| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
do not attempt to use cgroups with pods if the cgroups are disabled.
A similar check is already in place for containers.
Closes: https://github.com/containers/podman/issues/13411
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Use storage that better supports rootless overlayfs
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned
(as of linux 5.16.0, I believe) how to support rootless users. Previously,
rootless users had to use these storage.conf(5) settings:
* storage.driver=vfs (aka STORAGE_DRIVER=vfs), or
* storage.driver=overlay (aka STORAGE_DRIVER=overlay),
storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs
(aka STORAGE_OPTS=/usr/bin/fuse-overlayfs)
Now that a third backend is available, setting only:
* storage.driver=overlay (aka STORAGE_DRIVER=overlay)
https://github.com/containers/podman/issues/13123 reported EXDEV errors
during the normal operation of their container. Tracing it out, the
problem turned out to be that their container was being mounted without
'userxattr'; I don't fully understand why, but mount(8) mentions this is
needed for rootless users:
> userxattr
>
> Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
> This is useful for unprivileged mounting of overlayfs.
https://github.com/containers/storage/pull/1156 found and fixed the issue
in podman, and this just pulls in that via
go get github.com/containers/storage@ebc90ab
go mod vendor
make vendor
Closes https://github.com/containers/podman/issues/13123
Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
|
|\ \
| | |
| | | |
Revert "use GetRuntimeDir() from c/common"
|
| |/
| |
| |
| |
| |
| |
| |
| | |
This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Refactor docker-py compatibility tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add which python client is being used to run tests, see "python
client" below.
* Remove redundate code from test classes
* Update/Add comments to modules and classes
======================================================= test session starts ========================================================
platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1
python client -- DockerClient
rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman
plugins: requests-mock-1.8.0
collected 33 items
test/python/docker/compat/test_containers.py ...s.............. [ 54%]
test/python/docker/compat/test_images.py ............ [ 90%]
test/python/docker/compat/test_system.py ... [100%]
Note: Follow-up PRs will verify the test results and expand the tests.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Add the names flag for pod logs
|
| |/
| |
| |
| |
| |
| | |
Fixes containers#13261
Signed-off-by: Xueyuan Chen <X.Chen-47@student.tudelft.nl>
|
|\ \
| | |
| | | |
Add podman volume mount support
|
| |/
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/12768
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Clarify v2 API testing for podman vs docker clients
|
| |/
| |
| |
| |
| |
| | |
Fixes: #13273
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
Allow setting binarypath from Makefile
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Packagers for other distributions and package managers may put their helper binaries in other location prefixes.
Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman.
HELPER_BINARIES_DIR will be set at link-time.
Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| |/
|/| |
copr packaging: use generic macros for tmpfiles and modules load dirs
|
|/
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\
| |
| | |
Show version of the deb package in info output
|
|/
|
|
|
|
|
|
|
| |
Previously just showing name of the package, followed by
the path repeated again (already stated on the line above)
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/containernetworking/plugins-1.1.0
Bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.0.1...v1.1.0)
---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| |/
|/| |
Improve the error message for usused configMaps
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you run `podman play kube` on a yaml file that only contains
configMaps, podman will fail with the error:
Error: YAML document does not contain any supported kube kind
This is not strictly true; configMaps are a supported kube kind. The
problem is that configMaps aren't a standalone entity. They have to be
used in a container somewhere, otherwise they don't do anything.
This change adds a new message in the case when there only configMaps
resources. It would be helpful if podman reported which configMaps are
unused on every invocation of kube play. However, even if that feedback
were added, this new error messages still helpfully explains the reason
that podman is not creating any resources.
[NO NEW TESTS NEEDED]
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
|\ \
| | |
| | | |
[CI:DOCS] generate-systemd: pod requires an infra container
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Generating unit files for a pod requires the pod to be created with an
infra container (see `--infra=true`). An infra container runs across
the entire lifespan of a pod and is hence required for systemd to manage
the life cycle of the pod's main unit.
This issue came up on the mailing list.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
play kube: set defaults to container resources
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
this fixes https://github.com/containers/podman/issues/13115
the change tries to immitate k8s behavior.
when limits are not set the container's limits are all CPU and all RAM
when requests are missing then they are equal to limits
Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
|
|\ \ \
| | | |
| | | | |
container-commit: support `--squash` to squash layers into one if users want.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow users to commit containers into a single layer.
Usage
```bash
podman container commit --squash <name>
```
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Load ip_tables modules at boot
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes #12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
eriksjolund/troubleshooting_mention_systemd-run_and_machinectl
[CI:DOCS] troubleshooting: mention machinectl and systemd-run
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update CDI go dependency to v0.3.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This updates the CDI dependency to the v0.3.0 tagged version instead of
relying on a pseudo version. This also addresses the fact that cgroups
are not set correctly for devices using the previous dependency.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
kube: honor mount propagation mode
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
convert the propagation mode specified for the mount to the expected
Linux mount option.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Don't log errors on removing volumes inuse, if container --volumes-from
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When removing a container created with a --volumes-from a container
created with a built in volume, we complain if the original container
still exists. Since this is an expected state, we should not complain
about it.
Fixes: https://github.com/containers/podman/issues/12808
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Cleanup display of trust with transports
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Add containers-common spec and command to podman
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since containers-common package is tied to specific versions
of Podman, add tools to build the package into the contrib directory
This should help other distributions to figure out which commont
package to ship.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Remove the runtime lock
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This primarily served to protect us against shutting down the
Libpod runtime while operations (like creating a container) were
happening. However, it was very inconsistently implemented (a lot
of our longer-lived functions, like pulling images, just didn't
implement it at all...) and I'm not sure how much we really care
about this very-specific error case?
Removing it also removes a lot of potential deadlocks, which is
nice.
[NO NEW TESTS NEEDED]
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Implement Podman Container Clone
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman container clone takes the id of an existing continer and creates a specgen from the given container's config
recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options
this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want
into clone over time allowing the user to clone with as much or as little of the original config as they want.
container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's
the current supported flags are:
--destroy (remove the original container)
--name (new ctr name)
--cpus (sets cpu period and quota)
--cpuset-cpus
--cpu-period
--cpu-rt-period
--cpu-rt-runtime
--cpu-shares
--cpuset-mems
--memory
--run
resolves #10875
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
[CI:DOCS]Update networking tutorial for netavark
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With netavark being the default networking implementation for Podman v4,
the tutorial needed some updating.
[NO NEW TESTS]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|