| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Support default profile for apparmor
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently you can not apply an ApparmorProfile if you specify
--privileged. This patch will allow both to be specified
simultaniosly.
By default Apparmor should be disabled if the user
specifies --privileged, but if the user specifies --security apparmor:PROFILE,
with --privileged, we should do both.
Added e2e run_apparmor_test.go
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
logformatter: update MAGIC BLOB string
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fallout from libpod->podman repo name move: the HTML logs
created by logformatter are no longer accessible. They
render as:
https://storage.googleapis.com/SECRET-5385732420009984-fcae48/artifacts/containers/podman/6313596734930944/html/integration_test.log.html
(yes, "SECRET" instead of "cirrus-ci". Possibly because
the GCE_SSH_USERNAME key, "cirrus-ci", was overzealously
encrypted, making Cirrus censor any instances of the
string in output. Let's see if this fixes it. But anyway
this is a secondary unrelated bug).
Reason: it looks like Cirrus "generated a new magic blob"
when we renamed libpod -> podman. Chris was kind enough to
locate the new magic blob and to give me a link to where
we can discover it ourselves. I added that as a code comment.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Enable a bunch of remote tests
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.21.2
Bump github.com/containers/storage from 1.21.1 to 1.21.2
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.21.1 to 1.21.2.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.21.1...v1.21.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/github.com/containers/common-0.17.0
Bump github.com/containers/common from 0.16.0 to 0.17.0
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.16.0...v0.17.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
make localunit: record coverage
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Inspirsed by CRI-O's coverage logic. Initial coverage is at 15.7
percent.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Add --umask flag for create, run
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
fix podman play kube doesn't override dockerfile ENTRYPOINT
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Do not print an error message on non-0 exec exit code
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This was added with an earlier exec rework, and honestly is very
confusing. Podman is printing an error message, but the error had
nothing to do with Podman; it was the executable we ran inside
the container that errored, and per `podman run` convention we
should set the Podman exit code to the process's exit code and
print no error.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Update the README to reflect the libpod move
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We no longer have to dance around the fact that the repo is named
"libpod" which simplifies the opening a bit. Also, refresh our
scope section and to-do section a bit.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Add noop function disable-content-trust
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
BATS help-message test: improve diagnostics
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The error messages from the 'podman xxx --help' cross-check
test are unhelpful, and cause much wasted time when they trigger.
Solution: instead of using the built-in exit-status check
in run_podman, do an explicit check outside of run_podman.
This lets us die() with a custom, hopefully useful, message.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
docs: Fix formatting mistake
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Part of this section was a code block, and part of it was absorbed into
the preceding normal paragraph.
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Fix Generate API swagger title/description
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
generate kube title and descritopn was same as play kube for apiv2 docs
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
events endpoint: fix panic and race condition
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
unit tests: root check
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The unit tests currently require running as root. This has caused some
confusion that justifies adding a root check to `make localunit` and
error out for non-root users instead of starting the tests deemed to
fail.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Switch references from libpod.conf to containers.conf
|
| | | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
BATS tests: more resilient remove_same_dev_warning
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some CI tests are flaking in the SELinux test, possibly because
there's a new variation of the "multiple devices" warning I hadn't
seen before:
WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null".
Solution: in remove_same_dev_warning(), remove "multiple" from
the match string.
Also: fix a Go test that wasn't cleaning up after itself. And
add an actual test to it, not just check-exit-status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for overlay volume mounts in podman.
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support -v for overlay volume mounts in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Re-enable a generate kube test that failed on Ubuntu
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The fix was a new runc version, which we may have sucked in.
Fixes #6506
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| |/ /
|/| | |
contrib/systemd cleanups
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Set the type of the podman.service to simple. This will correctly
report the status of the service once it has started. As a oneshot
service, it does not transition from the startup state to running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman-api(1) does not exist, so set the man page to
podman-system-service(1). Same for the .socket.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not hard-set the registries.conf to `/etc/containers/registries.conf`.
Podman (and other c/image users) already default to it. However,
ordinary non-root users should still be able to use the configs in their
home directories which is now possible.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not set the killmode to process as it only kills the main process and
leaves other processes untouched. Just remove the line and use the
default cgroup killmode which will kill all processes in the service's
cgroup.
Fixes: #7021
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the stop timeout from the unit. As unit does not specify any
stop command, the timeout is effectively 0 and a NOOP.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Symlink the user to the system services in `contrib/systemd`.
There is no diference between the services, so we can reduce
redundancy while not breaking downstream packages which might
already be referencing `./contrib/systemd/user`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
