summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Ensure WORKDIR from images is createdMatthew Heon2020-08-03
| | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7168 from QiWang19/exec-fdsOpenShift Merge Robot2020-07-31
|\ | | | | Fix close fds of exec --preserve-fds
| * Fix close fds of exec --preserve-fdsQi Wang2020-07-31
| | | | | | | | | | | | Fix the closing of fds from --preserve-fds to avoid the operation on unrelated fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7120 from QiWang19/preserve-fdOpenShift Merge Robot2020-07-31
|\ \ | |/ |/| Fix close fds of run --preserve-fds
| * fix close fds of run --preserve-fdsQi Wang2020-07-30
| | | | | | | | | | | | | | Test flakes mentioned in #6987 might be caused by uncorrect closing of file descriptor. Fix the code to close file descriptors for podman run since it may close those used by other processes. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7164 from giuseppe/volumes-chown-no-recurseOpenShift Merge Robot2020-07-31
|\ \ | | | | | | volumes: do not recurse when chowning
| * | volumes: do not recurse when chowningGiuseppe Scrivano2020-07-31
| |/ | | | | | | | | | | | | | | | | keep the file ownership when chowning and honor the user namespace mappings. Closes: https://github.com/containers/podman/issues/7130 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #7162 from giuseppe/add-rootless-checksOpenShift Merge Robot2020-07-31
|\ \ | | | | | | rootless: do not ignore errors if mappings are specified
| * | rootless: add a check for the host id included in the rangeGiuseppe Scrivano2020-07-30
| | | | | | | | | | | | | | | | | | | | | add a check to verify whether the additional IDs also contain the host ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: child exits immediately on userns errorsGiuseppe Scrivano2020-07-30
| | | | | | | | | | | | | | | | | | | | | if the parent process failed to create the user namespace, let the child exit immediately. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: do not ignore errors if mappings are specifiedGiuseppe Scrivano2020-07-30
| |/ | | | | | | | | | | | | | | | | | | when setting up the user namespace do not ignore errors from newuidmap/newgidmap if there are mappings configured. The single user mapping is a fallback only when there are not mappings specified for the user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #7159 from ashley-cui/runningforOpenShift Merge Robot2020-07-31
|\ \ | | | | | | add {{.RunningFor}} placeholder in ps --format
| * | add {{.RunningFor}} placeholder in ps --formatAshley Cui2020-07-30
| |/ | | | | | | | | | | For docker compatibility Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #7161 from Luap99/fix#7160OpenShift Merge Robot2020-07-30
|\ \ | |/ |/| fix swapped mem_usage/percent fields
| * fix swapped mem_usage/percent fieldsPaul Holzinger2020-07-30
|/ | | | | | Correct the wrong field assignment in `podman stats --format=json`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7156 from zhangguanzhang/masterOpenShift Merge Robot2020-07-30
|\ | | | | fix podman system df format error
| * fix podman system df format errorzhangguanzhang2020-07-31
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7155 from mheon/fix_rmi_forceOpenShift Merge Robot2020-07-30
|\ \ | |/ |/| Ensure that 'rmi --force' evicts Podman containers
| * Ensure that 'rmi --force' evicts Podman containersMatthew Heon2020-07-30
|/ | | | | | | | | | | | | | | | | | | | | The logic for `podman rmi --force` includes a bit of code that will remove Libpod containers using Libpod's container removal logic - this ensures that they're cleanly and completely removed. For other containers (Buildah, CRI-O, etc) we fall back to manually removing the containers using the image from c/storage. Unfortunately, our logic for invoking the Podman removal function had an error, and it did not properly handle cases where we were force-removing an image with >1 name. Force-removing such images by ID guarantees their removal, not just an untag of a single name; our code for identifying whether to remove containers did not proper detect this case, so we fell through and deleted the Podman containers as storage containers, leaving traces of them in the Libpod DB. Fixes #7153 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7151 from edsantiago/batsOpenShift Merge Robot2020-07-30
|\ | | | | System tests: new system-df and passwd tests
| * System tests: new system-df and passwd testsEd Santiago2020-07-30
|/ | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7146 from rhatdan/formatOpenShift Merge Robot2020-07-30
|\ | | | | Don't crash when giving bogus format commands
| * Don't crash when giving bogus format commandsDaniel J Walsh2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7147 from rhatdan/historyOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Return NamesHistory when returning remote images
| * | Return NamesHistory when returning remote imagesDaniel J Walsh2020-07-29
| |/ | | | | | | | | | | | | We are returning bogus data in podman-remote images --format json. This change will match the same data returned my podman images --format json. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7074 from mheon/multi_ctrport_okOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Binding the same container port to >1 host port is OK
| * | Binding the same container port to >1 host port is OKMatthew Heon2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7143 from edsantiago/skip_flaky_binding_testOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | bindings: skip flaky pause/unpause test
| * | | bindings: skip flaky pause/unpause testEd Santiago2020-07-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | The "podman wait to pause|unpause condition" test is failing several times a day, always a flake. Issue #6518. Disable it until the cause can be identified and fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6991 from mheon/change_passwd_ondiskOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Make changes to /etc/passwd on disk for non-read only
| * | | Make changes to /etc/passwd on disk for non-read onlyMatthew Heon2020-07-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bind-mounting /etc/passwd into the container is problematic becuase of how system utilities like `useradd` work. They want to make a copy and then rename to try to prevent breakage; this is, unfortunately, impossible when the file they want to rename is a bind mount. The current behavior is fine for read-only containers, though, because we expect useradd to fail in those cases. Instead of bind-mounting, we can edit /etc/passwd in the container's rootfs. This is kind of gross, because the change will show up in `podman diff` and similar tools, and will be included in images made by `podman commit`. However, it's a lot better than breaking important system tools. Fixes #6953 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7142 from edsantiago/logformat_fix_gitcommitOpenShift Merge Robot2020-07-29
|\ \ \ \ | |_|/ / |/| | | logformatter: more libpod-podman fallout
| * | | logformatter: more libpod-podman falloutEd Santiago2020-07-29
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: formatted logs no longer have live links to sources in error-report lines. Cause: script was searching for '/libpod'. Solution: make it more flexible. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7131 from rhafer/image_search_descrOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Fix `podman image search` missing description
| * | | Fix `podman image search` missing descriptionRalf Haferkamp2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | | | Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ \ \ \ | |/ / / |/| | | Fix building from http or '-' options
| * | | Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6851 from rhatdan/mountOpenShift Merge Robot2020-07-29
|\ \ \ | | | | | | | | Add podman image mount
| * | | Add podman image mountDaniel J Walsh2020-07-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7109 from rhatdan/ipcOpenShift Merge Robot2020-07-28
|\ \ \ | | | | | | | | Specifying --ipc=host --pid=host is broken
| * | | Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-28
| |/ / | | | | | | | | | | | | | | | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7110 from edsantiago/batsOpenShift Merge Robot2020-07-28
|\ \ \ | |/ / |/| | System tests: add environment, volume tests
| * | System tests: add environment, volume testsEd Santiago2020-07-28
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests for #7094, in which symlinks in a volume would cause chown errors and nonrunnable containers. Tests for environment variable precedence, now include --env-host and proxy settings Fix a bug caught by covscan in helpers.t ('source' path would fail if path included spaces). Fix podman-run man page: it was incorrect in stating precedence between in-image environment and --env-host. Fixes: #7099 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ \ | | | | | | Switch all references to github.com/containers/libpod -> podman
| * | Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7098 from asottile/newline_on_errorOpenShift Merge Robot2020-07-28
|\ \ \ | | | | | | | | add newline to output in error message
| * | | add newline to output in error messageAnthony Sottile2020-07-27
| | | | | | | | | | | | | | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* | | | Merge pull request #7105 from AkihiroSuda/fix-cgroupversion-stringOpenShift Merge Robot2020-07-28
|\ \ \ \ | | | | | | | | | | compat/info.go: TrimPrefix(CGroupsVersion, "v")
| * | | | compat/info.go: TrimPrefix(CGroupsVersion, "v")Akihiro Suda2020-07-28
| |/ / / | | | | | | | | | | | | | | | | | | | | For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7079 from rhatdan/tuturialOpenShift Merge Robot2020-07-28
|\ \ \ \ | | | | | | | | | | update configuration for rootless podman
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-05 05:47:19 +0000