summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* container creation: don't apply reserved annotations from imageValentin Rothberg2021-12-23
| | | | | | | | | | Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* [CI:DOCS] clarify `io.podman.annotations.seccomp`Valentin Rothberg2021-12-23
| | | | | | | | | Clarify the semantics of the `io.podman.annotations.seccomp` annotation which is set when a container has been created with a custom seccomp profile. Fixes: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12672 from adrianreber/2021-12-21-check-for-memtrackOpenShift Merge Robot2021-12-23
|\ | | | | Error out early if system does not support pre-copy checkpointing
| * Error out early if system does not support pre-copy checkpointingAdrian Reber2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU's pre-copy migration support relies on the soft dirty page tracking in the Linux kernel: https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt This functionality is not implemented for all architectures and it can also be turned off in the kernel. CRIU can check if the combination of architecture/kernel/CRIU supports the soft dirty page tracking and exports this feature checking functionality in go-criu. This commit adds an early check if the user selects pre-copy checkpointing to error out if the system does not support it. Signed-off-by: Adrian Reber <areber@redhat.com>
| * Update go-criu to v5.3.0Adrian Reber2021-12-23
| | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12599 from rhatdan/kernelmemoryOpenShift Merge Robot2021-12-23
|\ \ | | | | | | Warn on use of --kernel-memory
| * | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12597 from n1hility/msi-winpathOpenShift Merge Robot2021-12-23
|\ \ \ | |_|/ |/| | [Fixes #11089] Switch to a new installer approach using a path manipulation helper
| * | Switch to a new installer approach using a path manipulation helperJason T. Greene2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #11089 - cleanup PATH on MSI uninstall Additionally fixes scenarios where the path can be overwritten by setx Also removes the console flash, since the helper is built as a silent gui Helper executable can be rerun by user to repair PATHs broken by other tools Utilizes executable location instead of passed parameters to remove delicate escaping requirements [NO NEW TESTS NEEDED] Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #12665 from rst0git/dev-shmOpenShift Merge Robot2021-12-23
|\ \ \ | |/ / |/| | Enable checkpoint/restore of /dev/shm content
| * | e2e: Add dev/shm checkpoint/restore testRadostin Stoyanov2021-12-23
| | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
| * | Enable checkpoint/restore for /dev/shmRadostin Stoyanov2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Podman is running a container in private IPC mode (default), it creates a bind mount for /dev/shm that is then attached to a tmpfs folder on the host file system. However, checkpointing a container has the side-effect of stopping that container and unmount the tmpfs used for /dev/shm. As a result, after checkpoint all files stored in the container's /dev/shm would be lost and the container might fail to restore from checkpoint. To address this problem, this patch creates a tar file with the content of /dev/shm that is included in the container checkpoint and used to restore the container. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
| * | Update github.com/checkpoint-restore/checkpointctlRadostin Stoyanov2021-12-23
|/ / | | | | | | | | | | | | | | | | | | | | | | DevShmCheckpointTar constant has been recently introduced in checkpointctl. This constant will be used in subsequent patch and this patch contains auto-generated changes with the following commands: go get github.com/checkpoint-restore/checkpointctl go mod tidy go mod vendor Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | Merge pull request #12685 from mheon/handle_nil_passwdOpenShift Merge Robot2021-12-22
|\ \ | | | | | | Always run passwd management code when DB value is nil
| * | Always run passwd management code when DB value is nilMatthew Heon2021-12-22
|/ / | | | | | | | | | | | | | | | | | | | | | | This ensures that existing containers will still manage `/etc/passwd` by default, as they have been doing until now. New containers that explicitly set `false` will still have passwd management disabled, but otherwise the code will run. [NO NEW TESTS NEEDED] This will only be caught on upgrade and I don't really know how to write update tests - and Ed is on PTO. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #12375 from rhatdan/hostsOpenShift Merge Robot2021-12-22
|\ \ | |/ |/| Use hosts public ip address in rootless containers
| * Use hosts public ip address in rootless containersDaniel J Walsh2021-12-21
| | | | | | | | | | | | | | | | | | Add first non localhost ipv4 of all host interfaces as destination for host.contaners.internal for rootless containers. Fixes: https://github.com/containers/podman/issues/12000 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12668 from vrothberg/fix-12667OpenShift Merge Robot2021-12-22
|\ \ | | | | | | support hosts without /etc/hosts
| * | support hosts without /etc/hostsValentin Rothberg2021-12-22
| | | | | | | | | | | | | | | Fixes: #12667 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12664 from cdoern/noManagePasswdOpenShift Merge Robot2021-12-22
|\ \ \ | |/ / |/| | Podman run --passwd
| * | Podman run --passwdcdoern2021-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #12670 from giuseppe/fix-crun-ciOpenShift Merge Robot2021-12-21
|\ \ \ | | | | | | | | ci: force scratch build for crun
| * | | ci: force scratch build for crunGiuseppe Scrivano2021-12-21
| | |/ | |/| | | | | | | | | | | | | force a version with this fix: https://github.com/containers/crun/pull/819 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12663 from vrothberg/compat-normalizationOpenShift Merge Robot2021-12-21
|\ \ \ | |/ / |/| | compat: image normalization: handle sha256 prefix
| * | compat: image normalization: handle sha256 prefixValentin Rothberg2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When normalizing image names on the compat API, make sure to take the `sha256:` prefix into account when matching against the image ID. Otherwise, the name will mistakingly be subject to docker.io normalization. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12662 from ↵OpenShift Merge Robot2021-12-21
|\ \ \ | | | | | | | | | | | | | | | | adrianreber/2021-12-20-checkpoint-restore-man-pages [CI:DOCS] Small checkpoint/restore man page fixes
| * | | [CI:DOCS] Small checkpoint/restore man page fixesAdrian Reber2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At some places the checkpoint restore man pages were using the markdown modifier `**` inside `*..*`. This does not seem to work as intended and results in markdown modifiers present in the final man page. Switching to `__` inside of `*..*` seems to fix this. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12659 from ↵OpenShift Merge Robot2021-12-21
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | adrianreber/2021-12-20-checkpoint-systemd-entrypoint [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
| * | | | [CI:DOCS] Explicitly mention that checkpointing systemd containers might failAdrian Reber2021-12-20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpoint a container using systemd as entrypoint will probably result in an error as CRIU cannot handle all the resources latest systemd uses. This updates the checkpoint man page with this information. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12621 from giuseppe/honor-userns-auto-conf-fileOpenShift Merge Robot2021-12-21
|\ \ \ \ | |_|/ / |/| | | specgen: honor userns=auto from containers.conf
| * | | specgen: honor userns=auto from containers.confGiuseppe Scrivano2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the default userns value, make sure its value is parsed so that userns=auto is parsed and the options for the storage are filled. Closes: https://github.com/containers/podman/issues/12615 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | test: add --rm to podman run commandsGiuseppe Scrivano2021-12-20
| | |/ | |/| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12640 from vrothberg/fix-12631OpenShift Merge Robot2021-12-20
|\ \ \ | | | | | | | | apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
| * | | apiv2 tests: use quay.io/libpod/testimage:20210610 for platform testsValentin Rothberg2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The quay.io/libpod/testimage:20210610 is known not to change and to remain stable over time. While the same should apply for alpine image on quay.io/libpod, we've seen it flake and return the wrong image. The reasons for that observation are unknown. Fixes: #12631 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12655 from giuseppe/fix-libsubid-testOpenShift Merge Robot2021-12-20
|\ \ \ \ | |_|_|/ |/| | | build: fix test for subid 4
| * | | vendor: update containers/storageGiuseppe Scrivano2021-12-20
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | build: fix test for subid 4Giuseppe Scrivano2021-12-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | libsubid changes its ABI in version 4. Account for the different name in the configure script. Closes: https://github.com/containers/podman/issues/12654 [NO NEW TESTS NEEDED] it is a change in the build script Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12648 from ttys3/fix-generate-kube-env-missingOpenShift Merge Robot2021-12-20
|\ \ \ | |/ / |/| | fix(generate): fix up podman generate kube missing env field bug
| * | fix(generate): fix up podman generate kube missing env field bug荒野無燈2021-12-18
| | | | | | | | | | | | | | | | | | | | | | | | the logic is: if the process env vars key exists in podman default or in image defined, and the value is equal, skip the env var key. the typo make it compare to itself -_- so, here comes the simple fixup. Signed-off-by: 荒野無燈 <ttys3.rust@gmail.com>
* | | Merge pull request #12626 from vrothberg/may-the-force-be-with-removalDaniel J Walsh2021-12-19
|\ \ \ | | | | | | | | image rm: allow for force-remove infra images
| * | | image rm: allow for force-remove infra imagesValentin Rothberg2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Force removal of images will also remove associated containers. Historically, infra containers have been excluded resulting in rather annoying errors, for instance, when running `rmi -af`. Since there is not reasons to exclude infra containers, allow for removing the entire pod when an infra image is force removed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12641 from giuseppe/add-more-logging-setusernsDaniel J Walsh2021-12-19
|\ \ \ \ | |_|/ / |/| | | rootless: include the args in the debug message
| * | | rootless: include the args in the debug messageGiuseppe Scrivano2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | include the arguments used to create the user namespace to help debugging. [NO NEW TESTS NEEDED] it changes a debug message Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12625 from adrianreber/2021-12-16-podman-inspectOpenShift Merge Robot2021-12-17
|\ \ \ \ | |_|_|/ |/| | | Add more checkpoint/restore information to 'inspect'
| * | | Test for checkpoint specific inspect fieldsAdrian Reber2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This extends one of the checkpoint/restore tests to see if the newly introduced checkpoint specific fields in 'inspect' work as intended. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | | Add more checkpoint/restore information to 'inspect'Adrian Reber2021-12-17
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the following information to the output of 'podman inspect': * CheckpointedAt - time the container was checkpointed Only set if the container has been checkpointed * RestoredAt - time the container was restored Only set if the container has been restored * CheckpointLog - path to the checkpoint log file (CRIU's dump.log) Only set if the log file exists (--keep) * RestoreLog - path to the restore log file (CRIU's restore.log) Only set if the log file exists (--keep) * CheckpointPath - path to the actual (CRIU) checkpoint files Only set if the checkpoint files exists (--keep) * Restored - set to true if the container has been restored Only set if the container has been restored Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #12622 from flouthoc/return_exit_code_for_buildOpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | build: relay `exitcode` from imagebuildah to registry
| * | | tests: adjust old build test to expect exit codeAditya Rajan2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Old build tests were expecting genric error code `125` however another commit in this PR ensures that we relay exact exit code from build to registry. Hence adjusting tests Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | build: relay exitcode from imagebuildah to registryAditya Rajan2021-12-17
| | |/ | |/| | | | | | | | | | | | | | | | | | | Podman does not relay exit code from buildah instead returns a generic error code `125`. Following PR allows `podman` to relay exit code from `imagebuildah` to `registry` as it is. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Merge pull request #12634 from baude/bz2024229OpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | Removed .service file for healthchecks