summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #3223 from cevich/multi-zone-hackOpenShift Merge Robot2019-05-29
|\ | | | | hack: support setting local region/zone
| * hack: support setting local region/zoneChris Evich2019-05-29
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3188 from giuseppe/fix-join-existing-containersOpenShift Merge Robot2019-05-29
|\ \ | |/ |/| rootless: new function to join existing conmon processes
| * rootless: make JoinUserAndMountNS privateGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | as it is used only by the rootless package now. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Revert "rootless: change default path for conmon.pid"Giuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | since we now enter the user namespace prior to read the conmon.pid, we can write the conmon.pid file again to the runtime dir. This reverts commit 6c6a8654363457a9638d58265d0a7e8743575d7a. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: enable loginctl lingerGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | otherwise the processes we leave around will be killed once the session terminates. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: block signals for pauseGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | block signals for the pause process, so it can't be killed by mistake. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3210 from haircommander/conmon-0.2.0OpenShift Merge Robot2019-05-28
|\ \ | | | | | | bump conmon to v0.2.0
| * | bump conmon to v0.2.0Peter Hunt2019-05-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3208 from vrothberg/fix-3207OpenShift Merge Robot2019-05-28
|\ \ \ | | | | | | | | runtime: unlock the alive lock only once
| * | | runtime: unlock the alive lock only onceValentin Rothberg2019-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlock the alive lock only once in the deferred func call. Fixes: #3207 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #3137 from giuseppe/unshare-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ | | | | | | | | | | unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
| * | | | unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOTGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | define two environment variables, that simplify the task of cleaning up the storage, as we can do something like: podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT' Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | unshare: use rootless from libpodGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3194 from QiWang19/cptarOpenShift Merge Robot2019-05-28
|\ \ \ \ \ | | | | | | | | | | | | fix bug dest path of copying tar
| * | | | | fix bug dest path of copying tarQi Wang2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #3189 from vrothberg/apparmor-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Apparmor fixes
| * | | | | warn when --security-opt and --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Log a warning when --security-opt and --privileged are used together to indicate that it has no effect since --privileged will set everything. To avoid regressions, only warn, do not error out and do not print on error level. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | baseline tests: apparmor with --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/containers/libpod/issues/3112 has revealed a regression in apparmor when running privileged containers where the profile must not be set or loaded. Add a simple test to avoid potential future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | apparmor: don't load/set profile in privileged modeValentin Rothberg2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 27f9e23a0b9e already prevents setting the profile when creating the spec but we also need to avoid loading and setting the profile when creating the container. Fixes: #3112 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #3198 from jjwatt/patch-1OpenShift Merge Robot2019-05-26
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Update install.md ostree Debian dependencies.
| * | | | | Update install.md ostree Debian dependencies.Jesse Wattenbarger2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add more Debian dependencies that I needed in Debian 9.9. Signed-off-by: Jesse Wattenbarger <jesse.j.wattenbarger@gmail.com>
* | | | | | Merge pull request #3196 from giuseppe/keep-idOpenShift Merge Robot2019-05-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | userns: add new option --userns=keep-id
| * | | | | | podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: store also the original GID in the hostGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #3185 from mheon/fix_cp_testOpenShift Merge Robot2019-05-25
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix a potential flake in the tests for podman cp
| * | | | | | | Fix a potential flake in the tests for podman cpMatthew Heon2019-05-23
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using the working directory, use a subdirectory of the temporary directory created for the individual test, to prevent a potential EEXIST for shared working directory. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #3192 from cevich/add_zipOpenShift Merge Robot2019-05-24
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Cirrus: Add zip package to images
| * | | | | | cirrus: update images w/ zip pkgChris Evich2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Cirrus: Add zip package to imagesChris Evich2019-05-23
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3186 from baude/varlinkdocsnullableOpenShift Merge Robot2019-05-23
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | document nullable types
| * | | | | document nullable typesbaude2019-05-22
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the varlink doc generator was ignoring all nullable types when generating its documentation Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #3190 from giuseppe/fix-userns-psgoOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|_|/ / |/| | | | rootless: fix top huser and hgroup
| * | | | rootless: fix top huser and hgroupGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode, be sure psgo is honoring the user namespace settings for huser and hgroup. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | vendor: update psgo to v1.3.0Giuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3097 from cevich/show_ipOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|/ / / |/| | | | hack: Display IP address of VM from script
| * | | | hack: ignore from all VCS files when tarballingChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: shrink xfer tarball sizeChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: Display IP address of VM from scriptChris Evich2019-05-22
|/ / / / | | | | | | | | | | | | | | | | | | | | Useful for accessing it from other terminals. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ \ \ \ | | | | | | | | | | Fixup Flags
| * | | | Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2715 from ypu/login_logoutOpenShift Merge Robot2019-05-22
|\ \ \ \ \ | | | | | | | | | | | | Add test cases for login and logout
| * | | | | Add test cases for login and logoutYiqiao Pu2019-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As logout test request login to the registry, we plan to test them together. There are five test cases added: 1. Podman login and logout with default value 3. Podman login and logout with --authfile 2. Podman login and logout with --tls-verify 4. Podman login and logout with --cert-dir 5. Podman login and logout with multi registry All above test cases are using docker rgistry v2 Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | | | | Merge pull request #3178 from mheon/fix_gen_kubeOpenShift Merge Robot2019-05-22
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix a 'generate kube' bug on ctrs with named volumes
| * | | | | Remove unused return statement in kube volume codeMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Fix play kube when a pod is specifiedMatthew Heon2019-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to pass the Pod ID in as part of the CreateConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Fix a 'generate kube' bug on ctrs with named volumesMatthew Heon2019-05-21
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #3176 from baude/resizechanbufferOpenShift Merge Robot2019-05-22
|\ \ \ \ \ | |_|/ / / |/| | | | make remote resize channel buffered
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-16 16:14:50 +0000