summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Turn on test debuggingJhon Honce2018-08-31
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1369 Approved by: rhatdan
* Add support for remote commandsJhon Honce2018-08-31
| | | | | | | | | | | | | | * Add support for commit, export, inspect, kill, logs, mount, pause port commands * Refactored Report class to allow column lengths to be optionally driven by data * Refactored Ps class to truncate image names on the left vs right * Bug fixes Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1369 Approved by: rhatdan
* fixup A few language changes and subuid(5)Naja Melan2018-08-31
| | | | | | | Signed-off-by: Naja Melan <najamelan@autistici.org> Closes: #1380 Approved by: rhatdan
* Make the documentation of user namespace options in podman-run clearerNaja Melan2018-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This proposes a more comprehensible man page. A number of things have been lost in translation and this should be reviewed: - the former docs from --userns say that it is disabled by default. I suppose that this is the same as --userns:host, but this should be confirmed. It also stated that is would use options like pid=host, which confuses me as pid namespaces are a totally different thing from user namespaces. It also mentions the enabling of --privileged. I think the difference between using --userns:host and not using any user namespace options at all is not clear and maybe not very logical. Also what would be the difference between using --userns:host and using --priveleged alone? - I found the syntax for --gidmap at the bottom of the man page in the examples. In the example it doesn't use '=', eg. podman run `--gidmap 0:30000:2000`. For consistency with the other options I have used '=' for now, but if it is optional, I would remove it everywhere, as less tokens is usually improved readability. For now the inconsistency remains between the options doc and the examples section. - It wasn't very clear to me whether one should hard wrap long lines or not as the contains a mix. - I haven't for now looked at user namespace options on other commands, but that should be done surely before merging. - I didn't know which command to run to generate the groff, so that needs doing still. from issue #1374 Signed-off-by: Naja Melan <najamelan@autistici.org> Signed-off-by: Naja Melan <najamelan@autistici.org> Closes: #1380 Approved by: rhatdan
* pod create: restore help flagValentin Rothberg2018-08-31
| | | | | | | | | | It is not necessary to hide podman-pod-create's help flag. Therefore, partially revert commit 6751b2c35040 to restore the help flag. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* catch command-not-found errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | | | | Add a special handler to catch errors caused by specifying unknown commands to Podman. This allows printing a more helpful error message. ``` $ podman Command "123123" not found. See `podman --help`. $ podman pod 123123 Command "123123" not found. See `podman pod --help`. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* don't print help message for usage errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | Don't print potentially verbose help messages in case of usage errors, but print only the usage error followed by a pointer to the command's help. This aligns with Docker. ``` $ podman run -h flag needs an argument: -h See 'podman run --help'. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* Vendor in latest containers/storage and containers/imageDaniel J Walsh2018-08-31
| | | | | | | | | | | | | Update container/image to address a commit error when copying layers and metadata. This change may require users to recreate containers. container/storage added some new lock protection to prevent possible deadlock and data corruption. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1381 Approved by: mheon
* Merge pull request #1382 from baude/addconmonBrent Baude2018-08-30
|\ | | | | add conmon to copr spec
| * add conmon to copr specbaude2018-08-30
|/ | | | | | | For COPR rpms, it is desirable to have conmon built into the podman RPM. No code is impacted. Signed-off-by: baude <bbaude@redhat.com>
* docs: consistent format for exampleValentin Rothberg2018-08-30
| | | | | | | | | | All bash examples are now placed in a code section (```). The PS1 prompt is set to `$`. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: consistent headingsValentin Rothberg2018-08-30
| | | | | | | | | | | Base heading is level 2, which is identical to the level 1. However level 3 will be indendet which is used a lot in the `## EXAMPLES` sections. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: make HISTORY consistentValentin Rothberg2018-08-30
| | | | | | | | | | | - second heading - consistent mail addresses <user@domain.com> - change order with latest changes first Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: fix headersValentin Rothberg2018-08-30
| | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* varlink: fix --timeout usageGiuseppe Scrivano2018-08-30
| | | | | | | | | | | | | | | The varlink usage help looks like: --timeout value, -t value time until the varlink session expires in milliseconds. default is 1 second; 0 means no timeout. (default: 1000) Fix it to not repeat twice the default value. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1377 Approved by: rhatdan
* run/create: reserve `-h` flag for hostnameValentin Rothberg2018-08-30
| | | | | | | | | | | Move the `-h` short flag from `--help` to `--hostname` for podman-run, podman-create and podman-pod-create to be compatible with Docker. Fixes: #1367 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1373 Approved by: rhatdan
* podman,varlink: inform user about --timeout 0Tomas Tomecek2018-08-30
| | | | | | | Signed-off-by: Tomas Tomecek <ttomecek@redhat.com> Closes: #1363 Approved by: rhatdan
* rootless: show an error when stats is usedGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: show an error when pause/unpause are usedGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: unexport GetUserNSForPidGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless, exec: use the new function to join the usernsGiuseppe Scrivano2018-08-29
| | | | | | | | | | since we have a way for joining an existing userns use it instead of nsenter. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: fix topGiuseppe Scrivano2018-08-29
| | | | | | | | | | join the user namespace used to create the container so that psgo can work in the same way as with root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: add new function to join existing namespaceGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* Vendor in latest projectatomic/buildahDaniel J Walsh2018-08-29
| | | | | | | | | | | | This will help document the defaults in podman build. podman build --help will now show the defaults and mention the environment variables that can be set to change them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1364 Approved by: mheon
* Set nproc in containers unless explicitly overriddenMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Do not set max open files by default if we are rootlessMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Set default max open files in specMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Resolve /etc/resolv.conf before readingbaude2018-08-28
| | | | | | | | | | | | | | | | | In some cases, /etc/resolv.conf can be a symlink to something like /run/systemd/resolve/resolv.conf. We currently check for that file and if it exists, use it instead of /etc/resolv.conf. However, we are no seeing cases where the systemd resolv.conf exists but /etc/resolv.conf is NOT a symlink. Therefore, we now obtain the endpoint for /etc/resolv.conf whether it is a symlink or not. That endpoint is now what is read to generate a container's resolv.conf. Signed-off-by: baude <bbaude@redhat.com> Closes: #1368 Approved by: rhatdan
* document `--rm` semanticsValentin Rothberg2018-08-28
| | | | | | | | | | | | | | The `--rm` flag will only cause a container to be removed when it has been created and started successfully. Otherwise, it will not be removed to allow the container to be inspected and to analyze the root cause of the failure. Document those semantics more clearly in the manpages to avoid confusion for users. Fixes: #1359 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1362 Approved by: rhatdan
* allow specification of entrypoint in the form of a sliceDaniel J Walsh2018-08-28
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1352 Approved by: mheon
* Test RPM build and install for regressionsbaude2018-08-28
| | | | | | | | | | | | On Fedora and now Centos (added), we build RPMs based on the spec in contrib/spec to make sure we protect against regressions when creating RPMs. Once the RPM is built, we then test actually installing the RPM to ensure that no deps are missing for install. Signed-off-by: baude <bbaude@redhat.com> Closes: #1356 Approved by: rhatdan
* rootless, search: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, login, logout: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, kill: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, stop: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* Ensure return errors match API docsbaude2018-08-28
| | | | | | | | | | | In the API docs, we generally state the type of error that should be returned if a container or image cannot be found. In several cases, the code did not match the API doc, when the API doc was correct. Signed-off-by: baude <bbaude@redhat.com> Closes: #1353 Approved by: rhatdan
* Fix manpage to note how multiple filters are combinedMatthew Heon2018-08-27
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1345 Approved by: umohnani8
* Fix handling of multiple filters in podman psMatthew Heon2018-08-27
| | | | | | | | | | | | | Docker expects multiple filters to be passed with multiple uses of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d) and not a single comma-separated list of filters as we expected. Convert to the Docker format, and make some small cleanups to our handling of filters along the way. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1345 Approved by: umohnani8
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* docs: add containers-mounts.conf(5)Valentin Rothberg2018-08-27
| | | | | | | | | | | Add a containers-mounts.conf(5) manpage. The mounts.conf is used by other tools (e.g., CRI-O) as well. A dedicated manpage reduces redundancy. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1350 Approved by: rhatdan
* docs: use "containers-" prefix for registries and storageValentin Rothberg2018-08-27
| | | | | | | | | | | Use the "containers-" prefix for all references to the containers-registries.conf and containers-storage.conf configuration files. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1350 Approved by: rhatdan
* rootless: fix --pid=hostGiuseppe Scrivano2018-08-27
| | | | | | | | | | | | Unfortunately this is not enough to get it working as runc doesn't allow to bind mount /proc. Depends on: https://github.com/opencontainers/runc/pull/1832 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless: fix --ipc=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* spec: bind mount /sys only when userNS are enabledGiuseppe Scrivano2018-08-27
| | | | | | | | | | | Fix the test for checking when /sys must be bind mounted from the host. It should be done only when userNS are enabled (the !UsernsMode.IsHost() check is not enough for that). Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless, tests: add test for --uts=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* Dockerfile.Fedora: install slirp4netnsGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless: don't use kill --allGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | The OCI runtime might use the cgroups to see what PIDs are inside the container, but that doesn't work with rootless containers. Closes: https://github.com/containers/libpod/issues/1337 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: exec handle processes that create an user namespaceGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | Manage the case where the main process of the container creates and joins a new user namespace. In this case we want to join only the first child in the new hierarchy, which is the user namespace that was used to create the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* Move whale-says test to end of baselineTomSweeneyRedHat2018-08-25
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1346 Approved by: rhatdan