summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* podman cp: fix copying to a non-existent dirValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | Copy is full of perils. Some of them are the nuances when copying directories. Who would have thought that * cp dir foo * cp dir/ foo * cp dir/. foo are all supposed to yield the same result when foo does not exist. `podman cp` now supports all three notations, which required to massage the front-end code in `cmd/podman` a bit. The tests have been extended and partially rewritten to test container->host and host->container copy operations. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman cp: fix ownershipValentin Rothberg2021-03-09
| | | | | | | | Make sure the files are chowned to the host/container user, depending on where things are being copied to. Fixes: #9626 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman cp: ignore EPERMs in rootless modeValentin Rothberg2021-03-09
| | | | | | | | | | | | Ignore permission errors when copying from a rootless container. TTY devices inside rootless containers are owned by the host's root user which is "nobody" inside the container's user namespace rendering us unable to even read them. Enable the integration test which was temporarily disabled for rootless users. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* vendor buildah@v1.19.8Valentin Rothberg2021-03-09
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9651 from rhatdan/volumeOpenShift Merge Robot2021-03-08
|\ | | | | [NO TESTS NEEDED] podman-remote build does not support volumes
| * podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8172 from rhatdan/storageOpenShift Merge Robot2021-03-08
|\ \ | | | | | | [NO TESTS NEEDED] allow the removal of storage images
| * | allow the removal of storage imagesDaniel J Walsh2021-03-08
| |/ | | | | | | | | | | | | | | Sometimes if the system crashes while an image is being pulled containers/storage can get into a bad state. This PR allows the user to call into container storage to remove the image. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9667 from mheon/bump-3.1.0-rc1OpenShift Merge Robot2021-03-08
|\ \ | | | | | | [CI:DOCS] Bump to v3.1.0-RC1
| * | Bump to v3.1.0-devMatthew Heon2021-03-08
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Bump to v3.1.0-rc1v3.1.0-rc1Matthew Heon2021-03-08
|/ / | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #9665 from psgreco/master-checkexistentvolumesOpenShift Merge Robot2021-03-08
|\ \ | |/ |/| [NO TESTS NEEDED] Compat API: Avoid trying to create volumes if they already exist
| * Compat API: Avoid trying to create volumes if they already existPablo Greco2021-03-08
|/ | | | | | Fixes commit: 53d22c779c5d2df5ccda5a8e23db0501a0dadf44 Signed-off-by: Pablo Greco <pgreco@centosproject.org>
* Merge pull request #9627 from xatier/masterOpenShift Merge Robot2021-03-08
|\ | | | | [NO TESTS NEEDED] Bump pre-commit-hooks version
| * [NO TESTS NEEDED] Bump pre-commit-hooks versionxatier2021-03-05
| | | | | | | | Signed-off-by: xatier <xatierlike@gmail.com>
* | Merge pull request #9659 from ↵OpenShift Merge Robot2021-03-08
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.11.0 Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
| * | Bump github.com/onsi/gomega from 1.10.5 to 1.11.0Daniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.5 to 1.11.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.10.5...v1.11.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9592 from rhatdan/timestampOpenShift Merge Robot2021-03-08
|\ \ \ | | | | | | | | Numerous buildah fixes found by Ed's testing of buildah tests against podman.
| * | | build-argDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | podman build --build-arg should fall back to environmentDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9571 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Add support for podman build --ignorefileDaniel J Walsh2021-03-07
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9570 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9649 from rhatdan/kubeOpenShift Merge Robot2021-03-08
|\ \ \ \ | |_|/ / |/| | | Allow users to generate a kubernetes yaml off non running containers
| * | | Allow users to generate a kubernetes yaml off non running containersDaniel J Walsh2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you attempt to create a kube.yaml file off of a non running container where the container runs as a specific User, the creation fails because the storage container is not mounted. Podman is supposed to read the /etc/passwd entry inside of the container but since the container is not mounted, the c.State.Mountpoint == "". Podman incorrectly attempts to read /etc/passwd on the host, and fails if the specified user is not in the hosts /etc/passwd. This PR mounts the storage container, if it was not mounted so the read succeeds. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9658 from ↵OpenShift Merge Robot2021-03-08
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.15.1 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
| * | | | Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1dependabot-preview[bot]2021-03-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.0 to 1.15.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.15.0...v1.15.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9525 from vrothberg/pruneOpenShift Merge Robot2021-03-08
|\ \ \ \ | |/ / / |/| | | [NO TESTS NEEDED] Prune and debloat
| * | | turn hidden --trace into a NOPValentin Rothberg2021-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --trace has helped in early stages analyze Podman code. However, it's contributing to dependency and binary bloat. The standard go tooling can also help in profiling, so let's turn `--trace` into a NOP. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | pkg/terminal: use c/storage/pkg/homedirValentin Rothberg2021-03-08
|/ / / | | | | | | | | | | | | | | | This also prunes the dependency on `k8s.io/client-go`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9647 from mlegenovic/masterOpenShift Merge Robot2021-03-07
|\ \ \ | | | | | | | | Compat API: Fix the response of 'push image' endpoint
| * | | Correct compat images/{name}/push responseMilivoje Legenovic2021-03-07
| | |/ | |/| | | | | | | Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #9648 from jmguzik/unify-mount-constsOpenShift Merge Robot2021-03-07
|\ \ \ | |_|/ |/| | [NO TESTS NEEDED] Cleanup/unify mount consts
| * | replace local mount consts with libpod/defineJakub Guzik2021-03-07
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * | separate file with mount consts in libpod/defineJakub Guzik2021-03-07
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #9640 from TomSweeneyRedHat/dev/tsweeney/ctrnetwork091OpenShift Merge Robot2021-03-06
|\ \ \ | | | | | | | | Bump github.com/containernetworking/plugins to v0.9.1
| * | | Bump github.com/containernetworking/plugins to v0.9.1TomSweeneyRedHat2021-03-05
| |/ / | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #9641 from jmguzik/doc-build-fixOpenShift Merge Robot2021-03-06
|\ \ \ | |/ / |/| | [ci skip] Bad formatting fix in build documentation
| * | [ci skip] Bad formatting fix in build documentationJakub Guzik2021-03-06
|/ / | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9599 from rhatdan/selinuxOpenShift Merge Robot2021-03-05
|\ \ | | | | | | Add tests for selinux kvm/init labels
| * | Add tests for selinux kvm/init labelsDaniel J Walsh2021-03-04
| |/ | | | | | | | | | | spc_t tests should be able to run rootless as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9635 from rhatdan/stopOpenShift Merge Robot2021-03-05
|\ \ | | | | | | podman-remote stop -time 0 does not work
| * | podman-remote stop -time 0 does not workDaniel J Walsh2021-03-05
| | | | | | | | | | | | | | | | | | | | | | | | This patch will allow users to pass in the time 0. Currently the timeout will take 10 seconds if user passes in the 0 flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9624 from mheon/fix_9615OpenShift Merge Robot2021-03-05
|\ \ \ | |/ / |/| | [NO TESTS NEEDED] Do not return from c.stop() before re-locking
| * | Do not return from c.stop() before re-lockingMatthew Heon2021-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlocking an already unlocked lock is a panic. As such, we have to make sure that the deferred c.lock.Unlock() in c.StopWithTimeout() always runs on a locked container. There was a case in c.stop() where we could return an error after we unlock the container to stop it, but before we re-lock it - thus allowing for a double-unlock to occur. Fix the error return to not happen until after the lock has been re-acquired. Fixes #9615 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #9622 from jmguzik/network-rm-fixOpenShift Merge Robot2021-03-05
|\ \ \ | | | | | | | | Fix podman network rm (-f) workflow
| * | | Fix for podman network rm (-f) workflowJakub Guzik2021-03-05
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9628 from ↵OpenShift Merge Robot2021-03-05
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/buildah-1.19.7 Bump github.com/containers/buildah from 1.19.6 to 1.19.7
| * | | | Bump github.com/containers/buildah from 1.19.6 to 1.19.7dependabot-preview[bot]2021-03-05
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.19.6 to 1.19.7. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.19.6...v1.19.7) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9593 from vrothberg/cp-tmpOpenShift Merge Robot2021-03-05
|\ \ \ \ | |_|_|/ |/| | | podman cp: support copying on tmpfs mounts
| * | | podman cp: support copying on tmpfs mountsValentin Rothberg2021-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>