summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* systemd: mask /sys/fs/cgroup/systemd/release_agentGiuseppe Scrivano2019-10-25
| | | | | | | | when running in systemd mode on cgroups v1, make sure the /sys/fs/cgroup/systemd/release_agent is masked otherwise the container is able to modify it and execute scripts on the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4342 from sshnaidm/docs_netOpenShift Merge Robot2019-10-25
|\ | | | | Add multiple networks explanation to docs
| * Add multiple networks explanation to docsSagi Shnaidman2019-10-24
| | | | | | | | Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* | Merge pull request #4333 from giuseppe/error-rootless-cniOpenShift Merge Robot2019-10-24
|\ \ | |/ |/| rootless: raise an error with --network=
| * rootless: raise an error with --network=Giuseppe Scrivano2019-10-24
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/4332 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4339 from baude/rtdfirstmenuOpenShift Merge Robot2019-10-24
|\ \ | | | | | | Initial dump of man pages and first menus
| * | Initial dump of man pages and first menusbaude2019-10-24
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4330 from mheon/update_vol_create_docsOpenShift Merge Robot2019-10-24
|\ \ \ | | | | | | | | Add documentation on options to volume create manpage
| * | | Add documentation on options to volume create manpageMatthew Heon2019-10-23
| |/ / | | | | | | | | | | | | | | | | | | | | | Document the rough equivalence between our option types and the various parts of the mount command. Amend examples a bit to cover this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4228 from giuseppe/detect-no-systemd-sessionOpenShift Merge Robot2019-10-24
|\ \ \ | | | | | | | | rootless: detect no system session with --cgroup-manager=systemd
| * | | rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4329 from mheon/no_noexec_image_volumeOpenShift Merge Robot2019-10-24
|\ \ \ \ | | | | | | | | | | Image volumes should not be mounted noexec
| * | | | Image volumes should not be mounted noexecMatthew Heon2019-10-23
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker more closely, but retains the more important protections of nosuid/nodev. Fixes #4318 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4298 from mheon/uid_gid_optionsOpenShift Merge Robot2019-10-24
|\ \ \ \ | |_|_|/ |/| | | Add parsing for UID, GID in volume "o" option
| * | | Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4322 from baude/rtdrequirementsOpenShift Merge Robot2019-10-23
|\ \ \ \ | |_|/ / |/| | | add pip requirements file for rtd
| * | | add pip requirements file for rtdbaude2019-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | read the docs requires a pip requirements file to build markdown files instead of the rst format. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #4275 from vrothberg/fix-4274OpenShift Merge Robot2019-10-23
|\ \ \ \ | |/ / / |/| | | stats: list all running containers unless specified otherwise
| * | | stats: list all running containers unless specified otherwiseValentin Rothberg2019-10-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Unless specified otherwise by --all, --latest or via arguments, list all running containers. This matches the behaviour of Docker and is also illustrated in the man pages where containers and options are marked to be optional. Fixes: #4274 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4321 from baude/readthedocsinitOpenShift Merge Robot2019-10-22
|\ \ \ | |/ / |/| | Initial checking for readthedocs
| * | Initial checking for readthedocsbaude2019-10-22
|/ / | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4287 from mheon/anonymous_volumesOpenShift Merge Robot2019-10-22
|\ \ | | | | | | Add support for anonymous volumes to `podman run -v`
| * | Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4299 from stevengubler/masterOpenShift Merge Robot2019-10-22
|\ \ \ | | | | | | | | Markdown Formatting Fixes
| * | | Markdown Formatting FixesSteven Gubler2019-10-18
| | | | | | | | | | | | | | | | Signed-off-by: Steven Gubler <stevegubler@protonmail.com>
* | | | Merge pull request #4313 from haircommander/unused-varOpenShift Merge Robot2019-10-22
|\ \ \ \ | | | | | | | | | | exec: remove unused var
| * | | | exec: remove unused varPeter Hunt2019-10-21
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | Merge pull request #4284 from mheon/fix_vol_inspectOpenShift Merge Robot2019-10-21
|\ \ \ \ \ | | | | | | | | | | | | Show volume options in 'volume inspect'
| * | | | | Rewrite backend for remote 'volume inspect'Matthew Heon2019-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to use the new Inspect() endpoint instead of trying to JSON the actual volume structs. Currently, the output seems completely nonsensical; it seems like we're JSONing the struct for the Varlink connection itself? This should restore sanity and match the format of remote and local inspect on volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | Show volume options in 'volume inspect'Matthew Heon2019-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initialized the map to show them, but didn't actually copy them in, so they weren't being displayed. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #4309 from giuseppe/write-storage-overridesOpenShift Merge Robot2019-10-21
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | rootless: write storage overrides to the conf file
| * | | | | rootless: write storage overrides to the conf fileGiuseppe Scrivano2019-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make sure the user overrides are stored in the configuration file when first created. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4125 from baude/remotestdinOpenShift Merge Robot2019-10-20
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Add ability to redirect bash for run -i
| * | | | | Add ability to redirect bash for run -ibaude2019-10-15
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #4297 from cnbattle/masterOpenShift Merge Robot2019-10-18
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | README.md update latest version to 1.6.2
| * | | | | Merge pull request #4292 from mheon/bump-1.6.2OpenShift Merge Robot2019-10-18
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to v1.6.2 Signed-off-by: cnbattle <qiaicn@gmail.com>
* | \ \ \ \ \ Merge pull request #4269 from giuseppe/do-not-set-lingering-mode-by-defaultOpenShift Merge Robot2019-10-18
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | rootless: do not enable lingering mode
| * | | | | | | troubleshooting.md: document lingering modeGiuseppe Scrivano2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | rootless: do not enable lingering modeGiuseppe Scrivano2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not automatically enable lingering mode. Closes: https://github.com/containers/libpod/issues/4224 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | Merge pull request #4241 from haircommander/kube-test-refactorOpenShift Merge Robot2019-10-18
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | play kube: refactor test suite
| * | | | | | | | play kube: Container->CtrPeter Hunt2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for berevity Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | | | | | play kube: refactor test suitePeter Hunt2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The play kube test suite has many different cases to cover, and should only grow in coverage over time The old design was difficult to extend, and there was lots of duplicated code. The largest pain point was the Container struct needed to be changed often, and doing so caused changes every test case Instead, adopt the `withOption` idiom. Now, adding a new option for customizing just involves adding a new withOption function, and changing the struct definition and initialization in one place. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | | | | | | Merge pull request #4282 from chuanchang/bz1731117OpenShift Merge Robot2019-10-18
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / |/| | | | | | | | System tests: make sure exec pid hash w/o leaking
| * | | | | | | | System tests: make sure exec pid hash w/o leakingAlex Jia2019-10-18
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman exec leaks an exec_pid_<hash> file for every exec in tmpfs, it's known rhbz#1731117, this case makes sure leakage issue has been fixed. rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117 Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | | | | | | Merge pull request #4292 from mheon/bump-1.6.2OpenShift Merge Robot2019-10-17
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | / / / / | | |_|/ / / / | |/| | | | | Bump to v1.6.2
| * | | | | | Bump gitvalidation epochMatthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | Bump to v1.6.3-devMatthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | Bump to v1.6.2v1.6.2Matthew Heon2019-10-17
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #4290 from mheon/release_notes_1.6.2_finalOpenShift Merge Robot2019-10-17
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Finalize release notes for v1.6.2
| * | | | | Finalize release notes for v1.6.2Matthew Heon2019-10-17
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>