| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently rely on exec sessions being removed from the state
by the Exec() API itself, on detecting the session stopping. This
is not a reliable method, though. The Podman frontend for exec
could be killed before the session ended, or another Podman
process could be holding the lock and prevent update (most
notable in `run --rm`, when a container with an active exec
session is stopped).
To resolve this, add a function to reap active exec sessions from
the state, and use it on cleanup (to clear sessions after the
container stops) and remove (to do the same when --rm is passed).
This is a bit more complicated than it ought to be because Kata
and company exist, and we can't guarantee the exec session has a
PID on the host, so we have to plumb this through to the OCI
runtime.
Fixes #4666
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
macvlan networks
|
| |
| |
| |
| |
| |
| | |
add the ability to a macvlan network with podman network create.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Return empty runtime directory if we're not rootless
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, we return a runtime directory of the form
`/run/user/<uid>`, even when running as root. Depending on configuration,
that directory may be deleted when the user logs out, which is quite
awkward when the container is started as a systemd service and then
someone logs in and out as root.
This patch fixes the problem by returning an empty runtime directory if the
container is being started by root. The runtime should automatically use
the default runtime directory (`/run/crun` when crun is used), which should
be accessible to root.
Tested in Fedora 31 by running containers under both root and a regular
user. State for root containers is stored in `/run/crun`, while state for
rootless containers is in `/run/user/<uid>/crun`.
Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
|
|\ \
| | |
| | | |
test for #3920 (improper caching of tarballs in build)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See https://github.com/containers/buildah/pull/1955
I've confirmed that this test fails under podman-1.6.2-2.fc30
and passes under current master.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix parsing for arrays of values in image changes
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Return types had to change a bit for this, but since we can wrap
the old v1.ImageConfig, changes are overall not particularly bad.
At present, I believe this only works with commit, not import.
This matches how things were before we changed to the new parsing
so I think this is fine.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It turns out we had two independent parsing impkementations for
Dockerfile instructions out of --change. My previous commit fixed
the one used in --change, but as I discovered to my dismay,
commit used a different implementation. Remove that and use the
new parsing implementation instead.
While we're at it, fix some bugs in the current commit code. The
addition of anonymous named volumes to Libpod recently means we
can now include those in the image config when committing. Some
changes (VOLUME, ENV, EXPOSE, LABEL) previously cleared the
config of the former image when used; Docker does not do this, so
I removed that behavior.
Still needs fixing: the new implementation does not support
ONBUILD, while the old one did.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The way we were trying to parse was very broken. I originally
attempted to use Buildah's Dockerfile parser here, but dealing
with it (and convincing it to accept only a limited subset, and
only one instruction at a time) was challenging, so I rewrote a
subset of Dockerfile parsing. This should handle most common
cases well, though there are definitely unhandled edge cases for
ENV and LABEL.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Use terminal detach keys sequence specified in the config file
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes: #4556
Signed-off-by: Marco Vedovati <mv@sba.lat>
|
|\ \ \ \ \
| |/ / / /
|/| | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.15.2
build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.15.0...v1.15.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Enable multi-platform rpm building
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- make: fix python detection for multiple interpreters
- make: create generic `package` and `package-install` targets
- build_rpm.sh: move package installation into package-install
- build_rpm.sh: fix dnf/yum detection
- build_rpm.sh: install md2man rpm only on platfroms where is available
- build_rpm.sh: temporary skip packaging docs and debug on rhel-8
- docs: `make package-install`
This change is validated by new CI jobs run by rdoproject. See link
below for result.
Depends-On: https://review.rdoproject.org/r/#/c/23943/
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
libpod: fix stats for rootless pods
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
honor the systemd parent directory when specified.
Closes: https://github.com/containers/libpod/issues/4634
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Avoid git warnings by using detach on checkout
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Git displays a huge and confusing warning when doing a checkout of
a specific commit if the --detach option is not mentioned.
This cleans up our build logs, making it easier to spot real problems.
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Bump Buildah to v1.11.6
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Improve hack/get_release_info.sh
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Adopt bash strict mode
- Avoid cd errors as seen on CI vendor jobs:
hack/get_release_info.sh: line 9: cd: /go/src/github.com/containers/libpod: No such file or directory
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Improve dnf tests inside build_rpm.sh
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Fix bug failing to detect dnf in various locations
- Add missing sudo to yum/dnf calls
- Fix bug where pkg_manager may endup with a multi-line value
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \
| |/ /
|/| | |
rootless: add fallback for renameat2 at runtime
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the renameat2 syscall might be defined in the C library but lacking
support in the kernel.
In such case, let it fallback to open(O_CREAT)+rename as it does on
systems lacking the definition for renameat2.
Closes: https://github.com/containers/libpod/issues/4570
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Attempt to install go-md2man only if missing
|
|/ / /
| | |
| | |
| | |
| | | |
Fixes: #4632
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Quick grammar touchup in rootless.md
|
| | |
| | |
| | |
| | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
Allow chained network namespace containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The code currently assumes that the container we delegate network
namespace to will never further delegate to another container, so
when looking up things like /etc/hosts and /etc/resolv.conf we
won't pull the correct files from the chained dependency. The
changes to resolve this are relatively simple - just need to keep
looking until we find a container without NetNsCtr set.
Fixes #4626
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|/ /
|/| | | |
troubleshooting: warn about secure boot
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add an additional troubleshooting item to warn users that Secure Boot
can prevent Podman from running containers. The error messages and
initial debugging steps don't make it clear that this all stems from a
BIOS setting. Hopefully adding this item to the troubleshooting doc
will avoid future headaches.
Signed-off-by: Brian Fallik <brian@clypd.com>
|
|\ \ \ \
| | | | |
| | | | | |
Updates on making doc building optional
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It changes the podman spec from using with_doc to bcond_without
for building docs so that anyone can pass --without doc as well
as other rpmbuild args to the build_rpm.sh script to skip
building docs.
Since go-md2man is not available in CentOS8 repo. without the
help fo extra_args, it makes it conditional.
It also moves the manpages to a seperate package.
Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
build: improved prepare.sh
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* assure we use bash strict mode
* avoid shallow errors on full clones
* make script bit more idempotent
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add comment on rootless containers creating device nodes
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Ignore ErrCtrRemoved when removing a container
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Ensure volumes reacquire locks on state refresh
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
After a restart, pods and containers both run a refresh()
function to prepare to run after a reboot. Until now, volumes
have not had a similar function, because they had no per-boot
setup to perform.
Unfortunately, this was not noticed when in-memory locking was
introduced to volumes. The refresh() routine is, among other
things, responsible for ensuring that locks are reserved after a
reboot, ensuring they cannot be taken by a freshly-created
container, pod, or volume. If this reservation is not done, we
can end up with two objects using the same lock, potentially
needing to lock each other for some operations - classic recipe
for deadlocks.
Add a refresh() function to volumes to perform lock reservation
and ensure it is called as part of overall refresh().
Fixes #4605
Fixes #4621
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
install.md: added slirp4netns dependency to ubuntu
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
https://github.com/containers/libpod/issues/1234
Signed-off-by: nitrocode <nitrocode@users.noreply.github.com>
|