| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\
| |
| | |
vendor latest containers/common
|
|/
|
|
|
|
|
|
| |
We had a couple of regressions in containers/common in the last release.
Before cutting a new release, let's vendor it here. Since 3.0 has been
branched, we can vendor a non-release commit of c/common.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
play kube selinux label issue
|
| |
| |
| |
| |
| |
| | |
added skip to test case where selinux not enabled
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| | |
fixed typo in the label comparison
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| |
| | |
test case added to e2e test suite to validate process label being correctly set
on play kube
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
|\ \
| | |
| | | |
fix logic when not creating a workdir
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line. Otherwise, we just do a
presence check. Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir. That
caused a regression when running on a read-only root fs.
Fixes: #9230
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix Docker APIv2 container wait endpoint
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bump remote API version to 3.0.0
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #9175
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Fix podman network disconnect wrong NetworkStatus number
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The allocated `tmpNetworkStatus` must be allocated with the length 0.
Otherwise append would add new elements to the end of the slice and
not at the beginning of the allocated memory.
This caused inspect to fail since the number of networks did not
matched the number of network statuses.
Fixes #9234
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \
| | | | |
| | | | | |
Cirrus: Collect ginkgo node logs artifacts
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In rare cases, it's possible for one of the ginkgo processes to "hang".
When this occurs, the main output will contain this message:
``Ginkgo timed out waiting for all parallel nodes to report``
The only way to debug this was to look through concatenated printing
of the ginkgo node logs. This is a tedious and daunting task,
requiring special search knowledge, facing a "wall of text".
Simplify the situation by collecting the node logs separately, as
individual files in a cirrus-artifact. In this way, it's faster to
figure out which test "hung" by examining each log individually. The
log file which does not have a pass/fail summary at the end,
indicates the last test hung (for whatever reason), and includes it's
output (if any).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
generate kube: handle entrypoint
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The spec of a Kube Container has a `Command` and `Args`. While both are
slices, the `Command` is the counterpart of the entrypoint of a libpod
container. Kube is also happily accepting the arguments to as following
items in the slice but it's cleaner to move those to `Args`.
Fixes: #9211
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Update nix pin with `make nixpkgs`
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Report StatusConflict on Pod opt partial failures
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- When one or more containers in the Pod reports an error on an operation
report StatusConflict and report the error(s)
- jsoniter type encoding used to marshal error as string using error.Error()
- Update test framework to allow setting any flag when creating pods
- Fix test_resize() result check
Fixes #8865
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
bindings: attach: warn correct error
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The resize warning logged the wrong error. While this does not fix
#9172, it may very well be helpful finding its root cause.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.25.0
Bump github.com/containers/storage from 1.24.5 to 1.25.0
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.24.5 to 1.25.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.24.5...v1.25.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
containers/dependabot/go_modules/github.com/containernetworking/cni-0.8.1
Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v0.8.0...v0.8.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
System test for #9096 (truncated stdout)
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This actually tests conmon, not podman; but that's the whole
point of system tests in the first place: if a problem exists,
we want to fail loudly, no matter whose fault it is.
(I can't get this to fail on my f33 laptop; OP on #9096 claims
it only fails on Ubuntu. We'll see what happens in CI).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix invalid wait condition on kill
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When using the compatability tests on kill, the kill
function goes into an infinite wait loop taking all of the CPU.
This change will use the correct wait function and exit properly.
Fixes: https://github.com/containers/podman/issues/9206
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Makefile: make bin/* real targets!
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Backstory: every time you run 'make podman' or even
just 'make', you get a full recompile. This is sub-ideal.
Cause: I don't really know. It looks complicated. #5017
introduced a .PHONY for bin/podman, for reasons not
explained in the PR. Then, much later, #5880 well-
intentionedly but improperly tweaked the 'find'
command used in defining SOURCES, adding a -prune
but without the corresponding and required -print.
Let's just say, it was an unfortunate cascade of events.
This PR fixes the SOURCES definition and removes the
highly-undesired .PHONY from podman & podman-remote,
making it so you can type 'make' and, oh joy, not
build anything if it's current. The way 'make' is
supposed to work.
Why fix this now? Because my PR (#9209) was failing in CI,
in the Validate step:
Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223.
It failed even on Re-run, and only passed once I force-pushed
the PR (with no changes, just a new commit SHA). I have no idea
why bin/podman wasn't built, and I have zero interest in pursuing
that right now, but the proper solution is to add bin/podman as
a Makefile dependency for that particular test. So done.
While I'm at it, fix what is pretty clearly a typo in a .PHONY
And, finally, fix a go-md2man warning introduced in #9189
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/github.com/onsi/gomega-1.10.5
Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] typo
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Matthew Cengia <mattcen@mattcen.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Make slirp MTU configurable (network_cmd_options)
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]
Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Gating tests: diff test: workaround for RHEL8 failure
|
| | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
RHEL8 rootless gating tests are inconsistently failing with:
$ podman diff --format json -l
#
{"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]}
# #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# #| FAIL: added
# #| expected: '/pMOm1Q0fnN'
# #| actual: '/sys/fs'
# #| > '/sys/fs/cgroup'
# #| > '/pMOm1Q0fnN'
# #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Reason: PR #8561, I think (something to do with /sys on RHEL).
Workaround: ignore '/sys/fs' in diffs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
Honor network options for macvlan networks
|