summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add support for RunAsUser and RunAsGroupDaniel J Walsh2019-11-06
| | | | | | | | | | Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup options in the yaml file. This patch fixes this. This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if they are specified in the yaml file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4459 from giuseppe/fix-renameat-definitionOpenShift Merge Robot2019-11-06
|\ | | | | rootless: use SYS_renameat2 instead of __NR_renameat2
| * rootless: provide workaround for missing renameat2Giuseppe Scrivano2019-11-06
| | | | | | | | | | | | | | | | | | on RHEL 7.7 renameat2 is not implemented for s390x, provide a workaround. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1768519 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: use SYS_renameat2 instead of __NR_renameat2Giuseppe Scrivano2019-11-06
| | | | | | | | | | | | use the correct definition for the syscall number. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4439 from junaruga/feature/install-ubuntuOpenShift Merge Robot2019-11-06
|\ \ | | | | | | Update installation - Ubuntu. [skip ci]
| * | Update installation - Ubuntu. [skip ci]Jun Aruga2019-11-05
| | | | | | | | | | | | | | | | | | | | | Current podman deb package does not install /etc/containers/registries.conf . The added line is for compatibility of use cases with docker. Signed-off-by: Jun Aruga <jaruga@redhat.com>
* | | Merge pull request #4457 from vrothberg/fix-4456OpenShift Merge Robot2019-11-06
|\ \ \ | | | | | | | | help message: don't parse the config for cgroup-manager default
| * | | help message: don't parse the config for cgroup-manager defaultValentin Rothberg2019-11-06
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not generate an entire `config.Config` for displaying the default value for the --cgroup-manager flag and just default to systemd. Not using the `config.Config` is okay as 1) the value may change at runtime in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly parse the system config files and to generate the hard-coded default config, and 3) the log-level and other attributes are not yet set during init() causing undesirable side effects. Fixes: #4456 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4370 from rhatdan/seccompOpenShift Merge Robot2019-11-05
|\ \ \ | | | | | | | | Set SELinux labels based on the security context in the kube.yaml
| * | | Set SELinux labels based on the security context in the kube.yamlDaniel J Walsh2019-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If the kube.yaml specifieds the SELinux type or Level, we need the container to be launched with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #4374 from giuseppe/create-cgroupns-by-default-on-cgroupsv2OpenShift Merge Robot2019-11-05
|\ \ \ \ | | | | | | | | | | namespaces: by default create cgroupns on cgroups v2
| * | | | namespaces: by default create cgroupns on cgroups v2Giuseppe Scrivano2019-11-05
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change the default on cgroups v2 and create a new cgroup namespace. When a cgroup namespace is used, processes inside the namespace are only able to see cgroup paths relative to the cgroup namespace root and not have full visibility on all the cgroups present on the system. The previous behaviour is maintained on a cgroups v1 host, where a cgroup namespace is not created by default. Closes: https://github.com/containers/libpod/issues/4363 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4449 from vrothberg/fix-4434OpenShift Merge Robot2019-11-05
|\ \ \ \ | | | | | | | | | | pulling unqualified reference: make sure it's a docker reference
| * | | | pulling unqualified reference: make sure it's a docker referenceValentin Rothberg2019-11-05
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When pulling an unqualified reference (e.g., `fedora`) make sure that the reference is not using a non-docker transport to avoid iterating over the search registries and trying to pull from them. Fixes: #4434 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4448 from ↵OpenShift Merge Robot2019-11-05
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/gopkg.in/yaml.v2-2.2.5 Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.5
| * | | Bump gopkg.in/yaml.v2 from 2.2.4 to 2.2.5dependabot-preview[bot]2019-11-05
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml) from 2.2.4 to 2.2.5. - [Release notes](https://github.com/go-yaml/yaml/releases) - [Commits](https://github.com/go-yaml/yaml/compare/v2.2.4...v2.2.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4442 from mheon/release_notes_addOpenShift Merge Robot2019-11-05
|\ \ \ | | | | | | | | Add release notes for v1.6.3
| * | | Bump development version to 1.6.4-devMatthew Heon2019-11-04
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Bump version in README to v1.6.3Matthew Heon2019-11-04
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add release notes for v1.6.3Matthew Heon2019-11-04
| |/ / | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #4438 from giuseppe/fix-slirp4netns-timeoutOpenShift Merge Robot2019-11-05
|\ \ \ | |/ / |/| | slirp4netns: fix timeout
| * | slirp4netns: fix timeoutGiuseppe Scrivano2019-11-04
| |/ | | | | | | | | | | | | | | | | the pidWaitTimeout is already a Duration so do not multiply it again by time.Millisecond. Closes: https://github.com/containers/libpod/issues/4344 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4415 from rhatdan/rootlessOpenShift Merge Robot2019-11-04
|\ \ | | | | | | Update rootless shortcomings with cgroup V2 information
| * | Update rootless shortcomings with cgroup V2 informationDaniel J Walsh2019-11-01
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #4430 from rst0git/logo-light-sourceOpenShift Merge Robot2019-11-04
|\ \ \ | | | | | | | | logo: correct light source reflection
| * | | logo: correct light source reflectionRadostin Stoyanov2019-11-03
| | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
* | | | Merge pull request #4389 from TomSweeneyRedHat/dev/tsweeney/contextdirMatthew Heon2019-11-04
|\ \ \ \ | | | | | | | | | | Validate contextdir on build
| * | | | Validate contextdir on buildTomSweeneyRedHat2019-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We never verified that the context directory passed into the build command was a valid directory. When we then slapped a default Containerfile name onto it, things went south fast if the user had passed us a file and not a directory. Fixes: #4383 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #4423 from giuseppe/fix-cpu-statsOpenShift Merge Robot2019-11-04
|\ \ \ \ \ | | | | | | | | | | | | stats: report correctly CPU usage
| * | | | | stats: fix calculation for the CPU timeGiuseppe Scrivano2019-11-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/4409 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
| * | | | | cgroups: read correctly the CPU statsGiuseppe Scrivano2019-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the two values were incorrectly switched. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* | | | | | Merge pull request #4428 from Foxboron/morten/fix-docker-docsOpenShift Merge Robot2019-11-03
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | [Makefile] Fix docker documentation install and generation
| * | | | | [docs] Ensure we include section 5 documentationMorten Linderud2019-11-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Section 5 documentation is missing from the documentation restructure. Signed-off-by: Morten Linderud <morten@linderud.pw>
| * | | | | [Makefile] Fix docker documentation install and generationMorten Linderud2019-11-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The final versions of the documentation has been shifted from `docs/` to `docs/build/man`. Most of the Makefile has been changed accordingly, but the docker documentation generation was not. Introduced by #4354 Signed-off-by: Morten Linderud <morten@linderud.pw>
* | | | | | Merge pull request #4424 from rhatdan/srp33OpenShift Merge Robot2019-11-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | Update link to Commands documentation
| * | | | | | Update link to Commands documentationStephen Piccolo2019-11-01
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous link pointed to the Markdown file, but the links are broken on that page. This pull request points to the actual documentation. Grabbed from @srp33 PR https://github.com/containers/libpod/pull/4407 to help the merge process. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #4425 from rst0git/fix-typoOpenShift Merge Robot2019-11-02
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | runtime: Fix typo
| * | | | | runtime: Fix typoRadostin Stoyanov2019-11-02
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
* | | | | Merge pull request #4402 from baude/onlydocsOpenShift Merge Robot2019-11-01
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] make docsonly prs
| * | | | [CI:DOCS] make docs only prsbaude2019-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | skips certain aspects of prs for testing. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #4405 from umohnani8/fipsOpenShift Merge Robot2019-11-01
|\ \ \ \ \ | |_|/ / / |/| | | | Vendor in latest containers/buildah
| * | | | Vendor in latest containers/buildahUrvashi Mohnani2019-11-01
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull in changes to pkg/secrets/secrets.go that adds the logic to disable fips mode if a pod/container has a label set. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #4400 from haircommander/exec-hangOpenShift Merge Robot2019-11-01
|\ \ \ \ | | | | | | | | | | Switch to bufio Reader for exec streams
| * | | | Switch to bufio Reader for exec streamsPeter Hunt2019-10-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were many situations that made exec act funky with input. pipes didn't work as expected, as well as sending input before the shell opened. Thinking about it, it seemed as though the issues were because of how os.Stdin buffers (it doesn't). Dropping this input had some weird consequences. Instead, read from os.Stdin as bufio.Reader, allowing the input to buffer before passing it to the container. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | Merge pull request #4412 from ↵OpenShift Merge Robot2019-11-01
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.10.3 Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.3
| * | | | Bump github.com/onsi/ginkgo from 1.10.1 to 1.10.3dependabot-preview[bot]2019-11-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.10.1 to 1.10.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.10.1...v1.10.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4404 from jwhonce/wip/panicOpenShift Merge Robot2019-11-01
|\ \ \ \ \ | |/ / / / |/| | | | Refactor test to prevent panic
| * | | | Refactor test to prevent panicJhon Honce2019-10-31
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #4399 from giuseppe/tail-0OpenShift Merge Robot2019-10-31
|\ \ \ \ \ | | | | | | | | | | | | logs: support --tail 0
| * | | | | logs: support --tail 0Giuseppe Scrivano2019-10-31
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change the default to -1, so that we can change the semantic of "--tail 0" to not print any existing log line. Closes: https://github.com/containers/libpod/issues/4396 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>