summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* e2e inspect: HostConfig.SecurityOptValentin Rothberg2020-06-25
| | | | | | | Make sure that all specified security options are displayed in a container's inspect data. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6713 from mheon/debug_levelOpenShift Merge Robot2020-06-25
|\ | | | | Set syslog for exit commands on log-level=debug
| * Set syslog for exit commands on log-level=debugMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6752 from rhatdan/inspectOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Fix inspect to display multiple label: changes
| * | Fix inspect to display multiple label: changesDaniel J Walsh2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6753 from giuseppe/drop-default-mapping-1-1OpenShift Merge Robot2020-06-24
|\ \ \ | |_|/ |/| | utils: drop default mapping when running uid!=0
| * | utils: drop default mapping when running uid!=0Giuseppe Scrivano2020-06-24
| |/ | | | | | | | | | | | | | | | | | | this is a leftover from the first implementation of rootless. This code is never hit by podman rootless anymore as podman automatically creates a user namespace now. Fixes an issue with podman remote when used with uid != 0. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6732 from mheon/fix_stopsignal_setOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Set stop signal to 15 when not explicitly set
| * | Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6746 from vrothberg/untagOpenShift Merge Robot2020-06-24
|\ \ \ | |_|/ |/| | podman untag: error if tag doesn't exist
| * | podman untag: error if tag doesn't existValentin Rothberg2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Throw an error if a specified tag does not exist. Also make sure that the user input is normalized as we already do for `podman tag`. To prevent regressions, add a set of end-to-end and systemd tests. Last but not least, update the docs and add bash completions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6729 from QiWang19/inspect-formatOpenShift Merge Robot2020-06-24
|\ \ \ | | | | | | | | Reformat inspect network settings
| * | | Reformat inspect network settingsQi Wang2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | Reformat ports of inspect network settings to compatible with docker inspect. Close #5380 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #6741 from maybe-sybr/maybe/apiv2/fix-volume-create-codeOpenShift Merge Robot2020-06-24
|\ \ \ \ | | | | | | | | | | APIv2: Return `StatusCreated` from volume creation
| * | | | APIv2: Return `StatusCreated` from volume creationmaybe-sybr2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The swagdoc in `register_volumes.go` already correctly notes that a 201 should be returned upon success, so we only need to change the handler to match the spec. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | | | | Merge pull request #6738 from maybe-sybr/maybe/apiv2/fix-network-compat-urlsOpenShift Merge Robot2020-06-24
|\ \ \ \ \ | | | | | | | | | | | | APIv2:fix: Remove `/json` from compat network EPs
| * | | | | APIv2:fix: Remove `/json` from compat network EPsmaybe-sybr2020-06-24
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | | | | Merge pull request #6733 from edsantiago/bats_help_extra_argsOpenShift Merge Robot2020-06-24
|\ \ \ \ \ | | | | | | | | | | | | BATS tests: new too-many-arguments test
| * | | | | BATS tests: new too-many-arguments testEd Santiago2020-06-23
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...plus a few others. And fixes to actual parsing. If a command's usage message includes '...' in the argument list, assume it can take unlimited arguments. Nothing we can check. For all others, though, the ALL-CAPS part on the right-hand side of the usage message will define an upper bound on the number of arguments accepted by the command. So in our 'podman --help' test, generate N+1 args and run that command. We expect a 125 exit status and a suitably helpful error message. Not all podman commands or subcommands were checking, so I fixed that. And, fixed some broken usage messages (all-caps FLAGS, and '[flags]' at the end of 'ARGS'). Add new checks to the help test to prevent those in the future. Plus a little refactoring/cleanup where necessary. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #6739 from jwhonce/wip/connectionOpenShift Merge Robot2020-06-24
|\ \ \ \ \ | | | | | | | | | | | | Fix ssh-agent support
| * | | | | Fix ssh-agent supportJhon Honce2020-06-23
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #6743 from giuseppe/specify-mappings-to-storageOpenShift Merge Robot2020-06-24
|\ \ \ \ \ | |_|_|/ / |/| | | | libpod: specify mappings to the storage
| * | | | libpod: specify mappings to the storageGiuseppe Scrivano2020-06-24
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | specify the mappings in the container configuration to the storage when creating the container so that the correct mappings can be configured. Regression introduced with Podman 2.0. Closes: https://github.com/containers/libpod/issues/6735 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #6737 from maybe-sybr/maybe/doc/fix-volume-list-swagdocOpenShift Merge Robot2020-06-24
|\ \ \ \ | |/ / / |/| | | APIv2:doc: Fix swagger doc to refer to volumes
| * | | APIv2:doc: Fix swagger doc to refer to volumesmaybe-sybr2020-06-24
|/ / / | | | | | | | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | | Merge pull request #6706 from rhatdan/completionsOpenShift Merge Robot2020-06-23
|\ \ \ | | | | | | | | Add podman network to bash command completions
| * | | Add podman network to bash command completionsDaniel J Walsh2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | network commands were not supported in command completions. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6685 from mavit/autfileOpenShift Merge Robot2020-06-23
|\ \ \ \ | |_|/ / |/| | | Fix typo.
| * | | Fix typo in manpage for `podman auto update`.Peter Oliver2020-06-23
| | | | | | | | | | | | | | | | Signed-off-by: Peter Oliver <git@mavit.org.uk>
* | | | Merge pull request #6728 from mheon/add_privileged_testsOpenShift Merge Robot2020-06-23
|\ \ \ \ | |_|/ / |/| | | Add tests for --privileged with other flags
| * | | Add tests for --privileged with other flagsMatthew Heon2020-06-23
| | |/ | |/| | | | | | | | | | | | | | | | | | | With Podman v2.0, we broke (or thought we were going to break) using `--privileged` with `--group-add` and `--security-opt` (specifically using `--security-opt` for SELinux config). Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #6726 from edsantiago/batsOpenShift Merge Robot2020-06-23
|\ \ \ | |_|/ |/| | system tests: invoke with abs path to podman
| * | system tests: invoke with abs path to podmanEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reversion of one part of #6679: my handling of 'realpath' would not work when $PODMAN is 'podman-remote --url etc'. Trying to handle that case got unmaintainable; so instead let's just force 'make {local,remote}system' to invoke with a full PODMAN path. This breaks down if someone runs the tests with a manual 'bats' invocation, but I think I'm the only one who ever does that. Since podman path will now be very long in the logs, add code to logformatter to abbreviate it like we do for the ginkgo logs. And, one thing that has bugged me for a long time: in the error logs, show a different prompt ('#' vs '$') to distinguish root vs rootless. This should make it much easier to see at-a-glance whether a log file is root or not. Add tests for it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6731 from baude/toolboxjsonOpenShift Merge Robot2020-06-23
|\ \ \ | | | | | | | | Add JSON output field for ps
| * | | Add JSON output field for psBrent Baude2020-06-23
| | |/ | |/| | | | | | | | | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6493 from jwhonce/wip/connectionOpenShift Merge Robot2020-06-23
|\ \ \ | |/ / |/| | V2 podman system connection
| * | V2 podman system connectionJhon Honce2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * | wipBrent Baude2020-06-23
|/ / | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6722 from vrothberg/fix-6718OpenShift Merge Robot2020-06-23
|\ \ | |/ |/| image load: no args required
| * image load: no args requiredValentin Rothberg2020-06-23
| | | | | | | | | | | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6679 from edsantiago/batsOpenShift Merge Robot2020-06-23
|\ \ | | | | | | system tests: new rm, build tests
| * | system tests: new rm, build testsEd Santiago2020-06-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - rm: confirm 'rm' and 'rm -f' on running container - build: shotgun test of workdir, cmd, env, labels The new build test cd's to a temporary directory, which broke test invocations using a relative path (./bin/podman). Added code to detect relative paths and convert them to absolute. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6712 from mheon/readd_userns_envvarOpenShift Merge Robot2020-06-23
|\ \ \ | | | | | | | | Re-add PODMAN_USERNS environment variable
| * | | Re-add PODMAN_USERNS environment variableMatthew Heon2020-06-22
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | This was lost during the Podman 2.0 migration. Turns out to be a very easy fix, fortunately - we want to use the environment var if not explicitly overridden. Fixes #6705 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6710 from vrothberg/fix-6413OpenShift Merge Robot2020-06-23
|\ \ \ | |_|/ |/| | libpod/containers/json: alias last -> limit
| * | libpod/containers/json: alias last -> limitValentin Rothberg2020-06-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support both `last` and `limit` for in the containers listing endpoint. We intended to use `limit` which is also mentioned in the docs, but the implementation ended up using `last` as the http parameter; likely being caused by the CLI using `--last`. To avoid any regression, we decided for supporting both and aliasing `last`. Fixes: #6413 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ \ \ | | | | | | | | Add --preservefds to podman run
| * | | Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | | | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #6715 from mheon/fix_security_exclusiveOpenShift Merge Robot2020-06-23
|\ \ \ \ | |_|_|/ |/| | | Fix conflicts between privileged and other flags
| * | | Fix conflicts between privileged and other flagsMatthew Heon2020-06-22
|/ / / | | | | | | | | | | | | | | | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>