summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* fix tutorial link to install.mdJens Petersen2019-06-07
| | | | | | [skip ci] Signed-off-by: Jens Petersen <petersen@redhat.com>
* Merge pull request #3208 from vrothberg/fix-3207OpenShift Merge Robot2019-05-28
|\ | | | | runtime: unlock the alive lock only once
| * runtime: unlock the alive lock only onceValentin Rothberg2019-05-28
| | | | | | | | | | | | | | Unlock the alive lock only once in the deferred func call. Fixes: #3207 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #3137 from giuseppe/unshare-fixesOpenShift Merge Robot2019-05-28
|\ \ | | | | | | unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
| * | unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOTGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | define two environment variables, that simplify the task of cleaning up the storage, as we can do something like: podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT' Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | unshare: use rootless from libpodGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3194 from QiWang19/cptarOpenShift Merge Robot2019-05-28
|\ \ \ | | | | | | | | fix bug dest path of copying tar
| * | | fix bug dest path of copying tarQi Wang2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #3189 from vrothberg/apparmor-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ | |_|_|/ |/| | | Apparmor fixes
| * | | warn when --security-opt and --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Log a warning when --security-opt and --privileged are used together to indicate that it has no effect since --privileged will set everything. To avoid regressions, only warn, do not error out and do not print on error level. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | baseline tests: apparmor with --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/containers/libpod/issues/3112 has revealed a regression in apparmor when running privileged containers where the profile must not be set or loaded. Add a simple test to avoid potential future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | apparmor: don't load/set profile in privileged modeValentin Rothberg2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 27f9e23a0b9e already prevents setting the profile when creating the spec but we also need to avoid loading and setting the profile when creating the container. Fixes: #3112 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #3198 from jjwatt/patch-1OpenShift Merge Robot2019-05-26
|\ \ \ \ | | | | | | | | | | Update install.md ostree Debian dependencies.
| * | | | Update install.md ostree Debian dependencies.Jesse Wattenbarger2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add more Debian dependencies that I needed in Debian 9.9. Signed-off-by: Jesse Wattenbarger <jesse.j.wattenbarger@gmail.com>
* | | | | Merge pull request #3196 from giuseppe/keep-idOpenShift Merge Robot2019-05-25
|\ \ \ \ \ | | | | | | | | | | | | userns: add new option --userns=keep-id
| * | | | | podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | rootless: store also the original GID in the hostGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #3185 from mheon/fix_cp_testOpenShift Merge Robot2019-05-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix a potential flake in the tests for podman cp
| * | | | | | Fix a potential flake in the tests for podman cpMatthew Heon2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using the working directory, use a subdirectory of the temporary directory created for the individual test, to prevent a potential EEXIST for shared working directory. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #3192 from cevich/add_zipOpenShift Merge Robot2019-05-24
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Cirrus: Add zip package to images
| * | | | | | cirrus: update images w/ zip pkgChris Evich2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Cirrus: Add zip package to imagesChris Evich2019-05-23
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3186 from baude/varlinkdocsnullableOpenShift Merge Robot2019-05-23
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | document nullable types
| * | | | | document nullable typesbaude2019-05-22
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the varlink doc generator was ignoring all nullable types when generating its documentation Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #3190 from giuseppe/fix-userns-psgoOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|_|/ / |/| | | | rootless: fix top huser and hgroup
| * | | | rootless: fix top huser and hgroupGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode, be sure psgo is honoring the user namespace settings for huser and hgroup. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | vendor: update psgo to v1.3.0Giuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3097 from cevich/show_ipOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|/ / / |/| | | | hack: Display IP address of VM from script
| * | | | hack: ignore from all VCS files when tarballingChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: shrink xfer tarball sizeChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: Display IP address of VM from scriptChris Evich2019-05-22
|/ / / / | | | | | | | | | | | | | | | | | | | | Useful for accessing it from other terminals. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ \ \ \ | | | | | | | | | | Fixup Flags
| * | | | Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2715 from ypu/login_logoutOpenShift Merge Robot2019-05-22
|\ \ \ \ \ | | | | | | | | | | | | Add test cases for login and logout
| * | | | | Add test cases for login and logoutYiqiao Pu2019-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As logout test request login to the registry, we plan to test them together. There are five test cases added: 1. Podman login and logout with default value 3. Podman login and logout with --authfile 2. Podman login and logout with --tls-verify 4. Podman login and logout with --cert-dir 5. Podman login and logout with multi registry All above test cases are using docker rgistry v2 Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | | | | Merge pull request #3178 from mheon/fix_gen_kubeOpenShift Merge Robot2019-05-22
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix a 'generate kube' bug on ctrs with named volumes
| * | | | | Remove unused return statement in kube volume codeMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Fix play kube when a pod is specifiedMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to pass the Pod ID in as part of the CreateConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Fix a 'generate kube' bug on ctrs with named volumesMatthew Heon2019-05-21
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #3176 from baude/resizechanbufferOpenShift Merge Robot2019-05-22
|\ \ \ \ \ | |_|/ / / |/| | | | make remote resize channel buffered
| * | | | make remote resize channel bufferedbaude2019-05-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when doing any sort of attach to a container, a sigwinch is sent followed by a resize event. this is fine for the local client but when doing things over the varlink, the first sigwinch is wiped out by the immediate resize event and is therefore lost. by making the channel buffered, both events are processed after the varlink connection is established. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3177 from mheon/duplicate_volumesOpenShift Merge Robot2019-05-22
|\ \ \ \ | | | | | | | | | | When superceding mounts, check for opposite types
| * | | | Add test for image volume conflict with user volumeMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | When superceding mounts, check for opposite typesMatthew Heon2019-05-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we supercede low-priority mounts and volumes (image volumes, and volumes sourced from --volumes-from) with higher-priority ones (the --volume and --mount flags), we always replaced lower-priority mounts of the same type (e.g. a user mount to /tmp/test1 would supercede a volumes-from mount to the same destination). However, we did not supercede the opposite type - a named volume from image volumes at /tmp/test1 would be allowed to remain and create a conflict, preventing container creation. Solve this by destroying opposite types before merging (we can't do it in the same loop, as then named volumes, which go second, might trample changes made by mounts). Fixes #3174 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3173 from giuseppe/use-wait-for-fileOpenShift Merge Robot2019-05-21
|\ \ \ \ | | | | | | | | | | libpod: prefer WaitForFile to polling
| * | | | libpod: prefer WaitForFile to pollingGiuseppe Scrivano2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | replace two usage of kwait.ExponentialBackoff in favor of WaitForFile that uses inotify when possible. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3084 from giuseppe/rootless-pause-processOpenShift Merge Robot2019-05-21
|\ \ \ \ \ | | | | | | | | | | | | rootless: use a pause process to keep namespaces alive
| * | | | | troubleshooting.md: add note about updating subuid/subgidGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | system: migrate stops the pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>