| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Docker [APIv2] push sends digest in response body
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \
| | |
| | | |
hardening flags for fedora rpmbuilds
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit sets the CGO_CFLAGS variable for hardening the Fedora rpm
binaries.
The flags used are the same as those in the official Fedora rpms.
Setting the flags in upstream spec would provide early warnings for
flag adjustments or other hardening issues.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \
| |_|/
|/| | |
Fix compat networks endpoint for a empty result
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The networks list compat api endpoint must return `[]`
and not `null` if no networks are found.
Fixes #9293
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| |_|/
|/| | |
Support annotations from containers.conf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Service needs to be restarted in order to read the CONTAINERS_CONF file.
Not resetting this can lead to lots of flakes, since the test will use
whatever the host system has to be set in it's containers.conf.
Fixes: https://github.com/containers/podman/issues/9286
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently podman does not use the annotations specified in the
containers.conf. This PR fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
vendor github.com/containers/image v5.10.2
|
| | |/ /
| | |
| | |
| | |
| | | |
Fixes: #8559
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
apiv2 test fixes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It's been a while since I last looked at these; some cruft
has crept in, generating noise and hence unreadable test
results. Clean it up:
* remove pushd/popd in one subtest, replace with 'tar -C'.
(Also remove confusing quotation marks). This removes
spurious directory names from output.
* in like(), show only first line of actual output.
Some commands ('tree', 'generate kube') produce
voluminous multi-line output, which is super useless
and distracting when reading a test run.
* Recognize that some queries will not generate output,
e.g. HEAD requests and some POSTs. Deal with that.
This fixes "curl.result.out: no such file" and "parse
error" warnings.
* In cleanup, 'podman rm -a' and 'rmi -af'; this gets
rid of errors when deleting $WORKDIR. (EBUSY error
when root, EPERM when rootless).
And, the original reason for poking in here: refactor the
wait-for-port part of start_server() into its own helper
function, so we can use it when starting a local registry
in 12-imagesMore. (Ref: #9270)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\| | |
| | | |
| | | | |
Fix Docker APIv2 push endpoint
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Docker doesn't have the destination parameter as libpod does,
the "image name" path parameter is supposed to be the destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
generate kube: do not set caps with --privileged
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Do not play with capabilities for privileged containers where all
capabilities will be set implicitly.
Also, avoid the device check when running privileged since all of /dev/*
will be mounted in any case.
Fixes: #8897
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/ocicrypt-1.1.0
Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.0.3...v1.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Implement Secrets
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Allow path completion for podman create/run --rootfs
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the --rootfs flag is set podman create/run expect a host
path as first argument. The shell completion should provide
path completion in that case.
[NO TESTS NEEDED]
This can manually be verified with `podman run --rootfs [TAB]`.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Bump containers/buildah to v1.19.4
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Fix handling of --iidfile to happen on the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Implement missing arguments for podman build
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Buildah bud passes a bunch more flags then podman build.
We need to implement hook up all of these flags to get full functionality.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
make `podman rmi` more robust
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The c/storage library is subject to TOCTOUs as the central container and
image storage may be shared by many instances of many tools. As shown
in #6510, it's fairly easy to have multiple instances of Podman running
in parallel and yield image-lookup errors when removing them.
The underlying issue is the TOCTOU of removal being split into multiple
stages of first reading the local images and then removing them. Some
images may already have been removed in between the two stages. To make
image removal more robust, handle errors at stage two when a given image
is not present (anymore) in the storage.
Fixes: #6510
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
add network prune
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
vendor latest containers/common
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
We had a couple of regressions in containers/common in the last release.
Before cutting a new release, let's vendor it here. Since 3.0 has been
branched, we can vendor a non-release commit of c/common.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
play kube selinux label issue
|
| | |
| |
| |
| |
| |
| | |
added skip to test case where selinux not enabled
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | |
| |
| |
| |
| |
| | |
fixed typo in the label comparison
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | |
| |
| |
| |
| |
| |
| | |
test case added to e2e test suite to validate process label being correctly set
on play kube
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |\ \
| | |
| | | |
fix logic when not creating a workdir
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line. Otherwise, we just do a
presence check. Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir. That
caused a regression when running on a read-only root fs.
Fixes: #9230
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix Docker APIv2 container wait endpoint
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Bump remote API version to 3.0.0
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #9175
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix podman network disconnect wrong NetworkStatus number
|
