| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Display correct value for unlimited ulimit
|
|/
|
|
|
|
|
|
|
|
|
| |
When doing a container inspect on a container with unlimited ulimits,
the value should be -1. But because the OCI spec requires the ulimit
value to be uint64, we were displaying the inspect values as a uint64 as
well. Simple change to display as an int64.
Fixes: #9303
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Cirrus: Send cirrus-cron report e-mail to list.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This mailing-list was established to allow people to sub/unsub from
automated notifications. Add it to the list of destinations picked up
by the Github Actions workflow
`.github/workflows/check_cirrus_cron.yml`.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/spf13/cobra-1.1.2
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add shell completion tests for secrets
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the SECRET keyword to the shell completion test. Also update the
use line for podman secret create to use `NAME` instead of `SECRET`.
This matches the other commands such as network/volume create.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
bump to v3.1.0-dev
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Given we branched for 3.0 already, bumping the version in the main
branch will help prevent confusion in case users report issues on main
versus the v3.0 branch.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Update golangci-lint
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Docker [APIv2] push sends digest in response body
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
hardening flags for fedora rpmbuilds
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm
binaries.
The flags used are the same as those in the official Fedora rpms.
Setting the flags in upstream spec would provide early warnings for
flag adjustments or other hardening issues.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix compat networks endpoint for a empty result
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The networks list compat api endpoint must return `[]`
and not `null` if no networks are found.
Fixes #9293
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \
| |_|/ /
|/| | | |
Support annotations from containers.conf
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Service needs to be restarted in order to read the CONTAINERS_CONF file.
Not resetting this can lead to lots of flakes, since the test will use
whatever the host system has to be set in it's containers.conf.
Fixes: https://github.com/containers/podman/issues/9286
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently podman does not use the annotations specified in the
containers.conf. This PR fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
vendor github.com/containers/image v5.10.2
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Fixes: #8559
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
apiv2 test fixes
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It's been a while since I last looked at these; some cruft
has crept in, generating noise and hence unreadable test
results. Clean it up:
* remove pushd/popd in one subtest, replace with 'tar -C'.
(Also remove confusing quotation marks). This removes
spurious directory names from output.
* in like(), show only first line of actual output.
Some commands ('tree', 'generate kube') produce
voluminous multi-line output, which is super useless
and distracting when reading a test run.
* Recognize that some queries will not generate output,
e.g. HEAD requests and some POSTs. Deal with that.
This fixes "curl.result.out: no such file" and "parse
error" warnings.
* In cleanup, 'podman rm -a' and 'rmi -af'; this gets
rid of errors when deleting $WORKDIR. (EBUSY error
when root, EPERM when rootless).
And, the original reason for poking in here: refactor the
wait-for-port part of start_server() into its own helper
function, so we can use it when starting a local registry
in 12-imagesMore. (Ref: #9270)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\| | | |
| | | | |
| | | | | |
Fix Docker APIv2 push endpoint
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Docker doesn't have the destination parameter as libpod does,
the "image name" path parameter is supposed to be the destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
generate kube: do not set caps with --privileged
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Do not play with capabilities for privileged containers where all
capabilities will be set implicitly.
Also, avoid the device check when running privileged since all of /dev/*
will be mounted in any case.
Fixes: #8897
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.0
Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.0.3...v1.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Implement Secrets
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Allow path completion for podman create/run --rootfs
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the --rootfs flag is set podman create/run expect a host
path as first argument. The shell completion should provide
path completion in that case.
[NO TESTS NEEDED]
This can manually be verified with `podman run --rootfs [TAB]`.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \
| |_|_|/
|/| | | |
Bump containers/buildah to v1.19.4
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Fix handling of --iidfile to happen on the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Implement missing arguments for podman build
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Buildah bud passes a bunch more flags then podman build.
We need to implement hook up all of these flags to get full functionality.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
make `podman rmi` more robust
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The c/storage library is subject to TOCTOUs as the central container and
image storage may be shared by many instances of many tools. As shown
in #6510, it's fairly easy to have multiple instances of Podman running
in parallel and yield image-lookup errors when removing them.
The underlying issue is the TOCTOU of removal being split into multiple
stages of first reading the local images and then removing them. Some
images may already have been removed in between the two stages. To make
image removal more robust, handle errors at stage two when a given image
is not present (anymore) in the storage.
Fixes: #6510
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
add network prune
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
vendor latest containers/common
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
We had a couple of regressions in containers/common in the last release.
Before cutting a new release, let's vendor it here. Since 3.0 has been
branched, we can vendor a non-release commit of c/common.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
play kube selinux label issue
|
| |
| |
| |
| |
| |
| | |
added skip to test case where selinux not enabled
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| | |
fixed typo in the label comparison
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| |
| | |
test case added to e2e test suite to validate process label being correctly set
on play kube
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|