| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.
That way we can add empty lines as separators, and still come out shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because srcRef is created by parsing imgName, both hard-code assumptions
about transport-specific formats of the strings, so that is neither better nor worse;
but we do less explicit parsing.
Should not change behavior for dir:, nor for fully-correct docker-archive:.
docker-archive:, though, also supports docker-archive:path:reference, where
the reference is ignored (with a warning) on read; in such cases the previous
code would use the reference only (not the path), the new code uses both
as the path. Neither works, we just change the failure mode (but
"error opening path:reference" is now more suggestive of the correct usage).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
... it is always nil.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bit more specific as to what "ref" or "list" means,
and consistent with refPairsFromPossiblyUnqualifiedName
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Again, that makes the core logic independent from Runtime == containers-storage,
and easier to test independently.
So, this also adds tests.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... and use pullRefPairsFromRefNames to convert to the
desired data structure later.
This will make both getPullRefName, and later the bulk of
getPullListFromRef, independent of the storage, and thus much easier to test.
Then add tests for getPullRefName. (Ideally they should be shorter,
e.g. hopefully the .image member can be eliminated.)
Should not change behavior, except that error messages on invalid
dstName will now include the value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
This will make any failures easier to attribute to the cause.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman umount will currently only unmount file system if not other
process is using it, otherwise the umount decrements the container
storage to indicate that the caller is no longer using the mount
point, once the count gets to 0, the file system is actually unmounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1184
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
| |
Third round of speed improvements to the integration tests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1193
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
refresh() is the only major command we had that did not perform a
sync before running, and thus was not guaranteed to pick up a
good copy of the state. Fix this by updating the state before a
refresh().
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Pod and container State structs are now allowed to be empty on
first being retrieved from the database. Rework pod and container
equality functions used in testing to account for this change.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
The new state changes are potentially confusing to people writing
API functions on containers or pods. Add comments to the structs
on how to safely use them.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not necessary to fill in state immediately, as we'll be
overwriting it on any API call accessing it thanks to
syncContainer(). It is also causing races when we fetch it
without holding the container lock (which syncContainer() does).
As such, just don't retrieve the state on initial pull from the
database with Bolt.
Also, refactor some Linux-specific netns handling functions out
of container_internal_linux.go into boltdb_linux.go.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
slirp4netns is required to setup the network namespace:
https://github.com/rootless-containers/slirp4netns
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1156
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When removing an image via varlink, we should always return the
ID of the image even in the case where the image has multiple
repository names and one was only untagged.
Reported by jhonce during integration testing.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1191
Approved by: jwhonce
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1185
Approved by: giuseppe
|
|
|
|
|
|
|
|
|
|
| |
This is the second round of performance improvements for out
integration tests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1190
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
due to how cstorage is designed, we were spewing thousands of fds when
we restored cached images causing unwieldy rlimits. we now use podman
load to restore the images thereby not tripping the issue.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1188
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
The auto decompression functionality was already vendored in
with containers/image. Adding a test for it.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1137
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop all containers with a zero timeout prior to trying to rm -fa. This results
in quicker teardown times by not waiting for timeouts.
Also, with wait tests, no need to wait the full 10 second sleep. 1 will do.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1181
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because our tests are getting so long, we want to be able to audit which tests are taking
the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore
should be auditable.
Also, make speed improvements to tests by making sure we only unpack caches images that
actually get used.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1178
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
update to version 956a1971694f18fd602b1203c0a2d192e2cc88a1
inherit support for IDs shifting when fuse-overlayfs is used.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1177
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
* Some of the pedantic errors were not corrected
* Clean up prep for porting to MacOS and PyPi hosting
* Fix broken unittest
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1159
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
If an image is created from another and it is deleted,
only delete the actual image and not the parent images
if the parent images have names/references.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1174
Approved by: mheon
|
|\
| |
| | |
Bump to 0.7.4
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Added Pause() and Unpause() to libpod/pod.go
Added man pages, tests and completions
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1126
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1170
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a compiler warning that has been fixed in the
upstream, so I figured we should update to fix.
Also vendor in latest buildah to get better support for running builds in rootless
mode.
Vendor in latest containers/image to allow daemon support to be pluggable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1169
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Now, for commands that have --latest and --all, the context flags are checked, and pods are grabbed in a single function
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1161
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CNI plugins upstream removed their network namespace creation
code, making it a test package only. Copy it into our repository
and slightly modify it for our use (most notably, use MNT_DETACH
when unmounting namespaces).
This new CNI code splits closing and unmounting network
namespaces, which allows us to greatly reduce the number of
occasions on which we call teardownNetwork() and make more errors
in that function fatal instead of warnings. Instead, we can call
Close() and just close the open file descriptor in cases where
the namespace has already been cleaned up.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
We need to pick up changes to the netns packages that are not yet
in a released tag.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1167
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, getRuntimeSpec always fails on non-Linux because
spec.CreateConfigToOCISpec always fails, because the podman CLI
sets up a seccomp path, and processing that on non-Linux is not supported. This
breaks testing of entirely unrelated options.
We can either skip the tests on non-Linux, or explicitly disable seccomp
inside the tests. Linux testing matters much more than other platforms,
and the tests are more reliable when they don't change supposedly
unrelated options; so, skip the tests on non-Linux.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just muves the Linux implementation, unchanged, to the
platform-agnostic file. Should not change behavior on Linux.
On non-Linux platforms, reading containers from BoltDB now works
(and rejects containers with namespace data). The checkRuntimeConfig
validation ensures that each BoltDB database is only used on one platform,
so network namespaces should never exist in non-Linux BoltDB files.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the actual platform-specific part of getContainerFromDB.
Factor it out, unchanged, on Linux. On other platforms, introduce
a stub which fails if any data exists; this stub is not yet called.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On macOS NewImageRuntimeFromOptions fails with chown EPERM because the
"vfs" driver tries to chown its home to root:root 0700; in fact running
as root seems to be a generic requirement. So, skip the tests if not
running as root.
(This could maybe benefit from an extra state, maybe an environment
variable like RUNNING_IN_CI, to make sure the tests are actually
run often enough.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
(make localunit) complains about the unbuildable subpackage; silence that.
Actually, I can't find any user of checkseccomp in this repo; maybe
it is entirely unused?
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
None of the functions are used within the package, and it does not build
on non-Linux systems.
(Similar code continues to exist in pkg/chrootuser, and is unaffected.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1163
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1162
Approved by: rhatdan
|
|\
| |
| | |
Add a mutex to BoltDB state to prevent lock issues
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081,
POSIX file advisory locks are unsafe to use within a single
process if multiple file descriptors are open for the same file.
Unfortunately, this has a strong potential to happen for
multithreaded usage of libpod, and could result in DB corruption.
To prevent this, wrap all access to BoltDB within a single
libpod instance in a mutex to ensure concurrent access cannot
occur.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1160
Approved by: mheon
|