| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Do not store the exit command in container config
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a problem with creating and storing the exit command when the
container was created. It only contains the options the container was
created with but NOT the options the container is started with. One
example would be a CNI network config. If I start a container once, then
change the cni config dir with `--cni-config-dir` ans start it a second
time it will start successfully. However the exit command still contains
the wrong `--cni-config-dir` because it was not updated.
To fix this we do not want to store the exit command at all. Instead we
create it every time the conmon process for the container is startet.
This guarantees us that the container cleanup process is startet with
the correct settings.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
System tests: new checkpoint test
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Includes a test for the stdout-goes-away bug (crun #756).
Skip on Ubuntu due to a many-months-old kernel bug that
keeps getting fixed and then un-fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following PR adds basic pattern matching to filter by labels for `keys`.
Adds support for use-cases like `--filter label=some.prefix.com/key/*`
where end-users want to match a pattern for keys as compared to exact
value.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
volumes: add new option idmap
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
pass down the "idmap" mount option to the OCI runtime.
Needs: https://github.com/containers/crun/pull/780
Closes: https://github.com/containers/podman/issues/12154
[NO NEW TESTS NEEDED] there is no crun version yet that support the
new feature.
Test case (must run as root):
podman run --rm -v foo:/foo alpine touch /foo/bar
podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo
total 0
-rw-r--r-- 1 root root 0 Nov 15 14:01 bar
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman machine start wait for ssh
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Wait for sshd to be ready before we return from start. This should make
podman machine ssh immediately available without any race conditions.
Fixes #11532
[NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure
if this fixes it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
rootless netns, one netns per libpod tmp dir
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The netns cleanup code is checking if there are running containers, this
can fail if you run several libpod instances with diffrent root/runroot.
To fix it we use one netns for each libpod instances. To prevent name
conflicts we use a hash from the static dir as part of the name.
Previously this worked because we would use the CNI files to check if
the netns was still in use. but this is no longer possible with netavark.
[NO NEW TESTS NEEDED]
Fixes #12306
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Add --file-locks checkpoint/restore option
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CRIU supports checkpoint/restore of file locks. This feature is
required to checkpoint/restore containers running applications
such as MySQL.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
remote checkpoint/restore: more fixes
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Support `checkpoint --pre-checkpoint`
* Support `checkpoint --with-previous`
* Disable `restore --import-previous` for the remote client since we had
to send two files which in turn would require to tar them up and hence
be a breaking change. Podman 4.0 would be the chance and I hope we'll
find time before that to remote-restore prettier.
Note that I did not run over swagger yet to check whether all parameters
are actually documented due to time constraints.
Fixes: #12334
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix CI
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.
Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix: take absolute path for dd on apple silicon
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #12329
[NO NEW TESTS NEEDED] podman machine
Signed-off-by: Michael Rödel <hello@mroedel.de>
|
|\ \ \ \
| | | | |
| | | | | |
rootless: use auto cleanup functions
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
*printf functions already support printing the errno string with %m
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
there is already a function for opening a namespace path, reuse it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
simplify code using auto cleanup functions
[NO NEW TESTS NEEDED] it is a refactoring of existing code
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
rootless: use catatonit to maintain user+mnt namespace
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if catatonit is present, use it to keep the rootless user+mnt
namespace alive.
[NO NEW TESTS NEEDED] no new features added.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix remote checkpoint/restore
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Nothing was working before, and it's too much to summarize. To make
sure we're not regressing in the future again, enable the remote e2e
tests.
Fixes: #12007
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Set config environment variables early in Podman init
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes: https://github.com/containers/podman/issues/12296
[NO NEW TESTS NEEDED] because there is no easy way to test this.
Tests are in containers/common.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
utils: use podman-pause-$RANDOM.scope name
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
we try hard to re-use the existing podman-pause.scope name when it
already exists, causing any sort of race errors when the already
existing scope is terminating.
There is no such a requirement though, so just try with a random
name.
Closes: https://github.com/containers/podman/issues/12065
[NO NEW TESTS NEEDED] it fixes a race in the CI
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rename libpod nettypes fields
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some field names are confusing. Change them so that they make more sense
to the reader.
Since these fields are only in the main branch we can safely rename them
without worrying about backwards compatibility.
Note we have to change the field names in netavark too.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
hack/bats: deal with new bin helpers
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some time in the last month, podman started to depend on a bunch
of external helper binaries: rootlessport, pause, catatonit.
System tests fail without these.
Update the hack/bats script to pass $CONTAINERS_HELPER_BINARIES_DIR
(set to ./bin); podman will then use locally-built helpers. (This
requires https://github.com/containers/common/pull/823 , which as
of this PR is not yet vendored into podman. There is no harm in
merging this while we wait.)
Also: if bats helper is invoked as root, run only once; i.e.,
skip the "rootless" step.
Also (piggybacked): the name of the podman pause image has
changed, from pause to podman-pause. Adjust that in our
teardown so we don't leave droppings.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
infra container: replace pause with catatonit
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A temporary workaround until the CI images are updated.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Podman has been using catatonit for a number of years already.
Thanks to @giuseppe, catatonit is now able to run as a pause
process which allows us to replace the pause binary entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since
catatonit's new pause functionality can replace the `pause` binary
entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Add option --unsetenv to remove default environment variables
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman adds a few environment variables by default, and
currently there is no way to get rid of them from your container.
This option will allow you to specify which defaults you don't
want.
--unsetenv-all will remove all default environment variables.
Default environment variables can come from podman builtin,
containers.conf or from the container image.
Fixes: https://github.com/containers/podman/issues/11836
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
podman machine improve port forwarding
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commits adds port forwarding logic directly into podman. The
podman-machine cni plugin is no longer needed.
The following new features are supported:
- works with cni, netavark and slirp4netns
- ports can use the hostIP to bind instead of hard coding 0.0.0.0
- gvproxy no longer listens on 0.0.0.0:7777 (requires a new gvproxy
version)
- support the udp protocol
With this we no longer need podman-machine-cni and should remove it from
the packaging. There is also a change to make sure we are backwards
compatible with old config which include this plugin.
Fixes #11528
Fixes #11728
[NO NEW TESTS NEEDED] We have no podman machine test at the moment.
Please test this manually on your system.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
secret: honor custom `target=` for secrets with `type=mount` for ctr.
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Honor custom `target` if specified while running or creating containers
with secret `type=mount`.
Example:
`podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest
bash`
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
journald logs: keep reading until the journal's end
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When reading logs from the journal, keep going after the container
exits, in case it gets restarted.
Events logged to the journal via the normal paths don't include
CONTAINER_ID_FULL, so don't bother adding it to the "history" event we
use to force at least one entry for the container to show up in the log.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Error logs --follow if events-backend != journald, event-logger=journald
|