| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Disable mount options when running --privileged
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We now default to setting storage options to "nodev", when running
privileged containers, we need to turn this off so the processes can
manipulate the image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
This allows us to modify the containers mount option on a per/container basis
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
/dev/shm should be mounted even in rootless mode.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we are mounting /dev/shm from disk, it should be from a tmpfs.
User Namespace supports tmpfs mounts for nonroot users, so this section of
code should work fine in bother root and rootless mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
add pod short option to ps
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
podman ps has a flag --pod; simply adding a short option of -p
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
disable checkpoint tests on f29
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
temporarily disabling checkpoint tests on f29 as they don't currently pass.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
tests: fix rootless tests with an updated runc
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 803efd4d380f091c85cd45e0b3c35cf6333d47b7.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Cleaning up completions.
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Also add missing --help and -h and add some consistency to the
usage of boolean_options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
hide kube command for now
|
| |/ /
| |
| |
| |
| |
| |
| | |
until the kube commands are ironed out, we dont want it drawing
attention in any release
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Add support for --all in pypodman ps command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated field widths to match changes in go code
Fixes #1654
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| | | |
| | | | |
systemd: fix NOTIFY_SOCKET with patched runc
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
with https://github.com/opencontainers/runc/pull/1807 we moved the
systemd notify initialization from "create" to "start", so that the
OCI runtime doesn't hang while waiting on reading from the notify
socket. This means we also need to set the correct NOTIFY_SOCKET when
start'ing the container.
Closes: https://github.com/containers/libpod/issues/746
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
do not make any assumption on the path inside of the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
_split_token(): handle None
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The conditional + list comprehension in images.py:_split_token()
wasn't quite working as intended; in particular, when fed None,
it chokes with
TypeError: 'NoneType' object is not iterable
This is the correct behavior: comprehensions iterate first,
then apply the conditional.
Solution: special-case None, and remove the now-unnecessary
conditional.
Context: seen when trying 'pypodman run' against
docker.io/stackbrew/centos:7, which has no .ContainerConfig.Eng
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fixes #1867
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Some items included in the CLI and currently not supported by the API.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fix golang formatting issues
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Whe running unittests on newer golang versions, we observe failures with some
formatting types when no declared correctly.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Use host's resolv.conf if no network namespace enabled
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
My host system runs Fedora Silverblue 29 and I have NetworkManager's
`dns=dnsmasq` setting enabled, so my `/etc/resolv.conf` only has
`127.0.0.1`.
I also run my development podman containers with `--net=host`
for various reasons.
If we have a host network namespace, there's no reason not to just
use the host's nameserver configuration either.
This fixes e.g. accessing content on a VPN, and is also faster
since the container is using cached DNS.
I know this doesn't solve the bigger picture issue of localhost-DNS
conflicting with bridged networking, but that's far more involved,
probably requiring a DNS proxy in the container. This patch
makes my workflow a lot nicer and was easy to write.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Stopping a stopped container is not an error for Podman
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We regressed on this at some point. Adding a new test should help
ensure that doesn't happen again.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Add tcp-established to checkpoint/restore
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This adds checkpoint/restore test cases for the newly added options
* --leave-running
* --tcp-established
* --all
* --latest
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman container restore -a was using the wrong filter to restore
checkpointed containers. This switches from 'running' containers to
'exited' containers.
Restoring with -a only works if all exited containers have been
checkpointed. Maybe it would make sense to track which containers have
been really checkpointed. This is just to fix '-a' to work at least
if all exited containers have been checkpointed.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This brings all the recent changes to checkpoint/restore to the bash
completion.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CRIU can checkpoint and restore processes/containers with established
TCP connections if the correct option is specified. To implement
checkpoint and restore with support for established TCP connections with
Podman this commit adds the necessary options to runc during checkpoint
and also tells conmon during restore to use 'runc restore' with
'--tcp-established'.
For this Podman feature to work a corresponding conmon change is
required.
Example:
$ podman run --tmpfs /tmp --name podman-criu-test -d docker://docker.io/yovfiatbeb/podman-criu-test
$ nc `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'` 8080
GET /examples/servlets/servlet/HelloWorldExample
Connection: keep-alive
1
GET /examples/servlets/servlet/HelloWorldExample
Connection: keep-alive
2
$ # Using HTTP keep-alive multiple requests are send to the server in the container
$ # Different terminal:
$ podman container checkpoint -l
criu failed: type NOTIFY errno 0
$ # Looking at the log file would show errors because of established TCP connections
$ podman container checkpoint -l --tcp-established
$ # This works now and after the restore the same connection as above can be used for requests
$ podman container restore -l --tcp-established
The restore would fail without '--tcp-established' as the checkpoint image
contains established TCP connections.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The old commit points to the development branch and is not stable.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is basically the same change as
ff47a4c2d5485fc49f937f3ce0c4e2fd6bdb1956 (Use a struct to pass options to Checkpoint())
just for the Restore() function. It is used to pass multiple restore
options to the API and down to conmon which is used to restore
containers. This is for the upcoming changes to support checkpointing
and restoring containers with '--tcp-established'.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \ \
| | | |
| | | | |
rootless: add new netmode "slirp4netns"
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
so that inspect reports the correct network configuration.
Closes: https://github.com/containers/libpod/issues/1453
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
exec: remove polling for PID file
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
prefer a fsnotify watcher to polling the file, we take advantage of
inotify on Linux and react more promptly to the PID file being
created.
If the watcher cannot be created, then fallback to the old polling
mechanism.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
don't wait for the timeout to expire if the runtime process exited.
I've noticed podman to hang on exit and keeping the container lock
taken when the OCI runtime already exited.
Additionally, it reduces the waiting time as we won't hit the 25
milliseconds waiting time in the worst case.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
