult to tests this. Main tests should handle that the container is being deleted successfully. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Test that we don't error out on advertised --log-level valuesNalin Dahyabhai2021-04-16
| | | | Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* At trace log level, print error text using %+v instead of %vNalin Dahyabhai2021-04-16
| | | | | | | | If we're logging at trace level, use %+v instead of %v when printing an error at exit. If the error included stack information, this will cause the backtrace to be printed, which is very handy for debugging. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* pkg/errorhandling.JoinErrors: don't throw away context for lone errorsNalin Dahyabhai2021-04-16
| | | | | | | | When our multierror contains just one error, don't extract its text only to rewrap it, because doing so discards any stack trace information that might have been added closer to where the error actually originated. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Recognize --log-level=traceNalin Dahyabhai2021-04-16
| | | | | | | "trace" is a valid logrus debugging level, so we should be able to tell the library to display messages logged at that level. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Fix message about runtime to show only the actual runtimeDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | Currently the debug line shows every runtime up until it finds the correct one, confusing users on which runtime it is using. Also move missing OCI runtime from containers/conf down to Debug level and improved the debug message, to not report error. [NO TESTS NEEDED] Since this is just debug. Triggered by https://github.com/containers/podman/issues/4854 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-16
| | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-16
| | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote buildDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | We have a race condition where podman build can fail but still return an exit code of 0. This PR ensures that as soon as the build fails, the failed flag is set eliminating the race. Fixes: https://github.com/containers/podman/issues/10029 [NO TESTS NEEDED] Tests of failed builds are already in place, and the elimination of the race should be enough. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update documentation of podman-run to reflect volume "U" optionPablo Correa Gómez2021-04-16
| | | | | | | The "U" option is accepted by `--volume` in `podman-build`, but documentation is missing Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Fixes invalid expression in save commandzhangguanzhang2021-04-16
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Fix possible panic in libpod/image/prune.goPaul Holzinger2021-04-16
| | | | | | | | | podman image prune paniced locally for me. The error handling was not done correctly and we could end up with a nil pointer dereference. [NO TESTS NEEDED] I have no idea how I could force an error in img.Size(). Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Update all containers/ project vendorsMatthew Heon2021-04-16
| | | | | | | | | | Bumps: - c/storage to v1.29.0 - c/image to v5.11.0 - c/common to v0.36.0 - Buildah to v1.20.1 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #9875 from mheon/bump_310OpenShift Merge Robot2021-03-30
|\ | | | | [CI:DOCS] Bump to v3.1.0
| * Fix testsMatthew Heon2021-03-29
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v3.1.1-devMatthew Heon2021-03-29
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Bump to v3.1.0v3.1.0Matthew Heon2021-03-29
|/ | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #9868 from mheon/310_backportsOpenShift Merge Robot2021-03-29
|\ | | | | Final backports for v3.1.0
| * Fix test failureMatthew Heon2021-03-29
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Update release notes for v3.1.0 final releaseMatthew Heon2021-03-29
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * [NO TESTS NEEDED] Turn on podman-remote build --isolationDaniel J Walsh2021-03-29
| | | | | | | | | | | | | | | | | | | | Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fix long option format on docs.podman.ioPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Escape the two dashes, otherwise they are combined into one long dash. I tested that this change is safe and still renders correctly on github and with the man pages. This commit also contains a small change to make it build locally. Assuming you have the dependencies installed you can do: ``` cd docs make html ``` Preview the html files in docs/build/html with `python -m http.server 8000 --directory build/html`. Fixes containers/podman.io#373 Signed-off-by: Paul Holzinger <paul.holzinger@web.de> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Fix containers list/prune http api filter behaviourJakub Guzik2021-03-29
| | | | | | | | | | | | | | | | | | | | The problem described in #9711 and followed by #9758 affects containers as well. When user provides wrong filter input, error message should occur, not fallback to full list/prune command. This change fixes the issue. Additionally, there are error message fixes for docker http api compat. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * [CI:DOCS] Add note to mappings for user/group userns in buildTomSweeneyRedHat2021-03-29
| | | | | | | | | | | | | | | | | | Add a note to the `--userns-uid-map` and `--userns-gid-map` options in the `podman build` man page. Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1930509 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
| * Validate passed in timezone from tz optionTomSweeneyRedHat2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Erik Sjolund reported an issue where a badly formated file could be passed into the `--tz` option and then the date in the container would be badly messed up: ``` erik@laptop:~$ echo Hello > file.txt erik@laptop:~$ podman run --tz=../../../home/erik/file.txt --rm -ti docker.io/library/alpine cat /etc/localtime Hello erik@laptop:~$ podman --version podman version 3.0.0-rc1 erik@laptop:~$ ``` This fix checks to make sure the TZ passed in is a valid value and then proceeds with the rest of the processing. This was first reported as a potential security issue, but it was thought not to be. However, I thought closing the hole sooner rather than later would be good. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
| * Generate Kubernetes PersistentVolumeClaims from named volumesJordan Williams2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #5788 This commit adds support for named volumes in podman-generate-kube. Named volumes are output in the YAML as PersistentVolumeClaims. To avoid naming conflicts, the volume name is suffixed with "-pvc". This commit adds a corresponding suffix for host path mounts. Host path volumes are suffixed with "-host". Signed-off-by: Jordan Williams <jordan@jwillikers.com>
| * libpod/image: unit tests: use a `registries.conf` for aliasesValentin Rothberg2021-03-29
| | | | | | | | | | | | | | | | | | | | Since some unit tests use "busybox", we need to point it to some alias if we want it to pass CI on F34 where we're running in enforced mode. Furthermore, make sure that the registries.conf can actually be overridden in the code. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * libpod/image: unit tests: defer cleanupValentin Rothberg2021-03-29
| | | | | | | | | | | | Defer cleaning up the test artifacts as early as possible. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * libpod/image: unit tests: use `require.NoError`Valentin Rothberg2021-03-29
| | | | | | | | | | | | | | | | In contrast to `assert.NoError`, `require.NoError` treats mismatches fatally which in many cases is necessary to prevent subsequent checks from segfaulting. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Unification of until filter across list/prune endpointsJakub Guzik2021-03-29
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * Unification of label filter across list/prune endpointsJakub Guzik2021-03-29
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * fixupMatej Vasek2021-03-29
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * fix: build endpoint for compat APIMatej Vasek2021-03-29
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on rebootDaniel J Walsh2021-03-29
| | | | | | | | | | | | Helps Fix https://github.com/containers/podman/issues/9765 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Check if stdin is a term in --interactive --tty modeDaniel J Walsh2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you are attempting to run a container in interactive mode, and want a --tty, then there must be a terminal in use. Docker exits right away when a user specifies to use a --interactive and --TTY but the stdin is not a tty. Currently podman will pull the image and then fail much later. Podman will continue to run but will print an warning message. Discussion in : https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * [NO TESTS NEEDED] Fix rootless volume pluginsPhoenix The Fallen2021-03-29
| | | | | | | | | | | | In a case of volume plugins with custom options. Signed-off-by: Phoenix The Fallen <thephoenixofthevoid@gmail.com>
| * Ensure manually-created volumes have correct ownershipMatthew Heon2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of a fix for an earlier bug (#5698) we added the ability for Podman to chown volumes to correctly match the user running in the container, even in adverse circumstances (where we don't know the right UID/GID until very late in the process). However, we only did this for volumes created automatically by a `podman run` or `podman create`. Volumes made by `podman volume create` do not get this chown, so their permissions may not be correct. I've looked, and I don't think there's a good reason not to do this chwon for all volumes the first time the container is started. I would prefer to do this as part of volume copy-up, but I don't think that's really possible (copy-up happens earlier in the process and we don't have a spec). There is a small chance, as things stand, that a copy-up happens for one container and then a chown for a second, unrelated container, but the odds of this are astronomically small (we'd need a very close race between two starting containers). Fixes #9608 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Support multi doc yaml for generate/play kubeEduardo Vega2021-03-29
| | | | | | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>