summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Reap exec sessions on cleanup and removalMatthew Heon2019-12-12
| | | | | | | | | | | | | | | | | | | | | | We currently rely on exec sessions being removed from the state by the Exec() API itself, on detecting the session stopping. This is not a reliable method, though. The Podman frontend for exec could be killed before the session ended, or another Podman process could be holding the lock and prevent update (most notable in `run --rm`, when a container with an active exec session is stopped). To resolve this, add a function to reap active exec sessions from the state, and use it on cleanup (to clear sessions after the container stops) and remove (to do the same when --rm is passed). This is a bit more complicated than it ought to be because Kata and company exist, and we can't guarantee the exec session has a PID on the host, so we have to plumb this through to the OCI runtime. Fixes #4666 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #4517 from baude/macvlanOpenShift Merge Robot2019-12-09
|\ | | | | macvlan networks
| * macvlan networksbaude2019-12-09
| | | | | | | | | | | | add the ability to a macvlan network with podman network create. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4657 from jdieter/fix-runtime-path-when-rootOpenShift Merge Robot2019-12-07
|\ \ | | | | | | Return empty runtime directory if we're not rootless
| * | Return empty runtime directory if we're not rootlessJonathan Dieter2019-12-07
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we return a runtime directory of the form `/run/user/<uid>`, even when running as root. Depending on configuration, that directory may be deleted when the user logs out, which is quite awkward when the container is started as a systemd service and then someone logs in and out as root. This patch fixes the problem by returning an empty runtime directory if the container is being started by root. The runtime should automatically use the default runtime directory (`/run/crun` when crun is used), which should be accessible to root. Tested in Fedora 31 by running containers under both root and a regular user. State for root containers is stored in `/run/crun`, while state for rootless containers is in `/run/user/<uid>/crun`. Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
* | Merge pull request #4440 from edsantiago/batsOpenShift Merge Robot2019-12-06
|\ \ | | | | | | test for #3920 (improper caching of tarballs in build)
| * | test for #3920 (improper caching of tarballs in build)Ed Santiago2019-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | See https://github.com/containers/buildah/pull/1955 I've confirmed that this test fails under podman-1.6.2-2.fc30 and passes under current master. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #4563 from mheon/fix_change_parsingOpenShift Merge Robot2019-12-06
|\ \ \ | | | | | | | | Fix parsing for arrays of values in image changes
| * | | Add ONBUILD support to --changeMatthew Heon2019-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return types had to change a bit for this, but since we can wrap the old v1.ImageConfig, changes are overall not particularly bad. At present, I believe this only works with commit, not import. This matches how things were before we changed to the new parsing so I think this is fine. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Move Commit() to new parsing for --changeMatthew Heon2019-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It turns out we had two independent parsing impkementations for Dockerfile instructions out of --change. My previous commit fixed the one used in --change, but as I discovered to my dismay, commit used a different implementation. Remove that and use the new parsing implementation instead. While we're at it, fix some bugs in the current commit code. The addition of anonymous named volumes to Libpod recently means we can now include those in the image config when committing. Some changes (VOLUME, ENV, EXPOSE, LABEL) previously cleared the config of the former image when used; Docker does not do this, so I removed that behavior. Still needs fixing: the new implementation does not support ONBUILD, while the old one did. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Completely rework --change parsingMatthew Heon2019-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The way we were trying to parse was very broken. I originally attempted to use Buildah's Dockerfile parser here, but dealing with it (and convincing it to accept only a limited subset, and only one instruction at a time) was challenging, so I rewrote a subset of Dockerfile parsing. This should handle most common cases well, though there are definitely unhandled edge cases for ENV and LABEL. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4651 from marcov/detach-configOpenShift Merge Robot2019-12-06
|\ \ \ \ | | | | | | | | | | Use terminal detach keys sequence specified in the config file
| * | | | Use terminal detach keys sequence specified in the config fileMarco Vedovati2019-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: #4556 Signed-off-by: Marco Vedovati <mv@sba.lat>
* | | | | Merge pull request #4652 from ↵OpenShift Merge Robot2019-12-06
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.15.2 build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2
| * | | | build(deps): bump github.com/containers/storage from 1.15.0 to 1.15.2dependabot-preview[bot]2019-12-06
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.15.0 to 1.15.2. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.15.0...v1.15.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4601 from ssbarnea/fix/test-build-rpm-changesOpenShift Merge Robot2019-12-05
|\ \ \ \ | | | | | | | | | | Enable multi-platform rpm building
| * | | | Enable multi-platform rpm buildingSorin Sbarnea2019-12-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - make: fix python detection for multiple interpreters - make: create generic `package` and `package-install` targets - build_rpm.sh: move package installation into package-install - build_rpm.sh: fix dnf/yum detection - build_rpm.sh: install md2man rpm only on platfroms where is available - build_rpm.sh: temporary skip packaging docs and debug on rhel-8 - docs: `make package-install` This change is validated by new CI jobs run by rdoproject. See link below for result. Depends-On: https://review.rdoproject.org/r/#/c/23943/ Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | | | Merge pull request #4639 from giuseppe/fix-stats-podOpenShift Merge Robot2019-12-05
|\ \ \ \ \ | | | | | | | | | | | | libpod: fix stats for rootless pods
| * | | | | rootless: enable stats test on cgroup v2Giuseppe Scrivano2019-12-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | libpod: fix stats for rootless podsGiuseppe Scrivano2019-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | honor the systemd parent directory when specified. Closes: https://github.com/containers/libpod/issues/4634 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4638 from ssbarnea/fix/detachOpenShift Merge Robot2019-12-05
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Avoid git warnings by using detach on checkout
| * | | | | Avoid git warnings by using detach on checkoutSorin Sbarnea2019-12-04
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git displays a huge and confusing warning when doing a checkout of a specific commit if the --detach option is not mentioned. This cleans up our build logs, making it easier to spot real problems. Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | | | Merge pull request #4642 from TomSweeneyRedHat/dev/tsweeney/buildah1.11.5OpenShift Merge Robot2019-12-05
|\ \ \ \ \ | |_|_|/ / |/| | | | Bump Buildah to v1.11.6
| * | | | Bump Buildah to v1.11.6TomSweeneyRedHat2019-12-04
| | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #4644 from ssbarnea/fix/hack-releaseOpenShift Merge Robot2019-12-05
|\ \ \ \ \ | |_|/ / / |/| | | | Improve hack/get_release_info.sh
| * | | | Improve hack/get_release_info.shSorin Sbarnea2019-12-04
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adopt bash strict mode - Avoid cd errors as seen on CI vendor jobs: hack/get_release_info.sh: line 9: cd: /go/src/github.com/containers/libpod: No such file or directory Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | | Merge pull request #4640 from ssbarnea/fix/dnfOpenShift Merge Robot2019-12-04
|\ \ \ \ | |/ / / |/| | | Improve dnf tests inside build_rpm.sh
| * | | Improve dnf tests inside build_rpm.shSorin Sbarnea2019-12-04
| |/ / | | | | | | | | | | | | | | | | | | | | | - Fix bug failing to detect dnf in various locations - Add missing sudo to yum/dnf calls - Fix bug where pkg_manager may endup with a multi-line value Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | Merge pull request #4637 from giuseppe/check-for-renameat2-runtimeOpenShift Merge Robot2019-12-04
|\ \ \ | |/ / |/| | rootless: add fallback for renameat2 at runtime
| * | rootless: add fallback for renameat2 at runtimeGiuseppe Scrivano2019-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the renameat2 syscall might be defined in the C library but lacking support in the kernel. In such case, let it fallback to open(O_CREAT)+rename as it does on systems lacking the definition for renameat2. Closes: https://github.com/containers/libpod/issues/4570 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4635 from ssbarnea/fix/go-md2manOpenShift Merge Robot2019-12-03
|\ \ \ | | | | | | | | Attempt to install go-md2man only if missing
| * | | Attempt to install go-md2man only if missingSorin Sbarnea2019-12-03
|/ / / | | | | | | | | | | | | Fixes: #4632 Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | Merge pull request #4630 from TomSweeneyRedHat/dev/tsweeney/rootlesstouchupOpenShift Merge Robot2019-12-03
|\ \ \ | |/ / |/| | Quick grammar touchup in rootless.md
| * | Quick grammar touchup in rootless.mdTomSweeneyRedHat2019-12-03
| | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4629 from mheon/fix_indirect_netnsctr_lookupOpenShift Merge Robot2019-12-03
|\ \ \ | | | | | | | | Allow chained network namespace containers
| * | | Allow chained network namespace containersMatthew Heon2019-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The code currently assumes that the container we delegate network namespace to will never further delegate to another container, so when looking up things like /etc/hosts and /etc/resolv.conf we won't pull the correct files from the chained dependency. The changes to resolve this are relatively simple - just need to keep looking until we find a container without NetNsCtr set. Fixes #4626 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4614 from bfallik/patch-1OpenShift Merge Robot2019-12-03
|\ \ \ \ | |_|/ / |/| | | troubleshooting: warn about secure boot
| * | | troubleshooting: warn about secure bootBrian Fallik2019-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an additional troubleshooting item to warn users that Secure Boot can prevent Podman from running containers. The error messages and initial debugging steps don't make it clear that this all stems from a BIOS setting. Hopefully adding this item to the troubleshooting doc will avoid future headaches. Signed-off-by: Brian Fallik <brian@clypd.com>
* | | | Merge pull request #4599 from raukadah/rpmbuild_withoutOpenShift Merge Robot2019-12-03
|\ \ \ \ | | | | | | | | | | Updates on making doc building optional
| * | | | Updates on making doc building and debug optionalChandan Kumar (raukadah)2019-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It changes the podman spec from using with_doc to bcond_without for building docs so that anyone can pass --without doc as well as other rpmbuild args to the build_rpm.sh script to skip building docs. Since go-md2man is not available in CentOS8 repo. without the help fo extra_args, it makes it conditional. It also moves the manpages to a seperate package. Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
* | | | | Merge pull request #4615 from ssbarnea/fix/prepareOpenShift Merge Robot2019-12-03
|\ \ \ \ \ | | | | | | | | | | | | build: improved prepare.sh
| * | | | | build: improved prepare.shSorin Sbarnea2019-12-02
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * assure we use bash strict mode * avoid shallow errors on full clones * make script bit more idempotent Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | | | Merge pull request #4622 from rhatdan/rootlessOpenShift Merge Robot2019-12-03
|\ \ \ \ \ | | | | | | | | | | | | Add comment on rootless containers creating device nodes
| * | | | | Add comment on rootless containers creating device nodesDaniel J Walsh2019-12-03
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #4623 from rhatdan/errorsOpenShift Merge Robot2019-12-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | Ignore ErrCtrRemoved when removing a container
| * | | | | | Ignore ErrCtrRemoved when removing a containerDaniel J Walsh2019-12-03
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #4624 from mheon/refresh_volume_locksOpenShift Merge Robot2019-12-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | Ensure volumes reacquire locks on state refresh
| * | | | | | Ensure volumes reacquire locks on state refreshMatthew Heon2019-12-02
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After a restart, pods and containers both run a refresh() function to prepare to run after a reboot. Until now, volumes have not had a similar function, because they had no per-boot setup to perform. Unfortunately, this was not noticed when in-memory locking was introduced to volumes. The refresh() routine is, among other things, responsible for ensuring that locks are reserved after a reboot, ensuring they cannot be taken by a freshly-created container, pod, or volume. If this reservation is not done, we can end up with two objects using the same lock, potentially needing to lock each other for some operations - classic recipe for deadlocks. Add a refresh() function to volumes to perform lock reservation and ensure it is called as part of overall refresh(). Fixes #4605 Fixes #4621 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #4584 from nitrocode/patch-2OpenShift Merge Robot2019-12-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | install.md: added slirp4netns dependency to ubuntu
| * | | | | | install.md: added slirp4netns dependency to ubuntunitro2019-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/containers/libpod/issues/1234 Signed-off-by: nitrocode <nitrocode@users.noreply.github.com>