| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Fix Makefile ref libseccomp branch as a commit
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit a824186ac9 mistakenly updated LIBSECCOMP_COMMIT with a branch
name instead of a commit reference. This breaks on Ubuntu's git with
the `--detach` option, causing it to throw this error:
```
fatal: '--detach' cannot be used with '-b/-B/--orphan'
```
Fix this by using the tag `v2.3.3` which at the time of this commit, is
the current HEAD of the release-2.3 branch.
Thanks to Ed Santiago <santiago@redhat.com> for helping figure
out the error and the fix.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
cp: drop check for rootless
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
rootless containers can use pause on cgroups v2.
Whether it is possible or not to use pause depends from multiple
conditions, such as:
- be on a cgroup v2 unified hierarchy,
- using systemd cgroup manager,
- the kernel has the freezer controller,
The last one may fail for root as well.
Instead of trying to catch all the possible conditions in Podman, let
the OCI runtime complain if pause cannot be performed.
Closes: https://github.com/containers/libpod/issues/4813
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Update podmanimage build process
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(Stealing from: @rhatdan 's https://github.com/containers/buildah/pull/2038 )
1 We need to update all packages in the podman image to make sure they are
up2date.
2 reinstall shadow-utils. For some reason the fedora base image does not
include the file capabilities assigned to /usr/bin/newuidmap and
/usr/bin/newgidmap. Reinstalling shadow-utils, brings them back.
3 Add a default user build to the system. This will create the
/etc/subuid and /etc/subgid maps get created correctly.
Once we have this we should be able to build a container starting with a non
privileged user
podman run -ti --user build --device=/dev/fuse -v ./Dockerfile:/Dockerfile:z quay.io/podman/stable podman buildd /
Addresses: #4741
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
exec: fix pipes
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In a largely anticlimatic solution to the saga of piped input from conmon, we come to this solution.
When we pass the Stdin stream to the exec.Command structure, it's immediately consumed and lost, instead of being consumed through CopyDetachable().
When we don't pass -i in, conmon is not told to create a masterfd_stdin, and won't pass anything to the container.
With both, we can do
echo hi | podman exec -til cat
and get the expected hi
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootlessport: remove state dir on exit + honor ctr.runtime.config.TmpDir
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously, rootlessport was using /var/tmp as the tmp dir.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
| | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|\ \ \ \
| |_|_|/
|/| | | |
Usage messages: show possible option values
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
...in a consistent manner: ("a"|"b"|"c")
This makes it possible (and easy) for zsh completion to
pick those out of the --help messages and offer them
as values when user hits TAB.
I chose this format because it's an already-existing
convention in cmd/podman/common.go.
Also: removed two duplicate "default: x" messages (Cobra
displays those automatically where a non-null default
is specified).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix podman-remote info to show registry data
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Don't show PASS on success for gitvalidate
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make test logs less verbose so that failures are easier to spot.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix golint errors
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Golint claims that image.Image stutters but renaming the type would be a
breaking change which isn't worth the consequences.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add `untag` sub-command
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Podman now supports untagging images via the `untag` sub-command for the
root and `image` commands. Testing and documentation has been added as
well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
TomSweeneyRedHat/dev/tsweeney/updateinspectcommands
Update demo for the inspect command
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Updates the inspect command demo with an up to date
variant and adds a link to script that ran it.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
packaging: validate installed rpms
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously we builded RPMs that contained an outdated conmon which was
not compatible. From now on `make-install` will also call
`podman version` and `podman info` in order to perform a minimal
sanity check of the installation.
Fixes: #4665
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
rootless: use RootlessKit port forwarder
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
RootlessKit port forwarder has a lot of advantages over the slirp4netns port forwarder:
* Very high throughput.
Benchmark result on Travis: socat: 5.2 Gbps, slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps
(https://travis-ci.org/rootless-containers/rootlesskit/builds/597056377)
* Connections from the host are treated as 127.0.0.1 rather than 10.0.2.2 in the namespace.
No UDP issue (#4586)
* No tcp_rmem issue (#4537)
* Probably works with IPv6. Even if not, it is trivial to support IPv6. (#4311)
* Easily extensible for future support of SCTP
* Easily extensible for future support of `lxc-user-nic` SUID network
RootlessKit port forwarder has been already adopted as the default port forwarder by Rootless Docker/Moby,
and no issue has been reported AFAIK.
As the port forwarder is imported as a Go package, no `rootlesskit` binary is required for Podman.
Fix #4586
May-fix #4559
Fix #4537
May-fix #4311
See https://github.com/rootless-containers/rootlesskit/blob/v0.7.0/pkg/port/builtin/builtin.go
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|\ \ \
| |/ /
|/| | |
play kube: make seccomp handling better conform to k8s
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles
update tests
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| | | |
| | | | |
github stale workflow: rephrase and bump close time
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Rephrase the stale message to be friendlier and bump the closing time to
365 days. The docs of the stale workflow do not indicate whether we can
not close, so a limit of 365 days seems fair.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
fix bug copy from container directory
|
| | |
| | |
| | |
| | |
| | |
| | | |
Keep the original input source path with "/." so podman can copy the content of the directory when copying from container to host.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bump to v1.7.0
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
Generate binaries only if there are changes in src code.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes I am making:
1. The target `.gopathok` was listed in `.PHONY` which
looks wrong as it regenerates `.gopathok` every time we
re-run it, which was a part of the issue. I removed it
to avoid that. If `.gopathok` is present', makefile
should not need to rerun it.
2. Ensure the binaries are created only if they don't
exist by adding `bin/podman`
and `bin/podman-remote`.
3. Add a `SOURCES = $(shell find . -name "*.go")` and put
it as a dependency of the podman binaries target. It allows us
to re-generate the binaries only when there is a change in the
source files. The downside is it increases the running time of
the command that generates them (20 seconds on my virtual machine
running Centos 7). If this is a problem, we could introduce a
hidden file that would list all the files to track, that
would need to be updated only when a dev is introducing new files.
4. Fixed the make package-install as it does not work with yum.
I updated the build_rpm.sh to ensure it works on centos 7
and centos 8 with no pre-required installation.
Closes #4367
Signed-off-by: Neville Cain <neville.cain@qonto.eu>
|
|\ \ \ \
| | | | |
| | | | | |
(minor) fix broken links to container-policy.json.5
|