aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* execuser: look at the source for /etc/{passwd,group} overridesGiuseppe Scrivano2019-09-21
| | | | | | | | | look if there are bind mounts that can shadow the /etc/passwd and /etc/group files. In that case, look at the bind mount source. Closes: https://github.com/containers/libpod/pull/4068#issuecomment-533782941 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4029 from rhatdan/cgroupOpenShift Merge Robot2019-09-21
|\ | | | | We need to convert libpod.conf files in user homedir for cgroupv2
| * We need to convert libpod.conf files in user homedir for cgroupv2Daniel J Walsh2019-09-21
| | | | | | | | | | | | | | | | | | | | | | If a user upgrades to a machine that defaults to a cgroups V2 machine and has a libpod.conf file in their homedir that defaults to OCI Runtime runc, then we want to change it one time to crun. runc as of this point does not work on cgroupV2 systems. This patch will eventually be removed but is needed until runc has support. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3754 from cevich/latest_ubuntuOpenShift Merge Robot2019-09-21
|\ \ | |/ |/| Add support for testing with the latest Ubuntu release
| * Cirrus: Temporarily disable testing on Ubuntu 19Chris Evich2019-09-20
| | | | | | | | | | | | | | | | The images build correctly but neither integration or remote client tests pass. Temporarily disable Ubuntu 19 testing until both are ready to be supported. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: disable Evil Units in base-imagesChris Evich2019-09-20
| | | | | | | | | | | | Also, minor update to prevent harmless 'Fatal: not a git repo' error. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add latest ubuntuChris Evich2019-09-20
| | | | | | | | | | | | | | | | | | | | | | | | Add the latest Ubuntu version into the testing matrix and image-build workflow. This is also needed to support other containers projects which share use of VM images from this one. Update package lists to include needs for contianers/storage use of images. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4068 from giuseppe/always-set-homeOpenShift Merge Robot2019-09-21
|\ \ | |/ |/| container: make sure $HOME is always set
| * container: make sure $HOME is always setGiuseppe Scrivano2019-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | If the HOME environment variable is not set, make sure it is set to the configuration found in the container /etc/passwd file. It was previously depending on a runc behavior that always set HOME when it is not set. The OCI runtime specifications do not require HOME to be set so move the logic to libpod. Closes: https://github.com/debarshiray/toolbox/issues/266 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4070 from cevich/podbot_credsOpenShift Merge Robot2019-09-20
|\ \ | |/ |/| Cirrus: Update podbot credentials
| * Cirrus: Fix success scriptChris Evich2019-09-20
| | | | | | | | | | | | | | | | | | Fixed a typo. Also script was grabbing quotes and other non-email-address junk while looping. Filter before and after to make sure we get 'em all. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Update podbot credentialsChris Evich2019-09-20
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #4051 from giuseppe/use-crun-pkgOpenShift Merge Robot2019-09-20
|\ | | | | tests: use crun package
| * tests: use crun packageGiuseppe Scrivano2019-09-19
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4063 from baude/tomltypoOpenShift Merge Robot2019-09-20
|\ \ | | | | | | fix trivial type for event logger
| * | fix trivial type for event loggerbaude2019-09-19
| | | | | | | | | | | | | | | | | | Fixes: #4062 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4064 from TomSweeneyRedHat/dev/tsweeney/tutfixOpenShift Merge Robot2019-09-20
|\ \ \ | | | | | | | | Move rootless and Mac to Tutorials page
| * | | Move rootless and Mac to Tutorials pageTomSweeneyRedHat2019-09-19
| |/ / | | | | | | | | | | | | | | | As the title says. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4042 from jwhonce/wip/msiOpenShift Merge Robot2019-09-20
|\ \ \ | |/ / |/| | Support podman-remote help on windows
| * | Support podman-remote help on windowsJhon Honce2019-09-19
| | | | | | | | | | | | | | | | | | | | | | | | * Update scipts to produce darwin and windows output * Update batch file to re-direct help requests to browser * Add pandoc filter for markdown to html links Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #4060 from mheon/clean_pathsOpenShift Merge Robot2019-09-19
|\ \ \ | |/ / |/| | Clean destination paths during mount generation
| * | Clean destination paths during mount generationMatthew Heon2019-09-19
|/ / | | | | | | | | | | | | | | | | | | | | | | | | We identify and resolve conflicts in paths using destination path matches. We require exact matches, largely for performance reasons (we use maps to efficiently access, keyed by destination). This usually works fine, until you get mounts that are targetted at /output and /output/ - the same path, but not the same string. Use filepath.Clean() aggressively to try and solve this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3985 from cevich/verify_no_podmanOpenShift Merge Robot2019-09-19
|\ \ | | | | | | Cirrus: Prevent resident pollution
| * | Cirrus: Prevent resident pollutionChris Evich2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When constructing VM cache-images, the latest/greatest podman package is installed to ensure all necessary dependencies are met. Prior to testing source-built binaries, most of of the packaged files are removed. However, if the `io.podman` service or socket is enabled/running, it could cause the packaged podman and varlink binaries to be both resident and cached. Since this condition would cause very difficult to diagnose behaviors, add preventative measures to ensure these services are absent prior to removing packaged podman files. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #4040 from mheon/mac_tutorial_linksOpenShift Merge Robot2019-09-19
|\ \ \ | | | | | | | | Add links to the Mac tutorial in the main tutorial
| * | | Add links to the Mac tutorial in the main tutorialMatthew Heon2019-09-17
| | |/ | |/| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4045 from umohnani8/vendorOpenShift Merge Robot2019-09-18
|\ \ \ | | | | | | | | Vendor c/storage 1.13.3
| * | | Vendor c/storage 1.13.3Urvashi Mohnani2019-09-17
| |/ / | | | | | | | | | | | | | | | | | | Pull in fixes to avoid double locking the mounts list when doing a save or cleanup. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #4041 from baude/remoteconfigportOpenShift Merge Robot2019-09-18
|\ \ \ | | | | | | | | support non-standard ssh port for remote-client
| * | | support non-standard ssh port for remote-clientbaude2019-09-17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the remote client, users may need to specify a non-standard port for ssh connections. we can do so on the command line and within the remote-client configuration file. Fixes: #3987 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3972 from msekletar/systemd-rootless-docsOpenShift Merge Robot2019-09-18
|\ \ \ | |/ / |/| | Add a note on systemd shortcomings in rootless containers
| * | Add a note on systemd shortcomings in rootless containersMichal Sekletar2019-09-18
|/ / | | | | | | | | | | | | | | | | Document that it is expected for some of the systemd API's to not work correctly/at all in rootless containers. Fixes: #3957 Signed-off-by: Michal Sekletar <msekleta@redhat.com>
* | Merge pull request #4052 from rhatdan/exitcodeOpenShift Merge Robot2019-09-17
|\ \ | | | | | | Fix exit code failure
| * | System-test: Temporarily disable 030-runChris Evich2019-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While investigating issue https://github.com/containers/libpod/issues/4044 there is no sense subjecting forward progress elsewhere. Skip the test with a note temporarily, until a resolution to 4044 and any other related issues is found and fix implemented. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Fix exit code failureDaniel J Walsh2019-09-17
|/ / | | | | | | | | | | Be less precise on the exit code and lot the exit code to the journal when it fails. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4034 from rhatdan/relabelOpenShift Merge Robot2019-09-17
|\ \ | | | | | | Add 'relabel' to --mount options
| * | Add 'relabel' to --mount optionsDaniel J Walsh2019-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user specifies a --mount option, their is no way to tell SELinux to relabel the mount point. This patch addes the relabel=shared and relabel=private options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #4037 from mheon/bump_1.6.0_rc1OpenShift Merge Robot2019-09-17
|\ \ \ | | | | | | | | Bump to v1.6.0-RC1
| * | | Bump Gitvalidation epochMatthew Heon2019-09-16
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Bump to v1.6.0-devMatthew Heon2019-09-16
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Bump to v1.6.0-rc1v1.6.0-rc1Matthew Heon2019-09-16
| |/ / | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #4035 from mheon/unmount_unmounted_is_safeOpenShift Merge Robot2019-09-16
|\ \ \ | | | | | | | | Unmounting a container that is already unmounted is OK
| * | | Unmounting a container that is already unmounted is OKMatthew Heon2019-09-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not be throwing errors because the operation we wanted to perform is already done. Now, it is definitely strange that a container is actually unmounted, but shows as mounted in the DB - if this reoccurs in a way where we can investigate, it's worth tearing into. Fixes #4033 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #4043 from haircommander/preserve-fd-fixOpenShift Merge Robot2019-09-16
|\ \ \ | | | | | | | | exec: fix --preserve-fds
| * | | exec: fix --preserve-fdsPeter Hunt2019-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were two problems with preserve fds. libpod didn't open the fds before passing _OCI*PIPE to conmon. This caused libpod to talk on the preserved fds, rather than the pipes, with conmon talking on the pipes. This caused a hang. Libpod also didn't convert an int to string correctly, so it would further fail. Fix these and add a unit test to make sure we don't regress in the future Note: this test will not pass on crun until crun supports --preserve-fds Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #3941 from gabibeyer/fix_unit_testOpenShift Merge Robot2019-09-16
|\ \ \ \ | | | | | | | | | | fix unit test using strings.Contains
| * | | | fix unit test to use Expectgabi beyer2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Expect function does not return a result of True or False depending on the value of the first instance, but instead requires a comparison using ".To(", so change to use ".To(ContainSubstring(" Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
* | | | | Merge pull request #4038 from giuseppe/enable-sandbox-slirp4netnsOpenShift Merge Robot2019-09-16
|\ \ \ \ \ | |_|/ / / |/| | | | networking: use --enable-sandbox if available
| * | | | networking: use --enable-sandbox if availableGiuseppe Scrivano2019-09-16
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if slirp4netns supports sandboxing, enable it. It automatically creates a new mount namespace where slirp4netns will run and have limited access to the host resources. It needs slirp4netns 0.4.1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4031 from QazerLab/masterOpenShift Merge Robot2019-09-16
|\ \ \ \ | |/ / / |/| | | Skip spec_test for rootless envs without cgroup v2.