summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #4528 from haircommander/kube-seccompOpenShift Merge Robot2019-11-22
|\ | | | | Handle seccomp annotations in play kube
| * play kube: handle seccomp labelsPeter Hunt2019-11-18
| | | | | | | | | | | | | | Add handling of seccomp annotations to play kube at both container and pod levels. also add a test Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #4538 from ↵OpenShift Merge Robot2019-11-22
|\ \ | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.14.0 build(deps): bump github.com/containers/storage from 1.13.5 to 1.14.0
| * | build(deps): bump github.com/containers/storage from 1.13.5 to 1.14.0dependabot-preview[bot]2019-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.13.5 to 1.14.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.13.5...v1.14.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4525 from rst0git/uns-restore-fixOpenShift Merge Robot2019-11-22
|\ \ \ | | | | | | | | container-restore: Fix restore with user namespace
| * | | container-restore: Fix restore with user namespaceRadostin Stoyanov2019-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When restoring a container with user namespace, the user namespace is created by the OCI runtime, and the network namespace is created after the user namespace to ensure correct ownership. In this case PostConfigureNetNS will be set and the value of c.state.NetNS would be nil. Hence, the following error occurs: $ sudo podman run --name cr \ --uidmap 0:1000:500 \ -d docker.io/library/alpine \ /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' $ sudo podman container checkpoint cr $ sudo podman container restore cr ... panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x13a5e3c] Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
* | | | Merge pull request #4541 from giuseppe/use-file-backend-no-systemdOpenShift Merge Robot2019-11-21
|\ \ \ \ | |_|/ / |/| | | config: use EventsLogger=file without systemd
| * | | config: use EventsLogger=file without systemdGiuseppe Scrivano2019-11-21
|/ / / | | | | | | | | | | | | | | | if systemd is not available, use the file events logger backend. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4464 from TomSweeneyRedHat/dev/tsweeney/buildtestOpenShift Merge Robot2019-11-19
|\ \ \ | | | | | | | | Add new test suite for build
| * | | Add new test suite for buildTomSweeneyRedHat2019-11-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most build testing should be done in Buildah's test suites, but we should have a minimal amount of tests, especially testing the parts that are different like layers and squash. Also the CLI argument handling of things like the context directory that we've had issues reported. This first chunk does a basic test and then checks for context directory being a file and squash iterations. More to be added as time goes by. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4523 from vrothberg/systemd-improvementsOpenShift Merge Robot2019-11-19
|\ \ \ | | | | | | | | podman rm/stop --cidfile
| * | | podman rm/stop --cidfileValentin Rothberg2019-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --cidfile flag to podman rm/stop to pass a container ID via a file. Podman run already provides the functionaly to store the ID in a specified file which we now complete with rm/stop. This allows for a better life-cycle management in systemd services. Note that --cdifile can be specified multiple times to rm/stop. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4502 from vrothberg/fix-3359OpenShift Merge Robot2019-11-18
|\ \ \ \ | |_|_|/ |/| | | history: rewrite mappings
| * | | history: rewrite mappingsValentin Rothberg2019-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rewrite the backend for displaying the history of an image to simplify the code and be closer to docker's behaviour. Instead of driving index-based heuristics, create a reverse mapping from top-layers to the corresponding image IDs and lookup the layers on-demand. Also use the uncompressed layer size to be closer to Docker's behaviour. Note that intermediate images from local builds are not considered for the ID lookups anymore. Fixes: #3359 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #4521 from haircommander/winsz-fixOpenShift Merge Robot2019-11-17
|\ \ \ \ | |_|_|/ |/| | | Also delete winsz fifo
| * | | Also delete winsz fifoPeter Hunt2019-11-15
| | |/ | |/| | | | | | | | | | | | | In conmon 2.0.3, we add another fifo to handle window resizing. This needs to be cleaned up for commands like restore, where the same path is used. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #4505 from vrothberg/archOpenShift Merge Robot2019-11-16
|\ \ \ | | | | | | | | container create: os/arch check
| * | | container create: os/arch checkValentin Rothberg2019-11-12
| | |/ | |/| | | | | | | | | | | | | | | | Unless explicitely overridden, check if the image's OS and architecture and throw an errors in case of a mismatch. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4368 from haircommander/pod-annotationsOpenShift Merge Robot2019-11-15
|\ \ \ | |_|/ |/| | Add pod annotations to container
| * | Add annotations in play kubePeter Hunt2019-11-08
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | Add pod annotations to containerPeter Hunt2019-11-08
| | | | | | | | | | | | | | | | | | We have the annotations SandboxID, let's use them. This also allows kata containers to be created in pods and share a VM with the infra container. Note: as of now, this sharing only works if the pod has an infra container Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #4518 from baude/alpinetopauseOpenShift Merge Robot2019-11-14
|\ \ \ | | | | | | | | use pause image for check all
| * | | use pause image for check allbaude2019-11-14
|/ / / | | | | | | | | | | | | | | | | | | | | | the pull all tags test can frequently timeout when trying to pull all alpine tags. using the pause image, which is smaller, should provide some relief. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4506 from TomSweeneyRedHat/dev/tsweeney/bump_buildah1.11.5OpenShift Merge Robot2019-11-13
|\ \ \ | | | | | | | | Bump to Buildah v1.11.5
| * | | Bump to Buildah v1.11.5TomSweeneyRedHat2019-11-13
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Bump to Buildah v1.11.5. Most notably changes to the podman build `--pull` functionality. `--pull=true` and `--pull=false` now work as Docker does, `--pull-never` added to supply the functionality of the old `--pull=false`. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4497 from onlyjob/masterOpenShift Merge Robot2019-11-13
|\ \ \ | | | | | | | | codespell: spelling corrections
| * | | codespell: spelling correctionsDmitry Smirnov2019-11-13
| |/ / | | | | | | | | | Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
* | | Merge pull request #4503 from cevich/fix_branch_imagesOpenShift Merge Robot2019-11-13
|\ \ \ | |/ / |/| | Cirrus: Use branch-specific container tags
| * | Cirrus: Use branch-specific container tagsChris Evich2019-11-12
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | Automated building of container images is handled in quay.io based on changes in the master branch of this repository. However, as additional branches are made, the "latest" image (from master) diverges from their expectations. Fix this by using the branch-tagged images built by quay. For the near-term, this also implies quay.io will be configured to also build different images for each branch, and tag them appropriately. Long-term, image build automation should be combined with libpod automation - to avoid needing to maintain automation in multiple systems/locations. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4489 from lsm5/seccomp-separationOpenShift Merge Robot2019-11-11
|\ \ | | | | | | create a separate install target for seccomp
| * | create a separate install target for seccompLokesh Mandvekar2019-11-10
|/ / | | | | | | | | | | | | | | | | | | podman in Fedora gets seccomp.json from containers-common while the one in Ubuntu PPA gets seccomp.json from containers-golang. This change will let me use install.config target unmodified in downstream packages. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #4408 from slimjim2234/masterOpenShift Merge Robot2019-11-08
|\ \ | | | | | | Fixed issue #4391; podman info --format '{{ json . }}'
| * | Fixed the JSON go template format for the 'info' actionJimmy Crumpler2019-11-01
| | | | | | | | | | | | Signed-off-by: Jimmy Crumpler <slimjim2234@gmail.com>
* | | Merge pull request #4337 from QiWang19/check_auth_pathOpenShift Merge Robot2019-11-08
|\ \ \ | | | | | | | | fix bug check nonexist authfile
| * | | fix bug check nonexist authfileQi Wang2019-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use GetDefaultAuthFile() from buildah. For podman command(except login), if authfile does not exist returns error. close #4328 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #4427 from rst0git/docs-rm-vOpenShift Merge Robot2019-11-08
|\ \ \ \ | |_|_|/ |/| | | docs: Update "podman container rm -v" description
| * | | docs: Update "podman container rm -v" descriptionRadostin Stoyanov2019-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit 52df1fa (Fix volume handling in podman) was implemented the --volume option for podman remove. However, its behaviour changed after 83db80c (Only remove image volumes when removing containers). This commit updates the description of this option to reflect the new behaviour. Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
* | | | Merge pull request #4453 from rhatdan/vendorOpenShift Merge Robot2019-11-08
|\ \ \ \ | | | | | | | | | | Add support for make vendor-in-container
| * | | | Add support for make vendor-in-containerDaniel J Walsh2019-11-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #4265 from haircommander/infra-namespaces-submitOpenShift Merge Robot2019-11-08
|\ \ \ \ \ | |/ / / / |/| | | | Split up create config handling of namespaces and security
| * | | | Split up create config handling of namespaces and securityPeter Hunt2019-11-07
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | As it stands, createconfig is a huge struct. This works fine when the only caller is when we create a container with a fully created config. However, if we wish to share code for security and namespace configuration, a single large struct becomes unweildy, as well as difficult to configure with the single createConfigToOCISpec function. This PR breaks up namespace and security configuration into their own structs, with the eventual goal of allowing the namespace/security fields to be configured by the pod create cli, and allow the infra container to share this with the pod's containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #4444 from TomSweeneyRedHat/dev/tsweeney/readthedocsOpenShift Merge Robot2019-11-08
|\ \ \ \ | | | | | | | | | | Add links to readthedocs on docs/readme
| * | | | Add links to readthedocs on docs/readmeTomSweeneyRedHat2019-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a couple of links to the new ReadTheDocs site for the libpod man pages from the docs/readme.md. Many users go to github.com/{project}/docs looking for the man pages for the project and their location is not evident on the current readme.md. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #4466 from giuseppe/notmpcopyupOpenShift Merge Robot2019-11-07
|\ \ \ \ \ | | | | | | | | | | | | mount: add new options nocopyup|copyup for tmpfs
| * | | | | mount: add new options nocopyup|copyup for tmpfsGiuseppe Scrivano2019-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a way to disable tmpcopyup for tmpfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #4451 from giuseppe/set-macOpenShift Merge Robot2019-11-07
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman: add support for specifying MAC
| * | | | | | test: add tests for --mac-addressGiuseppe Scrivano2019-11-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | cni: enable tuning pluginGiuseppe Scrivano2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | podman: add support for specifying MACJakub Filak2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I basically copied and adapted the statements for setting IP. Closes #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>
| * | | | | | vendor: updated ocicni for MAC addressJakub Filak2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `go get github.com/cri-o/ocicni@deac903fd99b6c52d781c9f42b8db3af7dcfd00a` I had to fix compilation errors in libpod/networking_linux.go --- ocicni.Networks has changed from string to the structure NetAttachment with the member Name (the former string value) and the member Ifname (optional). I don't think we can make use of Ifname here, so I just map the array of structures to array of strings - e.g. dropping Ifname. --- The function GetPodNetworkStatus no longer returns Result but it returns the wrapper structure NetResult which contains the former Result plus NetAttachment (Network name and Interface name). Again, I don't think we can make use of that information here, so I just added `.Result` to fix the build. --- Issue: #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>