summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Revert "rootless: change default path for conmon.pid"Giuseppe Scrivano2019-05-25
| | | | | | | | | since we now enter the user namespace prior to read the conmon.pid, we can write the conmon.pid file again to the runtime dir. This reverts commit 6c6a8654363457a9638d58265d0a7e8743575d7a. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: enable loginctl lingerGiuseppe Scrivano2019-05-25
| | | | | | | otherwise the processes we leave around will be killed once the session terminates. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: block signals for pauseGiuseppe Scrivano2019-05-25
| | | | | | | block signals for the pause process, so it can't be killed by mistake. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3196 from giuseppe/keep-idOpenShift Merge Robot2019-05-25
|\ | | | | userns: add new option --userns=keep-id
| * podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: store also the original GID in the hostGiuseppe Scrivano2019-05-23
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3185 from mheon/fix_cp_testOpenShift Merge Robot2019-05-25
|\ \ | | | | | | Fix a potential flake in the tests for podman cp
| * | Fix a potential flake in the tests for podman cpMatthew Heon2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | Instead of using the working directory, use a subdirectory of the temporary directory created for the individual test, to prevent a potential EEXIST for shared working directory. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3192 from cevich/add_zipOpenShift Merge Robot2019-05-24
|\ \ \ | | | | | | | | Cirrus: Add zip package to images
| * | | cirrus: update images w/ zip pkgChris Evich2019-05-23
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Add zip package to imagesChris Evich2019-05-23
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3186 from baude/varlinkdocsnullableOpenShift Merge Robot2019-05-23
|\ \ \ \ | |_|_|/ |/| | | document nullable types
| * | | document nullable typesbaude2019-05-22
| |/ / | | | | | | | | | | | | | | | | | | the varlink doc generator was ignoring all nullable types when generating its documentation Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3190 from giuseppe/fix-userns-psgoOpenShift Merge Robot2019-05-23
|\ \ \ | | | | | | | | rootless: fix top huser and hgroup
| * | | rootless: fix top huser and hgroupGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode, be sure psgo is honoring the user namespace settings for huser and hgroup. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | vendor: update psgo to v1.3.0Giuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3097 from cevich/show_ipOpenShift Merge Robot2019-05-23
|\ \ \ \ | |_|/ / |/| | | hack: Display IP address of VM from script
| * | | hack: ignore from all VCS files when tarballingChris Evich2019-05-22
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | hack: shrink xfer tarball sizeChris Evich2019-05-22
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | hack: Display IP address of VM from scriptChris Evich2019-05-22
|/ / / | | | | | | | | | | | | | | | Useful for accessing it from other terminals. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ \ \ | | | | | | | | Fixup Flags
| * | | Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2715 from ypu/login_logoutOpenShift Merge Robot2019-05-22
|\ \ \ \ | | | | | | | | | | Add test cases for login and logout
| * | | | Add test cases for login and logoutYiqiao Pu2019-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As logout test request login to the registry, we plan to test them together. There are five test cases added: 1. Podman login and logout with default value 3. Podman login and logout with --authfile 2. Podman login and logout with --tls-verify 4. Podman login and logout with --cert-dir 5. Podman login and logout with multi registry All above test cases are using docker rgistry v2 Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | | | Merge pull request #3178 from mheon/fix_gen_kubeOpenShift Merge Robot2019-05-22
|\ \ \ \ \ | |_|_|/ / |/| | | | Fix a 'generate kube' bug on ctrs with named volumes
| * | | | Remove unused return statement in kube volume codeMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | Fix play kube when a pod is specifiedMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to pass the Pod ID in as part of the CreateConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | Fix a 'generate kube' bug on ctrs with named volumesMatthew Heon2019-05-21
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3176 from baude/resizechanbufferOpenShift Merge Robot2019-05-22
|\ \ \ \ | |_|/ / |/| | | make remote resize channel buffered
| * | | make remote resize channel bufferedbaude2019-05-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when doing any sort of attach to a container, a sigwinch is sent followed by a resize event. this is fine for the local client but when doing things over the varlink, the first sigwinch is wiped out by the immediate resize event and is therefore lost. by making the channel buffered, both events are processed after the varlink connection is established. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3177 from mheon/duplicate_volumesOpenShift Merge Robot2019-05-22
|\ \ \ | | | | | | | | When superceding mounts, check for opposite types
| * | | Add test for image volume conflict with user volumeMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | When superceding mounts, check for opposite typesMatthew Heon2019-05-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we supercede low-priority mounts and volumes (image volumes, and volumes sourced from --volumes-from) with higher-priority ones (the --volume and --mount flags), we always replaced lower-priority mounts of the same type (e.g. a user mount to /tmp/test1 would supercede a volumes-from mount to the same destination). However, we did not supercede the opposite type - a named volume from image volumes at /tmp/test1 would be allowed to remain and create a conflict, preventing container creation. Solve this by destroying opposite types before merging (we can't do it in the same loop, as then named volumes, which go second, might trample changes made by mounts). Fixes #3174 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3173 from giuseppe/use-wait-for-fileOpenShift Merge Robot2019-05-21
|\ \ \ | | | | | | | | libpod: prefer WaitForFile to polling
| * | | libpod: prefer WaitForFile to pollingGiuseppe Scrivano2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | replace two usage of kwait.ExponentialBackoff in favor of WaitForFile that uses inotify when possible. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3084 from giuseppe/rootless-pause-processOpenShift Merge Robot2019-05-21
|\ \ \ \ | | | | | | | | | | rootless: use a pause process to keep namespaces alive
| * | | | troubleshooting.md: add note about updating subuid/subgidGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | system: migrate stops the pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: join namespace immediately when possibleGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a shortcut for joining immediately the namespace so we don't need to re-exec Podman. With the pause process simplificaton, we can now attempt to join the namespaces as soon as Podman starts (and before the Go runtime kicks in), so that we don't need to re-exec and use just one process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | migrate: not create a new namespaceGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this leaves the containers stopped but we won't risk to use the wrong user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2561 from cevich/cirrus_test_imagesOpenShift Merge Robot2019-05-21
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Support testing of VM cache-image changes
| * | | | | Cirrus: Fix missing CRIO_COMMIT -> CONMON_COMMITChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: workaround root expand failureChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Occasionally, and seemingly only on F29 the root disk fails to expand upon boot. When this happens, any number of failures could occur if space runs out. Until there is time to investigate the actual cause, workaround this problem by detecting it and acting accordingly. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Stub in F30 supportChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New base-image boots, a cache-image builds, but more work is needed for it to be prime-time ready. This commit just adds some updates to the scafolding necessary to build the base-image. Future work will make F30 more of a reality. Also add log-collection scripts to test image verification task Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: fixups based on review feedbackChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also remove disused distros (RHEL/CentOS/FAH) and fix get_ci_vm script Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Overhaul/Simplify env. var setupChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | Cirrus: Run tests on test-built cache-imagesChris Evich2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, add jq and catatonit installs to images. Signed-off-by: Chris Evich <cevich@redhat.com>