| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Change /sys/fs/cgroup/systemd mount to rprivate
|
| |
| |
| |
| |
| |
| |
| |
| | |
I used the wrong propagation first time around because I forgot
that rprivate is the default propagation. Oops. Switch to
rprivate so we're using the default.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Add support for setting the CIDR when using slirp4netns
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This adds support for the --cidr parameter that is supported
by slirp4netns since v0.3.0. This allows the user to change
the ip range that is used for the network inside the container.
Signed-off-by: Adis Hamzić <adis@hamzadis.com>
|
|\ \
| | |
| | | |
add xz as a recommended pkg
|
| |/
| |
| |
| |
| |
| |
| |
| | |
xz package is required by buildah and podman when building a
image and ADD a tar.xz file archive is used
See https://github.com/containers/buildah/issues/2525
Signed-off-by: Job Cespedes Ortiz <jobcespedes@gmail.com>
|
|\ \
| | |
| | | |
podman-remote fixes for msi and client
|
| |/
| |
| |
| |
| |
| |
| |
| | |
correct small typo that sets the path on windows via the msi xml.
in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Makefile: use full path for ginkgo
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Without this change, I get:
```
ginkgo \
-r \
\
--skipPackage test/e2e,pkg/apparmor,test/endpoint,pkg/bindings,hack \
--cover \
--covermode atomic \
--coverprofile coverprofile \
--outputdir .coverage \
--tags " selinux systemd exclude_graphdriver_devicemapper seccomp" \
--succinct
/bin/sh: line 1: ginkgo: command not found
```
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
add event for image build
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
upon image build completion, a new image type event is written for "build". more intricate details, like pulling an image, that might be done by build must be implemented in different vendored packages only after libpod is split from podman.
Fixes: #7022
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add parameter verification for api creation network
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
Replace deepcopy on history results
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly.
Fixes: #7122
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Update nix pin with `make nixpkgs`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also sync nix `packageOverrides` across skopeo/buildah/podman/cri-o for
utilizing local build cache.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Ensure correct propagation for cgroupsv1 systemd cgroup
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On cgroups v1 systems, we need to mount /sys/fs/cgroup/systemd
into the container. We were doing this with no explicit mount
propagation tag, which means that, under some circumstances, the
shared mount propagation could be chosen - which, combined with
the fact that we need a mount to mask
/sys/fs/cgroup/systemd/release_agent in the container, means we
would leak a never-ending set of mounts under
/sys/fs/cgroup/systemd/ on container restart.
Fortunately, the fix is very simple - hardcode mount propagation
to something that won't leak.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
[CI:DOCS] cross-reference .rst files
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There are a bunch of *.rst files in docs/source, linking sometimes
to man pages and sometimes to other .rst files. These files each
have entries of the following form:
:doc:`foo <link-to-foo>` Description of foo
...for all podman sub and sub-subcommands 'foo'.
Read all .rst files and make sure that:
- all entries in a given file are in alphabetical order
- all link-to-foo targets point to existing doc files
- every subcommand known by 'podman help' has a corresponding
doc entry in a .rst file
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For each podman*.md file with a subcommand table (podman,
podman-container, etc), assert that the subcommand list
is sorted.
Change is bigger than it should be, because it switches from
nice clean local per-function error counting to using a nasty
global.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Enable systemd mode for /usr/local/sbin/init
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman 1.6.2 changed systemd mode auto-detection from commands ending in
``init`` to hard-coded paths ``/sbin/init`` and ``/usr/sbin/init``. This
broke FreeIPA container. ``podman run`` and ``podman create`` now
activate systemd mode when the command is ``/usr/local/sbin/init``.
Fixes: https://github.com/containers/podman/issues/7287
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|\ \ \
| | | |
| | | | |
Allow specifying seccomp profiles for privileged containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To sync the behavior between AppArmor and seccomp it is now possible to
also specify seccomp profiles for privileged containers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fix handling of working dir
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Buildah and podman build can create images without a working dir.
FROM fedora
WORKDIR /test
If you build this image with caching twice, the second time the image
will not have a working dir.
Similarly if you execute
podman run --workdir /foobar fedora
It blows up since the workingdir is not created automatically.
Finally there was duplicated code for getting the workingdir
out of an image, that this PR removes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add the `Status` field in the ps --format=json
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Add missing pages for docs.podman.io
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Lots of references to man pages missing from docs.podman.io
Also fix sort order in man pages and other documents.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Img Pull - Error pass through
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Included old error + wrapped
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Allign container image storage configuration with Buildah
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Kirill Shirinkin <kirill@hey.com>
|
|\ \ \
| | | |
| | | | |
Do not use image CMD if user gave ENTRYPOINT
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This matches Docker behavior, and seems to make sense - the CMD
may have been specific to the original entrypoint and probably
does not make sense if it was changed.
While we're in here, greatly simplify the logic for populating
the SpecGen's Command. We create the full command when making the
OCI spec, so the client should not be doing any more than setting
it to the Command the user passed in, and completely ignoring
ENTRYPOINT.
Fixes #7115
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Remove TEST_ from TEST_REMOTE_*
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We know these are TEST_, hoping this makes the display in
cirrus easier for users to see true|false, since this is the
valuable information is.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Default .Repository and .Tag values to <none>
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor the processing of Repository and Tag fields to default to <none>
when printing via --format flag. Previously, the default format would
print <none> but --format {{.Tag}} would not in some cases.
Fixes #7123
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
remove --latest for all remote commands
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option.
Fixes: #7127
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Unconditionally retrieve pod names via API
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The ListContainers API previously had a Pod parameter, which
determined if pod name was returned (but, notably, not Pod ID,
which was returned unconditionally). This was fairly confusing,
so we decided to deprecate/remove the parameter and return it
unconditionally.
To do this without serious performance implications, we need to
avoid expensive JSON decodes of pod configuration in the DB. The
way our Bolt tables are structured, retrieving name given ID is
actually quite cheap, but we did not expose this via the Libpod
API. Add a new GetName API to do this.
Fixes #7214
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
generate systemd: fix error handling
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug in the error handling which returned nil instead of an error
and ultimately lead to nil dereferences in the client. To prevent
future regressions, add a test and check for the error message.
Fixes: #7271
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|