summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
| | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8212 from ↵OpenShift Merge Robot2020-11-02
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.23.8 Bump github.com/containers/storage from 1.23.7 to 1.23.8
| * Bump github.com/containers/storage from 1.23.7 to 1.23.8dependabot-preview[bot]2020-11-02
|/ | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.23.7 to 1.23.8. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.23.7...v1.23.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8197 from giuseppe/check-cgroupv2-swap-enabledOpenShift Merge Robot2020-10-31
|\ | | | | specgen, cgroup2: check whether memory swap is enabled
| * specgen, cgroup2: check whether memory swap is enabledGiuseppe Scrivano2020-10-30
| | | | | | | | | | | | add a similar check to what we do on cgroup v1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * specgen: split cgroup v1 and cgroup v2 codeGiuseppe Scrivano2020-10-30
| | | | | | | | | | | | refactor function into two separate ones. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ \ | | | | | | Fix dnsname when joining a different network namespace in a pod
| * | Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| |/ | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8201 from QiWang19/search-limitOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Remove search limit since pagination support
| * | Remove search limit since pagination supportQi Wang2020-10-30
| |/ | | | | | | | | | | Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8202 from TomSweeneyRedHat/dev/tsweeney/buildahv1.17.0OpenShift Merge Robot2020-10-30
|\ \ | | | | | | Bump Buildah to v1.17.0
| * | Bump Buildah to v1.17.0TomSweeneyRedHat2020-10-30
| | | | | | | | | | | | | | | | | | Bump Buildah to v1.17.0 on Master. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ \ | | | | | | | | Stop excessive wrapping of errors
| * | | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8200 from haircommander/parse-segfaultOpenShift Merge Robot2020-10-30
|\ \ \ | |_|/ |/| | spec: protect against segfault
| * | spec: protect against segfaultPeter Hunt2020-10-30
| |/ | | | | | | | | | | when the user passes in "/dev/null::w" Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #8196 from giuseppe/specgen-swap-limit-err-messageOpenShift Merge Robot2020-10-30
|\ \ | | | | | | specgen: fix error message
| * | specgen: fix error messageGiuseppe Scrivano2020-10-30
| |/ | | | | | | | | | | drop spurious comma. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8191 from mheon/no_error_on_sigproxy_stoppedOpenShift Merge Robot2020-10-30
|\ \ | | | | | | When container stops, drop sig-proxy errors to infos
| * | When container stops, drop sig-proxy errors to infosMatthew Heon2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sig-proxy code is set up to error on failing to forward signals to a container. This is reasonable in cases where the container is running, but something strange went wrong - but when the Kill fails because the container is stopped, we shouldn't bother with aggressive Error logging since this is an expected part of the container lifecycle - it stops, and then `podman run` also stops, but there is a timing window in between where signals will fail to be proxied, and we should not print angry errors during that. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8127 from ↵OpenShift Merge Robot2020-10-30
|\ \ \ | | | | | | | | | | | | | | | | andylibrian/grab-systemd-mount-flags-from-the-host-7661 Improve setupSystemd, grab mount options from the host
| * | | Improve setupSystemd, grab mount options from the hostAndy Librian2020-10-30
| | |/ | |/| | | | | | | | | | | | | fixes #7661 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #8187 from jwhonce/wip/tableOpenShift Merge Robot2020-10-30
|\ \ \ | | | | | | | | Restore --format table header support
| * | | Restore --format table header supportJhon Honce2020-10-29
| | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #8192 from rhatdan/shmOpenShift Merge Robot2020-10-30
|\ \ \ \ | | | | | | | | | | Pod's that share the IPC Namespace need to share /dev/shm
| * | | | Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8199 from cevich/fix_missing_linksOpenShift Merge Robot2020-10-30
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix broken CI readme links
| * | | | [CI:DOCS] Fix broken CI readme linksChris Evich2020-10-30
| |/ / / | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #8188 from cevich/workaround_agent_stopped_respondingOpenShift Merge Robot2020-10-30
|\ \ \ \ | |/ / / |/| | | Cirrus: Workaround F32 BFQ Kernel bug
| * | | Cirrus: Workaround F32 BFQ Kernel bugChris Evich2020-10-30
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #8174 from rhatdan/errorsOpenShift Merge Robot2020-10-29
|\ \ \ \ | | | | | | | | | | Podman often reports OCI Runtime does not exist, even if it does
| * | | | Podman often reports OCI Runtime does not exist, even if it doesDaniel J Walsh2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the OCI Runtime tries to set certain settings in cgroups it can get the error "no such file or directory", the wrapper ends up reporting a bogus error like: ``` Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error {"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500} ``` On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting message":"open io.max: No such file or directory Which is what we want the user to concentrate on. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #8189 from mheon/further_fix_pull_flagOpenShift Merge Robot2020-10-29
|\ \ \ \ \ | | | | | | | | | | | | Fix the `--pull` flag to `podman build` to match Docker
| * | | | | Fix the `--pull` flag to `podman build` to match DockerMatthew Heon2020-10-29
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The behavior should be as follows: Unset, pull if missing by default, obey the `--pull-never` and `--pull-always` flags. Set to false, pull never. Set to true, pull always. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #8186 from Luap99/fix-8184OpenShift Merge Robot2020-10-29
|\ \ \ \ \ | |/ / / / |/| | | | Create the default root API address path
| * | | | Create the default root API address pathPaul Holzinger2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8184 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #8085 from TomSweeneyRedHat/dev/tsweeney/fixpullsOpenShift Merge Robot2020-10-29
|\ \ \ \ \ | | | | | | | | | | | | Fix pull method selection
| * | | | | Fix pull method selectionTomSweeneyRedHat2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using 'podman build --pull=true', the image was not pulled if the image being pulled was present locally, but a newer version was in the repository. It was only pulled if there was no image in local storage. In addition, the pull-never option was ignored. The line `if flags.Pull{` at line 244 was always returning true negating the default pullPolicy of PullNever. Reworked the algorthim for the selection process. Now PullIfNewer is set to the default, and then we set the pullPolicy appropriately based on the other flags passed in to this routine. As an FYI, logic run in the calling functions ensures that we have only one pull flag in the command. Addresses: #8024 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | new "image" mount type
| * | | | | new "image" mount typeValentin Rothberg2020-10-29
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #8046 from cevich/simplify_environmentOpenShift Merge Robot2020-10-29
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Simplify setting/passing env. vars.
| * | | | | Cirrus: Simplify setting/passing env. vars.Chris Evich2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test VMs by design are to be single-purpose, single-use, and readily disposable. Therefore it's unnecessary to overcomplicate storage of runtime environment variables. This commit makes these points clear, and reorganizes all CI-related env. vars on the system into a single location, `/etc/ci_environment`. This file is then automatically loaded, and variables exported, (by `lib.sh`) from `runner.sh` prior to executing all forms of testing. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | Move from docker.io
| * | | | | | move from docker.ioEd Santiago2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | | | | Cirrus: Use google mirror for docker.ioChris Evich2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Cirrus: Always record runc/crun versionsChris Evich2020-10-28
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | NewFromLocal can return multiple images