summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #4825 from cevich/fix_libseccomp_commitOpenShift Merge Robot2020-01-10
|\ | | | | Fix Makefile ref libseccomp branch as a commit
| * Fix Makefile ref libseccomp branch as a commitChris Evich2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit a824186ac9 mistakenly updated LIBSECCOMP_COMMIT with a branch name instead of a commit reference. This breaks on Ubuntu's git with the `--detach` option, causing it to throw this error: ``` fatal: '--detach' cannot be used with '-b/-B/--orphan' ``` Fix this by using the tag `v2.3.3` which at the time of this commit, is the current HEAD of the release-2.3 branch. Thanks to Ed Santiago <santiago@redhat.com> for helping figure out the error and the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4828 from giuseppe/drop-pause-checkOpenShift Merge Robot2020-01-10
|\ \ | |/ |/| cp: drop check for rootless
| * cp: drop check for rootlessGiuseppe Scrivano2020-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rootless containers can use pause on cgroups v2. Whether it is possible or not to use pause depends from multiple conditions, such as: - be on a cgroup v2 unified hierarchy, - using systemd cgroup manager, - the kernel has the freezer controller, The last one may fail for root as well. Instead of trying to catch all the possible conditions in Podman, let the OCI runtime complain if pause cannot be performed. Closes: https://github.com/containers/libpod/issues/4813 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4819 from TomSweeneyRedHat/dev/tsweeney/fixpodmanimageOpenShift Merge Robot2020-01-09
|\ \ | | | | | | Update podmanimage build process
| * | Update podmanimage build processTomSweeneyRedHat2020-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Stealing from: @rhatdan 's https://github.com/containers/buildah/pull/2038 ) 1 We need to update all packages in the podman image to make sure they are up2date. 2 reinstall shadow-utils. For some reason the fedora base image does not include the file capabilities assigned to /usr/bin/newuidmap and /usr/bin/newgidmap. Reinstalling shadow-utils, brings them back. 3 Add a default user build to the system. This will create the /etc/subuid and /etc/subgid maps get created correctly. Once we have this we should be able to build a container starting with a non privileged user podman run -ti --user build --device=/dev/fuse -v ./Dockerfile:/Dockerfile:z quay.io/podman/stable podman buildd / Addresses: #4741 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4818 from haircommander/piped-exec-fixOpenShift Merge Robot2020-01-09
|\ \ \ | | | | | | | | exec: fix pipes
| * | | exec: fix pipesPeter Hunt2020-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a largely anticlimatic solution to the saga of piped input from conmon, we come to this solution. When we pass the Stdin stream to the exec.Command structure, it's immediately consumed and lost, instead of being consumed through CopyDetachable(). When we don't pass -i in, conmon is not told to create a masterfd_stdin, and won't pass anything to the container. With both, we can do echo hi | podman exec -til cat and get the expected hi Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #4821 from AkihiroSuda/fix-rootlessportOpenShift Merge Robot2020-01-09
|\ \ \ \ | | | | | | | | | | rootlessport: remove state dir on exit + honor ctr.runtime.config.TmpDir
| * | | | rootlessport: honor ctr.runtime.config.TmpDirAkihiro Suda2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, rootlessport was using /var/tmp as the tmp dir. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * | | | rootlessport: remove state dir on exitAkihiro Suda2020-01-09
| | |/ / | |/| | | | | | | | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #4820 from edsantiago/consistent_option_enumerationsOpenShift Merge Robot2020-01-09
|\ \ \ \ | |_|_|/ |/| | | Usage messages: show possible option values
| * | | Usage messages: show possible option valuesEd Santiago2020-01-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...in a consistent manner: ("a"|"b"|"c") This makes it possible (and easy) for zsh completion to pick those out of the --help messages and offer them as values when user hits TAB. I chose this format because it's an already-existing convention in cmd/podman/common.go. Also: removed two duplicate "default: x" messages (Cobra displays those automatically where a non-null default is specified). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #4802 from rhatdan/varlinkOpenShift Merge Robot2020-01-09
|\ \ \ | |/ / |/| | Fix podman-remote info to show registry data
| * | Fix podman-remote info to show registry dataDaniel J Walsh2020-01-07
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #4758 from rhatdan/validateOpenShift Merge Robot2020-01-08
|\ \ \ | | | | | | | | Don't show PASS on success for gitvalidate
| * | | Don't show PASS on success for gitvalidateDaniel J Walsh2020-01-06
| | | | | | | | | | | | | | | | | | | | | | | | Make test logs less verbose so that failures are easier to spot. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #4816 from vrothberg/lintOpenShift Merge Robot2020-01-08
|\ \ \ \ | | | | | | | | | | Fix golint errors
| * | | | fix lint - pkg/varlinkapi/virtwriterValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - pkg/util: func commentValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - pkg/specValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint in pkg/rootlessValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - pkg/network: comment exported typesValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - pkg/adapter: comment exported APIValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - ignore image.ImageDeleteResponse definitionValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Golint claims that image.Image stutters but renaming the type would be a breaking change which isn't worth the consequences. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint - drop else blockValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint: add comment for NameRegex and errorValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint: correct func identifier in commentValentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | fix lint: "guarantess" is a misspelling of "guarantees"Valentin Rothberg2020-01-08
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #4712 from openSUSE/untag-commandOpenShift Merge Robot2020-01-08
|\ \ \ \ \ | | | | | | | | | | | | Add `untag` sub-command
| * | | | | Add `untag` sub-commandSascha Grunert2020-01-08
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman now supports untagging images via the `untag` sub-command for the root and `image` commands. Testing and documentation has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | Merge pull request #4810 from ↵Daniel J Walsh2020-01-08
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | TomSweeneyRedHat/dev/tsweeney/updateinspectcommands Update demo for the inspect command
| * | | | | Update demo for the inspect commandTomSweeneyRedHat2020-01-07
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updates the inspect command demo with an up to date variant and adds a link to script that ran it. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | | Merge pull request #4795 from ssbarnea/masterOpenShift Merge Robot2020-01-08
|\ \ \ \ \ | |_|/ / / |/| | | | packaging: validate installed rpms
| * | | | packaging: validate installed rpmsSorin Sbarnea2020-01-07
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously we builded RPMs that contained an outdated conmon which was not compatible. From now on `make-install` will also call `podman version` and `podman info` in order to perform a minimal sanity check of the installation. Fixes: #4665 Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
* | | | Merge pull request #4592 from AkihiroSuda/rootlesskit-port-forwarderOpenShift Merge Robot2020-01-08
|\ \ \ \ | |_|/ / |/| | | rootless: use RootlessKit port forwarder
| * | | rootless: use RootlessKit port forwarderAkihiro Suda2020-01-08
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RootlessKit port forwarder has a lot of advantages over the slirp4netns port forwarder: * Very high throughput. Benchmark result on Travis: socat: 5.2 Gbps, slirp4netns: 8.3 Gbps, RootlessKit: 27.3 Gbps (https://travis-ci.org/rootless-containers/rootlesskit/builds/597056377) * Connections from the host are treated as 127.0.0.1 rather than 10.0.2.2 in the namespace. No UDP issue (#4586) * No tcp_rmem issue (#4537) * Probably works with IPv6. Even if not, it is trivial to support IPv6. (#4311) * Easily extensible for future support of SCTP * Easily extensible for future support of `lxc-user-nic` SUID network RootlessKit port forwarder has been already adopted as the default port forwarder by Rootless Docker/Moby, and no issue has been reported AFAIK. As the port forwarder is imported as a Go package, no `rootlesskit` binary is required for Podman. Fix #4586 May-fix #4559 Fix #4537 May-fix #4311 See https://github.com/rootless-containers/rootlesskit/blob/v0.7.0/pkg/port/builtin/builtin.go Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | Merge pull request #4781 from haircommander/seccomp-profile-rootOpenShift Merge Robot2020-01-07
|\ \ \ | |/ / |/| | play kube: make seccomp handling better conform to k8s
| * | play kube: make seccomp handling better conform to k8sPeter Hunt2020-01-03
| | | | | | | | | | | | | | | | | | | | | Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles update tests Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #4788 from vrothberg/staleOpenShift Merge Robot2020-01-07
|\ \ \ | | | | | | | | github stale workflow: rephrase and bump close time
| * | | github stale workflow: rephrase and bump close timeValentin Rothberg2020-01-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | Rephrase the stale message to be friendlier and bump the closing time to 365 days. The docs of the stale workflow do not indicate whether we can not close, so a limit of 365 days seems fair. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #4774 from QiWang19/cp_src_pathOpenShift Merge Robot2020-01-07
|\ \ \ | |/ / |/| | fix bug copy from container directory
| * | fix bug copy from container directoryQi Wang2020-01-02
| | | | | | | | | | | | | | | | | | Keep the original input source path with "/." so podman can copy the content of the directory when copying from container to host. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #4800 from mheon/bump-1.7.0OpenShift Merge Robot2020-01-06
|\ \ \ | | | | | | | | Bump to v1.7.0
| * | | Bump gitvalidation epochMatthew Heon2020-01-06
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Bump to v1.7.1-devMatthew Heon2020-01-06
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Bump to v1.7.0v1.7.0Matthew Heon2020-01-06
|/ / / | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #4762 from NevilleC/nc-issue4367OpenShift Merge Robot2020-01-06
|\ \ \ | | | | | | | | Generate binaries only if there are changes in src code.
| * | | Generate binaries only if they are changes in src code.Neville Cain2020-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes I am making: 1. The target `.gopathok` was listed in `.PHONY` which looks wrong as it regenerates `.gopathok` every time we re-run it, which was a part of the issue. I removed it to avoid that. If `.gopathok` is present', makefile should not need to rerun it. 2. Ensure the binaries are created only if they don't exist by adding `bin/podman` and `bin/podman-remote`. 3. Add a `SOURCES = $(shell find . -name "*.go")` and put it as a dependency of the podman binaries target. It allows us to re-generate the binaries only when there is a change in the source files. The downside is it increases the running time of the command that generates them (20 seconds on my virtual machine running Centos 7). If this is a problem, we could introduce a hidden file that would list all the files to track, that would need to be updated only when a dev is introducing new files. 4. Fixed the make package-install as it does not work with yum. I updated the build_rpm.sh to ensure it works on centos 7 and centos 8 with no pre-required installation. Closes #4367 Signed-off-by: Neville Cain <neville.cain@qonto.eu>
* | | | Merge pull request #4797 from edsantiago/policy_json_manpageOpenShift Merge Robot2020-01-06
|\ \ \ \ | | | | | | | | | | (minor) fix broken links to container-policy.json.5