| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
libpod: avoid polling container status
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
use the inotify backend to be notified on the container exit instead
of polling continuosly the runtime. Polling the runtime slowns
significantly down the podman execution time for short lived
processes:
$ time bin/podman run --rm -ti fedora true
real 0m0.324s
user 0m0.088s
sys 0m0.064s
from:
$ time podman run --rm -ti fedora true
real 0m4.199s
user 0m5.339s
sys 0m0.344s
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| |/
|/| |
handle dns response from cni
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when cni returns a list of dns servers, we should add them under the
right conditions. the defined conditions are as follows:
- if the user provides dns, it and only it are added.
- if not above and you get a cni name server, it is added and a
forwarding dns instance is created for what was in resolv.conf.
- if not either above, the entries from the host's resolv.conf are used.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Enable hack/man-page-checker in CI
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
With huge thanks to @rwha for #3915. All man pages are clean
and consistent now - let's keep them that way.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Cirrus: Update e-mail -> IRC Nick table
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also add fixes to help prevent 'fatal: Invalid revision range' error.
Should obtaining all authors from the range still fail, only grab the
HEAD commit author as a fallback.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \
| | | |
| | | | |
rootless: detect user namespace configuration changes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
make pkg/rootless.GetConfiguredMappings public so that it can be used
from pkg/util.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
detect if the current user namespace doesn't match the configuration
in the /etc/subuid and /etc/subgid files.
If there is a mismatch, raise a warning and suggest the user to
recreate the user namespace with "system migrate", that also restarts
the containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Cirrus: imgprune fixes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rather than hard-coding all four base-image env. var name,
load the values based on the shared variable name suffix.
Thanks to Ed Santiago <santiago@redhat.com> for the suggestion.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Originally when written, the image_prune_task was passing incorrect
credentials into it's container. This was traced back to mishandling of
a YAML-alias, and worked-around (including a comment). However,
as of this commit, it appear YAML-alias substitution problem has
been addressed. Restore the (correct) use of a YAML-alias so
the correct credentials are passed into the prune container.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix formatting and enable hack/man-page-checker
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The files under docs/links reference another man page, e.g.
`man podman-container-list` displays `podman-ps(1)`. This adds
the alias to the in the displayed page's SYNOPSIS section.
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
rootless.md: add systemd unit example
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Mathieu Velten <matmaul@gmail.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
rootless: bind mount devices instead of creating them
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
provide an implementation for getDevices that skip unreadable
directories for the current user.
Based on the implementation from runc/libcontainer.
Closes: https://github.com/containers/libpod/issues/3919
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
eBPF requires to be root in the init namespace.
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when running in rootless mode, --device creates a bind mount from the
host instead of specifying the device in the OCI configuration. This
is required as an unprivileged user cannot use mknod, even when root
in a user namespace.
Closes: https://github.com/containers/libpod/issues/3905
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
|
| |\ \ \ \
| |/ / /
|/| | | |
docs: add note about failing rhel7 systemd on cgroups v2
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1747933
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Personalize CI success messages to IRC
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rather than spamming the podman channel with impersonal success
messages referring to PR numbers, mention the author by nick name
and include the PR title and link.
Also avoid needless logging of all bot-script interactions with
IRC when there is no error detected.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Makefile: use go proxy
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use GOPROXY=https://proxy.golang.org to speed up fetching dependencies.
Setting it makes `make vendor` three times faster in my local env.
For details please refer to https://proxy.golang.org/.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Fix links to manpages
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
man: events-logger → events-backend
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
dont panic when using varlink commit and uppercase image names
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when using an upper case image name for container commit, we observed
panics due to a channel closing early.
Fixes: #3897
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Release redo
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
add --cert-dir image sign
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Requirement from #2726
Add --cert-dir for `podman image sign`.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Cirrus: Block CNI use of google VPCs
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Specifically pertaining to executing tests in google cloud, there are
default, pre-allocated class-a subnetworks for each region (data-center).
Each includes a gateway using a `.1` LSB and all are routable from other
regions in google cloud via these gateways.
Because the default CNI configuration also utilizes class-a subnetworks,
this creates the possibility for IPv4 address-space clashes. Since the
default regional cloud subnets are pre-defined/known, preventing clashes
can be accomplished by seeding these subnets in a dummy CNI configuration.
The default behavior of podman is to grab the highest priority CNI
configuration. Name the dummy config. appropriate so it always loads
last. Also name the bridge itself with an obvious name `do-not-use`,
such that any related testing errors should be easier to debug.
Also:
* Minor cleanup of `install_test_configs()`
* Move install_test_configs in `setup_environment.sh` to after possible
run of `remove_packaged_podman_files()` because that also strips out
`/etc/cni/net.d/87-podman-bridge.conflist`.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Re-add volume locks
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This will require a 'podman system renumber' after being applied
to get lock numbers for existing volumes.
Add the DB backend code for rewriting volume configs and use it
for updating lock numbers as part of 'system renumber'.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Add an integration test for systemd in a container
|
