summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* fix close fds of run --preserve-fdsQi Wang2020-07-30
| | | | | | | Test flakes mentioned in #6987 might be caused by uncorrect closing of file descriptor. Fix the code to close file descriptors for podman run since it may close those used by other processes. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #7156 from zhangguanzhang/masterOpenShift Merge Robot2020-07-30
|\ | | | | fix podman system df format error
| * fix podman system df format errorzhangguanzhang2020-07-31
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7155 from mheon/fix_rmi_forceOpenShift Merge Robot2020-07-30
|\ \ | |/ |/| Ensure that 'rmi --force' evicts Podman containers
| * Ensure that 'rmi --force' evicts Podman containersMatthew Heon2020-07-30
|/ | | | | | | | | | | | | | | | | | | | | The logic for `podman rmi --force` includes a bit of code that will remove Libpod containers using Libpod's container removal logic - this ensures that they're cleanly and completely removed. For other containers (Buildah, CRI-O, etc) we fall back to manually removing the containers using the image from c/storage. Unfortunately, our logic for invoking the Podman removal function had an error, and it did not properly handle cases where we were force-removing an image with >1 name. Force-removing such images by ID guarantees their removal, not just an untag of a single name; our code for identifying whether to remove containers did not proper detect this case, so we fell through and deleted the Podman containers as storage containers, leaving traces of them in the Libpod DB. Fixes #7153 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7151 from edsantiago/batsOpenShift Merge Robot2020-07-30
|\ | | | | System tests: new system-df and passwd tests
| * System tests: new system-df and passwd testsEd Santiago2020-07-30
|/ | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7146 from rhatdan/formatOpenShift Merge Robot2020-07-30
|\ | | | | Don't crash when giving bogus format commands
| * Don't crash when giving bogus format commandsDaniel J Walsh2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7147 from rhatdan/historyOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Return NamesHistory when returning remote images
| * | Return NamesHistory when returning remote imagesDaniel J Walsh2020-07-29
| |/ | | | | | | | | | | | | We are returning bogus data in podman-remote images --format json. This change will match the same data returned my podman images --format json. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7074 from mheon/multi_ctrport_okOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Binding the same container port to >1 host port is OK
| * | Binding the same container port to >1 host port is OKMatthew Heon2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7143 from edsantiago/skip_flaky_binding_testOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | bindings: skip flaky pause/unpause test
| * | | bindings: skip flaky pause/unpause testEd Santiago2020-07-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | The "podman wait to pause|unpause condition" test is failing several times a day, always a flake. Issue #6518. Disable it until the cause can be identified and fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6991 from mheon/change_passwd_ondiskOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Make changes to /etc/passwd on disk for non-read only
| * | | Make changes to /etc/passwd on disk for non-read onlyMatthew Heon2020-07-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bind-mounting /etc/passwd into the container is problematic becuase of how system utilities like `useradd` work. They want to make a copy and then rename to try to prevent breakage; this is, unfortunately, impossible when the file they want to rename is a bind mount. The current behavior is fine for read-only containers, though, because we expect useradd to fail in those cases. Instead of bind-mounting, we can edit /etc/passwd in the container's rootfs. This is kind of gross, because the change will show up in `podman diff` and similar tools, and will be included in images made by `podman commit`. However, it's a lot better than breaking important system tools. Fixes #6953 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7142 from edsantiago/logformat_fix_gitcommitOpenShift Merge Robot2020-07-29
|\ \ \ \ | |_|/ / |/| | | logformatter: more libpod-podman fallout
| * | | logformatter: more libpod-podman falloutEd Santiago2020-07-29
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: formatted logs no longer have live links to sources in error-report lines. Cause: script was searching for '/libpod'. Solution: make it more flexible. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7131 from rhafer/image_search_descrOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Fix `podman image search` missing description
| * | | Fix `podman image search` missing descriptionRalf Haferkamp2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | | | Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ \ \ \ | |/ / / |/| | | Fix building from http or '-' options
| * | | Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6851 from rhatdan/mountOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Add podman image mount
| * | | Add podman image mountDaniel J Walsh2020-07-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7109 from rhatdan/ipcOpenShift Merge Robot2020-07-28
|\ \ \ | | | | | | | | Specifying --ipc=host --pid=host is broken
| * | | Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-28
| |/ / | | | | | | | | | | | | | | | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7110 from edsantiago/batsOpenShift Merge Robot2020-07-28
|\ \ \ | |/ / |/| | System tests: add environment, volume tests
| * | System tests: add environment, volume testsEd Santiago2020-07-28
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests for #7094, in which symlinks in a volume would cause chown errors and nonrunnable containers. Tests for environment variable precedence, now include --env-host and proxy settings Fix a bug caught by covscan in helpers.t ('source' path would fail if path included spaces). Fix podman-run man page: it was incorrect in stating precedence between in-image environment and --env-host. Fixes: #7099 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ \ | | | | | | Switch all references to github.com/containers/libpod -> podman
| * | Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7098 from asottile/newline_on_errorOpenShift Merge Robot2020-07-28
|\ \ \ | | | | | | | | add newline to output in error message
| * | | add newline to output in error messageAnthony Sottile2020-07-27
| | | | | | | | | | | | | | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* | | | Merge pull request #7105 from AkihiroSuda/fix-cgroupversion-stringOpenShift Merge Robot2020-07-28
|\ \ \ \ | | | | | | | | | | compat/info.go: TrimPrefix(CGroupsVersion, "v")
| * | | | compat/info.go: TrimPrefix(CGroupsVersion, "v")Akihiro Suda2020-07-28
| |/ / / | | | | | | | | | | | | | | | | | | | | For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7079 from rhatdan/tuturialOpenShift Merge Robot2020-07-28
|\ \ \ \ | | | | | | | | | | update configuration for rootless podman
| * | | | update configuration for rootless podmanDaniel J Walsh2020-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I updated the configuration part of the tutorial on rootless podman. I added the order in which configuration files are read in and a hint, how users can create default configuration in the home directories. Closes #6777 Signed-off-by: Niklas Netter <niknett@gmail.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7101 from AkihiroSuda/rootlesskit-010OpenShift Merge Robot2020-07-28
|\ \ \ \ \ | |_|_|/ / |/| | | | Bump github.com/rootless-containers/rootlesskit from 0.9.5 to 0.10.0
| * | | | Bump github.com/rootless-containers/rootlesskit from 0.9.5 to 0.10.0Akihiro Suda2020-07-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | Fix #7016 via https://github.com/rootless-containers/rootlesskit/pull/157 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7085 from rhatdan/cmountOpenShift Merge Robot2020-07-28
|\ \ \ \ | | | | | | | | | | Cleanup handling of podman mount/unmount
| * | | | Cleanup handling of podman mount/unmountDaniel J Walsh2020-07-27
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7095 from Melykuti/masterOpenShift Merge Robot2020-07-28
|\ \ \ \ | |/ / / |/| | | Corrects typo in the name of the Linux package shadow-utils.
| * | | Corrects typo in the name of the Linux package shadow-utils.Melykuti2020-07-27
| | | | | | | | | | | | | | | | Signed-off-by: Bence Mélykúti <bence.melykuti@gmail.com>
* | | | Merge pull request #7094 from rhatdan/volumeOpenShift Merge Robot2020-07-27
|\ \ \ \ | | | | | | | | | | When chowning we should not follow symbolic link
| * | | | When chowning we should not follow symbolic linkDaniel J Walsh2020-07-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7070 from edsantiago/ci_fixesOpenShift Merge Robot2020-07-27
|\ \ \ \ \ | | | | | | | | | | | | CI - various fixes
| * | | | | CI - various fixesEd Santiago2020-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Primary purpose: upgrade crun to 0.14 on f31, in hopes of eliminating the 'cgroups.freeze' flake that is plaguing CI. While I'm at it: - remove a no-longer-needed dnf upgrade that was running in CI itself (not image building, in each actual CI run). The purpose was to upgrade conmon, but that was added a long time ago and the required conmon is now in stable. The effect of this dnf upgrade today was simply to cause flakes when fedora repos were offline. - remove a no-longer-needed check for varlink. - networking.sh : add a timeout! 'openssl s_client' will happily hang forever if a host is unreachable, which means we waste two hours waiting for Cirrus to time out. - timestamp.awk : include date (not just time) in START/END msgs. There are times when I'm looking at a CI log and it is ultra important to know if it is from yesterday or today. - add progress messages in some places where I've previously struggled to understand context in logs; and improve some unlikely error messages to include script name. ...then, after all that, wrote a new README about how to to all this. Hope it helps someone. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #7092 from mheon/update_docsOpenShift Merge Robot2020-07-27
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | [CI:DOCS] Update transfer doc
| * | | | | Update transfer docMatthew Heon2020-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now support `podman network` and `podman volume` commands, so we shouldn't include them in the `missing commands` section. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #7027 from ldelossa/louis/refactor-container-configOpenShift Merge Robot2020-07-27
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | TODO: Refactor container config