summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Fix multi-arch image build clone:failureChris Evich2021-06-16
| | | | | | | | | | | | | | A suspected recent change in docker (in github-actions Ubuntu environment) results in a error: ``` cannot clone: Operation not permitted Error: cannot re-exec process ``` Fix this by using podman to execute the container instead of docker. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #10451 from giuseppe/test-ENOSYSOpenShift Merge Robot2021-06-16
|\ | | | | tests: update CI images
| * .cirrus.yml: use c5521575421149184 for UbuntuGiuseppe Scrivano2021-06-16
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * test: drop invalid testGiuseppe Scrivano2021-06-16
| | | | | | | | | | | | | | | | | | runc-1.0-rc95 refuses destination paths that are not absolute. The test was causing a mount with a destination "[/etc/foo]" causing the OCI runtime to fail. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: move message from warning to debugGiuseppe Scrivano2021-06-16
| | | | | | | | | | | | | | | | | | if a pid could not be moved to a new cgroup, print a debug message instead of a warning. Closes: https://github.com/containers/podman/issues/10674 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: improve error messageGiuseppe Scrivano2021-06-16
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #10684 from Luap99/slirp-hostsOpenShift Merge Robot2021-06-16
|\ \ | | | | | | add correct slirp ip to /etc/hosts
| * | add correct slirp ip to /etc/hostsPaul Holzinger2021-06-15
| |/ | | | | | | | | | | | | | | | | The container name should have the slirp interface ip set in /etc/hosts and not the gateway ip. Commit c8dfcce6db0a introduced this regression. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1972073 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #10588 from cdoern/imgDocsOpenShift Merge Robot2021-06-16
|\ \ | | | | | | [CI:DOCS] converted query parameter for credentials to header parameter.
| * | Docs Switch from Query Param to Headercdoern2021-06-15
| | | | | | | | | | | | | | | | | | credentials switched from query param to header x-reg due to podman parsing the header for credentials not the query itself. Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #10629 from dilyanpalauzov/masterOpenShift Merge Robot2021-06-15
|\ \ \ | | | | | | | | [CI:DOCS] podman-run.1.md:detach-keys: spell the default value just once
| * | | podman-run.1.md:detach-keys: spell the default value just onceДилян Палаузов2021-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot assume that the submitter has time or will to read texts about symbolism in software contributions. If the system wants to see the text nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae in each commit, people will write this, or any other text, that the system wants to see. All such text, which presence is mandated by the system, has the same value. Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
* | | | Merge pull request #10680 from bburky/dockerfile-volume-permissionsDaniel J Walsh2021-06-15
|\ \ \ \ | | | | | | | | | | Create user storage dir with correct permissions in Dockerfiles
| * | | | Create user storage dir with correct permissionsBlake Burkhart2021-06-14
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Docker VOLUMEs will inherit permissions from an existing directory at the same path. If the path does not exist, the directory will be owned by root which makes this image unusable in rootless mode. Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
* | | | Merge pull request #10679 from cevich/fix_static_buildOpenShift Merge Robot2021-06-15
|\ \ \ \ | | | | | | | | | | Fix building static podman-remote
| * | | | Fix building static podman-remoteChris Evich2021-06-14
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As near as I can tell, sometime between `v1.6.4` and `v1.9` the definition of `LDFLAGS_PODMAN_STATIC` was both created and lost. Additionally, after a refactoring of the `Makefile` it was possible to enable CGO (which will cause a dynamic binary to be built). Fix both issues by adding the missing definition and forcing CGO to be disabled. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #10531 from rhatdan/volumeOpenShift Merge Robot2021-06-15
|\ \ \ \ | | | | | | | | | | Fix permissions on initially created named volumes
| * | | | Fix permissions on initially created named volumesDaniel J Walsh2021-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Permission of volume should match the directory it is being mounted on. Fixes: https://github.com/containers/podman/issues/10188 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #10595 from boaz0/closes_10539OpenShift Merge Robot2021-06-15
|\ \ \ \ \ | | | | | | | | | | | | Add podman-restart systemd unit file
| * | | | | Restart all containers with restart-policy=always on bootBoaz Shuster2021-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add podman-restart systemd unit file and add it to podman RPM package * Fix podman start to filter all containers + unit test Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | | Merge pull request #10622 from cdoern/imgImportFeatureOpenShift Merge Robot2021-06-15
|\ \ \ \ \ \ | | | | | | | | | | | | | | compat import imageFromSrc support for platform query parameter
| * | | | | | Image import fromSrc now supports OS/Archcdoern2021-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added handling in entities and compat to support passing a specified OS/Arch while importing from SRC. fixes #10566 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | | Merge pull request #10668 from zhangguanzhang/panic-cgroupOpenShift Merge Robot2021-06-15
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | [NO TESTS NEEDED] Fixes panic condition in cgroups.getAvailableControllers
| * | | | | | Fix panic condition in cgroups.getAvailableControllerszhangguanzhang2021-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | | | Merge pull request #10651 from rhatdan/buildOpenShift Merge Robot2021-06-14
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Add support for podman remote build -f - .
| * | | | | | Add support for podman remote build -f - .Daniel J Walsh2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10621 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #10652 from rhatdan/devicesOpenShift Merge Robot2021-06-14
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Fix handling of podman-remote build --device
| * | | | | | Fix handling of podman-remote build --deviceDaniel J Walsh2021-06-13
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10614 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #10525 from rhatdan/docs1OpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Add documentation on ignore_chown_errors
| * | | | | | Add documentation on ignore_chown_errorsDaniel J Walsh2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fixes: https://github.com/containers/podman/issues/10145 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #10601 from Procyhon/07062021_manpageOpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX
| * | | | | | | UPDATE manpages with MANPAGE_SYNTAXAlexander Richter2021-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following manpages have been adapted to the MANPAGE_SYNTAX: - podman-completion - podman-container-checkpoint - podman-container-cleanup - podman-container-exists The following manpages have had little changes: - podman-attach - podman-commit - MANPAGE_SYNTAX - Makefile Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
* | | | | | | | Merge pull request #10635 from adrianreber/2021-06-04-privilegedOpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix restoring of privileged containers
| * | | | | | | | Fix restoring of privileged containersAdrian Reber2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpointed containers started with --privileged fail during restore with: Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified This commit fixes it by not setting the labels when restoring a privileged container. [NO TESTS NEEDED] Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | | | | | | Merge pull request #10661 from mwhahaha/issue-10660OpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fall back to string for dockerfile parameter
| * | | | | | | | | Fall back to string for dockerfile parameterAlex Schultz2021-06-11
| | |_|_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9cb824981db3fee6b8445b29e513c89e9b9b00b changed the expectations of the dockerfile parameter to be json data however it's a string. In order to support both, let's attempt json and fall back to a string if the json parsing fails. Closes #10660 Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | | | | | | | | Merge pull request #10654 from Luap99/net-connectOpenShift Merge Robot2021-06-12
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / |/| | | | | | | | Fix network connect race with docker-compose
| * | | | | | | | Fix network connect race with docker-composePaul Holzinger2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect/disconnect has to call the cni plugins when the network namespace is already configured. This is the case for `ContainerStateRunning` and `ContainerStateCreated`. This is important otherwise the network is not attached to this network namespace and libpod will throw errors like `network inspection mismatch...` This problem happened when using `docker-compose up` in attached mode. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | | Merge pull request #10405 from mheon/always_cleanup_execOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Always spawn a cleanup process with exec
| * | | | | | | | | Add ExecDied event and use it to retrieve exit codesMatthew Heon2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When making Exec Cleanup processes mandatory, I introduced a race wherein attached exec sessions could be cleaned up and removed by the cleanup process before the frontend had a chance to get their exit code. Fortunately, we've dealt with this issue before in containers, and the same solution can be applied here. I added an event for an exec session's process exiting, `exec_died` (Docker has an identical event, so this actually improves our compatibility there) that includes the exit code of the exec session. If the race happens and the exec session no longer exists when we go to remove it, pick up exit code from the event and exit cleanly. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | | | | Always spawn a cleanup process with execMatthew Heon2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were previously only doing this for detached exec. I don't know why we did that, but I don't see any reason not to extend it to all exec sessions - it guarantees that we will always clean up exec sessions, even if the original `podman exec` process died. [NO TESTS NEEDED] because I don't really know how to test this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | | | | | Merge pull request #10638 from Luap99/volumeOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / |/| | | | | | | | | Fix volumes with uid and gid options
| * | | | | | | | | Fix volumes with uid and gid optionsPaul Holzinger2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman uses the volume option map to check if it has to mount the volume or not when the container is started. Commit 28138dafcc39 added to uid and gid options to this map, however when only uid/gid is set we cannot mount this volume because there is no filesystem or device specified. Make sure we do not try to mount the volume when only the uid/gid option is set since this is a simple chown operation. Also when a uid/gid is explicity set, do not chown the volume based on the container user when the volume is used for the first time. Fixes #10620 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | | | | Merge pull request #10542 from alvistack/master-linux-amd64OpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Update nix pin with `make nixpkgs`
| * | | | | | | | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2021-06-10
| |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Bugfix `make nixpkgs` which pin with branch `nixos-21.05` - Code lint with `nixpkgs-fmt` - Code sync between x86\_64 and aarch64 Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | | | | | | | Merge pull request #10646 from edsantiago/arm64OpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | System tests: the continuing multiarch saga
| * | | | | | | | | | System tests: the continuing multiarch sagaEd Santiago2021-06-10
| | |/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TL;DR podman needs "arm64" as arch, not "arm64v8". Unexpurgated version: docker.io publishes ${ARCH}/alpine for several values of ARCH. Unfortunately, the arm64 one is called "arm64v8", which is sensible, but podman needs the --arch value of the manifest to be exactly "arm64". So we need to special-case this value in our loop. Do so, and build/publish a new 20210610 testimage. Use that in tests moving forward. And, since we need to jump through the same hoops to build the nonlocal image, include it in the build loop instead of as a tacked-on comment. Try to be helpful by determining the next-available numeric tag. And: don't push anything by default. Instead, just tell the user what buildah-push commands to run. And: refactor $PODMAN_NONLOCAL_IMAGE_TAG, to make it easier for the RHEL-arch-testing folx to override using envariables instead of inplace-sed. (Not that they should ever need to override again, because this is the final multiarch commit that should be forevermore perfect and need no further commits ever again). And, finally, bump up to latest alpine/busybox images. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | | | | Merge pull request #10628 from ↵OpenShift Merge Robot2021-06-10
|\ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.32.2 Bump github.com/containers/storage from 1.32.1 to 1.32.2
| * | | | | | | | | Bump github.com/containers/storage from 1.32.1 to 1.32.2dependabot[bot]2021-06-10
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.1 to 1.32.2. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.1...v1.32.2) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | | | | Merge pull request #10609 from giuseppe/ignore-named-hierarchiesOpenShift Merge Robot2021-06-10
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | container: ignore named hierarchies