| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After this patch v2 hijacking endpoints, exec/start and
containers/attach follow rfc 7230 specification.
Connection will only be upgraded, if client specifies upgrade
headers:
For tcp connections:
Connection: Upgrade
Upgrade: tcp
For unix socket connections:
Connection: Upgrade
Upgrade: sock
There are currently no checks if upgrade type actually matches with
available protocols. Implementation just protocol that client
requested
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
StateHijacked is a terminal state. If hijacked connection
is registered as an active connection, connection will
never be unregistered. This causes two issues
First issue is that active connection counters are off.
Second issue is a resource leak caused by connection
object that is stored to a map.
After this patch hijacked connections are no longer
visible in counters. If a counter for hijacked
connections is required, podman must track
connections returned by Hijacker.Hijack()
It might make sense to develop abstraction layer for
hijacking - and move all hijacking related code to a
separate package. Hijacking code is prone to resource
leaks and it should be thoroughly tested.
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|\
| |
| | |
Vendor in new version of Buildah
|
| |
| |
| |
| |
| |
| | |
This also pulls in latest runc and containers/common
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We are using these dependencies just to get the device from path.
These dependencies no longer build on Windows, so simply cloning
the deviceFromPath function, we can eliminate the need for this
vendoring.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
fix API: Create container with an invalid configuration
|
| |/
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \
| | |
| | | |
log API: add context to allow for cancelling
|
| | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Add a `context.Context` to the log APIs to allow for cancelling
streaming (e.g., via `podman logs -f`). This fixes issues for
the remote API where some go routines of the server will continue
writing and produce nothing but heat and waste CPU cycles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Fix saving in oci format
|
|/
|
|
|
|
|
|
| |
- fix saving&loading oci format. Close #6544
- support loading using image name without "localhost/" prefix when reading from ociarchive/dir saved from this semantics
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Update release notes on Master for v2.0.2
|
|/
|
|
|
|
| |
Also update README to reflect the new release.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
CI:DOCS Minor: Remove two inaccurate comments
|
| |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\|
| |
| | |
Cirrus: Rotate keys post repo. rename
|
|/
|
|
|
|
|
|
|
| |
Encode credentials at new repository settings page
https://cirrus-ci.com/settings/repository/6707778565701632
Ref: https://cirrus-ci.org/guide/writing-tasks/#encrypted-variables
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Add username to /etc/passwd inside of container if --userns keep-id
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If I enter a continer with --userns keep-id, my UID will be present
inside of the container, but most likely my user will not be defined.
This patch will take information about the user and stick it into the
container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
fix race condition in `libpod.GetEvents(...)`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a race that could cause read errors to be masked. Masking such
errors is likely to report red herrings since users don't see that
reading failed for some reasons but that a given event could not be
found.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Add support for Filter query parameter to list images api
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Docker api version 1.24 uses a query parameter named Filter
for filtering images by names. In more recent versions of
api name filter is in filters query parameter with other
filters
This patch adds a mapping that translates Filter query
parameter to Filters={"reference": [""]}
Signed-off-by: Sami Korhonen <skorhone@gmail.com>
|
|\
| |
| | |
Implement --sdnotify cmdline option to control sd-notify behavior
|
| |
| |
| |
| | |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--sdnotify container|conmon|ignore
With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI
runtime doesn't pass it into the container. We also advertise "ready" when the
OCI runtime finishes to advertise the service as ready.
With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI
runtime passes it into the container for initialization, and let the container advertise further metadata.
This is the default, which is closest to the behavior podman has done in the past.
The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor
any child processes will talk to systemd.
This removes the need for hardcoded CID and PID files in the command line, and
the PIDFile directive, as the pid is advertised directly through sd-notify.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
|
|\ \
| | |
| | | |
Change buildtag for remoteclient to remote for testing
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix bug where `podman mount` didn't error as rootless
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As rootless, `podman mount` must be run inside `podman unshare`.
We don't really have a testing harness that can do this right
now.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We require that rootless `podman mount` be run inside a shell
spawned by `podman unshare` (which gives us a mount namespace
which actually lets other commands use the mounted filesystem).
The fix is simple - we need to mark the command as requiring the
rootless user namespace not be configured, so we can test for it
later as part of the mount code and error if we needed to make
one.
Fixes #6856
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
test.apiv2: add testing for container initializing
|
| | |
| | |
| | |
| | | |
Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
|
|\ \ \
| |_|/
|/| | |
Add --tz flag to create, run
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--tz flag sets timezone inside container
Can be set to IANA timezone as well as `local` to match host machine
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \
| | | |
| | | | |
move go module to v2
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/onsi/ginkgo-1.14.0
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.13.0...v1.14.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Set engine env from common config
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Set the env that is used by Podman.
related issue containers/common#31
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
podman ps truncate the command
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
With a long create command the
output from ps is basically unreadable.
This is a regression that was introduced with Podman 2.0.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
auto-update: clarify systemd-unit requirements
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Clarify in the help message and the man page that auto updates only work
with systemd units that are similar to the ones from `generate systemd
--new`. Units that merely start/stop a container do not work as they
will use the same image.
Fixes: #6793
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Print errors from individual containers in pods
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The infra/abi code for pods was written in a flawed way, assuming
that the map[string]error containing individual container errors
was only set when the global error for the pod function was nil;
that is not accurate, and we are actually *guaranteed* to set the
global error when any individual container errors. Thus, we'd
never actually include individual container errors, because the
infra code assumed that err being set meant everything failed and
no container operations were attempted.
We were originally setting the cause of the error to something
nonsensical ("container already exists"), so I made a new error
indicating that some containers in the pod failed. We can then
ignore that error when building the report on the pod operation
and actually return errors from individual containers.
Unfortunately, this exposed another weakness of the infra code,
which was discarding the container IDs. Errors from individual
containers are not guaranteed to identify which container they
came from, hence the use of map[string]error in the Pod API
functions. Rather than restructuring the structs we return from
pkg/infra, I just wrapped the returned errors with a message
including the ID of the container.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
Bump imagebuilder to v1.1.6 in upstream
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bump the imagebuilder package to v1.1.6 in
the upstream branch.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|