summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Cleanup whether to enter user namespace for rootless commandsDaniel J Walsh2020-04-03
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5638 from baude/v2containercheckOpenShift Merge Robot2020-04-03
|\ | | | | podmanv2 checkpoint and restore
| * podmanv2 checkpoint and restoreBrent Baude2020-04-03
| | | | | | | | | | | | add the ability to checkpoint and restore containers on v2podman Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5707 from adrianreber/crun-checkpoint-1OpenShift Merge Robot2020-04-03
|\ \ | | | | | | Prepare for crun checkpoint support
| * | checkpoint: handle XDG_RUNTIME_DIRAdrian Reber2020-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For (almost) all commands which podman passes on to a OCI runtime XDG_RUNTIME_DIR is set to the same value. This does not happen for the checkpoint command. Using crun to checkpoint a container without this change will lead to crun using XDG_RUNTIME_DIR of the currently logged in user and so it will not find the container Podman wants to checkpoint. This bascially just copies a few lines from on of the other commands to handle 'checkpoint' as all the other commands. Thanks to Giuseppe for helping me with this. For 'restore' it is not needed as restore goes through conmon and for calling conmon Podman already configures XDG_RUNTIME_DIR correctly. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | checkpoint: change runtime checkpoint support testAdrian Reber2020-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman was checking if the runtime support checkpointing by running 'runtime checkpoint -h'. That works for runc. crun, however, does not use '-h, --help' for help output but, '-?, --help'. This commit switches both checkpoint support detection from 'runtime checkpoint -h' to 'runtime checkpoint --help'. Podman can now correctly detect if 'crun' also support checkpointing. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #5712 from rhatdan/pathOpenShift Merge Robot2020-04-03
|\ \ \ | | | | | | | | Pass path environment down to the OCI runtime
| * | | Pass path environment down to the OCI runtimeDaniel J Walsh2020-04-03
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #5676 from kolyshkin/volume-flags-altOpenShift Merge Robot2020-04-03
|\ \ \ | | | | | | | | Fix/improve pkg/storage.InitFSMounts
| * | | pkg/spec.InitFSMounts: optimizeKir Kolyshkin2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of getting mount options from /proc/self/mountinfo, which is very costly to read/parse (and can even be unreliable), let's use statfs(2) to figure out the flags we need. [v2: move getting default options to pkg/util, make it linux-specific] Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | | pkg/spec.InitFSMounts: fix mount opts in placeKir Kolyshkin2020-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ... rather than create a new slice and then make the caller replace the original with the new one. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | | pkg/spec/initFSMounts: fixKir Kolyshkin2020-03-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > $ ./bin/podman run -v /tmp:/tmp alpine true; echo $? > 0 > $ ./bin/podman run -v /tmp:/tmp:ro alpine true; echo $? > 0 > $ ./bin/podman run -v /tmp:/w0w:ro alpine true; echo $? > Error: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"rootfs_linux.go:58: mounting \\\"/tmp\\\" to rootfs \\\"/home/kir/.local/share/containers/storage/overlay/7636ef3650fc91ee4996ccc026532bb3cff7182c0430db662fffb933e0bcadc9/merged\\\" at \\\"/home/kir/.local/share/containers/storage/overlay/7636ef3650fc91ee4996ccc026532bb3cff7182c0430db662fffb933e0bcadc9/merged/w0w\\\" caused \\\"operation not permitted\\\"\"": OCI runtime permission denied error > 126 The last command is not working because in-container mount point is used to search for a parent mount in /proc/self/mountinfo. And yet the following > $ ./bin/podman run -v /tmp:/run/test:ro alpine true; echo $? > 0 still works fine! Here's why: > $ mount | grep -E '/run |/tmp ' > tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) > tmpfs on /tmp type tmpfs (rw,nosuid,nodev,seclabel) This is the reason why previous commit modified in-container mount point. Fixes: 0f5ae3c5af Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | Merge pull request #5701 from vrothberg/v2-pushOpenShift Merge Robot2020-04-03
|\ \ \ \ | | | | | | | | | | podmanV2: implement push
| * | | | podmanV2: implement pushValentin Rothberg2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Implement `podman-push` and `podman-image-push` for the podmanV2 client. * Tests for `pkg/bindings` are not possible at the time of writing as we don't have a local registry running. * Implement `/images/{name}/push` compat endpoint. Tests are not implemented for this v2 endpoint. It has been tested manually. General note: The auth config extraction from the http header is not implement for push. Since it's not yet supported for other endpoints either, I deferred it to future work. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #5700 from ↵OpenShift Merge Robot2020-04-03
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.8.0 Bump github.com/containers/common from 0.6.1 to 0.8.0
| * | | | Bump github.com/containers/common from 0.6.1 to 0.8.0dependabot-preview[bot]2020-04-03
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.6.1 to 0.8.0. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.6.1...v0.8.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5702 from kolyshkin/test-nitpicksOpenShift Merge Robot2020-04-03
|\ \ \ \ | |_|_|/ |/| | | test/e2e/run_volume_test nitpicks
| * | | test/e2e/run_volume_test: use unique mount pointKir Kolyshkin2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For volume and bind mount tests, use the in-container mount point path that has no common ancestor with any host path (except for root). This might help to uncover bugs like [1]. Even if not, it seems lile a good cleanup regardless. [1] https://github.com/containers/libpod/pull/5676 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | | test/e2e/run_volume_test.go: mv dockerfile declKir Kolyshkin2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move declaration of a dockerfile closer to its use. Since it is used only once, there's no sense in having it declared globally. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * | | test/e2e/run_volume_test: only create dir onceKir Kolyshkin2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove repeated mountPath directory creation. * For the first two hunks it is the same dir ("secrets") that was already created before. * For the last hunk ("scratchpad") it is not used at all. Add an empty line after Mkdir for cases where dir is used more than once. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | Merge pull request #5696 from rhatdan/ccOpenShift Merge Robot2020-04-03
|\ \ \ \ | |/ / / |/| | | Fix environment handling from containers.conf
| * | | Fix environment handling from containers.confDaniel J Walsh2020-04-02
|/ / / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #5677 from giuseppe/avoid-lock-ttyOpenShift Merge Robot2020-04-02
|\ \ \ | |/ / |/| | exec: fix hang if control path is deleted
| * | utils: delete dead codeGiuseppe Scrivano2020-04-02
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | attach: skip shutdown on errorsGiuseppe Scrivano2020-04-02
| | | | | | | | | | | | | | | | | | | | | skip doing a socket shutdown on an error, since we are not sure the socket was already closed and we end up using the wrong fd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | attach: fix hang if control path is deletedGiuseppe Scrivano2020-04-02
| | | | | | | | | | | | | | | | | | | | | | | | if the control path file is deleted, libpod hangs waiting for a reader to open it. Attempt to open it as non blocking until it returns an error different than EINTR or EAGAIN. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5516 from cevich/remove_dupe_gate_crossOpenShift Merge Robot2020-04-02
|\ \ \ | | | | | | | | Cirrus: Remove darwin/windows builds in gate-job
| * | | Cirrus: Remove darwin/windows builds in gate-jobChris Evich2020-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's advisable to have the initial gating job execute as quickly as possible, weeding out simple mistakes early on, when possible. However, over time it has bloated to duplicate some more specific testing which occurs in other tasks. In this specific case the `special_testing_cross` task. Remove these duplicate items from the gate job to speed things up for everyone. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #5688 from baude/v2importOpenShift Merge Robot2020-04-02
|\ \ \ \ | |_|/ / |/| | | podmanv2 import
| * | | podmanv2 importBrent Baude2020-04-01
| | | | | | | | | | | | | | | | | | | | | | | | add the ability to import a container image from a container export Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #5687 from TomSweeneyRedHat/dev/tsweeney/fixmaillistOpenShift Merge Robot2020-04-02
|\ \ \ \ | | | | | | | | | | Touch up mailing list address in README.md
| * | | | Touch up mailing list address in README.mdTomSweeneyRedHat2020-03-31
| | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #5699 from edsantiago/podmanv2-retryOpenShift Merge Robot2020-04-02
|\ \ \ \ \ | | | | | | | | | | | | podmanv2-retry - new helper for testing v2
| * | | | | podmanv2-retry - new helper for testing v2Ed Santiago2020-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ./hack/podmanv2-retry will first invoke $PODMAN_V2 with given arguments. If that fails with any of the following errors: unrecognized command unknown flag unknown shorthand ...it will run $PODMAN_FALLBACK with the same arguments. Output and exit code will be those of the final podman command, although be aware that stderr and stdout are combined. This is a quick-hack script intended for use in v2 testing, to test implemented commands without noise from unimplemented ones. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #5697 from baude/v2exportOpenShift Merge Robot2020-04-02
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | podmanv2 export
| * | | | | podmanv2 exportBrent Baude2020-04-01
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | add ability to export a container to a tarball Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5686 from baude/v2loadOpenShift Merge Robot2020-04-01
|\ \ \ \ \ | |/ / / / |/| | | | podmanv2 load
| * | | | podmanv2 loadBrent Baude2020-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable podman load for v2 add reexec into main add systemd build flag to v2 makefile Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5678 from sshnaidm/buildrpmOpenShift Merge Robot2020-04-01
|\ \ \ \ \ | |/ / / / |/| | | | Fix repos for CentOS 7 RPM build
| * | | | Fix repos for CentOS 7 RPM buildSagi Shnaidman2020-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CBS repos are gone, so we need a new repos to configure for RPM. Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* | | | | Merge pull request #5645 from jwhonce/wip/inspectOpenShift Merge Robot2020-04-01
|\ \ \ \ \ | | | | | | | | | | | | V2 podman inspect
| * | | | | V2 podman inspectJhon Honce2020-04-01
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Expose podman container inspect * Expose podman image inspect Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #5656 from baude/v2imagetagOpenShift Merge Robot2020-04-01
|\ \ \ \ \ | | | | | | | | | | | | podman v2 image tag and untag
| * | | | | podman v2 image tag and untagBrent Baude2020-03-31
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to tag and untag images in podmanv2 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5684 from baude/v2podpsOpenShift Merge Robot2020-04-01
|\ \ \ \ \ | |/ / / / |/| | | | podmanv2 pod ps
| * | | | podmanv2 pod psBrent Baude2020-03-31
|/ / / / | | | | | | | | | | | | | | | | | | | | add the ability to list pods in podmanv2 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #5670 from cevich/new_imagesOpenShift Merge Robot2020-04-01
|\ \ \ \ | | | | | | | | | | Cirrus: Update VM Images
| * | | | Cirrus: Update VM ImagesChris Evich2020-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fedora release 31 (Thirty One) ``` Kernel: 5.5.11-200.fc31.x86_64 Cgroups: cgroup2fs conmon-2.0.14-1.fc31-x86_64 containernetworking-plugins-0.8.5-1.fc31-x86_64 containers-common-0.1.41-1.fc31-x86_64 container-selinux-2.129.0-1.fc31-noarch criu-3.13-5.fc31-x86_64 crun-0.13-1.fc31-x86_64 golang-1.13.6-1.fc31-x86_64 libseccomp-2.4.2-2.fc31-x86_64 package runc is not installed podman-1.8.2-2.fc31-x86_64 skopeo-0.1.41-1.fc31-x86_64 slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31-x86_64 ``` Ubuntu 18.04.4 LTS ``` Kernel: 5.0.0-1031-gcp Cgroups: tmpfs conmon-2.0.14~1-amd64 containernetworking-plugins-0.8.5~1-amd64 containers-common-0.1.41~1-all cri-o-runc-1.0.0-3~dev2-amd64 criu-3.13-2ppa1.18.04-amd64 golang-2:1.14-1longsleep1+bionic-all libseccomp2-2.4.1-0ubuntu0.18.04.2-amd64 podman-1.8.2~1-amd64 skopeo-0.1.41~1-amd64 slirp4netns-0.4.3~1-amd64 ``` Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Minor docs updateChris Evich2020-03-30
| | |/ / | |/| | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #5655 from baude/v2hcrunOpenShift Merge Robot2020-03-31
|\ \ \ \ | | | | | | | | | | podmanv2 enable healthcheck run