summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: error out if there are not enough UIDs/GIDs availableGiuseppe Scrivano2018-09-21
| | | | | | | | | | | Most container images assume there are at least 65536 UIDs/GIDs available. Raise an error if there are not enough IDs allocated to the current user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1520 Approved by: rhatdan
* Vendor in latest containers/buildahDaniel J Walsh2018-09-21
| | | | | | | | | | Fixes issues with builtin volumes having correct ownership and permissions when doing podman builds. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1525 Approved by: giuseppe
* rootless: fix create with images not in the storageGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617 Introduce it back as it solves the pull of an image that is not yet in the storage when using create/run. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1521 Approved by: baude
* rootless: skip usage of filepath.JoinGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* create, rootless: join the userns of ns:PATHGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* create, rootless: join the userns of container:CONTAINERGiuseppe Scrivano2018-09-21
| | | | | | | | | | | so that we can also join the requested namespace. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* spec: refactor ns modes to a common interfaceGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* Don't output inodes created to run a containerDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe
* Add rpmbuild to the openshift fedora test imagebaude2018-09-20
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1517 Approved by: rhatdan
* Add new field to libpod to indicate whether or not to use labellingDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | Also update some missing fields libpod.conf obtions in man pages. Fix sort order of security options and add a note about disabling labeling. When a process requests a new label. libpod needs to reserve all labels to make sure that their are no conflicts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1406 Approved by: mheon
* Bind Mounts should be mounted read-only when in read-only modeDaniel J Walsh2018-09-20
| | | | | | | | | | We don't want to allow users to write to /etc/resolv.conf or /etc/hosts if in read only mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1510 Approved by: TomSweeneyRedHat
* test, rootless: enforce cgroupfs managerGiuseppe Scrivano2018-09-20
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1515 Approved by: baude
* report when rootlessbaude2018-09-20
| | | | | | | | | | when running as rootless, report as such. resolves: #1509 Signed-off-by: baude <bbaude@redhat.com> Closes: #1514 Approved by: rhatdan
* add the gopath environment variable to the openshift dockerfilebaude2018-09-19
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1513 Approved by: baude
* Vendor in latest opencontainers/runtime-toolsDaniel J Walsh2018-09-19
| | | | | | | | | | This will cause /proc inside of the container to match the mount options of the host. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1511 Approved by: baude
* Merge pull request #1512 from baude/addvarlinktoopenshiftimageBrent Baude2018-09-19
|\ | | | | Add python-varlink to the Fedora openshift image
| * Add python-varlink to the Fedora openshift imagebaude2018-09-19
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* Add Dockerfile for openshift lint, gofmt, and validate testingbaude2018-09-19
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1504 Approved by: mheon
* Merge pull request #1503 from rhatdan/buildahDaniel J Walsh2018-09-19
|\ | | | | Vendor in latest containers/buildah
| * Vendor in latest containers/buildahDaniel J Walsh2018-09-18
|/ | | | | | Switch from projectatomic/buildah to containers/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Don't crash if an image has no namesDaniel J Walsh2018-09-18
| | | | | | | | | | When image is not tagged, we should just set the imageName to the image.ID. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1501 Approved by: mheon
* Replace all usages of "install -D" with "install -d"Jhon Honce2018-09-18
| | | | | | | | | Fixes #1481 Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1496 Approved by: rhatdan
* Increase pidWaitTimeout to 1000msEmilien Macchi2018-09-18
| | | | | | | | | | | | | | | | | When managing the containers with systemd, it takes a bit more than 250ms to have podman creating the pidfile. Increasing the value to 1 second will avoid timeout issues when running a lot of containers managed by systemd. This patch was tested in a VM with 56 services (OpenStack) deployed by TripleO and managed by systemd. Fixes #1495 Signed-off-by: Emilien Macchi <emilien@redhat.com> Closes: #1497 Approved by: rhatdan
* Small updates to OCI spec generationMatthew Heon2018-09-17
| | | | | | | | | | | | | Firstly, when adding the privileged catch-all resource device, first remove the spec's default catch-all resource device. Second, remove our default rootfs propogation config - Docker does not set this by default, so I don't think we should either. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1491 Approved by: TomSweeneyRedHat
* Add new tests for ipc namespace sharingDaniel J Walsh2018-09-17
| | | | | | | | | | We seem to be having a few flakes on namespace sharing. Adding this test to make sure sharing with the host is working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1485 Approved by: mheon
* Hooks supports two directories, process default and overrideDaniel J Walsh2018-09-17
| | | | | | | | | | | | | ALso cleanup files section or podman man page Add description of policy.json Sort alphabetically. Add more info on oci hooks Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1487 Approved by: umohnani8
* Merge pull request #1490 from mheon/bump-0.9.2.1Matthew Heon2018-09-17
|\ | | | | Bump to 0.9.2.1
| * Bump gitvalidation epochMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3-devMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2.1v0.9.2.1Matthew Heon2018-09-17
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1489 from mheon/release_notes_0.9.2.1Matthew Heon2018-09-17
|\ | | | | Update release notes for 0.9.2.1
| * Update release notes for 0.9.2.1Matthew Heon2018-09-17
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Vendor in latest projectatomic/buildahDaniel J Walsh2018-09-15
| | | | | | | | | | | | | Buildah Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link Print out a digest message on successful push. We should not drop the Bounding set when running as a non priv user in podman build Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1483 Approved by: rhatdan
* Vndr latest containers/imageDaniel J Walsh2018-09-15
| | | | | | | | | Containers image has a fix docker tarfile: use the cached digest if existing Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1482 Approved by: rhatdan
* Merge pull request #1480 from mheon/bump-0.9.2Matthew Heon2018-09-14
|\ | | | | Bump to 0.9.2
| * Bump gitvalidation epochMatthew Heon2018-09-14
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3-devMatthew Heon2018-09-14
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.2v0.9.2Matthew Heon2018-09-14
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1479 from mheon/release_notes_0.9.2Matthew Heon2018-09-14
|\ | | | | Update release notes for 0.9.2
| * Update release notes for 0.9.2Matthew Heon2018-09-14
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1472 from giuseppe/rootless-fix-entrypointMatthew Heon2018-09-14
|\ | | | | rootless: do not raise an error if the entrypoint is specified
| * rootless: do not raise an error if the entrypoint is specifiedGiuseppe Scrivano2018-09-14
| | | | | | | | | | | | | | | | | | | | do not error out when the storage is not initialized and the entrypoint command is not available for the specified image. Check it when we re-exec in an user namespace and can access the storage. Closes: https://github.com/containers/libpod/issues/1452 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1467 from rhatdan/devMatthew Heon2018-09-14
|\ \ | | | | | | Don't mount /dev/* if user mounted /dev
| * | Don't mount /dev/* if user mounted /devDaniel J Walsh2018-09-14
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1461 from rhatdan/runMatthew Heon2018-09-14
|\ \ \ | | | | | | | | Remove duplicate code between create.go and run.go
| * | | Remove duplicate code between create.go and run.goDaniel J Walsh2018-09-13
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Create two new createInit for checking if the cotnainer is initialized correctly. createContainer which creates the actual container and containerConfig Also added libpodruntime.GetContainerRuntime to put common runtime code into separate function. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1464 from mheon/optionally_disable_port_reservationMatthew Heon2018-09-14
|\ \ \ | | | | | | | | Add a way to disable port reservation
| * | | Add a way to disable port reservationMatthew Heon2018-09-13
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We've increased the default rlimits to allow Podman to hold many ports open without hitting limits and crashing, but this doesn't solve the amount of memory that holding open potentially thousands of ports will use. Offer a switch to optionally disable port reservation for performance- and memory-constrained use cases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | | Merge pull request #1474 from baude/varlinkinforegistriesMatthew Heon2018-09-14
|\ \ \ | | | | | | | | add registry information to varlink info
| * | | add registry information to varlink infobaude2018-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the varlink api, we should pass on the registries information as is present in the cli info command. Signed-off-by: baude <bbaude@redhat.com>