summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Do not print an error message on non-0 exec exit codeMatthew Heon2020-07-21
| | | | | | | | | | | This was added with an earlier exec rework, and honestly is very confusing. Podman is printing an error message, but the error had nothing to do with Podman; it was the executable we ran inside the container that errored, and per `podman run` convention we should set the Podman exit code to the process's exit code and print no error. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6902 from vrothberg/events-endpointOpenShift Merge Robot2020-07-21
|\ | | | | events endpoint: fix panic and race condition
| * events endpoint: backwards compat to old typeValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The versions Docker that the compat endpoints currently support are using another type for the `filters` parameter than later versions of Docker, which the libpod/events endpoint is also using. To prevent existing deplopyments from breaking while still achieving backward compat, we now support both types for the filters parameter. Tested manually. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * events endpoint: fix panic and race conditionValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a potential panic in the events endpoint when parsing the filters parameter. Values of the filters map might be empty, so we need to account for that instead of uncondtitionally accessing the first item. Also apply a similar for race conditions as done in commit f4a2d25c0fca: Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Another race was the handler closing event channel, which could lead to two kinds of panics: double close, send to close channel. The backend takes care of that. However, make sure that the backend stops working in case the context has been cancelled. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7031 from vrothberg/root-checkOpenShift Merge Robot2020-07-21
|\ \ | | | | | | unit tests: root check
| * | unit tests: root checkValentin Rothberg2020-07-21
|/ / | | | | | | | | | | | | | | | | The unit tests currently require running as root. This has caused some confusion that justifies adding a root check to `make localunit` and error out for non-root users instead of starting the tests deemed to fail. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7009 from rhatdan/containers.confOpenShift Merge Robot2020-07-21
|\ \ | | | | | | Switch references from libpod.conf to containers.conf
| * | Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-20
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7026 from edsantiago/bats_majorminor_warning_fixOpenShift Merge Robot2020-07-21
|\ \ \ | |/ / |/| | BATS tests: more resilient remove_same_dev_warning
| * | BATS tests: more resilient remove_same_dev_warningEd Santiago2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some CI tests are flaking in the SELinux test, possibly because there's a new variation of the "multiple devices" warning I hadn't seen before: WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null". Solution: in remove_same_dev_warning(), remove "multiple" from the match string. Also: fix a Go test that wasn't cleaning up after itself. And add an actual test to it, not just check-exit-status. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6895 from QiWang19/pr-3457OpenShift Merge Robot2020-07-20
|\ \ \ | | | | | | | | Add support for overlay volume mounts in podman.
| * | | Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| |/ / | | | | | | | | | | | | | | | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #7024 from mheon/fix_6506OpenShift Merge Robot2020-07-20
|\ \ \ | | | | | | | | Re-enable a generate kube test that failed on Ubuntu
| * | | Re-enable a generate kube test that failed on UbuntuMatthew Heon2020-07-20
| |/ / | | | | | | | | | | | | | | | | | | | | | The fix was a new runc version, which we may have sucked in. Fixes #6506 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7023 from vrothberg/fix-7021OpenShift Merge Robot2020-07-20
|\ \ \ | |/ / |/| | contrib/systemd cleanups
| * | podman.service: set type to simpleValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | Set the type of the podman.service to simple. This will correctly report the status of the service once it has started. As a oneshot service, it does not transition from the startup state to running. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | podman.service: set doc to podman-system-serviceValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | podman-api(1) does not exist, so set the man page to podman-system-service(1). Same for the .socket. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | podman.service: use default registries.confValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | Do not hard-set the registries.conf to `/etc/containers/registries.conf`. Podman (and other c/image users) already default to it. However, ordinary non-root users should still be able to use the configs in their home directories which is now possible. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | podman.service: use default killmodeValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not set the killmode to process as it only kills the main process and leaves other processes untouched. Just remove the line and use the default cgroup killmode which will kill all processes in the service's cgroup. Fixes: #7021 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | podman.service: remove stop timeoutValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | Remove the stop timeout from the unit. As unit does not specify any stop command, the timeout is effectively 0 and a NOOP. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | systemd: symlink user->systemValentin Rothberg2020-07-20
| |/ | | | | | | | | | | | | | | | | Symlink the user to the system services in `contrib/systemd`. There is no diference between the services, so we can reduce redundancy while not breaking downstream packages which might already be referencing `./contrib/systemd/user`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7018 from Luap99/fix#7015OpenShift Merge Robot2020-07-20
|\ \ | |/ |/| fix: system df error when an image has no name
| * fix: system df error when an image has no namePaul Holzinger2020-07-19
|/ | | | | | | | | | | | | When an image has no name/tag system df will error because it tries to parse an empty name. This commit makes sure we only parse non empty names and set the repository and tag to "<none>" otherwise. Closes #7015 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7011 from rhatdan/troubleshootOpenShift Merge Robot2020-07-19
|\ | | | | document CAP_SYS_ADMIN required for systemd PrivateNetwork
| * document CAP_SYS_ADMIN required for systemd PrivateNetworkDaniel J Walsh2020-07-18
| | | | | | | | | | Signed-off-by: James Cassell <code@james.cassell.me> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6402 from alvistack/master-linux-amd64OpenShift Merge Robot2020-07-18
|\ \ | |/ |/| [nix] Cleanup nix derivation for static builds
| * Cleanup nix derivation for static buildsWong Hoi Sing Edison2020-07-18
| | | | | | | | Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
* | Merge pull request #6934 from ParkerVR/tags-referenceOpenShift Merge Robot2020-07-18
|\ \ | |/ |/| using reference package to parse
| * Used reference package with errors for parsing tagParker Van Roy2020-07-17
| | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | Merge pull request #7005 from giuseppe/set-umask-rlimitsOpenShift Merge Robot2020-07-17
|\ \ | |/ |/| abi: set default umask and rlimits
| * abi: set default umask and rlimitsGiuseppe Scrivano2020-07-17
|/ | | | | | | | the code got lost in the migration to podman 2.0, reintroduce it. Closes: https://github.com/containers/podman/issues/6989 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #7000 from ↵OpenShift Merge Robot2020-07-17
|\ | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.16.0 Bump github.com/containers/common from 0.15.2 to 0.16.0
| * Bump github.com/containers/common from 0.15.2 to 0.16.0Daniel J Walsh2020-07-16
| | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.15.2 to 0.16.0. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.15.2...v0.16.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6965 from giuseppe/followup-pr6324OpenShift Merge Robot2020-07-17
|\ \ | | | | | | allow switching of port-forward approaches in rootless/using slirp4netns
| * | docs: document the new slirp4netns optionsGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | network, slirp4netns: add option to allow host loopbackGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/6912 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | libpod: pass down network optionsGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | | | | | | | do not pass network specific options through the network namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | allow switching of port-forward approaches in rootless/using slirp4netnsaleks-mariusz2020-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of podman 1.8.0, because of commit da7595a, the default approach of providing port-forwarding in rootless mode has switched (and been hard-coded) to rootlessport, for the purpose of providing super performance. The side-effect of this switch is source within the container to the port-forwarded service always appears to originate from 127.0.0.1 (see issue #5138). This commit allows a user to specify if they want to revert to the previous approach of leveraging slirp4netns add_hostfwd() api which, although not as stellar performance, restores usefulness of seeing incoming traffic origin IP addresses. The change should be transparent; when not specified, rootlessport will continue to be used, however if specifying --net slirp4netns:slirplisten the old approach will be used. Note: the above may imply the restored port-forwarding via slirp4netns is not as performant as the new rootlessport approach, however the figures shared in the original commit that introduced rootlessport are as follows: slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps, which are more than sufficient for many use cases where the origin of traffic is more important than limits that cannot be reached due to bottlenecks elsewhere. Signed-off-by: Aleks Mariusz <m.k@alek.cx> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6963 from ↵OpenShift Merge Robot2020-07-16
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.25.0incompatible Bump github.com/uber/jaeger-client-go from 2.24.0+incompatible to 2.25.0+incompatible
| * | | Bump github.com/uber/jaeger-client-godependabot-preview[bot]2020-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.24.0+incompatible to 2.25.0+incompatible. - [Release notes](https://github.com/uber/jaeger-client-go/releases) - [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber/jaeger-client-go/compare/v2.24.0...v2.25.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7003 from mheon/404_on_noimageOpenShift Merge Robot2020-07-16
|\ \ \ \ | |_|_|/ |/| | | The compat create endpoint should 404 on no such image
| * | | The compat create endpoint should 404 on no such imageMatthew Heon2020-07-16
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and will make the Docker frontend work with `podman system service` (Docker tries to create, then if that fails with 404 sends a request to pull the image). Fixes #6960 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6988 from jwhonce/wip/connectionOpenShift Merge Robot2020-07-16
|\ \ \ | | | | | | | | Fix `podman system connection` panic
| * | | Fix `podman system connection` panicJhon Honce2020-07-15
| | | | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #7001 from containers/dependabot/go_modules/k8s.io/api-0.18.6OpenShift Merge Robot2020-07-16
|\ \ \ \ | | | | | | | | | | Bump k8s.io/api from 0.18.5 to 0.18.6
| * | | | Bump k8s.io/api from 0.18.5 to 0.18.6Daniel J Walsh2020-07-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.18.5 to 0.18.6. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.18.5...v0.18.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6998 from ↵OpenShift Merge Robot2020-07-16
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/conmon-2.0.19incompatible Bump github.com/containers/conmon from 2.0.18+incompatible to 2.0.19+incompatible
| * | | | Bump github.com/containers/conmondependabot-preview[bot]2020-07-16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/conmon](https://github.com/containers/conmon) from 2.0.18+incompatible to 2.0.19+incompatible. - [Release notes](https://github.com/containers/conmon/releases) - [Changelog](https://github.com/containers/conmon/blob/master/changelog.txt) - [Commits](https://github.com/containers/conmon/compare/v2.0.18...v2.0.19) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6999 from ↵OpenShift Merge Robot2020-07-16
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.18.6 Bump k8s.io/apimachinery from 0.18.5 to 0.18.6
| * | | | Bump k8s.io/apimachinery from 0.18.5 to 0.18.6dependabot-preview[bot]2020-07-16
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.18.5 to 0.18.6. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.18.5...v0.18.6) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>