summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Properly handle --cap-add all when running with a --user flagDaniel J Walsh2020-12-09
| | | | | | | | | | Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8663 from vrothberg/run-950OpenShift Merge Robot2020-12-09
|\ | | | | archive endpoint massaging
| * pkg/copy: introduce a CopierValentin Rothberg2020-12-09
| | | | | | | | | | | | | | Introduce a `Copier` object to separate the copy-rule enforcement from copying. That allows for a better error reporting of the REST API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * archive: move stat-header handling into copy packageValentin Rothberg2020-12-09
| | | | | | | | | | | | | | | | Move handling the stat header into `pkg/copy`. All copy-related should ideally be located in this package to increase locality and reduce scattering where possible. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * pkg/copy: add parsing APIValentin Rothberg2020-12-09
| | | | | | | | | | | | | | | | Add an API for parsing user input into a possibly specified container and path. This allows for sharing the parsing code between the local and the remote client (and bindings) in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8611 from vrothberg/short-namesOpenShift Merge Robot2020-12-09
|\ \ | | | | | | enable short-name aliasing
| * | enable short-name aliasingValentin Rothberg2020-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Short-name aliasing was introduced with Podman 2.2 as an opt-in preview by enabling an environment variable. Now, as we're preparing for the 3.0 release, we can enable short-name aliasing by default. Opting out can be done by configuring the `registries.conf` config file. Please refer to the following blog post for more details: https://www.redhat.com/sysadmin/container-image-short-names Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #8661 from rhatdan/codespellOpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | Fix spelling mistakes
| * | | Fix spelling mistakesDaniel J Walsh2020-12-09
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8599 from rhatdan/pruneOpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | Repeat system pruning until there is nothing removed
| * | | Repeat system pruning until there is nothing removedDaniel J Walsh2020-12-09
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8654 from cruwe/cjr/bugfix-8608-take-envs-from-imgOpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | make podman play use ENVs from image
| * | | make podman play use ENVs from imageChristopher J. Ruwe2020-12-09
| |/ / | | | | | | | | | | | | | | | fixes #8608. Signed-off-by: Christopher J. Ruwe <cjr@cruwe.de>
* | | Merge pull request #8656 from ↵OpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.20.0 Bump k8s.io/apimachinery from 0.19.4 to 0.20.0
| * | | Bump k8s.io/apimachinery from 0.19.4 to 0.20.0dependabot-preview[bot]2020-12-09
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.19.4 to 0.20.0. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.19.4...v0.20.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8655 from vrothberg/fix-8605OpenShift Merge Robot2020-12-09
|\ \ \ | |/ / |/| | auto updates: document systemd unit and timer
| * | auto updates: document systemd unit and timerValentin Rothberg2020-12-09
|/ / | | | | | | | | Fixes: #8605 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8652 from mheon/fix_8650OpenShift Merge Robot2020-12-08
|\ \ | | | | | | Correct port range logic for port generation
| * | Correct port range logic for port generationMatthew Heon2020-12-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | The existing logic (Range > 0) always triggered, because range is guaranteed to be at least 1 (a single port has a range of 1, a two port range (e.g. 80-81) has a range of 2, and so on). As such this could cause ports that had a host port assigned to them by the user to randomly assign one instead. Fixes #8650 Fixes #8651 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8642 from jwhonce/issues/8444OpenShift Merge Robot2020-12-08
|\ \ | | | | | | Restore json format for fields as well as whole structs
| * | Restore json format for fields as well as whole structsJhon Honce2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Add template func to inspect template processing * Added test using repro from #8444 Fixes #8444 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #8638 from kwiesmueller/fix-container-network-modeOpenShift Merge Robot2020-12-08
|\ \ \ | | | | | | | | Pass full NetworkMode to ParseNetworkNamespace
| * | | pass full NetworkMode to ParseNetworkNamespaceKevin Wiesmueller2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | This should create the correct namespace for NetworkModes like container:containerid Signed-off-by: Kevin Wiesmueller <kwiesmul@redhat.com>
* | | | Merge pull request #8648 from mheon/fix_7883OpenShift Merge Robot2020-12-08
|\ \ \ \ | | | | | | | | | | Make `podman stats` slirp check more robust
| * | | | Make `podman stats` slirp check more robustMatthew Heon2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just checking for `rootless.IsRootless()` does not catch all the cases where slirp4netns is in use - we actually allow it to be used as root as well. Fortify the conditional here so we don't fail in the root + slirp case. Fixes #7883 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ \ \ \ | |/ / / / |/| | | | Add systempaths=unconfined option
| * | | | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | Merge pull request #8637 from ↵OpenShift Merge Robot2020-12-08
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.9.0 Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
| * | | | | Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0dependabot-preview[bot]2020-12-08
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.8.1 to 5.9.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.8.1...v5.9.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | | | Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ \ \ \ \ | |_|_|/ / |/| | | | Implement pod-network-reload
| * | | | Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #8639 from Luap99/fix-network-ls-filter-flakeOpenShift Merge Robot2020-12-07
|\ \ \ \ \ | | | | | | | | | | | | Fix network ls --filter invalid value flake
| * | | | | Fix network ls --filter invalid value flakePaul Holzinger2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The filter is only validated when at least one network exists. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | |/ / / / / |/| | | | | generate kube on multiple containers
| * | | | | generate kube on multiple containersbaude2020-12-07
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #8632 from mheon/fix_8613OpenShift Merge Robot2020-12-07
|\ \ \ \ \ | | | | | | | | | | | | Change name of imageVolumes in container config JSON
| * | | | | Change name of imageVolumes in container config JSONMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman pre-1.8 also included a field with this name, which was a String. Podman 2.2.0 added a new field reusing the name but as a Struct. This completely broke JSON decode for pre-1.8 containers in Podman 2.2, resulting in completely broken behavior. Re-name the JSON field and add a note that the old name should not be re-used to prevent this problem from re-occurring. This will still result in containers from 2.2.0 being broken (specifically, containers with image volumes will have them disappear) but this is the lesser of two evils. Fixes #8613 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #7357 from QiWang19/rootless-signOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | image sign using per user registries.d
| * | | | | | image sign using per user registries.dQi Wang2020-12-07
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #8375 from vrothberg/cgroup-pathOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | container cgroup path
| * | | | | container cgroup pathValentin Rothberg2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before querying for a container's cgroup path, make sure that the container is synced. Also make sure to error out if the container isn't running. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #8629 from mheon/no_error_on_dupe_handlerOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | Do not error on installing duplicate shutdown handler
| * | | | | | Do not error on installing duplicate shutdown handlerMatthew Heon2020-12-07
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Installing a duplicate shutdown handler fails, but if a handler with the same name is already present, we should be set to go. There's no reason to print a user-facing error about it. This comes up almost nowhere because Podman never makes more than one Libpod runtime, but there is one exception (`system reset`) and the error messages, while harmless, were making people very confused (we got several bug reports that `system reset` was nonfunctional). Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #8561 from mheon/fix_gatingOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | Do not mount sysfs as rootless in more cases
| * | | | | | Do not mount sysfs as rootless in more casesMatthew Heon2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | | Merge pull request #8625 from Edward5hen/container-prune-testOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Add APIv2 test for containers-prune
| * | | | | | Add APIv2 test for containers-pruneEdward Shen2020-12-07
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | | | | | Merge pull request #8624 from mlegenovic/masterOpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Docker compat API - containers create ignores the name
| * | | | | Docker compat API - containers create ignores the nameMilivoje Legenovic2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /containers/create compat endpoint does not set the name correctly (#7857) Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | | | Merge pull request #8622 from ↵OpenShift Merge Robot2020-12-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.31.0 Bump github.com/containers/common from 0.30.0 to 0.31.0