summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #10407 from ↵OpenShift Merge Robot2021-05-20
|\ | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.0-rc95 Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
| * Bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95dependabot[bot]2021-05-20
| | | | | | | | | | | | | | Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0-rc94 to 1.0.0-rc95. - [Release notes](https://github.com/opencontainers/runc/releases) - [Commits](https://github.com/opencontainers/runc/compare/v1.0.0-rc94...v1.0.0-rc95) Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #10402 from EmmanuelKasper/patch-1OpenShift Merge Robot2021-05-20
|\ \ | |/ |/| [CI:DOCS] [NO TESTS NEEDED] Use conflist suffix when downloading the basic network configuration
| * Use correct extension for example network configEmmanuel Kasper2021-05-20
| | | | | | | | | | | | | | | | | | | | This solves the error: # podman network ls ERRO[0000] Error loading CNI config file /etc/cni/net.d/87-podman-bridge.conf: error parsing configuration: missing 'type when creating an initial CNI config. Signed-off-by: Emmanuel Kasper <emmanuel@libera.cc>
* | Merge pull request #10377 from vrothberg/test-commonOpenShift Merge Robot2021-05-20
|\ \ | | | | | | update c/common
| * | update c/commonValentin Rothberg2021-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update containers common to the latest HEAD. Some bug fixes in libimage forced us to have a clearer separation between ordinary images and manifest lists. Hence, when looking up manifest lists without recursing into any of their instances, we need to use `LookupManifestList()`. Also account for some other changes in c/common (e.g., the changed order in the security labels). Further vendor the latest HEAD from Buildah which is required to get the bud tests to pass. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10235 from rhatdan/manifestOpenShift Merge Robot2021-05-20
|\ \ \ | |/ / |/| | Add support for podman manifest rm command
| * | Add support for podman manifest rm commandDaniel J Walsh2021-05-19
| |/ | | | | | | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10395 from ↵OpenShift Merge Robot2021-05-19
|\ \ | |/ |/| | | | | containers/dependabot/go_modules/k8s.io/api-0.21.1 Bump k8s.io/api from 0.21.0 to 0.21.1
| * Bump k8s.io/api from 0.21.0 to 0.21.1dependabot[bot]2021-05-19
| | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.21.0 to 0.21.1. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.21.0...v0.21.1) Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #10399 from vrothberg/systemd-docsOpenShift Merge Robot2021-05-19
|\ \ | | | | | | [CI:DOCS] docs: generate systemd: XDG_RUNTIME_DIR
| * | docs: generate systemd: XDG_RUNTIME_DIRValentin Rothberg2021-05-19
| | | | | | | | | | | | | | | | | | | | | A conversation on the customer portal suggests that to add an extra note about the requirement of XDG_RUNTIME_DIR to be set. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10327 from rhatdan/copyOpenShift Merge Robot2021-05-19
|\ \ \ | | | | | | | | Fix problem copying files when container is in host pid namespace
| * | | Fix problem copying files when container is in host pid namespaceDaniel J Walsh2021-05-19
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When attempting to copy files into and out of running containers within the host pidnamespace, the code was attempting to join the host pidns again, and getting an error. This was causing the podman cp command to fail. Since we are already in the host pid namespace, we should not be attempting to join. This PR adds a check to see if the container is in NOT host pid namespace, and only then attempts to join. Fixes: https://github.com/containers/podman/issues/9985 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10371 from matejvasek/fix-wait-compatOpenShift Merge Robot2021-05-19
|\ \ \ | |_|/ |/| | fix: response of containers wait endpoint
| * | fix: response body of containers wait endpointMatej Vasek2021-05-18
| | | | | | | | | | | | | | | | | | | | | The `Error` part of response must be nil (or omitted) if no error occurred. Before this commit a zero value for the struct was returned. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #10396 from ↵OpenShift Merge Robot2021-05-19
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/vbauerster/mpb/v6-6.0.4 Bump github.com/vbauerster/mpb/v6 from 6.0.3 to 6.0.4
| * | | Bump github.com/vbauerster/mpb/v6 from 6.0.3 to 6.0.4dependabot[bot]2021-05-19
| | |/ | |/| | | | | | | | | | | | | | | | Bumps [github.com/vbauerster/mpb/v6](https://github.com/vbauerster/mpb) from 6.0.3 to 6.0.4. - [Release notes](https://github.com/vbauerster/mpb/releases) - [Commits](https://github.com/vbauerster/mpb/compare/v6.0.3...v6.0.4) Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10398 from ↵OpenShift Merge Robot2021-05-19
|\ \ \ | |/ / |/| | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.21.1 Bump k8s.io/apimachinery from 0.21.0 to 0.21.1
| * | Bump k8s.io/apimachinery from 0.21.0 to 0.21.1dependabot[bot]2021-05-19
|/ / | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.21.0 to 0.21.1. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.21.0...v0.21.1) Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #10369 from jmguzik/network-http-docs-fixesOpenShift Merge Robot2021-05-18
|\ \ | |/ |/| Fix formatting and indentation in network http api docs
| * Fix formatting and indentation in network http api docsJakub Guzik2021-05-17
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10372 from jwhonce/issues/9238OpenShift Merge Robot2021-05-18
|\ \ | | | | | | Break up python APIv2 tests
| * | Break up python APIv2 testsJhon Honce2021-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Tests broken up into areas of concern * Introduced fixtures to reduce duplicated code * Introduced new assert methods with APITestCase * General cleanup of code while visiting * Tests now targeting quay.io Known issues: * is-official against quay.io not working Fixes: #9238 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #10370 from mheon/add_commits_scriptOpenShift Merge Robot2021-05-18
|\ \ \ | | | | | | | | Add script for identifying commits in release branches
| * | | Add script for identifying commits in release branchesMatthew Heon2021-05-17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the worst parts of a Podman release is writing the release notes. It requires manually going through all merged commits since the last release, figuring out what was actually done, and writing a small blurb about what was fixed. The worst part of this is the difficulty in finding the commits that were actually included in previous releases - our extensive backports to prior releases mean that there are usually dozens of commits that were included in a prior release, but do not have a matching SHA (as the original author did not do the backport, and often the commit required massaging to cherry-pick in). This script automates the job of finding commits in one release branch that are not in another, with filtering to remove most cherry-picked commits. It makes my life a lot easier during releases, so I figured I'd include it in hack/ so anyone else stuck with the enjoyable task of writing release notes can have a slightly easier life. The script is written in absolutely terrible Ruby and its performance is absolutely terrible, but you only need to run it once per major release and a 30-second wait to generate the list of commits to include isn't bad. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #10334 from mheon/add_relabel_vol_pluginOpenShift Merge Robot2021-05-17
|\ \ \ | | | | | | | | Ensure that :Z/:z/:U can be used with named volumes
| * | | Ensure that :Z/:z/:U can be used with named volumesMatthew Heon2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker allows relabeling of any volume passed in via -v, even including named volumes. This normally isn't an issue at all, given named volumes get the right label for container access automatically, but this becomes an issue when volume plugins are involved - these aren't managed by Podman, and may well be unaware of SELinux labelling. We could automatically relabel these volumes on creation, but I'm still reluctant to do that (feels like it could break things). Instead, let's allow :z and :Z to be used with named volumes, so users can explicitly request relabel of a volume plugin-backed volume. We also get :U at the same time. I don't see any real need for it but it also doesn't seem to hurt, so I didn't bother disabling it. Fixes #10273 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #10339 from rhatdan/selinuxOpenShift Merge Robot2021-05-17
|\ \ \ \ | | | | | | | | | | Support automatic labeling of kube volumes
| * | | | Support automatic labeling of kube volumesDaniel J Walsh2021-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to specify options on the volume mount path. This will trigger relabels of user specifies :z,:Z Also will handle User Relabels if the user specifies :U Fixes: https://github.com/containers/podman/issues/9371 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ \ \ \ \ | | | | | | | | | | | | Support uid,gid,mode options for secrets
| * | | | | Support uid,gid,mode options for secretsAshley Cui2021-05-17
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | Merge pull request #10270 from rhatdan/mtabOpenShift Merge Robot2021-05-17
|\ \ \ \ \ | | | | | | | | | | | | Create the /etc/mtab file if does not exists
| * | | | | Create the /etc/mtab file if does not existsDaniel J Walsh2021-05-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should create the /etc/mtab->/proc/mountinfo link so that mount command will work within the container. Docker does this by default. Fixes: https://github.com/containers/podman/issues/10263 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #10328 from Luap99/completionsOpenShift Merge Robot2021-05-17
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Several shell completion fixes
| * | | | | Several shell completion fixesPaul Holzinger2021-05-17
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - fix network filters - add prune filters - pod create --share support comma separated namespaces [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ \ \ \ | | | | | | | | | | | | image prune: remove unused images only with `--all`
| * | | | | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #9972 from bblenard/issue-5651-hostname-for-container-gatewayOpenShift Merge Robot2021-05-17
|\ \ \ \ \ | | | | | | | | | | | | Add host.containers.internal entry into container's etc/hosts
| * | | | | Add host.containers.internal entry into container's etc/hostsBaron Lenardson2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the entry `host.containers.internal` to the `/etc/hosts` file within a new containers filesystem. The ip address is determined by the containers networking configuration and points to the gateway address for the containers networking namespace. Closes #5651 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | | | | | Merge pull request #10356 from Luap99/network-reload-rootlessOpenShift Merge Robot2021-05-17
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | podman network reload add rootless support
| * | | | | podman network reload add rootless supportPaul Holzinger2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #10357 from srcshelton/patch-1OpenShift Merge Robot2021-05-17
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Update to actions/stale@v3
| * | | | | Use more recent `stale` release...Stuart Shelton2021-05-16
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | … as currently with `v1`, `remove-stale-when-updated` is set but isn't causing labels to be updated when comments are added. Signed-off-by: Stuart Shelton <stuart@shelton.me>
* | | | | Merge pull request #10346 from Luap99/network-docOpenShift Merge Robot2021-05-16
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] network tutorial: update with rootless cni changes
| * | | | | network tutorial: update with rootless cni changesPaul Holzinger2021-05-15
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Starting with podman v3.2 rootless cni will work without the rootless-cni-infra container. Update the network tutorial to reflect the latest changes and mention that the infra container can be removed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #10332 from TomSweeneyRedHat/dev/tsweeney/fixintroOpenShift Merge Robot2021-05-15
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Update first line in intro page
| * | | | [CI:DOCS] Update first line in intro pageTomSweeneyRedHat2021-05-14
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove the word `consumption` and give a better description for the first line of the introduction page. Fixes: #10325 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #10341 from vrothberg/auto-update-pruneOpenShift Merge Robot2021-05-14
|\ \ \ \ | | | | | | | | | | auto-update service: prune images
| * | | | auto-update service: prune imagesValentin Rothberg2021-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend the systemd auto-update service to prune images after an update has run. As reported by a user [1], auto updates can over time cause the disk to run out of space. With Edge being a target use case, we need to make sure that systems can run without much supervision, so let's make sure to run `podman image prune` to clean up dangling images. [1] https://twitter.com/r_isc_y/status/1388981737011793921 Fixes: #10190 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>