| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Currently podman play kube is not using the system default seccomp.json file.
This PR will use the default or override location for podman play.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Generate an image's RepoDigests list using all applicable digests, and
refrain from outputting a digest in the tag column of the "images"
output.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
Be prepared to report multiple image digests for images which contain
multiple manifests but, because they continue to have the same set of
layers and the same configuration, are considered to be the same image.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add --override-arch and --override-os as hidden flags, in line with the
global flag names that skopeo uses, so that we can test behavior around
manifest lists without having to conditionalize more of it by arch.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When an image can be opened as an ImageSource but not an Image, handle
the case where it's an image list all by itself, the case where it's an
image for a different architecture/OS combination, or the case where
it's both.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Test that when we pull using tag or digest references from locations
that are manifest lists, that we can inspect using the references that
we used for pulling, that the tags show up in the RepoTag list when we
inspect an image that was pulled using a tag, and that the list and
instance digests always both show up in the RepoDigest list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Move to containers/image v5 and containers/buildah to v1.11.4.
Replace an equality check with a type assertion when checking for a
docker.ErrUnauthorizedForCredentials in `podman login`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\
| |
| | |
require conmon v2.0.1
|
| | |
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\ \
| | |
| | | |
Fix sig-proxy=false test and use image cache
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pulling fedora-minimal was potentially causing timeouts, which is
bad. Using the cache avoids that.
Sig-proxy=false test was entirely nonfunctional - I think we
didn't update it when we fixed sig-proxy=true to be less racy.
It was still passing, which is concerning.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix spelling mistakes
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
enable dnsplugin for network create
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when users create a new network and the dnsname plugin can be found by
podman, we will enable container name resolution on the new network.
there is an option to opt *out* as well.
tests cannot be added until we solve the packaging portion of the
dnsname plugin.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
GitHub stale action
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a GitHub action to mark issues and PRs as stale and
to eventually close them after a grace period.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
libpod: if slirp4netns fails, return its stderr
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
read the slirp4netns stderr and propagate it in the error when the
process fails.
Replace: https://github.com/containers/libpod/pull/4338
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add ensureState helper for checking container state
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have a lot of checks for container state scattered throughout
libpod. Many of these need to ensure the container is in one of a
given set of states so an operation may safely proceed.
Previously there was no set way of doing this, so we'd use unique
boolean logic for each one. Introduce a helper to standardize
state checks.
Note that this is only intended to replace checks for multiple
states. A simple check for one state (ContainerStateRunning, for
example) should remain a straight equality, and not use this new
helper.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Return a better error for volume name conflicts
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When you try and create a new volume with the name of a volume
that already exists, you presently get a thoroughly unhelpful
error from `mkdir` as the volume attempts to create the
directory it will be mounted at. An EEXIST out of mkdir is not
particularly helpful to Podman users - it doesn't explain that
the name is already taken by another volume.
The solution here is potentially racy as the runtime is not
locked, so someone else could take the name while we're still
getting things set up, but that's a narrow timing window, and we
will still return an error - just an error that's not as good as
this one.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Log warn instead of error for removing nonexistant container
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In event of a container removal that is no longer in database, log a
warning instead of an error, as there is not any problem continuing
execution.
Resolves #4314
Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
check existing bridge names when creating networks
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
when creating a new networking, we should check existing networks for
their bridge names and make sure the proposed new name is not part of
this. reported by QE.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Cleanup man pages
|
| | | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The format of the --network flags in man pages was all screwed up.
This patch cleans this up.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
systemd: mask /sys/fs/cgroup/systemd/release_agent
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when running in systemd mode on cgroups v1, make sure the
/sys/fs/cgroup/systemd/release_agent is masked otherwise the container
is able to modify it and execute scripts on the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Add multiple networks explanation to docs
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
rootless: raise an error with --network=
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Closes: https://github.com/containers/libpod/issues/4332
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Initial dump of man pages and first menus
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add documentation on options to volume create manpage
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Document the rough equivalence between our option types and the
various parts of the mount command. Amend examples a bit to cover
this.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
rootless: detect no system session with --cgroup-manager=systemd
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
if the cgroup manager is set to systemd, detect if dbus is available,
otherwise fallback to --cgroup-manager=cgroupfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Image volumes should not be mounted noexec
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This matches Docker more closely, but retains the more important
protections of nosuid/nodev.
Fixes #4318
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Add parsing for UID, GID in volume "o" option
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Everything else is a flag to mount, but "uid" and "gid" are not.
We need to parse them out of "o" and handle them separately.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
add pip requirements file for rtd
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
read the docs requires a pip requirements file to build markdown files
instead of the rst format.
Signed-off-by: baude <bbaude@redhat.com>
|
