summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Bump to v3.1.1v3.1.1Matthew Heon2021-04-16
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Update release notes for v3.1.1Matthew Heon2021-04-16
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* podman play kube apply correct log driverPaul Holzinger2021-04-16
| | | | | | | | | | | | | | The --log-driver flag was silently ignored by podman play kube. This regression got introduced during the play kube rework. Unfortunately the test for this was skipped for no good reason. Fixes #10015 Signed-off-by: Paul Holzinger <paul.holzinger@web.de> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix build with GO111MODULE=offLokesh Mandvekar2021-04-16
| | | | | | | | | | | | | | | | | | | | Distro builds on Fedora and Kubic projects use GO111MODULE=off by default which are currently failing. This commit fixes it and going forward, podman CI will also indicate failures in rpm builds. The additional LDFLAGS have been removed from the spec file which is not ideal. But, currently we only use the spec file to check if the rpm builds fine. We can fix the LDFLAGS in a later commit when we're working on packit integration. conmon build has also been removed from podman.spec.in because the COPR for which it was provided has been discontinued. [NO TESTS NEEDED] Fixes: #10009 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* [CI:DOCS] Set all operation id to be compatibileJhon Honce2021-04-16
| | | | | | | | | Libpod operation id's changed to better match compatibile id Builds on https://github.com/containers/podman/pull/9123 and corrects a duplicated ID. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Move operationIds to swagger:operation lineTom Deseyn2021-04-16
| | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* swagger: add operationIds that match with dockerTom Deseyn2021-04-16
| | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* Fix missing podman-remote build optionsDaniel J Walsh2021-04-16
| | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [NO TESTS NEEDED] Shrink the size of podman-remoteDaniel J Walsh2021-04-16
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Move socket activation check into init() and set global condition.pendulm2021-04-16
| | | | | | | | | So rootless setup could use this condition in parent and child, child podman should adjust LISTEN_PID to its self PID. Add system test for systemd socket activation Signed-off-by: pendulm <lonependulm@gmail.com>
* rootless: use is_fd_inheritedGiuseppe Scrivano2021-04-16
| | | | | | | since we already have an exported function that does the check, refactor the code to use it instead of duplicating the logic. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Recreate until container prune tests for bindingsJakub Guzik2021-04-16
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* System tests: special case for RHEL: require runcEd Santiago2021-04-16
| | | | | | | | As discussed in watercooler 2021-04-06: make sure that RHEL8 and CentOS are using runc. Using crun is probably a packaging error that should be caught early. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Document --volume from podman-remote run/create clientDaniel J Walsh2021-04-16
| | | | | | | | | | | [NO TESTS NEEDED] This PR is mainly documentation and some code cleanup. Also cleanup and consolidate handling of other hanlding of podman-remote hidden options. Fixes: https://github.com/containers/podman/issues/9874 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Containers prune endpoint should use only prune filtersJakub Guzik2021-04-16
| | | | | | | | Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of libpod and compat API does not allow that. This commit aligns code with the documentation. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Trim white space from /top endpoint resultsJhon Honce2021-04-16
| | | | | | | | | | | | Versions of the ps command have additional spaces between fields, this manifests as the container asking to run "top" and API reporting "top " as a process. Endpoint and tests updated to check that "top" is reported. There is no libpod specialized endpoint to update. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix unmount doc reference in image.rstAlexander Wellbrock2021-04-16
| | | | | | | This pointed to the container-unmount doc page. It now points to the expected podman-image-unmount doc page. Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
* Fix handling of remove --log-rusage paramDaniel J Walsh2021-04-16
| | | | | | Fixes: https://github.com/containers/podman/issues/9889 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Makefile: introduce install.docker-fullMorten Linderud2021-04-16
| | | | | | | | | | The split of install.docker and install.docker-docs makes some sense but there should be some way to specify both for packagers. This introduces `make install.docker-full` which installs both the docker binary and the documentation. Signed-off-by: Morten Linderud <morten@linderud.pw>
* Makefile: ensure install.docker creates BINDIRMorten Linderud2021-04-16
| | | | | | | | | Commit 3908c00799fe2af1a12c9c4f4be8b49dbdecd9be introduces a split for installing the docker binary and the docker documentation. The install line creating BINDIR and MANDIR was both moved to the install.docker-docs path which makes `install.docker` fail. Signed-off-by: Morten Linderud <morten@linderud.pw>
* Should send the OCI runtime path not just the name to buildahDaniel J Walsh2021-04-16
| | | | | | | | | [NO TESTS NEEDED] Mainly because I have no idea how we would test this. Fixes: https://github.com/containers/podman/issues/9459 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fixed podman-remote --network flagKellen Dunham2021-04-16
| | | | | | | | Updated reference to network [NO TESTS NEEDED] Signed-off-by: Kellen Dunham <kellen@oneaib.com>
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --usernsErik Sjölund2021-04-16
| | | | | | | * Adjust Markdown layout for --userns. * Make the --userns sections identical for podman-run.1.md and podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Fix typos --uidmapping and --gidmappingErik Sjölund2021-04-16
| | | | | | | * Fix typos --uidmapping and --gidmapping in podman-run.1.md * Add the corresponding sentence in podman-create.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Add default template functionsJhon Honce2021-04-16
| | | | | | | | | | | For commands that use the golang template library directly add the compatible template functions [NO TESTS NEEDED] Fixes #8773 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Don't relabel volumes if running in a privileged containerDaniel J Walsh2021-04-16
| | | | | | | | | Docker does not relabel this content, and openstack is running containers in this manner. There is a penalty for doing this on each container, that is not worth taking on a disable SELinux container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-16
| | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add transport and destination info to manifest docAlexander Wellbrock2021-04-16
| | | | | | | | | | | | | | | | | Initially I was missing transport information on podman manifest add. Especially the `containers-storage` transport which references the local image store. Had a use case where this came in quite handy and it is not stated anywhere else in the docs. Suppose it does not make sense for podman pull & push. I've only added containers-storage and docker transports for manifest add since I know those work. Maybe others work too. I then also added the destination section to manifest push as it is done in podman push & pull. I've added all transports here, but I don't know if all are supported. Please review. Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
* Verify existence of auth file if specifiedDaniel J Walsh2021-04-16
| | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9572 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-16
| | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* [CI:DOCS] Update swagger definition of inspect manifestJhon Honce2021-04-16
| | | | | | | | | | * Changed reference in swagger to correct struture that was being returned. * Added summary to ManifestAddLibpod to clean up generated web site * Added serve target to Makefile, to aid in debugging generated web site Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-16
| | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Adjust libpod API Container Wait documentation to the codePablo Correa Gómez2021-04-16
| | | | | | Closes #9960 Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Add missing returnJhon Honce2021-04-16
| | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* [CI:DOCS] Fix formatting of podman-build man pageJonathan Wakely2021-04-16
| | | | | | | | An apostrophe as the first character of the line is a formatting request in troff, so the words "'Containerfile' or 'Dockerfile'" are not visible when viewing 'man podman-build'. Signed-off-by: Jonathan Wakely <jwakely@redhat.com>
* cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-16
| | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix slashes in socket URLsAnatoli Babenia2021-04-16
| | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
* [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-16
| | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* cgroup: do not set cgroup parent when rootless and cgroupfsGiuseppe Scrivano2021-04-16
| | | | | | | | | do not set the cgroup parent when running as rootless with cgroupfs, even if cgroup v2 is used. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947999 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Reflect current state of prune implementation in docsJakub Guzik2021-04-16
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Do not delete container twiceDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | | | | | 10 lines above we had // Set ContainerStateRemoving c.state.State = define.ContainerStateRemoving Which causes the state to not be the two checked states. Since the c.cleanup call already deleted the OCI state, this meant that we were calling cleanup, and hence the postHook hook twice. Fixes: https://github.com/containers/podman/issues/9983 [NO TESTS NEEDED] Since it would be difficult to tests this. Main tests should handle that the container is being deleted successfully. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Test that we don't error out on advertised --log-level valuesNalin Dahyabhai2021-04-16
| | | | Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* At trace log level, print error text using %+v instead of %vNalin Dahyabhai2021-04-16
| | | | | | | | If we're logging at trace level, use %+v instead of %v when printing an error at exit. If the error included stack information, this will cause the backtrace to be printed, which is very handy for debugging. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* pkg/errorhandling.JoinErrors: don't throw away context for lone errorsNalin Dahyabhai2021-04-16
| | | | | | | | When our multierror contains just one error, don't extract its text only to rewrap it, because doing so discards any stack trace information that might have been added closer to where the error actually originated. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Recognize --log-level=traceNalin Dahyabhai2021-04-16
| | | | | | | "trace" is a valid logrus debugging level, so we should be able to tell the library to display messages logged at that level. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Fix message about runtime to show only the actual runtimeDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | Currently the debug line shows every runtime up until it finds the correct one, confusing users on which runtime it is using. Also move missing OCI runtime from containers/conf down to Debug level and improved the debug message, to not report error. [NO TESTS NEEDED] Since this is just debug. Triggered by https://github.com/containers/podman/issues/4854 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-16
| | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-16
| | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote buildDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | We have a race condition where podman build can fail but still return an exit code of 0. This PR ensures that as soon as the build fails, the failed flag is set eliminating the race. Fixes: https://github.com/containers/podman/issues/10029 [NO TESTS NEEDED] Tests of failed builds are already in place, and the elimination of the race should be enough. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update documentation of podman-run to reflect volume "U" optionPablo Correa Gómez2021-04-16
| | | | | | | The "U" option is accepted by `--volume` in `podman-build`, but documentation is missing Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>