| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
[skip ci]
Signed-off-by: Jens Petersen <petersen@redhat.com>
|
|\
| |
| | |
runtime: unlock the alive lock only once
|
| |
| |
| |
| |
| |
| |
| | |
Unlock the alive lock only once in the deferred func call.
Fixes: #3207
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
define two environment variables, that simplify the task of cleaning
up the storage, as we can do something like:
podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT'
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix bug dest path of copying tar
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Apparmor fixes
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Log a warning when --security-opt and --privileged are used together to
indicate that it has no effect since --privileged will set everything.
To avoid regressions, only warn, do not error out and do not print on
error level.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/containers/libpod/issues/3112 has revealed a
regression in apparmor when running privileged containers where the
profile must not be set or loaded. Add a simple test to avoid potential
future regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commit 27f9e23a0b9e already prevents setting the profile when creating
the spec but we also need to avoid loading and setting the profile when
creating the container.
Fixes: #3112
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update install.md ostree Debian dependencies.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add more Debian dependencies that I needed in Debian 9.9.
Signed-off-by: Jesse Wattenbarger <jesse.j.wattenbarger@gmail.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
userns: add new option --userns=keep-id
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix a potential flake in the tests for podman cp
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Instead of using the working directory, use a subdirectory of the
temporary directory created for the individual test, to prevent a
potential EEXIST for shared working directory.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Cirrus: Add zip package to images
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
document nullable types
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
the varlink doc generator was ignoring all nullable types when
generating its documentation
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
rootless: fix top huser and hgroup
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
when running in rootless mode, be sure psgo is honoring the user
namespace settings for huser and hgroup.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
hack: Display IP address of VM from script
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Useful for accessing it from other terminals.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fixup Flags
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add test cases for login and logout
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
As logout test request login to the registry, we plan to test them
together. There are five test cases added:
1. Podman login and logout with default value
3. Podman login and logout with --authfile
2. Podman login and logout with --tls-verify
4. Podman login and logout with --cert-dir
5. Podman login and logout with multi registry
All above test cases are using docker rgistry v2
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Fix a 'generate kube' bug on ctrs with named volumes
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We need to pass the Pod ID in as part of the CreateConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
make remote resize channel buffered
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when doing any sort of attach to a container, a sigwinch is sent
followed by a resize event. this is fine for the local client but when
doing things over the varlink, the first sigwinch is wiped out by the
immediate resize event and is therefore lost. by making the channel
buffered, both events are processed after the varlink connection is
established.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
When superceding mounts, check for opposite types
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we supercede low-priority mounts and volumes (image volumes,
and volumes sourced from --volumes-from) with higher-priority
ones (the --volume and --mount flags), we always replaced
lower-priority mounts of the same type (e.g. a user mount to
/tmp/test1 would supercede a volumes-from mount to the same
destination). However, we did not supercede the opposite type - a
named volume from image volumes at /tmp/test1 would be allowed to
remain and create a conflict, preventing container creation.
Solve this by destroying opposite types before merging (we can't
do it in the same loop, as then named volumes, which go second,
might trample changes made by mounts).
Fixes #3174
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
libpod: prefer WaitForFile to polling
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
replace two usage of kwait.ExponentialBackoff in favor of WaitForFile
that uses inotify when possible.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
rootless: use a pause process to keep namespaces alive
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|