summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Validate VolumePath against DB configurationMatthew Heon2019-02-26
| | | | | | | | | If this doesn't match, we end up not being able to access named volumes mounted into containers, which is bad. Use the same validation that we use for other critical paths to ensure this one also matches. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* When location of c/storage root changes, set VolumePathMatthew Heon2019-02-26
| | | | | | | | | | | | | | | We want named volumes to be created in a subdirectory of the c/storage graph root, the same as the libpod root directory is now. As such, we need to adjust its location when the graph root changes location. Also, make a change to how we set the default. There's no need to explicitly set it every time we initialize via an option - that might conflict with WithStorageConfig setting it based on graph root changes. Instead, just initialize it in the default config like our other settings. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2438 from vrothberg/scope-v2OpenShift Merge Robot2019-02-26
|\ | | | | [skip ci] readme/docs update
| * docs: cross-reference `podman-{generate,play}-kube`Valentin Rothberg2019-02-26
| | | | | | | | | | Addresses: https://github.com/containers/libpod/pull/2428#discussion_r260200694 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * README: refine "Out of scope" sectionValentin Rothberg2019-02-26
| | | | | | | | | | | | | | | | | | | | | | | | Based on user feedback, refine the "Out of scope" section regarding `docker-compose`: * Explain why Podman uses Kubernetes YAML. * Explain how `podman-play-kube` and `podman-generate-kube` fit into the picture. Addresses: https://github.com/containers/libpod/pull/2428#discussion_r259996507 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #2382 from adrianreber/selinuxOpenShift Merge Robot2019-02-26
|\ \ | | | | | | Fix one (of two) SELinux denials during checkpointing
| * | Label CRIU log files correctlyAdrian Reber2019-02-26
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU creates a log file during checkpointing in .../userdata/dump.log. The problem with this file is, is that CRIU injects a parasite code into the container processes and this parasite code also writes to the same log file. At this point a process from the inside of the container is trying to access the log file on the outside of the container and SELinux prohibits this. To enable writing to the log file from the injected parasite code, this commit creates an empty log file and labels the log file with c.MountLabel(). CRIU uses existing files when writing it logs so the log file label persists and now, with the correct label, SELinux no longer blocks access to the log file. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #2437 from giuseppe/runtime-nice-errorOpenShift Merge Robot2019-02-26
|\ \ | |/ |/| oci: improve error message when the OCI runtime is not found
| * oci: improve error message when the OCI runtime is not foundGiuseppe Scrivano2019-02-26
|/ | | | | | | We were previously returning the not so nice error directly from conmon. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2428 from vrothberg/docker-compose-out-of-scopeOpenShift Merge Robot2019-02-26
|\ | | | | README: update "out of scope" section
| * README: update "out of scope" sectionValentin Rothberg2019-02-25
| | | | | | | | | | | | | | Also mention that Podman does/will not support `docker-compose`. Fixes: https://github.com/containers/libpod/issues/746#issuecomment-467011211 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #2362 from mheon/add_locks_to_configOpenShift Merge Robot2019-02-26
|\ \ | | | | | | Add num_locks to the default libpod config
| * | Add num_locks to the default libpod configMatthew Heon2019-02-25
| | | | | | | | | | | | | | | | | | | | | | | | Allow adjusting number of locks in libpod.conf via an already available knob we previously didn't expose in the default config file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2436 from baude/remotepodpauseOpenShift Merge Robot2019-02-26
|\ \ \ | | | | | | | | podman-remote pod pause|unpause|restart
| * | | podman-remote pod pause|unpause|restartbaude2019-02-25
|/ / / | | | | | | | | | | | | | | | | | | enable the ability for the remote client to pause, unpause, and restart pods. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2422 from baude/remotepodcreateOpenShift Merge Robot2019-02-25
|\ \ \ | | | | | | | | podman-remote create|ps
| * | | podman-remote create|psbaude2019-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the podman-remote client to be able to create and list pods on a remote system. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2358 from rhatdan/namespaceOpenShift Merge Robot2019-02-25
|\ \ \ \ | | | | | | | | | | Fix up handling of user defined network namespaces
| * | | | Fix up handling of user defined network namespacesDaniel J Walsh2019-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user specifies network namespace and the /etc/netns/XXX/resolv.conf exists, we should use this rather then /etc/resolv.conf Also fail cleaner if the user specifies an invalid Network Namespace. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2432 from giuseppe/fix-read-only-bind-mountsOpenShift Merge Robot2019-02-25
|\ \ \ \ \ | | | | | | | | | | | | podman: fix ro bind mounts if no* opts are on the source
| * | | | | podman: fix ro bind mounts if no* opts are on the sourceGiuseppe Scrivano2019-02-25
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a workaround for the runc issue: https://github.com/opencontainers/runc/issues/1247 If the source of a bind mount has any of nosuid, noexec or nodev, be sure to propagate them to the bind mount so that when runc tries to remount using MS_RDONLY, these options are also used. Closes: https://github.com/containers/libpod/issues/2312 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #2424 from vrothberg/update-buildah-descriptionOpenShift Merge Robot2019-02-25
|\ \ \ \ \ | | | | | | | | | | | | [skip-ci] README.md: rephrase Buildah description
| * | | | | README.md: rephrase Buildah descriptionValentin Rothberg2019-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rephrase the description of Buildah to make some core attributes (e.g., rootless, Dockerfile-less build, etc.) more obvious. Addresses: [#1349 (comment)](https://github.com/containers/buildah/issues/1349#issuecomment-466096550) Cherry-pick-from: https://github.com/containers/buildah/pull/1362 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #2421 from rhatdan/rmiOpenShift Merge Robot2019-02-25
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Change exit code to 1 on podman rmi nosuch image
| * | | | | Change exit code to 1 on podman rmi nosuch imageDaniel J Walsh2019-02-25
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make it easy for scripts to determine if an image removal failure. If only errors were no such image exit with 1 versus 125. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2423 from rhatdan/rmOpenShift Merge Robot2019-02-25
|\ \ \ \ \ | | | | | | | | | | | | Change exit code to 1 on podman rm nosuch container
| * | | | | Change exit code to 1 on podman rm nosuch containerDaniel J Walsh2019-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make it easy for scripts to determine if a container removal fails versus the container did not exist. If only errors were no such container exit with 1 versus 125. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #2417 from rhatdan/resolv.confOpenShift Merge Robot2019-02-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | In shared networkNS /etc/resolv.conf&/etc/hosts should be shared
| * | | | | | In shared networkNS /etc/resolv.conf&/etc/hosts should be sharedDaniel J Walsh2019-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should just bind mount the original containers /etc/resolv.conf and /etchosts into the new container. Changes in the resolv.conf and hosts should be seen by all containers, This matches Docker behaviour. In order to make this work the labels on these files need to have a shared SELinux label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #2429 from baude/maindupsOpenShift Merge Robot2019-02-25
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | remove duplicate commands in main
| * | | | | | remove duplicate commands in mainbaude2019-02-25
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kube was erronously being added as main subcommand multiple times. it should not be a subcommand as it should live under either play or generate. also removing the addition of the volume command from the commands.go to eliminate a duplicate. Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #2425 from vrothberg/update-issue-templateOpenShift Merge Robot2019-02-25
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | issue template: run `podman info --debug`
| * | | | | issue template: run `podman info --debug`Valentin Rothberg2019-02-25
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ask users to run podman-info with `--debug` to the exact git commit, compiler and go version. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #2419 from rhatdan/playOpenShift Merge Robot2019-02-24
|\ \ \ \ \ | | | | | | | | | | | | Fix play to show up in podman help
| * | | | | Fix play to show up in podman helpDaniel J Walsh2019-02-23
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | Also change generate cli calls to match other commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2416 from rhatdan/networkOpenShift Merge Robot2019-02-24
|\ \ \ \ \ | | | | | | | | | | | | Allow dns settings with --net=host
| * | | | | Allow dns settings with --net=hostDaniel J Walsh2019-02-23
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to be a needless restriction. We make a copy of the hosts /etc/resolv.conf file, so these changes to not modify the host. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2413 from baude/remotepodstopOpenShift Merge Robot2019-02-24
|\ \ \ \ \ | | |_|/ / | |/| | | Enable more podman-remote pod commands
| * | | | Enable more podman-remote pod commandsbaude2019-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable pod start, stop, and kill subcommands for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2400 from rhatdan/pullOpenShift Merge Robot2019-02-23
|\ \ \ \ \ | | | | | | | | | | | | Switch defaults for podman build versus buildah
| * | | | | Switch defaults for podman build versus buildahDaniel J Walsh2019-02-23
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Switch defaults for --layers, --force-rm and --pull-always from buildah to podman. Only override default values. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #2404 from baude/remoteerrorsOpenShift Merge Robot2019-02-23
|\ \ \ \ \ | |/ / / / |/| | | | make remote-client error messaging more robust
| * | | | make remote-client error messaging more robustbaude2019-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the remote-client is currently weak for carrying error messages over the varlink interface and displaying something useful to users and developers for the purposes of debug. this is a starting point to improve that user experience. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2393 from giuseppe/reexec-into-same-wdOpenShift Merge Robot2019-02-23
|\ \ \ \ \ | |_|_|/ / |/| | | | rootless: force same cwd when re-execing
| * | | | tests, rootless: use relative path for export testGiuseppe Scrivano2019-02-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: force same cwd when re-execingGiuseppe Scrivano2019-02-22
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when joining an existing namespace, we were not maintaining the current working directory, causing commands like export -o to fail when they weren't referring to absolute paths. Closes: https://github.com/containers/libpod/issues/2381 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2401 from TomSweeneyRedHat/dev/tsweeney/buildah1.7OpenShift Merge Robot2019-02-22
|\ \ \ \ | |/ / / |/| | | Vendor Buildah v1.7
| * | | Vendor Buildah v1.7TomSweeneyRedHat2019-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Vendors in Buildah 1.7 into Podman. Also the latest imagebuilder and changes for `build --target` Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #2406 from rhatdan/errorsOpenShift Merge Robot2019-02-22
|\ \ \ \ | | | | | | | | | | Exit with errors not just logging error
| * | | | Exit with errors not just logging errorDaniel J Walsh2019-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several commands were logging errors but exiting with a 0 exit code. This patch cleans these up. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>