| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
If this doesn't match, we end up not being able to access named
volumes mounted into containers, which is bad. Use the same
validation that we use for other critical paths to ensure this
one also matches.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want named volumes to be created in a subdirectory of the
c/storage graph root, the same as the libpod root directory is
now. As such, we need to adjust its location when the graph root
changes location.
Also, make a change to how we set the default. There's no need to
explicitly set it every time we initialize via an option - that
might conflict with WithStorageConfig setting it based on graph
root changes. Instead, just initialize it in the default config
like our other settings.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
[skip ci] readme/docs update
|
| |
| |
| |
| |
| | |
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r260200694
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Based on user feedback, refine the "Out of scope" section regarding
`docker-compose`:
* Explain why Podman uses Kubernetes YAML.
* Explain how `podman-play-kube` and `podman-generate-kube` fit into the
picture.
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r259996507
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Fix one (of two) SELinux denials during checkpointing
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CRIU creates a log file during checkpointing in .../userdata/dump.log.
The problem with this file is, is that CRIU injects a parasite code into
the container processes and this parasite code also writes to the same
log file. At this point a process from the inside of the container is
trying to access the log file on the outside of the container and
SELinux prohibits this. To enable writing to the log file from the
injected parasite code, this commit creates an empty log file and labels
the log file with c.MountLabel(). CRIU uses existing files when writing
it logs so the log file label persists and now, with the correct label,
SELinux no longer blocks access to the log file.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| |/
|/| |
oci: improve error message when the OCI runtime is not found
|
|/
|
|
|
|
|
| |
We were previously returning the not so nice error directly from
conmon.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
README: update "out of scope" section
|
| |
| |
| |
| |
| |
| |
| | |
Also mention that Podman does/will not support `docker-compose`.
Fixes: https://github.com/containers/libpod/issues/746#issuecomment-467011211
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add num_locks to the default libpod config
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow adjusting number of locks in libpod.conf via an already
available knob we previously didn't expose in the default config
file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
podman-remote pod pause|unpause|restart
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
enable the ability for the remote client to pause, unpause, and
restart pods.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman-remote create|ps
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
enable the podman-remote client to be able to create and list
pods on a remote system.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix up handling of user defined network namespaces
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman: fix ro bind mounts if no* opts are on the source
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[skip-ci] README.md: rephrase Buildah description
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rephrase the description of Buildah to make some core attributes
(e.g., rootless, Dockerfile-less build, etc.) more obvious.
Addresses: [#1349 (comment)](https://github.com/containers/buildah/issues/1349#issuecomment-466096550)
Cherry-pick-from: https://github.com/containers/buildah/pull/1362
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Change exit code to 1 on podman rmi nosuch image
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make it easy for scripts to determine if an image removal
failure. If only errors were no such image exit with 1
versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Change exit code to 1 on podman rm nosuch container
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make it easy for scripts to determine if a container removal
fails versus the container did not exist.
If only errors were no such container exit with 1 versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
In shared networkNS /etc/resolv.conf&/etc/hosts should be shared
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We should just bind mount the original containers /etc/resolv.conf and /etchosts
into the new container. Changes in the resolv.conf and hosts should be seen
by all containers, This matches Docker behaviour.
In order to make this work the labels on these files need to have a shared
SELinux label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
remove duplicate commands in main
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
kube was erronously being added as main subcommand multiple
times. it should not be a subcommand as it should live under
either play or generate.
also removing the addition of the volume command from the commands.go
to eliminate a duplicate.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
issue template: run `podman info --debug`
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ask users to run podman-info with `--debug` to the exact git commit,
compiler and go version.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix play to show up in podman help
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also change generate cli calls to match other commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allow dns settings with --net=host
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This seems to be a needless restriction. We make a copy of the
hosts /etc/resolv.conf file, so these changes to not modify the
host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | |_|/ /
| |/| | | |
Enable more podman-remote pod commands
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
enable pod start, stop, and kill subcommands for the remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Switch defaults for podman build versus buildah
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Switch defaults for --layers, --force-rm and --pull-always
from buildah to podman.
Only override default values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
make remote-client error messaging more robust
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
the remote-client is currently weak for carrying error messages
over the varlink interface and displaying something useful to users
and developers for the purposes of debug. this is a starting point
to improve that user experience.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
rootless: force same cwd when re-execing
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when joining an existing namespace, we were not maintaining the
current working directory, causing commands like export -o to fail
when they weren't referring to absolute paths.
Closes: https://github.com/containers/libpod/issues/2381
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Vendor Buildah v1.7
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Vendors in Buildah 1.7 into Podman.
Also the latest imagebuilder and changes for
`build --target`
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Exit with errors not just logging error
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Several commands were logging errors but exiting with a 0
exit code. This patch cleans these up.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|