| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
since we have a way for joining an existing userns use it instead of
nsenter.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, /etc/resolv.conf can be a symlink to something like
/run/systemd/resolve/resolv.conf. We currently check for that file
and if it exists, use it instead of /etc/resolv.conf. However, we are
no seeing cases where the systemd resolv.conf exists but /etc/resolv.conf
is NOT a symlink.
Therefore, we now obtain the endpoint for /etc/resolv.conf whether it is a
symlink or not. That endpoint is now what is read to generate a container's
resolv.conf.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1368
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `--rm` flag will only cause a container to be removed when it has
been created and started successfully. Otherwise, it will not be
removed to allow the container to be inspected and to analyze the root
cause of the failure. Document those semantics more clearly in the
manpages to avoid confusion for users.
Fixes: #1359
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1362
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1352
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
| |
On Fedora and now Centos (added), we build RPMs based on the spec in
contrib/spec to make sure we protect against regressions when creating
RPMs. Once the RPM is built, we then test actually installing the RPM
to ensure that no deps are missing for install.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1356
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
In the API docs, we generally state the type of error that should be returned
if a container or image cannot be found. In several cases, the code did not
match the API doc, when the API doc was correct.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1353
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Docker expects multiple filters to be passed with multiple uses
of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d)
and not a single comma-separated list of filters as we expected.
Convert to the Docker format, and make some small cleanups to our
handling of filters along the way.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
| |
Default mount propagation inside of containes should be private
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1305
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a containers-mounts.conf(5) manpage. The mounts.conf is used by
other tools (e.g., CRI-O) as well. A dedicated manpage reduces
redundancy.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Use the "containers-" prefix for all references to the
containers-registries.conf and containers-storage.conf
configuration files.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.
Depends on: https://github.com/opencontainers/runc/pull/1832
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix the test for checking when /sys must be bind mounted from the
host. It should be done only when userNS are enabled (the
!UsernsMode.IsHost() check is not enough for that).
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.
Closes: https://github.com/containers/libpod/issues/1337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manage the case where the main process of the container creates and
joins a new user namespace.
In this case we want to join only the first child in the new
hierarchy, which is the user namespace that was used to create the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.
"unshare" is used to join the user namespace of the target container.
The current implementation assumes that the main process of the
container didn't create a new user namespace.
Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.
Closes: https://github.com/containers/libpod/issues/1329
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1346
Approved by: rhatdan
|
| |\
| |
| | |
Bump to 0.8.4
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Add release notes for 0.8.4
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
To ensure we can build without easyjson installed, vendor the
easyjson repository as the generated files use the easyjson
library.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1336
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1339
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
CtrInfo now is formatted in the way originally intended. s/Number Of Containers/# Of Containers and s/Infra Container ID/Infra ID. Make json camel case.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1338
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
When in rootless mode it's not possible to load profiles or
check which profiles are loaded.
Added a few baseline tests to check all possible cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1250
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
Also it fix the issue of exposing both tc/udp port even if
only one proto specified.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Closes: #1325
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
skopeo-containers is available everywhere, but not containers-common
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Closes: #1332
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to podman build for unknown image and ADD with url
when doing --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1330
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
