| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A container restored from a checkpoint archive used to have the root
file-system mounted with a wrong (new) SELinux label. This made it, for
example, impossible to use 'podman exec' on a restored container.
This test tests exactly this. 'podman exec' after 'podman container restore'.
Unfortunately this test does not fail, even without the patch that fixes
it as the test seems to run in an environment where the SELinux label of
the container root file-system is not relevant. Somehow.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Restoring a container from a checkpoint archive creates a complete
new root file-system. This file-system needs to have the correct SELinux
label or most things in that restored container will fail. Running
processes are not as problematic as newly exec()'d process (internally
or via 'podman exec').
This patch tells the storage setup which label should be used to mount
the container's root file-system.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of only tracking that a container is restored from
a checkpoint locally in runtime_ctr.go this adds a flag to the
Container structure.
Upcoming patches to correctly label the root file-system mount-point
need also to know if a container is restored from a checkpoint.
Instead of passing a parameter around a lot of functions, this
adds that information to the Container structure.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\
| |
| | |
Correctly identify the defaults for cgroup-manager
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we report cgroupmanager default as systemd, even if the user modified
the libpod.conf. Also cgroupmanager does not work in rootless mode. This
PR correctly identifies the default cgroup manager or reports it is not supported.
Also add homeDir to correctly get the homedir if the $HOME is not set. Will
attempt to get Homedir out of /etc/passwd.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Fix inspect --format '{{.Mounts}}.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This provides backwards compatability with 1.4.0-1.4.2 releases
which name .Source and .Destination as .Src and .Dst - useful for
not breaking toolbox.
Also add a test.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In Go templating, we use the names of fields, not the JSON struct
tags. To ensure templating works are expected, we need the two to
match.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Go templating is incapable of dealing with pointers, so when we
moved to Docker compatible mounts JSON, we broke it. The solution
is to not use pointers in this part of inspect.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
fix bug creats directory copying file
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
close #3384
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix a segfault in 'podman ps --sync'
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We weren't properly populating the container's OCI Runtime in
Batch(), causing segfaults on attempting to access it. Add a test
to make sure we actually catch cases like this in the future.
Fixes #3411
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Go modules
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a `go-get` function to the Makefile to wrap `go get -u` into a
wrapper disabling go modules.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Update conmon to include attach socket unlink
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
rootless: add an entry to /etc/hosts when using slirp4netns
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Closes: https://github.com/containers/libpod/issues/3405
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix configs location in rootless tutorial.
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
libpod.conf: add runtime crun
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
now that crun is available as a Fedora package, we can add an entry to
the default libpod.conf so that it is easier to use it just by using
--runtime crun to Podman.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Add /usr/local/{s,}bin to conmon paths
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jamie Bliss <jamie@ivyleav.es>
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is one of the default installation paths in conmon
Signed-off-by: Jamie Bliss <jamie@ivyleav.es>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
include make podman target in install instructions
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
now that podman ships conmon >=0.3.0
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Add additional debugging when refreshing locks
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Add some missing periods to the readme
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add --latest, -l to 'podman diff'
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The man page of 'podman diff' claims that the diff sub-command knows
about --latest, -l. This adds support, as described in the man-page, to
the diff sub-command for --latest, -l.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Begin adding support for multiple OCI runtimes
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Use name of the default runtime, instead of the OCIRuntime config
option, which may include a full path.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Try and locate the right runtime by using the basename of the
path.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This is done by the --runtime flag, and as such, by all our CI.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We may want to ship configurations including more than one
runtime configuration - for example, crun and runc and kata, all
configured. However, we don't want to make these extra runtimes
hard requirements, so let's not fatally error when we can't find
their executables.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Allow Podman containers to request to use a specific OCI runtime
if multiple runtimes are configured. This is the first step to
properly supporting containers in a multi-runtime environment.
The biggest changes are that all OCI runtimes are now initialized
when Podman creates its runtime, and containers now use the
runtime requested in their configuration (instead of always the
default runtime).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
add windows bridge format
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
when using podman-remote on windows, the bridge format must account for
how windows deals with escape quoting. in this case, it does not need
any.
also, reduced duplicated code around generating the bridge endpoint for
the unix and windows platforms.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Build cgo files with -Wall and -Werror
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
To avoid unnecessary warnings and errors in the future I'd like to
propose building all cgo related sources with `-Wall -Werror`. This
commit fixes some warnings which came up in `shm_lock.c`, too.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix format specifiers in rootless_linux.c
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Format `%d` expects argument of type `int`, but the argument has a type
of `long int`.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
