| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, it seemed like a good idea to place Conmon and the
container it managed under a shared CGroup, so we could manage
the two together. It's become increasingly clear that this is a
potential performance sore point, gains us little practical
benefit in managing Conmon, and adds extra steps to container
cleanup that interfere with Conmon postrun hooks.
Revert back to a shared CGroup for conmon processes under the
CGroup parent. This will retain per-pod conmon CGroups as well if
the pod is set to create a CGroup and act as CGroup parent for
its containers.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1051
Approved by: umohnani8
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1052
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015)
made AddPrivilegedDevices per-platform and cc6f0e85 (more changes to
compile darwin, 2018-07-04, #1047) made CreateBlockIO per-platform.
But both left but left out docs for the unsupported version [1]:
pkg/spec/config_unsupported.go:18:1:warning: exported method
CreateConfig.AddPrivilegedDevices should have comment or be
unexported (golint)
pkg/spec/config_unsupported.go:22:1:warning: exported method
CreateConfig.CreateBlockIO should have comment or be unexported
(golint)
To keep the docs DRY, I've restored the public methods and their docs,
and I've added new, internal methods for the per-platform
implementations.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L160
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015)
made RemovePod per-platform, but left out docs for the unsupported
version [1]:
libpod/runtime_pod_unsupported.go:14:1:warning: exported method
Runtime.RemovePod should have comment or be unexported (golint)
To keep the docs DRY, I've restored RemovePod and its docs to their
previous location, and named a new, internal removePod for the
per-platform implementations.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L159
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function was added in cc6f0e85 (more changes to compile darwin,
2018-07-04, #1047), but it has no consumers and no Linux analog.
Remove it, which also fixes the [1]:
libpod/networking_unsupported.go:9:1:warning: exported function
JoinNetworkNameSpace should have comment or be unexported (golint)
lint issue.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L158
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just in case their output depends on the target GOOS. Lint, at least,
does care, because it can pass on Linux [1] and fail on OS X [2] with
the same code.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555936#L856
[2]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L153
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The files were split apart by b96be3af (changes to allow for darwin
compilation, 2018-06-20, #1015), but the C import and two functions
left in rootless.go are all Linux-specific as well. This commit moves
all of the pre-b96be3af rootless.go into rootless_linux.go, just
adding the '// +build linux' header (b96be3af also scrambled the + in
that header) and keeping the new GetRootlessUID from a1545fe6
(rootless: add function to retrieve the original UID, 2018-07-05, #1048).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pattern-rule documentation is in [1]. This commit follows the basic
approach from [2], with the portable build tags from [3].
Using --keep-going allows folks to see errors for multiple target
platforms. For example, if the Darwin target dies, we'll still
attempt to build the Linux target before erroring out.
I've added an ALLOWED_TO_FAIL environment variable to mark script
blocks for the the allow_failures block. Currently we're requiring
builds from Linux for Linux and OS X to succeed, but allowing builds
from OS X to both targets to fail.
[1]: https://www.gnu.org/software/make/manual/html_node/Pattern-Intro.html#Pattern-Intro
[2]: https://github.com/kubernetes-incubator/cri-o/commit/e5031fcf9af7d6c78d21e38ab9f82d2392ba05e8
[3]: https://github.com/kubernetes-incubator/cri-o/pull/1653
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this should represent the last major changes to get darwin to **compile**. again,
the purpose here is to get darwin to compile so that we can eventually implement a
ci task that would protect against regressions for darwin compilation.
i have left the manual darwin compilation largely static still and in fact now only
interject (manually) two build tags to assist with the build. trevor king has great
ideas on how to make this better and i will defer final implementation of those
to him.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1047
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Building our own image to test built-in volume and user
instead of using the mariadb one.
Solves timeout issue in travis tests.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1044
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
when XDG_RUNTIME_DIR is not set, still attempt to use /run/user/$UID
before looking up other directories.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
After we re-exec in the userNS os.Getuid() returns the new UID (= 0)
which is not what we want to use.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
containers/image uses XDG_RUNTIME_DIR to locate the auth file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1048
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This way we don't need to stub in structures for other OSes (e.g. the
Darwin stub in a Linux-only file). Matthew was concerned about errors
unmarshalling, say, a Linux state object on a Windows box [1], but we
can address that in checks when loading the database [2].
[1]: https://github.com/projectatomic/libpod/pull/1015#discussion_r198649043
[2]: https://github.com/projectatomic/libpod/pull/1015#discussion_r198802956
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1033
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Vendor an updated version of urfave/cli to fix the parsing of short
options. Until the fix is merged upstream, vendor the code from
github.com/vrothberg/cli containing both, the latest urfave/cli and
the bug fix.
Fixes: #714
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1046
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
man-pages(7) has [1]:
> For commands, this shows the syntax of the command and its arguments
> (including options); boldface is used for as-is text and italics are
> used to indicate replaceable arguments. Brackets ([]) surround
> optional arguments, vertical bars (|) separate choices, and ellipses
> (...) can be repeated.
I've adjusted our SYNOPSIS entries to match that formatting, and
generally tried to make them more consistent with the precedent set by
the man-pages project. Outside of the SYNOPSIS entry, I prefer using
backticks for literals, although in some places I've left the **
bolding to keep things visually similar to a nearby SYNOPSIS entry.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1027
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1030
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes fixing errors easier. Before this commit, errors looked
like [1]:
$ make gofmt
libpod/container_linux.go:1::warning: file is not gofmted with -s (gofmt)
make: *** [gofmt] Error 1
But that's not very helpful when your local gofmt thinks the file is
fine. With this commit, errors will look like:
$ make gofmt
find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+
git diff --exit-code
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index df4de3fe..22b39870 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1,7 +1,7 @@
package libpod
import (
-"bytes"
+ "bytes"
"context"
"encoding/json"
"fmt"
make: *** [Makefile:87: gofmt] Error 1
(or whatever, I just stuffed in a formatting error for demonstration
purposes).
Also remove the helper script in favor of direct Makefile calls,
because with Git handling difference reporting and exit status, this
becomes a simpler check. find's -exec, !, and -path arguments are
specified in POSIX [2].
[1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1038
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1041
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1037
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1036
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1015
Approved by: baude
|
| |\
| |
| | |
Bump to v0.6.5
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The destination path of the built-in volume was not being created
but a relabel was being attempted on it, this was causing issues
with all images that have built-in volumes.
This patch fixes that and ensures the destination volume path
is created.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1026
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1012
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I got my database state in a bad way by killing a hanging container.
It did not setup the network namespace correctly
listing/remove bad containers becomes impossible.
podman run alpine/nginx
^c
got me in this state.
I got into a state in the database where
podman ps -a
was returning errors and I could not get out of it, Makeing joining the network
namespace a non fatal error fixes the issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #918
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
User newer seccomp bindings from the seccomp upstream
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1021
Approved by: giuseppe
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1013
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
If the caller sets up the app to be in logrus.DebugLevel,
then we will add the --syslog flag to conmon to get all of the
messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1014
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1024
Approved by: nalind
|
| |
|
|
|
|
|
|
|
|
| |
Fixes issue with build for last step of docker file when
building with --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1023
Approved by: mheon
|
| |\
| |
| | |
utils: fix endless write of resize event
|
| | |
| |
| |
| |
| |
| | |
issue introduced with c82166afabd63f6271990be89ffa6609d3dc6712
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1022
Approved by: baude
|
| | |
| |
| |
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1022
Approved by: baude
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of setting the --registry flag to search a single registry,
prefix the registry before the image name in the input, an example is
`podman search registry.fedoraproject.org/fedora` and this will search for
the fedora image in only registry.fedoraproject.org.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1011
Approved by: rhatdan
|
| |/
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1019
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]:
> The root cause is a deadlock between two channel writes made by two
> different goroutines:
>
> 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize
> message thru `resize` right at the beginning, but the channel is
> never read if some startup error occurs.
>
> 2. Upon program termination, `startAttachCtr() : defer func(){} ` is
> telling the goroutine in "1." to stop via the `resizeTerminate`
> channel. But that guy is still waiting for the write to `resize`
> to complete so the the termination message is never read.
>
> I think the go deadlock detection does not kick in because not all
> goroutines are seen as asleep. E.g. `os/signal Notify()` is enough
> to have the deadlock not detected.
333ab8c2 (Fix podman hangs when detecting startup error in container
attached mode, 2018-06-27, #1010) addressed this with a deferred
drain. This commit adjusts that approach to use a single select to
cover "have we been canceled?", "has there been a resize signal?", and
(when we have one) "can we write the most recent resize event to the
resize channel?".
A side benefit to this approach is that if we have a slow resize
consumer and several resize signals, the resizeTty function will keep
updating its local resizeEvent. Once the resize channel is able to
accept, only the most-recent event will be written. Previously we'd
have written one resize event for every received signal, even if the
resize consumer was falling behind.
[1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1018
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The initial resize command sent to the terminal window over the resize
channel may never be delivered in case of error.
Hence it is necessary to consume all data from the resize channel to
avoid a deadlock on startup.
Fixes: #1009
Closes: #1010
Approved by: giuseppe
|
| |
|
|
|
|
|
|
|
| |
Update the used go versions from 1.8.x to 1.9.x and 1.9.x to 1.10.x.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1016
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Update the description of podman-build which was mentioning the initial
requirement of Buildah which doesn't apply anymore since Podman is
vendoring Buildah code.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1005
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Catching up with opencontainers/runtime-tools@84a62c6a (generate: Move
Generator.spec to Generator.Config, 2016-11-06, #266, v0.6.0), now
that we've bumped runtime-tools in f6c0fc1a (Vendor in latest
runtime-tools, 2018-06-26, #1007).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1008
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1007
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1007
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
Newer runtime tools separates syscalls by OS so we can build darwin.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1007
Approved by: baude
|
