summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #2585 from giuseppe/build-honor-netOpenShift Merge Robot2019-03-12
|\ | | | | build: honor --net
| * slirp4netns: add builtin DNS server to resolv.confGiuseppe Scrivano2019-03-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * build: honor --netGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | when --net is specified, pass it down to Buildah. Depends on: https://github.com/containers/buildah/pull/1395 Closes: https://github.com/containers/libpod/issues/2572 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2610 from vrothberg/vendor-psgoOpenShift Merge Robot2019-03-11
|\ \ | | | | | | vendor psgo v1.2
| * | vendor psgo v1.2Valentin Rothberg2019-03-11
| | | | | | | | | | | | | | | | | | | | | The psgo library now be used concurrently by multiple goroutines without interferring with another. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2612 from KKoukiou/api-doc-fixOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | Fix broken link in API.md
| * | | Fix broken link in io.podman.varlinkKaterina Koukiou2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | Link to InspectImage was broken. Signed-off-by: Katerina Koukiou <kkoukiou@redhat.com>
* | | | Merge pull request #2587 from mheon/update_troubleshootingOpenShift Merge Robot2019-03-11
|\ \ \ \ | | | | | | | | | | Update troubleshooting guide for Podman-in-Podman
| * | | | Update troubleshooting guide for Podman-in-PodmanMatthew Heon2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a small section on the bad things that can happen if you don't mount in our temporary directories. Fixes #1602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | Add event logging to libpod, even display to podman
| * | | | | Add event logging to libpod, even display to podmanbaude2019-03-11
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2609 from QiWang19/moveformatsOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | move formats pkg to and vendor from buildah
| * | | | | move formats pkg to and vendor from buildahQi Wang2019-03-11
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #2593 from mheon/scrub_tmpfs_linksOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | | | | | | | | | | | | Ensure that tmpfs mounts do not have symlinks
| * | | | | Ensure that tmpfs mounts do not have symlinksMatthew Heon2019-03-11
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting a tmpfs, runc attempts to make the directory it will be mounted at. Unfortunately, Golang's os.MkdirAll deals very poorly with symlinks being part of the path. I looked into fixing this in runc, but it's honestly much easier to just ensure we don't trigger the issue on our end. Fixes BZ #1686610 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #2613 from rhatdan/selinuxOpenShift Merge Robot2019-03-11
|\ \ \ \ \ | |_|_|/ / |/| | | | Fix SELinux on host shared systems in userns
| * | | | Fix SELinux on host shared systems in usernsDaniel J Walsh2019-03-11
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you turn on --net=host on a rootless container and have selinux-policy installed in the image, tools running with SELinux will see that the system is SELinux enabled in rootless mode. This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour. This patch also fixes the fact that if you shared --pid=host we were not masking over certin /proc paths. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2578 from baude/movecreateOpenShift Merge Robot2019-03-11
|\ \ \ \ | |/ / / |/| | | preparation for remote-client create container
| * | | preparation for remote-client create containerbaude2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2611 from nalind/buffer-stdin-importOpenShift Merge Robot2019-03-11
|\ \ \ \ | |_|/ / |/| | | Buffer stdin to a file when importing "-"
| * | | Buffer stdin to a file when importing "-"Nalin Dahyabhai2019-03-11
|/ / / | | | | | | | | | | | | | | | | | | | | | When importing an image from a file somewhere, we already know how to download data from a URL to a file, so do the same for stdin, in case it's unexpectedly large. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | rootless: fix stop and rm when the container is running with uid != 0
| * | | rootless: fix pod stop|rm if uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | join the user namespace where the pod is running, so that we can both manage the storage and correctly send the kill signal to a process which is not running as root in the namespace. Closes: https://github.com/containers/libpod/issues/2577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: fix rm when uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: disable pod statsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: do not create automatically a userns for pod killGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | errors: fix error cause comparisonGiuseppe Scrivano2019-03-11
| | |/ | |/| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2597 from jwhonce/issue/2016OpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | Initialize field in InfoHost struct
| * | | Initialize field in InfoHost structJhon Honce2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #2016 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #2538 from giuseppe/slirp4netns-pathOpenShift Merge Robot2019-03-11
|\ \ \ \ | |_|_|/ |/| | | libpod: allow to configure path to the slirp4netns binary
| * | | libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2604 from giuseppe/allow-single-mappingsOpenShift Merge Robot2019-03-11
|\ \ \ | |_|/ |/| | rootless: allow single ID mappings
| * | rootless: allow single mappingsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | pull: promote debug statement to errorGiuseppe Scrivano2019-03-11
| |/ | | | | | | | | | | print an error if there is any failure pulling an image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2606 from TomSweeneyRedHat/dev/tsweeney/builddocfixOpenShift Merge Robot2019-03-11
|\ \ | |/ |/| Remove --rm and --detach don't coexist note
| * Remove --rm and --detach don't coexist noteTomSweeneyRedHat2019-03-11
|/ | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> With later changes of Podman, you can now use both the --rm and --detach in a single run command. This PR removes the documentation in the man pages saying this is not allowed. Fixes: #2601
* Merge pull request #2603 from mheon/misc_pod_fixesOpenShift Merge Robot2019-03-11
|\ | | | | Misc pod fixes
| * Fix generation of infra container commandMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | | | When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Remove an unused if statement I addedMatthew Heon2019-03-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Don't delete another container's resolv and hosts filesMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | The logic of deleting and recreating /etc/hosts and /etc/resolv.conf only makes sense when we're the one that creates the files - when we don't, it just removes them, and there's nothing left to use. Fixes #2602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix a potential segfault during infra container createMatthew Heon2019-03-10
|/ | | | | | | | | I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2516 from rhatdan/secretsOpenShift Merge Robot2019-03-09
|\ | | | | Move secrets package to buildah
| * Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2576 from rhatdan/troubleshootingOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Add troublshoot information about SELinux labeling of containers/storage
| * | Add troublshoot information about SELinux labeling of containers/storageDaniel J Walsh2019-03-08
| |/ | | | | | | | | | | | | We have some bug reports about people moving containers storage to new directories and this troubleshooter should help them fix this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2531 from cevich/rootless_stubOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Cirrus: Add dedicated rootless mode testing
| * | Cirrus: Add dedicated rootless mode testingChris Evich2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain integration tests require execution as a regular user. This is acomplished by `PodmanTest.PodmanAsUserBase()` wrapping a specialized execution environment, in `test/utils/utils.go`. However, doing this requires passing through python, which vastly increases the complexity of debugging low-level problems. This commit introduces a new parallel task, run as a regular user on the VM as set by three environment variables. All commands executed in the ``rootless_test.sh`` script, will occur as a real user with a name and home directory, just as `$DIETY` intended. All env. vars established during `environment_setup.sh` (for root) are available. The PR source in `$GOSRC` and `$GOPATH` are owned by this user, and ready for use. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #2598 from mheon/crio_umount_is_uselessOpenShift Merge Robot2019-03-09
|\ \ \ | | | | | | | | We don't use crio-umount.conf
| * | | We don't use crio-umount.confMatthew Heon2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It also causes conflicts with CRI-O packages. Also, change the path on seccomp.json so it lives in /usr/share by default, with everything else. Fixes #2596 Signed-off-by: Matthew Heon <mheon@redhat.com>