summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #6926 from ↵OpenShift Merge Robot2020-07-11
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.21.0 Bump github.com/containers/storage from 1.20.2 to 1.21.0
| * Bump github.com/containers/storage from 1.20.2 to 1.21.0dependabot-preview[bot]2020-07-10
| | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.20.2 to 1.21.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.20.2...v1.21.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6932 from rhafer/aa_privOpenShift Merge Robot2020-07-11
|\ \ | | | | | | Don't setup AppArmor provile for privileged pods
| * | Don't setup AppArmor provile for privileged podsRalf Haferkamp2020-07-10
| |/ | | | | | | | | | | This is essentially db218e7162c2 forward-ported to specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | Merge pull request #6936 from mheon/matt_cant_countOpenShift Merge Robot2020-07-11
|\ \ | | | | | | Correctly print STDOUT on non-terminal remote exec
| * | Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6929 from vrothberg/fix-9627OpenShift Merge Robot2020-07-11
|\ \ \ | | | | | | | | version/info: format: allow more json variants
| * | | version/info: format: allow more json variantsValentin Rothberg2020-07-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Allow more variants to yield json output for `podman version` and `podman info`. Instead of comparing strings, use a regex and add unit and e2e tests. Fixes: #6927 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6918 from skorhone/fix/hijacked_connection_handlingOpenShift Merge Robot2020-07-10
|\ \ \ | |/ / |/| | Fix: Correct connection counters for hijacked connections
| * | Fix: Correct connection counters for hijacked connectionsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes connection counters for v2 endpoints Idletracker was moved to a new package to prevent package cycle. Hijacking code still remains in wrong place and should be moved later to isolated package Signed-off-by: Sami Korhonen <skorhone@gmail.com>
| * | Fix: Hijacking v2 endpoints to follow rfc 7230 semanticsKorhonen Sami (Samlink)2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this patch v2 hijacking endpoints, exec/start and containers/attach follow rfc 7230 specification. Connection will only be upgraded, if client specifies upgrade headers: For tcp connections: Connection: Upgrade Upgrade: tcp For unix socket connections: Connection: Upgrade Upgrade: sock There are currently no checks if upgrade type actually matches with available protocols. Implementation just protocol that client requested Signed-off-by: Sami Korhonen <skorhone@gmail.com>
| * | Remove hijacked connections from active connections listKorhonen Sami (Samlink)2020-07-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | StateHijacked is a terminal state. If hijacked connection is registered as an active connection, connection will never be unregistered. This causes two issues First issue is that active connection counters are off. Second issue is a resource leak caused by connection object that is stored to a map. After this patch hijacked connections are no longer visible in counters. If a counter for hijacked connections is required, podman must track connections returned by Hijacker.Hijack() It might make sense to develop abstraction layer for hijacking - and move all hijacking related code to a separate package. Hijacking code is prone to resource leaks and it should be thoroughly tested. Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* | Merge pull request #6917 from mheon/retErr_for_libpodOpenShift Merge Robot2020-07-10
|\ \ | |/ |/| Remove all instances of named return "err" from Libpod
| * Remove all instances of named return "err" from LibpodMatthew Heon2020-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was inspired by https://github.com/cri-o/cri-o/pull/3934 and much of the logic for it is contained there. However, in brief, a named return called "err" can cause lots of code confusion and encourages using the wrong err variable in defer statements, which can make them work incorrectly. Using a separate name which is not used elsewhere makes it very clear what the defer should be doing. As part of this, remove a large number of named returns that were not used anywhere. Most of them were once needed, but are no longer necessary after previous refactors (but were accidentally retained). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6906 from rhatdan/VENDOROpenShift Merge Robot2020-07-09
|\ \ | |/ |/| Vendor in new version of Buildah
| * Vendor in new version of BuildahDaniel J Walsh2020-07-09
| | | | | | | | | | | | This also pulls in latest runc and containers/common Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Remove dependency on github.com/opencontainers/libpod/configsDaniel J Walsh2020-07-09
| | | | | | | | | | | | | | | | | | We are using these dependencies just to get the device from path. These dependencies no longer build on Windows, so simply cloning the deviceFromPath function, we can eliminate the need for this vendoring. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6835 from zhangguanzhang/masterOpenShift Merge Robot2020-07-09
|\ \ | | | | | | fix API: Create container with an invalid configuration
| * | fix API: Create container with an invalid configurationzhangguanzhang2020-07-09
| |/ | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #6916 from vrothberg/logs-fixesOpenShift Merge Robot2020-07-09
|\ \ | | | | | | log API: add context to allow for cancelling
| * | logs: enable e2e testsValentin Rothberg2020-07-09
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | log API: add context to allow for cancellingValentin Rothberg2020-07-09
| |/ | | | | | | | | | | | | | | | | Add a `context.Context` to the log APIs to allow for cancelling streaming (e.g., via `podman logs -f`). This fixes issues for the remote API where some go routines of the server will continue writing and produce nothing but heat and waste CPU cycles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6814 from QiWang19/oci-dirOpenShift Merge Robot2020-07-09
|\ \ | |/ |/| Fix saving in oci format
| * Fix saving in oci formatQi Wang2020-07-09
|/ | | | | | | | - fix saving&loading oci format. Close #6544 - support loading using image name without "localhost/" prefix when reading from ociarchive/dir saved from this semantics Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #6889 from mheon/update_master_releasenotesDaniel J Walsh2020-07-08
|\ | | | | [CI:DOCS] Update release notes on Master for v2.0.2
| * Update release notes on Master for v2.0.2Matthew Heon2020-07-08
|/ | | | | | Also update README to reflect the new release. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6904 from cevich/minor_fixDaniel J Walsh2020-07-08
|\ | | | | CI:DOCS Minor: Remove two inaccurate comments
| * Minor: Remove two inaccurate commentsChris Evich2020-07-08
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #6907 from cevich/secure_variableBrent Baude2020-07-08
|\| | | | | Cirrus: Rotate keys post repo. rename
| * Cirrus: Rotate keys post repo. renameChris Evich2020-07-08
|/ | | | | | | | | Encode credentials at new repository settings page https://cirrus-ci.com/settings/repository/6707778565701632 Ref: https://cirrus-ci.org/guide/writing-tasks/#encrypted-variables Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #6829 from rhatdan/keepidOpenShift Merge Robot2020-07-07
|\ | | | | Add username to /etc/passwd inside of container if --userns keep-id
| * Add username to /etc/passwd inside of container if --userns keep-idDaniel J Walsh2020-07-07
| | | | | | | | | | | | | | | | | | | | If I enter a continer with --userns keep-id, my UID will be present inside of the container, but most likely my user will not be defined. This patch will take information about the user and stick it into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6881 from vrothberg/events-raceOpenShift Merge Robot2020-07-07
|\ \ | | | | | | fix race condition in `libpod.GetEvents(...)`
| * | fix race condition in `libpod.GetEvents(...)`Valentin Rothberg2020-07-07
| |/ | | | | | | | | | | | | | | | | Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6878 from skorhone/fix/docker_v1_24_image_list_compatibilityOpenShift Merge Robot2020-07-07
|\ \ | |/ |/| Add support for Filter query parameter to list images api
| * Add support for Filter query parameter to list images apiKorhonen Sami (Samlink)2020-07-07
|/ | | | | | | | | | | | Docker api version 1.24 uses a query parameter named Filter for filtering images by names. In more recent versions of api name filter is in filters query parameter with other filters This patch adds a mapping that translates Filter query parameter to Filters={"reference": [""]} Signed-off-by: Sami Korhonen <skorhone@gmail.com>
* Merge pull request #6693 from goochjj/libpod-sd-notify-cmdlineOpenShift Merge Robot2020-07-06
|\ | | | | Implement --sdnotify cmdline option to control sd-notify behavior
| * BATS system tests for new sdnotifyEd Santiago2020-07-06
| | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Implement --sdnotify cmdline option to control sd-notify behaviorJoseph Gooch2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* | Merge pull request #6570 from rhatdan/remoteOpenShift Merge Robot2020-07-06
|\ \ | | | | | | Change buildtag for remoteclient to remote for testing
| * | Change buildtag for remoteclient to remote for testingDaniel J Walsh2020-07-06
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6868 from mheon/fix_mount_rootlessOpenShift Merge Robot2020-07-06
|\ \ \ | |/ / |/| | Fix bug where `podman mount` didn't error as rootless
| * | Disable mount tests as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | As rootless, `podman mount` must be run inside `podman unshare`. We don't really have a testing harness that can do this right now. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Fix bug where `podman mount` didn't error as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We require that rootless `podman mount` be run inside a shell spawned by `podman unshare` (which gives us a mount namespace which actually lets other commands use the mounted filesystem). The fix is simple - we need to mark the command as requiring the rootless user namespace not be configured, so we can test for it later as part of the mount code and error if we needed to make one. Fixes #6856 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6812 from chuanchang/add_apiv2_testOpenShift Merge Robot2020-07-06
|\ \ \ | |_|/ |/| | test.apiv2: add testing for container initializing
| * | test.apiv2: add testing for container initializingAlex Jia2020-07-01
| | | | | | | | | | | | Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | Merge pull request #6836 from ashley-cui/tzlibpodOpenShift Merge Robot2020-07-06
|\ \ \ | |_|/ |/| | Add --tz flag to create, run
| * | Add --tz flag to create, runAshley Cui2020-07-02
| | | | | | | | | | | | | | | | | | | | | --tz flag sets timezone inside container Can be set to IANA timezone as well as `local` to match host machine Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #6864 from vrothberg/v2-moduleOpenShift Merge Robot2020-07-06
|\ \ \ | | | | | | | | move go module to v2
| * | | move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>