summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* network create should use firewall pluginBrent Baude2020-02-27
| | | | | | when creating a network, podman should add the firewall plugin to the config but not specify a backend. this will allow cni to determine whether it should use an iptables|firewalld backend. Signed-off-by: Brent Baude <bbaude@redhat.com>
* add firewall plugin (no backend) to default cni configBrent Baude2020-02-27
| | | | | | in order for the fall back mechanisms to work in containernetworking-plugins, the firewall plugin must still be called via the cni configuration file. however, no backend will be specified as we will rely on cni to do the right thing. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5345 from mheon/update_release_notes_181_rc2OpenShift Merge Robot2020-02-27
|\ | | | | [CI:DOCS] Update release notes for v1.8.1-rc2
| * Update release notes for v1.8.1-rc2Matthew Heon2020-02-27
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #5338 from umohnani8/vendor-buildahOpenShift Merge Robot2020-02-27
|\ | | | | Vendor in latest containers/buildah
| * Vendor in latest containers/buildahUrvashi Mohnani2020-02-27
| | | | | | | | | | | | | | Pulls in fix that sets the correct ownership on the working directory during the build process. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #5295 from mheon/advanced_network_inspectOpenShift Merge Robot2020-02-27
|\ \ | | | | | | Add support for multiple CNI networks in podman inspect
| * | Add support for multiple CNI networks in podman inspectMatthew Heon2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When inspecting containers, info on CNI networks added to the container by name (e.g. --net=name1) should be displayed separately from the configuration of the default network, in a separate map called Networks. This patch adds this separation, improving our Docker compatibility and also adding the ability to see if a container has more than one IPv4 and IPv6 address and more than one MAC address. Fixes #4907 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5334 from edsantiago/batsOpenShift Merge Robot2020-02-27
|\ \ \ | | | | | | | | kill test: clean up warnings; document better
| * | | kill test: clean up warnings; document betterEd Santiago2020-02-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9f69c4eca (part of the f31 pr, #3091) semi-broke the kill test, there's now an ugly warning: setup(): removing stray images quay.io/libpod/fedora-minimal:latest 7bb5a60e8a78 The comments also didn't actually explain the problem being addressed, and included a misleading reference to busybox. Here we switch to using fedora-minimal only with podman-remote, clean it up (rmi) when finished, and include an explanation in the comments about why this is needed; making it clear that this workaround can be removed once we get rid of podman-remote. We also reformat back to 80 columns. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #5332 from giuseppe/uts-lookup-containerOpenShift Merge Robot2020-02-26
|\ \ \ | | | | | | | | spec: allow container alias name in lookup
| * | | spec: allow container alias name in lookupGiuseppe Scrivano2020-02-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously --uts=container: expected the full container ID. Closes: https://github.com/containers/libpod/issues/5289 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #5330 from baude/flakefixesforedOpenShift Merge Robot2020-02-26
|\ \ \ \ | |/ / / |/| | | curb flakes in integration tests
| * | | curb flakes in integration testsBrent Baude2020-02-26
| | |/ | |/| | | | | | | | | | | | | | | | | | | instead of searching the fedora registry which is error prone, we instead search a local registry for the empty set search. when running two containers with the same IP, i suspect the first container has not fully gotten its ip information back from cni when the second container fires. rework this test such that we use nginx to make sure the container is up and running before continues which should pace the subsequent test. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5329 from baude/contribspecepochOpenShift Merge Robot2020-02-26
|\ \ \ | | | | | | | | add epoch for specfile
| * | | add epoch for specfileBrent Baude2020-02-25
| |/ / | | | | | | | | | | | | | | | to get the copr rpms to jive better with the fedora rpms, we need to set an epoch. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5328 from lsm5/trivial-typo-correctionOpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | fix trivial typo
| * | | fix trivial typoLokesh Mandvekar2020-02-25
| | |/ | |/| | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #5326 from jwhonce/issues/5311OpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | Remove 1 sec delay
| * | | Remove 1 sec delayJhon Honce2020-02-25
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | * Stop closing net.Listener() twice on interrupt * Do not report error if closing server twice Fixes #5311 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #3901 from cevich/support_f31OpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | Cirrus: Support testing with F31
| * | | Temp. skip "remove pause by id" bindings testChris Evich2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Fix kill test obtaining CIDChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's possible/likely the container image for the test will need to be pulled as part of the `run` command. Due to the way BATS handles output, messages regarding image-pull could be misinterpreted as the container's CID. Force the CID to be obtained by only the last line of output. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | System Tests: Force default signal handlersChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recommended as part of: https://github.com/containers/libpod/issues/5004 and https://github.com/containers/crun/issues/230 Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Fix cgroupsv2 run test, unexpected outputChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometime between 10th and 23rd of Feb. 2020, the behavior of crun changed. Upon consulting with Giuseppe, the podman run tests for `device-read-*` and `device-write-*` do not depend on the container output for success, only the exit code. Add a comment and conditional regarding this in case of cgroupsv2. Also noted that these tests will likely require future refactoring/simplification. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: SELinux Enforcing for F31 w/ CGv2Chris Evich2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: collect podman system infoChris Evich2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: F31: Force systemd cgroup mgrChris Evich2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Temp. disable F31 p-in-p testingChris Evich2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Handle runc->crun when both are possibleChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some distributions it's possible to have both runc and crun installed and/or for podman to be confused about which to use. In these instances, force the decision by adding `OCI_RUNTIME=/usr/bin/crun` into `/etc/environment`. Also in-place modify libpod.conf to use 'crun' instead of 'runc' Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Use deadline elevator in F31Chris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default scheduler is BFQ but integration tests run into https://bugzilla.redhat.com/show_bug.cgi?id=1767539 aka https://bugzilla.kernel.org/show_bug.cgi?id=205447 Using the deadline elevator as a workaround. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Support testing with F31Chris Evich2020-02-25
| |/ / | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #5324 from giuseppe/fix-running-no-pauseOpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | rootless: raise error if the process is not found
| * | | rootless: become root only if the pause file is specifiedGiuseppe Scrivano2020-02-25
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we need to store the pause process PID file so that it can be re-used later. commit e9dc2120925d9bc32b87ed3c4122aa40f7413db5 introduced this regression. Closes: https://github.com/containers/libpod/issues/5246 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5323 from giuseppe/rootless-join-fixesOpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | rootless: fix segfault when open fd >= FD_SETSIZE
| * | | rootless: fix segfault when open fd >= FD_SETSIZEGiuseppe Scrivano2020-02-25
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | if there are more than FD_SETSIZE open fds passed down to the Podman process, the initialization code could crash as it attempts to store them into a fd_set. Use an array of fd_set structs, each of them holding only FD_SETSIZE file descriptors. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5313 from edsantiago/test_apiv2OpenShift Merge Robot2020-02-25
|\ \ \ | |_|/ |/| | apiv2 tests: add more pod tests, timing check
| * | apiv2 tests: add more pod tests, timing checkEd Santiago2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like /libpod/pods/create has been fixed to return an actual pod ID. Extend those tests. Also, update timeout in the server command: it's now seconds, not milliseconds. Also, update FIXME comments in /pods/prune . Still doesn't work, but clarify what we're seeing. Also, add a new test that runs ten /info requests and barfs if it takes more than 5 seconds. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #5312 from raukadah/fixfedora30OpenShift Merge Robot2020-02-25
|\ \ \ | |_|/ |/| | Fixed build_rpm.sh script for Fedora 30
| * | Fixed build_rpm.sh script for Fedora 30Chandan Kumar (raukadah)2020-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | golang-github-cpuguy83-go-md2man is only available in Fedora 30 and got renamed to golang-github-cpuguy83-md2man for Fedora 31 which breaks the user interface for building rpm on fedora 30. It fixes the same by installing correct md2man package on Fedora 30. Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
* | | Merge pull request #5297 from rhatdan/vendorOpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | Update vendor of buildah and containers/common
| * | | Update vendor of buildah and containers/commonDaniel J Walsh2020-02-25
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5305 from mheon/check_for_common_deadlocksOpenShift Merge Robot2020-02-25
|\ \ \ \ | |/ / / |/| | | Add basic deadlock detection for container start/remove
| * | | Add basic deadlock detection for container start/removeMatthew Heon2020-02-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can easily tell if we're going to deadlock by comparing lock IDs before actually taking the lock. Add a few checks for this in common places where deadlocks might occur. This does not yet cover pod operations, where detection is more difficult (and costly) due to the number of locks being involved being higher than 2. Also, add some error wrapping on the Podman side, so we can tell people to use `system renumber` when it occurs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5318 from giuseppe/fix-running-without-env-variablesOpenShift Merge Robot2020-02-25
|\ \ \ | | | | | | | | build: move initialization after SetXdgDirs
| * | | build: move initialization after SetXdgDirsGiuseppe Scrivano2020-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | otherwise it triggers the config file initialization from vendor/github.com/containers/common/pkg/config before the init() in main.go can set correctly XDG_RUNTIME_DIR and DBUS_SESSION_BUS_ADDRESS when they are missing. commit 96de762eedd1470dfbe73cf424eea848589268d7 introduced the regression. Closes: https://github.com/containers/libpod/issues/5314 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | utils: relax check for directory to useGiuseppe Scrivano2020-02-24
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | when we use namespaces, we set the run directory to 0711 to allow other users to access it. without this relaxation, the /run/user/$UID directory would be skipped. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5317 from baude/docsalwaysOpenShift Merge Robot2020-02-24
|\ \ \ | | | | | | | | always run the docs task on post-merge
| * | | always run the docs task on post-mergeBrent Baude2020-02-24
| |/ / | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5308 from lsm5/tests-apiv2OpenShift Merge Robot2020-02-24
|\ \ \ | |/ / |/| | add apiv2 tests for podman pause and stop