| Commit message (Collapse) | Author | Age |
|\
| |
| |
| |
| | |
andylibrian/kube-generate-support-resource-limits-7855
Add support for resource memory limit to generate kube
|
| |
| |
| |
| | |
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
| |
| |
| |
| |
| |
| | |
addresses #7855
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
|\ \
| | |
| | | |
Fix podman-remote ps --ns broken
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| |/ /
|/| | |
Add SELinux support for pods
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All containers within a Pod need to run with the same SELinux
label, unless overwritten by the user.
Also added a bunch of SELinux tests to make sure selinux labels
are correct on namespaces.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
[podman-remote] Fix closed connection on pull causes service panic
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
podman-remote does not support most of the global flags
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman-remote --help is showing a bunch of global flags that it
does not support
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
compat: images/create: fix tag parsing
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The `tag` parameter of the compat `images/create` endpoint can be both,
a tag and a digest. Fix parsing of the parameter to detect digests and
use the appropriate `@` separator.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Restore "table" --format from V1
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* --format "table {{.field..." will print fields out in a table with
headings. Table keyword is removed, spaces between fields are
converted to tabs
* Update parse.MatchesJSONFormat()'s regex to be more inclusive
* Add report.Headers(), obtain all the field names to be used as
column headers, a map of field name to column headers may be provided
to override the field names
* Update several commands to use new functions
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
libpod: check there are enough gids before adding them
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
check there are enough gids in the user namespace before adding
supplementary gids from /etc/group.
Follow-up for baede7cd2776b1f722dcbb65cff6228eeab5db44
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[podman run] --rm option shold conflicts with --restart
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix Podman logs reading journald
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
A podman could not read logs written to journald properly, due to a tail config bug.
Added a system test to check this - since e2e tests don't like journald
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
image prune: remove all candidates
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Make sure to remove images until there's nothing left to prune.
A single iteration may not be sufficient.
Fixes: #7872
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
containers/dependabot/go_modules/github.com/containers/common-0.24.0
Bump github.com/containers/common from 0.23.0 to 0.24.0
|
| | |_|_|_|/ / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.23.0...v0.24.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
logformatter: add Synopsis at top of each page
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
At the top of each generated page, add a Synopsis table with:
PR number/name, and link to github
Author name(s)
Test name (fedora/ubuntu, rootless, etc)
Cirrus build ID (usually uninteresting)
Cirrus task ID (usu. important), with link to Cirrus
The value of $SPECIALMODE
This is all we can get from the Cirrus environment in
which logformatter runs; we can't get things like
cgroup manager or username that the test runs under.
Note that the table is at the top, which is usually
unseen because we autoscroll to the bottom on
page load. I tentatively think that top is a more
natural place for this info than bottom, but am
willing to listen to arguments against.
Also, one minor tweak: highlight podman commands in
the BATS output. The idea is to make it easier for the eye
to spot those, then copy/paste them to find a reproducer.
And, sigh, disable the new 'podman network create'
system test. It is flaking much too much.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \ \ \ \
| |_|/ / / / / / /
|/| | | | | | | | |
Correct to latest version
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Lars Gohr <elgohr@oss.volkswagen.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
containers/dependabot/go_modules/github.com/containers/buildah-1.16.4
Bump github.com/containers/buildah from 1.16.2 to 1.16.4
|
| |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.16.2...v1.16.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
spec: modprobe fuse with --device .*/fuse
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If the container uses the /dev/fuse device, attempt to load the fuse
kernel module first so that nested containers can use it.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1872240
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
remote: fix name and ID collisions of containers and pods
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix the look up of containers and pods in the remote client. User input
can refer to both, names or IDs of containers and pods, so there is a
fair chance of collisions (e.g., "c1" name with a "c1...." ID).
Those collisions are well handled (and battle tested) in the local
client which is directly using the libpod backend. Hence, the remote
client should not attempt to introduce its own logic to prevent bugs and
divergence between the local and the remote clients. To prevent
collisions such as in #7837, do a container/pod inspect on the
user-provided input to find the corresponding ID and eventually do full
ID comparisons to avoid potential collisions with names.
Note that this has a cost that I am not entirely happy with. Looking at
issue #7837, the collisions are happening when removing the two
containers. Remote container removal is now very chatty with the server
as it first queries for all containers, then iterates over the provided
names or IDs and does a remote inspect to figure out the IDs and find a
matching container object. However, remote removal could just pass the
names and IDs directly to the batch removal endpoint. Querying for all
containers could be prevented if the batch removal endpoint would remove
all if the slice is empty.
In other words, the bug is fixed but there's room for performance
improvements.
Fixes: #7837
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Fix for incorrect evaluation of error condition within libpod.LabelVolumePath.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
A reading of LabelVolumePath suggests that the intended behavior
upon encountering ENOTSUP is to log the issue and continue without
error, while all other errors in the Relabeling operation should
be considered errors of LabelVolumePath and passed up accordingly.
This is not the behavior that is encountered, as this test shows:
it is instead considered an error if and only if the Relabeling
operation returns ENOTSUP, spitting out a somewhat incongruous
error message, while all other error types that may be returned
are logged without being propogated, with an even more incongruous
error message saying that the operation was not supported.
The comparison was changed to match the behavior documented by the
log messages, and a test was added that will simulate executing
this function on a path where the mounted filesystem does not
support SELinux labels, with the assertion that the function should
not return an error in order to highlight the condition these
changes seek to alleviate.
Signed-off-by: Peter <peter@psanders.me>
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ /
|/| | | | | | | | |
Migrate container images to automation_images
|
| | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Add X-Registry-Config support
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* Refactor auth pkg to support X-Registry-Config
* Refactor build endpoint to support X-Registry-Config. Supports:
* --creds
* --authfile
* Added X-Reference-Id Header to http.Request to support log event
correlation
* Log headers from http.Request
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|/ / / /
|/| | | | | | | | |
fix compat api privileged and entrypoint code
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
when adding /dev to a privileged container using the compatibility API, we need to make sure we dont pass on devices that are simply symlinks. this was already being done by specgen but not on the compat. side.
the entrypoint code that was recently rewritten for the compatibility layer was also failing due to the odd inputs that docker is willing to accept in its json, specifically [] vs "". in the case of the latter, this was being made into a []string with a len of one but no content. this would then be used to prefix the command to run in the container and would fail. For example " ls" vs "ls".
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|_|/ /
|/| | | | | | | |
system test: untag all test
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Extend the system tests to test `podman untag $image` without further
arguments to force removing all tags from the image.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Add additionalGIDs from users in rootless mode
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
There is a risk here, that if the GID does not exists
within the User Namespace the container will fail to start.
This is only likely to happen in HPC Envioronments, and I think
we should add a field to disable it for this environment,
Added a FIXME for this issue.
We currently have this problem with running a rootfull container within
a user namespace, it will fail if the GID is not available.
I looked at potentially checking the usernamespace that you are assigned
to, but I believe this will be very difficult to code up and to figure out.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Podman containers/pods prune should throw an error if user adds args
|