summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ | | | | Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10238 from bacher09/fix-inf-loopOpenShift Merge Robot2021-05-07
|\ \ | | | | | | Fix infinite loop in isPathOnVolume
| * | Fix infinite loop in isPathOnVolumeSlava Bacherikov2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filepath.Dir in some cases returns `.` symbol and calling this function again returns same result. In such cases this function never returns and causes some operations to stuck forever. Closes #10216 Signed-off-by: Slava Bacherikov <slava@bacher09.org>
* | | Merge pull request #10237 from edsantiago/ci_rootless_add_ubuntuOpenShift Merge Robot2021-05-07
|\ \ \ | | | | | | | | CI: run rootless tests under ubuntu
| * | | CI: run rootless tests under ubuntuEd Santiago2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: to catch errors before they surface in RHEL. One of the Ubuntus is specially crafted to run with cgroups v1 and runc. Although this isn't quite the same as RHEL, it's as close as we can come in our CI environment, and I suspect it would have caught #10234 (a regression). Sorry, team. Also: play kube limits test: skip on all rootless, not just rootless+fedora. There was a complicated and unnecessary check in there for Fedora. Also: workaround for bug #10248, a spurious error message on the first invocation of rootless podman on Ubuntu.Old Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #10253 from rhatdan/relabelOpenShift Merge Robot2021-05-07
|\ \ \ \ | | | | | | | | | | Revert Patch to relabel if selinux not enabled
| * | | | Revert Patch to relabel if selinux not enabledDaniel J Walsh2021-05-06
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert : https://github.com/containers/podman/pull/9895 Turns out that if Docker is in --selinux-enabeled, it still relabels if the user tells the system to, even if running a --privileged container or if the selinux separation is disabled --security-opt label=disable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9689 from boaz0/boaz-1OpenShift Merge Robot2021-05-06
|\ \ \ \ | | | | | | | | | | add restart-policy to container filters & --filter to podman start
| * | | | Add restart-policy to container filters & --filter to podman startBoaz Shuster2021-05-06
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | Merge pull request #10250 from rhatdan/manOpenShift Merge Robot2021-05-06
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:DOCS] Add containers.conf information for changing defaults
| * | | | Add containers.conf information for changing defaultsDaniel J Walsh2021-05-06
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We probably should put a whole bunch of other documentation in man pages about containers.conf, but let's settle on this description before we go add other docs. Helps with: https://github.com/containers/podman/issues/2669 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10234 from giuseppe/fix-cgroupfs-podOpenShift Merge Robot2021-05-06
|\ \ \ \ | | | | | | | | | | cgroup: fix rootless --cgroup-parent with pods
| * | | | cgroup: fix rootless --cgroup-parent with podsGiuseppe Scrivano2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | extend to pods the existing check whether the cgroup is usable when running as rootless with cgroupfs. commit 17ce567c6827abdcd517699bc07e82ccf48f7619 introduced the regression. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #10244 from sebboer/patch-1OpenShift Merge Robot2021-05-06
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Fix wrong macvlan PNG in networking tutorial doc.
| * | | | | Fix wrong macvlan PNG in networking doc.Sebastian Boerakker2021-05-06
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Sebastian Boerakker <sebboer@protonmail.com>
* | | | | Merge pull request #10243 from giuseppe/simplify-channelOpenShift Merge Robot2021-05-06
|\ \ \ \ \ | | | | | | | | | | | | channel: simplify implementation
| * | | | | channel: simplify implementationGiuseppe Scrivano2021-05-06
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not use recover() to prevent writing to a closed channel. There is already a lock, use it as well for Close and let Write check if the channel is still active. [NO TESTS NEEDED] it is a refactoring Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #10246 from zhangguanzhang/compose-static-ipOpenShift Merge Robot2021-05-06
|\ \ \ \ \ | | | | | | | | | | | | Fixes docker-compose cannot set static ip when use ipam
| * | | | | Fixes docker-compose cannot set static ip when use ipamzhangguanzhang2021-05-06
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #10242 from giuseppe/fix-iidfile-remote-buildOpenShift Merge Robot2021-05-06
|\ \ \ \ \ | |_|_|/ / |/| | | | build: improve regex for iidfile
| * | | | build: improve regex for iidfileGiuseppe Scrivano2021-05-06
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | improve the regex to match only at the beginning of the line. It prevents matching "Copying %s $CHECKSUM" messages returned by the containers/image copy process. Closes: https://github.com/containers/podman/issues/10233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #10241 from ↵OpenShift Merge Robot2021-05-06
|\ \ \ \ | |/ / / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/gomega-1.12.0 Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
| * | | Bump github.com/onsi/gomega from 1.11.0 to 1.12.0dependabot[bot]2021-05-06
|/ / / | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.11.0...v1.12.0) Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #10231 from rhatdan/cleanupOpenShift Merge Robot2021-05-06
|\ \ \ | |/ / |/| | codespell cleanup
| * | codespell cleanupDaniel J Walsh2021-05-05
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10193 from rhatdan/runlabelOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | Fix handling of runlabel IMAGE and NAME
| * | | Fix handling of runlabel IMAGE and NAMEDaniel J Walsh2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10227 from cevich/podman_image_docsOpenShift Merge Robot2021-05-05
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] Minor podmanimage docs updates.
| * | | Minor podmanimage docs updates.Chris Evich2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Discovered by review of https://github.com/containers/buildah/pull/3200 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ \ \ \ | |_|/ / |/| | | Add filepath glob support to --security-opt unmask
| * | | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Force log_driver to k8s-file for containers in containersDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10224 from mheon/bump-3.2.0-rc1OpenShift Merge Robot2021-05-05
|\ \ \ \ | | | | | | | | | | Bump to v3.2.0-RC1
| * | | | Bump to v3.2.0-devMatthew Heon2021-05-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Bump to v3.2.0-rc1v3.2.0-rc1Matthew Heon2021-05-05
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #10220 from giuseppe/rm-volatileOpenShift Merge Robot2021-05-05
|\ \ \ \ \ | | | | | | | | | | | | podman: set volatile storage flag for --rm containers
| * | | | | podman: set volatile storage flag for --rm containersGiuseppe Scrivano2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volatile containers are a storage optimization that disables *sync() syscalls for the container rootfs. If a container is created with --rm, then automatically set the volatile storage flag as anyway the container won't persist after a reboot or machine crash. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #10214 from ↵OpenShift Merge Robot2021-05-05
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.12.0 Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
| * | | | | | Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0dependabot[bot]2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.11.1 to 5.12.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.11.1...v5.12.0) Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | | Merge pull request #10213 from ↵OpenShift Merge Robot2021-05-05
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.16.2 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
| * | | | | | Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2dependabot[bot]2021-05-05
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.1 to 1.16.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.16.1...v1.16.2) Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #10223 from giuseppe/improve-rootless-automatic-range-splitOpenShift Merge Robot2021-05-05
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | rootless: improve automatic range split
| * | | | | rootless: improve automatic range splitGiuseppe Scrivano2021-05-05
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sort.Search returns the smallest index, so provide the available IDs in decreasing order. It fixes an issue when splitting the current mappings over multiple available IDs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ \ \ | |_|/ / / |/| | | | add --mac-address to podman play kube
| * | | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #10147 from vrothberg/new-image-packageOpenShift Merge Robot2021-05-05
|\ \ \ \ \ | | | | | | | | | | | | migrate Podman to containers/common/libimage
| * | | | | migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #10199 from edsantiago/system_tests_with_runc_overrideOpenShift Merge Robot2021-05-04
|\ \ \ \ \ | |_|_|/ / |/| | | | System tests: honor $OCI_RUNTIME (for CI)
| * | | | System tests: honor $OCI_RUNTIME (for CI)Ed Santiago2021-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some CI systems set $OCI_RUNTIME as a way to override the default crun. Integration (e2e) tests honor this, but system tests were not aware of the convention; this means we haven't been testing system tests with runc, which means RHEL gating tests are now failing. The proper solution would be to edit containers.conf on CI systems. Sorry, that would involve too much CI-VM work. Instead, this PR detects $OCI_RUNTIME and creates a dummy containers.conf file using that runtime. Add: various skips for tests that don't work with runc. Refactor: add a helper function so we don't need to do the complicated 'podman info blah blah .OCIRuntime.blah' thing in many places. BUG: we leave a tmp file behind on exit. Signed-off-by: Ed Santiago <santiago@redhat.com>