| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Fix mountpont in SecretMountsWithUIDGID
|
| |
| |
| |
| |
| |
| |
| | |
In FIPS Mode we expect to work off of the Mountpath not the Rundir path.
This is causing FIPS Mode checks to fail.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
vendor: update seccomp/containers-golang to v0.4.1
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Turn off 'noexec' option by default for named volumes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Update Derivative API tutorial to reflect the HTTP API
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Once the HTTP API becomes stable, I think we want to drive people
towards using it, as opposed to directly calling our CLI (when
possible).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
[ci:docs] Update troubleshoot page
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add information about podman with SELinux and using container_init_t.
Add informantion about Centos7 as well as RHEL7 init containers not working
on a cgroups V2 system.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix remote integration for healthchecks
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the one remaining test that is still skipped do to missing exec function
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Implement detached exec
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The cleanup command creation logic is made public as part of this
and wired such that we can call it both within SpecGen (to make
container exit commands) and from the ABI detached exec handler.
Exit commands are presently only used for detached exec, but
theoretically could be turned on for all exec sessions if we
wanted (I'm declining to do this because of potential overhead).
I also forgot to copy the exit command from the exec config into
the ExecOptions struct used by the OCI runtime, so it was not
being added.
There are also two significant bugfixes for exec in here. One is
for updating the status of running exec sessions - this was
always failing as I had coded it to remove the exit file *before*
reading it, instead of after (oops). The second was that removing
a running exec session would always fail because I inverted the
check to see if it was running.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We need to be able to use cleanup processes to remove exec
sessions as part of detached exec. This PR adds that ability. A
new flag is added to `podman container cleanup`, `--exec`, to
specify an exec session to be cleaned up.
As part of this, ensure that `ExecCleanup` can clean up exec
sessions that were running, but have since exited. This ensures
that we can come back to an exec session that was running but has
since stopped, and clean it up.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a new ContainerEngine method for creating a detached exec
session, and wire in the frontend code to do this. As part of
this, move Streams out of ExecOptions to the function signature
in an effort to share the struct between both methods.
Fixes #5884
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of the massive exec rework, I stubbed out a function for
non-detached exec, which is implemented here. It's largely
similar to the existing exec functions, but missing a few pieces.
This also involves implemented a new OCI runtime call for
detached exec. Again, very similar to the other functions, but
with a few missing pieces.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These are required for detached exec, where they will be used to
clean up and remove exec sessions when they exit.
As part of this, move all Exec related functionality for the
Conmon OCI runtime into a separate file; the existing one was
around 2000 lines.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
enable remote integration tests for init
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Bump k8s.io/api from 0.18.2 to 0.18.3
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.18.2 to 0.18.3.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.18.2...v0.18.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
containers/dependabot/go_modules/github.com/onsi/gomega-1.10.1
Bump github.com/onsi/gomega from 1.10.0 to 1.10.1
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.0...v1.10.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Fix build on OS X
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We disabled the OS X and Windows cross-building tests. This,
predictably, led us to regress a bit in our ability to build for
both of these.
This fixes the build on OS X and fixes one obvious Windows bug.
Unfortunately, we're dragging in all of `pkg/spec` somewhere on
Windows, and things are blowing up spectacularly because of it
(plus a few uses of the `syscall` package in the bindings).
I've giving up for the day. This fixes OS X, but does not fully
enable the cross-build CI (need Windows fixes for that).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Test fixes for remote integration
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
system tests: more podman-pod tests
|
| | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* rename pod-top.bats to pod.bats
* add test for TCP port communication between pods
* add test for various podman-pod-create options
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
`--format` and `--filter` options for `network ls` and `network inspect` command
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
New testcase for network ls --filter and inspect --format
added. Also bash completion options updated.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This helps user to print the inspect output in go template format.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
filter option helps to filter output based on name or supported plugins
by CNI networks.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
enable pod_create remote integration tests
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
govern remote attach and start
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fixes a race where container would start before attach could occur resulting in an error.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Print container state when erroring that it is improper
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a nice little convenience - lets people know why we won't
let them attach to a container.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix create_test for remote integration
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fixes tests to pass for remote integration. the two remaining tests that are skipped are due to lack of logs command.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
oci conmon: tell conmon to log container name
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
specifying `-n=ctr-name` tells conmon to log CONTAINER_NAME=name if the log driver is journald
add this, and a test!
also, refactor the args slice creation to not append() unnecessarily.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
V2 API Version Support
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Update blang/semver to allow ParseTolerant() support
* Provide helper functions for API handlers to obtain client's 'version'
path variable focused on API endpoint tree: libpod vs. compat
* Introduce new errors:
* version not given in path, endpoints may determine if this is a hard
error (ErrVersionNotGiven)
* given version not supported (ErrVersionNotSupported), only a soft
error if the handler is going to hijack the connection
* Added unit tests for version parsing
* bindings check version on connect:
* client <= Server API version connection is continued
* client >= Server API version connection fails
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Registry helper : go bindings
|