summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump to Buildah v1.13.1TomSweeneyRedHat2020-01-14
| | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #4858 from vrothberg/enable-lintersOpenShift Merge Robot2020-01-14
|\ | | | | make lint: extend checks
| * .gitignore: ingore *.coverprofile from unit testsValentin Rothberg2020-01-14
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * make lint: include unit testsValentin Rothberg2020-01-14
| | | | | | | | | | | | | | Include the unit tests (i.e., _test.go files) for linting to make the tests more robust and enforce the linters' coding styles etc. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * .golangci.yml: move swagger.go from MakefileValentin Rothberg2020-01-14
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * make lint: include docs/Valentin Rothberg2020-01-14
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * make lint: include pkg/tracingValentin Rothberg2020-01-14
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4843 from baude/apiv2swagger4OpenShift Merge Robot2020-01-14
|\ \ | |/ |/| swagger documentation updates
| * swagger documentation updatesbaude2020-01-13
| | | | | | | | | | | | | | | | | | | | | | adhere closer to the spec by using description and summary fields and also ensuring that the id is unique to avoid collision between generic and libpod endpoints. also, make swagger output work with redoc which seems to display our information better for our needs. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4855 from rhatdan/codespellOpenShift Merge Robot2020-01-13
|\ \ | | | | | | revert accidental change from codespell pr.
| * | revert accidental change from codespell pr.Daniel J Walsh2020-01-13
|/ / | | | | | | | | | | This should use `od` not `of` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4845 from baude/pruneforceOpenShift Merge Robot2020-01-13
|\ \ | | | | | | clarify cont
| * | clarify container prune --forcebaude2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | the --force parameter should only be used for the CLI and should only dictate whether to prompt the user for confirmation. Fixes: #4844 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4850 from vrothberg/fix-lintingOpenShift Merge Robot2020-01-13
|\ \ \ | | | | | | | | Fix linting
| * | | gating: clean /go/bin to install fresh toolsValentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Once the gating image doesn't ship with pre-installed tools, we can remove the workaround. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | make lint: enable gocriticValentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `gocritic` is a powerful linter that helps in preventing certain kinds of errors as well as enforcing a coding style. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | linter: blacklist linters instead of whitelistingValentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Blacklist linters instead of whitelisting them. This way, we will benefit from new linters when updating and it's easier to actually find and fix open issues. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | bump golangci-lint to 1.18.0Valentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The latest versions have regressions in --skip-dirs where some linters will still run and error out. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | rm contrib/perftestValentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Perftest was intended to be used for testing CPU intensive tasks of Podman. However, it does not compile for a long while and is not integrated in the CI which clearly indicates that it has not been used for a considerable amount of time. Remove contrib/perftest entirely. If the desire arises to revive it, all code is still reachable in the git history. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | remove `.tool/lint`Valentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only use `make golangci-lint` which is also used in `make validate`. However, we need to enable more linters which we can do step by step in future commits. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4853 from mheon/do_not_configure_with_slirpOpenShift Merge Robot2020-01-13
|\ \ \ \ | | | | | | | | | | Do not configure CNI when slirp4netns is requested
| * | | | Do not configure CNI when slirp4netns is requestedMatthew Heon2020-01-13
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our networking code bakes in a lot of assumptions about how networking should work - that CNI is *always* used with root, and that slirp4netns is *always* used only with rootless. These are not safe assumptions. This fixes one particular issue, which would cause CNI to also be run when slirp4netns was requested as root. Fixes: #4687 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #4817 from rhatdan/codespellOpenShift Merge Robot2020-01-13
|\ \ \ \ | |/ / / |/| | | Add codespell to validate spelling mistakes in code.
| * | | Add codespell to validate spelling mistakes in code.Daniel J Walsh2020-01-11
| | | | | | | | | | | | | | | | | | | | | | | | Fix all errors found by codespell Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #4694 from openSUSE/history-names-in-inspectOpenShift Merge Robot2020-01-13
|\ \ \ \ | | | | | | | | | | Add history names to image inspect data
| * | | | Add history names to image inspect dataSascha Grunert2019-12-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During writing the tests I found it would be probably useful to have the tag history part of the inspect data. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | Merge pull request #4836 from cevich/upd_base_metaOpenShift Merge Robot2020-01-13
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Fix libpod base images going stale
| * | | | | Cirrus: Fix libpod base images going staleChris Evich2020-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | VM Base images are used as a starting point for runtime VM images. The in-use VM base images should never be pruned, which is an operation that potentially occurs periodically from automation running on the master branch of the libpod repo. However the only place which updates timestamps (blocking pruning) of base images, occurs during runtime VM image building. Therefor, if images are not regularly rebuilt, it's possible their base images go stale and are pruned. Changes: * Add freshly-produced base images (old ones got pruned) * Wrap the timestamp update script to include base image names in the update list. Notes: * Regularly updating base image timestamps only needs to happen on the libpod repo's meta task, since all base images live there. * Using a wrapper is needed to maintain compatibility with multiple versions of the imgts container image used by other repos / branchs. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #4841 from markstos/issue-4840-improve-privileged-docsOpenShift Merge Robot2020-01-13
|\ \ \ \ \ \ | | | | | | | | | | | | | | docs: --privileged docs completeness, consistency
| * | | | | | docs: --privileged docs completeness, consistencyMark Stosberg2020-01-12
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed in https://github.com/containers/libpod/issues/4840 Signed-off-by: Mark Stosberg <mark@rideamigos.com>
* | | | | | Merge pull request #4823 from vrothberg/gen-systemdOpenShift Merge Robot2020-01-12
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | podman-generate-systemd --new
| * | | | | podman-generate-systemd --newValentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --new flag to podman-generate-systemd to create a new container via podman-run instead of starting an existing container. Creating a new container presents the challenge to find a reverse mapping from a container to the CLI flags it can be created with. We are doing this via `(Container).Config.CreateCommand` field, which includes a copy of the process' command from procFS at creating time. This field may not be useful when the container was not created via the Podman CLI (e.g., via a Python script). Hence, we do not guarantee the correctness of the generated files. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #4842 from Foxboron/morten/fix-raceOpenShift Merge Robot2020-01-11
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | [Makefile] Ensure .gopathok dependency is met for varlink
| * | | | | [Makefile] Ensure .gopathok dependency is met for varlinkMorten Linderud2020-01-11
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When executing make in parallel, e.g `make -j8`, there is a chance steps are executed at the same time. There is a chance .gopathok and the actual varlink generation happening at the same time, causing a race and ultimately failing the build. Ensuring the .gopathok dependency is met at the actual step fixes the problem. Signed-off-by: Morten Linderud <morten@linderud.pw>
* | | | | Merge pull request #4805 from giuseppe/log-tagOpenShift Merge Robot2020-01-10
|\ \ \ \ \ | | | | | | | | | | | | log: support --log-opt tag=
| * | | | | test: fix error messageGiuseppe Scrivano2020-01-10
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | log: support --log-opt tag=Giuseppe Scrivano2020-01-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | support a custom tag to add to each log for the container. It is currently supported only by the journald backend. Closes: https://github.com/containers/libpod/issues/3653 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #4839 from giuseppe/fix-keep-id-big-idsOpenShift Merge Robot2020-01-10
|\ \ \ \ \ | |_|_|_|/ |/| | | | libpod: fix --userns=keep-id with big UIDs
| * | | | libpod: fix --userns=keep-id with big UIDsGiuseppe Scrivano2020-01-10
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when creating a keep-id namespace, we split the original user namespace in: inner ns | outer ns | size: 0 | 1 | ID ID | 0 | 1 ID+1 | ID+1 | availableIds - ID When the user ID is bigger than the number of available subuids/subgids we fail to create the user namespace because the first slice is bigger than the available number of IDs and the third one has a negative size. Fix it by not using more than the available number of IDs in the first slice and creating the third one only if there are other IDs left. When the user ID is bigger than the number of additional IDs, there will be a gap between the two mappings so the IDs between the maximum additional ID and the user ID won't be present inside of the namespace. Closes: https://github.com/containers/libpod/issues/4838 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4832 from baude/apiv2tomasterOpenShift Merge Robot2020-01-10
|\ \ \ \ | |_|/ / |/| | | Apiv2tomaster
| * | | fix e2e test failurebaude2020-01-10
| | | | | | | | | | | | | | | | | | | | | | | | it is possible for layers.names to be nil and we must account for that. Signed-off-by: baude <bbaude@redhat.com>
| * | | address review comments before mergebaude2020-01-10
| | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
| * | | [CI:DOCS]update apiv2 documentation with swagger goodsbaude2020-01-10
| | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
| * | | Initial commit on compatible APIJhon Honce2020-01-10
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Create service command Use cd cmd/service && go build . $ systemd-socket-activate -l 8081 cmd/service/service & $ curl http://localhost:8081/v1.24/images/json Signed-off-by: Jhon Honce <jhonce@redhat.com> Correct Makefile Signed-off-by: Jhon Honce <jhonce@redhat.com> Two more stragglers Signed-off-by: Jhon Honce <jhonce@redhat.com> Report errors back as http headers Signed-off-by: Jhon Honce <jhonce@redhat.com> Split out handlers, updated output Output aligned to docker structures Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactored routing, added more endpoints and types * Encapsulated all the routing information in the handler_* files. * Added more serviceapi/types, including podman additions. See Info Signed-off-by: Jhon Honce <jhonce@redhat.com> Cleaned up code, implemented info content * Move Content-Type check into serviceHandler * Custom 404 handler showing the url, mostly for debugging * Refactored images: better method names and explicit http codes * Added content to /info * Added podman fields to Info struct * Added Container struct Signed-off-by: Jhon Honce <jhonce@redhat.com> Add a bunch of endpoints containers: stop, pause, unpause, wait, rm images: tag, rmi, create (pull only) Signed-off-by: baude <bbaude@redhat.com> Add even more handlers * Add serviceapi/Error() to improve error handling * Better support for API return payloads * Renamed unimplemented to unsupported these are generic endpoints we don't intend to ever support. Swarm broken out since it uses different HTTP codes to signal that the node is not in a swarm. * Added more types * API Version broken out so it can be validated in the future Signed-off-by: Jhon Honce <jhonce@redhat.com> Refactor to introduce ServiceWriter Signed-off-by: Jhon Honce <jhonce@redhat.com> populate pods endpoints /libpod/pods/.. exists, kill, pause, prune, restart, remove, start, stop, unpause Signed-off-by: baude <bbaude@redhat.com> Add components to Version, fix Error body Signed-off-by: Jhon Honce <jhonce@redhat.com> Add images pull output, fix swarm routes * docker-py tests/integration/api_client_test.py pass 100% * docker-py tests/integration/api_image_test.py pass 4/16 + Test failures include services podman does not support Signed-off-by: Jhon Honce <jhonce@redhat.com> pods endpoint submission 2 add create and others; only top and stats is left. Signed-off-by: baude <bbaude@redhat.com> Update pull image to work from empty registry Signed-off-by: Jhon Honce <jhonce@redhat.com> pod create and container create first pass at pod and container create. the container create does not quite work yet but it is very close. pod create needs a partial rewrite. also broken off the DELETE (rm/rmi) to specific handler funcs. Signed-off-by: baude <bbaude@redhat.com> Add docker-py demos, GET .../containers/json * Update serviceapi/types to reflect libpod not podman * Refactored removeImage() to provide non-streaming return Signed-off-by: Jhon Honce <jhonce@redhat.com> create container part2 finished minimal config needed for create container. started demo.py for upcoming talk Signed-off-by: baude <bbaude@redhat.com> Stop server after honoring request * Remove casting for method calls * Improve WriteResponse() * Update Container API type to match docker API Signed-off-by: Jhon Honce <jhonce@redhat.com> fix namespace assumptions cleaned up namespace issues with libpod. Signed-off-by: baude <bbaude@redhat.com> wip Signed-off-by: baude <bbaude@redhat.com> Add sliding window when shutting down server * Added a Timeout rather than closing down service on each call * Added gorilla/schema dependency for Decode'ing query parameters * Improved error handling * Container logs returned and multiplexed for stdout and stderr * .../containers/{name}/logs?stdout=True&stderr=True * Container stats * .../containers/{name}/stats Signed-off-by: Jhon Honce <jhonce@redhat.com> Improve error handling * Add check for at least one std stream required for /containers/{id}/logs * Add check for state in /containers/{id}/top * Fill in more fields for /info * Fixed error checking in service start code Signed-off-by: Jhon Honce <jhonce@redhat.com> get rest of image tests for pass Signed-off-by: baude <bbaude@redhat.com> linting our content Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> more linting Signed-off-by: baude <bbaude@redhat.com> pruning Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 pods migrate from using args in the url to using a json struct in body for pod create. Signed-off-by: baude <bbaude@redhat.com> fix handler_images prune prune's api changed slightly to deal with filters. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]enabled base container create tests enabling the base container create tests which allow us to get more into the stop, kill, etc tests. many new tests now pass. Signed-off-by: baude <bbaude@redhat.com> serviceapi errors: append error message to API message I dearly hope this is not breaking any other tests but debugging "Internal Server Error" is not helpful to any user. In case, it breaks tests, we can rever the commit - that's why it's a small one. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> serviceAPI: add containers/prune endpoint Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add `service` make target Also remove the non-functional sub-Makefile. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> add make targets for testing the service * `sudo make run-service` for running the service. * `DOCKERPY_TEST="tests/integration/api_container_test.py::ListContainersTest" \ make run-docker-py-tests` for running a specific tests. Run all tests by leaving the env variable empty. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Split handlers and server packages The files were split to help contain bloat. The api/server package will contain all code related to the functioning of the server while api/handlers will have all the code related to implementing the end points. api/server/register_* will contain the methods for registering endpoints. Additionally, they will have the comments for generating the swagger spec file. See api/handlers/version.go for a small example handler, api/handlers/containers.go contains much more complex handlers. Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]enabled more tests Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]libpod endpoints small refactor for libpod inclusion and began adding endpoints. Signed-off-by: baude <bbaude@redhat.com> Implement /build and /events * Include crypto libraries for future ssh work Signed-off-by: Jhon Honce <jhonce@redhat.com> [CI:DOCS]more image implementations convert from using for to query structs among other changes including new endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add bindings for golang Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add volume endpoints for libpod create, inspect, ls, prune, and rm Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]apiv2 healthcheck enablement wire up container healthchecks for the api. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add mount endpoints via the api, allow ability to mount a container and list container mounts. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]Add search endpoint add search endpoint with golang bindings Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]more apiv2 development misc population of methods, etc Signed-off-by: baude <bbaude@redhat.com> rebase cleanup and epoch reset Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add more network endpoints also, add some initial error handling and convenience functions for standard endpoints. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]use helper funcs for bindings use the methods developed to make writing bindings less duplicative and easier to use. Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]add return info for prereview begin to add return info and status codes for errors so that we can review the apiv2 Signed-off-by: baude <bbaude@redhat.com> [CI:DOCS]first pass at adding swagger docs for api Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4825 from cevich/fix_libseccomp_commitOpenShift Merge Robot2020-01-10
|\ \ \ | | | | | | | | Fix Makefile ref libseccomp branch as a commit
| * | | Fix Makefile ref libseccomp branch as a commitChris Evich2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit a824186ac9 mistakenly updated LIBSECCOMP_COMMIT with a branch name instead of a commit reference. This breaks on Ubuntu's git with the `--detach` option, causing it to throw this error: ``` fatal: '--detach' cannot be used with '-b/-B/--orphan' ``` Fix this by using the tag `v2.3.3` which at the time of this commit, is the current HEAD of the release-2.3 branch. Thanks to Ed Santiago <santiago@redhat.com> for helping figure out the error and the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #4828 from giuseppe/drop-pause-checkOpenShift Merge Robot2020-01-10
|\ \ \ \ | |/ / / |/| | | cp: drop check for rootless
| * | | cp: drop check for rootlessGiuseppe Scrivano2020-01-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rootless containers can use pause on cgroups v2. Whether it is possible or not to use pause depends from multiple conditions, such as: - be on a cgroup v2 unified hierarchy, - using systemd cgroup manager, - the kernel has the freezer controller, The last one may fail for root as well. Instead of trying to catch all the possible conditions in Podman, let the OCI runtime complain if pause cannot be performed. Closes: https://github.com/containers/libpod/issues/4813 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4819 from TomSweeneyRedHat/dev/tsweeney/fixpodmanimageOpenShift Merge Robot2020-01-09
|\ \ \ | | | | | | | | Update podmanimage build process
| * | | Update podmanimage build processTomSweeneyRedHat2020-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Stealing from: @rhatdan 's https://github.com/containers/buildah/pull/2038 ) 1 We need to update all packages in the podman image to make sure they are up2date. 2 reinstall shadow-utils. For some reason the fedora base image does not include the file capabilities assigned to /usr/bin/newuidmap and /usr/bin/newgidmap. Reinstalling shadow-utils, brings them back. 3 Add a default user build to the system. This will create the /etc/subuid and /etc/subgid maps get created correctly. Once we have this we should be able to build a container starting with a non privileged user podman run -ti --user build --device=/dev/fuse -v ./Dockerfile:/Dockerfile:z quay.io/podman/stable podman buildd / Addresses: #4741 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>