| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for commit, export, inspect, kill, logs, mount, pause
port commands
* Refactored Report class to allow column lengths to be optionally
driven by data
* Refactored Ps class to truncate image names on the left vs right
* Bug fixes
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This proposes a more comprehensible man page.
A number of things have been lost in translation and this should be reviewed:
- the former docs from --userns say that it is disabled by default. I
suppose that this is the same as --userns:host, but this should be confirmed.
It also stated that is would use options like pid=host, which confuses me
as pid namespaces are a totally different thing from user namespaces. It also
mentions the enabling of --privileged. I think the difference between using
--userns:host and not using any user namespace options at all is not clear
and maybe not very logical. Also what would be the difference between using
--userns:host and using --priveleged alone?
- I found the syntax for --gidmap at the bottom of the man page in the examples.
In the example it doesn't use '=', eg. podman run `--gidmap 0:30000:2000`.
For consistency with the other options I have used '=' for now, but if it is
optional, I would remove it everywhere, as less tokens is usually improved
readability. For now the inconsistency remains between the options doc and the
examples section.
- It wasn't very clear to me whether one should hard wrap long lines or not as the
contains a mix.
- I haven't for now looked at user namespace options on other commands, but
that should be done surely before merging.
- I didn't know which command to run to generate the groff, so that needs doing still.
from issue #1374
Signed-off-by: Naja Melan <najamelan@autistici.org>
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
It is not necessary to hide podman-pod-create's help flag. Therefore,
partially revert commit 6751b2c35040 to restore the help flag.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a special handler to catch errors caused by specifying unknown
commands to Podman. This allows printing a more helpful error message.
```
$ podman
Command "123123" not found.
See `podman --help`.
$ podman pod 123123
Command "123123" not found.
See `podman pod --help`.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print potentially verbose help messages in case of usage errors,
but print only the usage error followed by a pointer to the command's
help. This aligns with Docker.
```
$ podman run -h
flag needs an argument: -h
See 'podman run --help'.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update container/image to address a commit error when copying layers and metadata.
This change may require users to recreate containers.
container/storage added some new lock protection to prevent possible deadlock and
data corruption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1381
Approved by: mheon
|
|\
| |
| | |
add conmon to copr spec
|
|/
|
|
|
|
|
| |
For COPR rpms, it is desirable to have conmon built into the podman RPM. No
code is impacted.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
All bash examples are now placed in a code section (```). The PS1
prompt is set to `$`.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Base heading is level 2, which is identical to the level 1. However
level 3 will be indendet which is used a lot in the `## EXAMPLES`
sections.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
- second heading
- consistent mail addresses <user@domain.com>
- change order with latest changes first
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The varlink usage help looks like:
--timeout value, -t value time until the varlink session expires in
milliseconds. default is 1 second; 0 means no timeout. (default:
1000)
Fix it to not repeat twice the default value.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1377
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Move the `-h` short flag from `--help` to `--hostname` for podman-run,
podman-create and podman-pod-create to be compatible with Docker.
Fixes: #1367
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1373
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
Closes: #1363
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
since we have a way for joining an existing userns use it instead of
nsenter.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, /etc/resolv.conf can be a symlink to something like
/run/systemd/resolve/resolv.conf. We currently check for that file
and if it exists, use it instead of /etc/resolv.conf. However, we are
no seeing cases where the systemd resolv.conf exists but /etc/resolv.conf
is NOT a symlink.
Therefore, we now obtain the endpoint for /etc/resolv.conf whether it is a
symlink or not. That endpoint is now what is read to generate a container's
resolv.conf.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1368
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `--rm` flag will only cause a container to be removed when it has
been created and started successfully. Otherwise, it will not be
removed to allow the container to be inspected and to analyze the root
cause of the failure. Document those semantics more clearly in the
manpages to avoid confusion for users.
Fixes: #1359
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1362
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1352
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Fedora and now Centos (added), we build RPMs based on the spec in
contrib/spec to make sure we protect against regressions when creating
RPMs. Once the RPM is built, we then test actually installing the RPM
to ensure that no deps are missing for install.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1356
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
|
|
|
|
| |
In the API docs, we generally state the type of error that should be returned
if a container or image cannot be found. In several cases, the code did not
match the API doc, when the API doc was correct.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1353
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker expects multiple filters to be passed with multiple uses
of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d)
and not a single comma-separated list of filters as we expected.
Convert to the Docker format, and make some small cleanups to our
handling of filters along the way.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
| |
Default mount propagation inside of containes should be private
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1305
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Add a containers-mounts.conf(5) manpage. The mounts.conf is used by
other tools (e.g., CRI-O) as well. A dedicated manpage reduces
redundancy.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Use the "containers-" prefix for all references to the
containers-registries.conf and containers-storage.conf
configuration files.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.
Depends on: https://github.com/opencontainers/runc/pull/1832
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the test for checking when /sys must be bind mounted from the
host. It should be done only when userNS are enabled (the
!UsernsMode.IsHost() check is not enough for that).
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.
Closes: https://github.com/containers/libpod/issues/1337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manage the case where the main process of the container creates and
joins a new user namespace.
In this case we want to join only the first child in the new
hierarchy, which is the user namespace that was used to create the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.
"unshare" is used to join the user namespace of the target container.
The current implementation assumes that the main process of the
container didn't create a new user namespace.
Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.
Closes: https://github.com/containers/libpod/issues/1329
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1346
Approved by: rhatdan
|