| Commit message (Collapse) | Author | Age |
|\
| |
| | |
fix restart always with rootlessport
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For rootful users ports are forwarded via iptables. To make sure no
other process tries to use them, libpod will bind the ports and pass the
fds to conmon. There seems to be race when a container is restarted
because libpod tries to bind the port before the conmon process exited.
The problem only hapens with the podman service because it keeps the
connection open. Once we have the fd and passed it to conmon the
podman service should close the connection.
To verify run `sudo ss -tulpn` and check that only the conmon process
keeps the port open. Previously you would also see the podman server
process listed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
When a container is automatically restarted due its restart policy and
the container uses rootless cni networking with ports forwarded we have
to start a new rootlessport process since it exits with conmon.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we restart a container via podman restart or restart policy the
rootlessport process fails with `address already in use` because the
socketfile still exists.
This is a regression and was introduced in commit abdedc31a25e.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
test: enable --cgroup-parent test
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
and fix it for running with runc.
Closes: https://github.com/containers/podman/issues/11165
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Make gvproxy path configurable with containers.conf
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Closes #11531
[NO TESTS NEEDED]
Signed-off-by: Hyeon Kim <simnalamburt@gmail.com>
|
|\ \
| | |
| | | |
Add deprecated event fields for 1.22+ clients that still expect them
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
|
|\ \ \
| | | |
| | | | |
If container exits with 125 podman should exit with 125
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
fixes: https://github.com/containers/podman/issues/11540
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/json-iterator/go-1.1.12
Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/json-iterator/go](https://github.com/json-iterator/go) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/json-iterator/go/releases)
- [Commits](https://github.com/json-iterator/go/compare/v1.1.11...v1.1.12)
---
updated-dependencies:
- dependency-name: github.com/json-iterator/go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Use default username for podman machine ssh
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When using the defaut conection for podman machine ssh, use the default
username too.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
bump c/common to v0.44.0
|
| | |_|_|/
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Fix #11444: remote breaks with stdout redirection
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`setConsoleMode` should do nothing if the handle is not a terminal. The proposed change is [exactly what `golang.org/x/term/IsTerminal()` does on Windows](https://cs.opensource.google/go/x/term/+/6886f2df:term_windows.go).
[NO TESTS NEEDED]
Signed-off-by: Anton Tykhyy <atykhyy@gmail.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.36.0
Bump github.com/containers/storage from 1.35.0 to 1.36.0
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.35.0...v1.36.0)
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \
| |/ / /
|/| | | |
[CI:DOCS] Remove short 'a' option from all-tags
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The short option 'a' for the --all-tags option in the pull
page is not valid, remove it.
Addresses: #11536
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
Cirrus: Run unit-tests rootless
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously (for various reasons) the unittests were limited by the
Makefile to root-only. However, experimentation via PR #11490
shows they will actually execute and pass when run as a regular user.
Enable this for only the latest Fedora VMs, so as to only add one new
task to the (already large) set.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Refactor API server emphasis on logging
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* To aid in debugging log API request and response bodies at trace
level. Events can be correlated using the X-Reference-Id.
* Server now echos X-Reference-Id from client if set, otherwise
generates an unique id.
* Move logic for X-Reference-Id into middleware
* Change uses of Header.Add() to Set() when setting Content-Type
* Log API operations in Apache format using gorilla middleware
* Port server code to use BaseContext and ConnContext
Fixes #10053
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Stop outputting 'healthy' on healthcheck
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We should only print unhealthy if the check fails. Currently this is
filling logs when users are running lots of healthchecks.
Improves: https://github.com/containers/podman/issues/11157
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman unshare keep exit code
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In case the command inside the podman unshare env failed podman unshare
always exits with 125 and prints `Error: exit status 125`. This is a
bad user experience and makes it difficult to use in scripts which could
expect certain exit codes.
This commit makes sure podman unshare uses the same exit code as the
command and does not print the useless `exit status X` message.
Also to match podman run/exec it should return 126 for EPERM
and 127 for ENOENT.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
containers/dependabot/go_modules/github.com/opencontainers/selinux-1.8.5
Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.8.4...v1.8.5)
---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Add init containers to generate and play kube
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Kubernetes has a concept of init containers that run and exit before
the regular containers in a pod are started. We added init containers
to podman pods as well. This patch adds support for generating init
containers in the kube yaml when a pod we are converting had init
containers. When playing a kube yaml, it detects an init container
and creates such a container in podman accordingly.
Note, only init containers created with the init type set to "always"
will be generated as the "once" option deletes the init container after
it has run and exited. Play kube will always creates init containers
with the "always" init container type.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
[CI:DOCS] podman machine: enforce a single search registry
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
By popular request, turn decimals to octal. Most eyes are trained to
parse file permissions in octal.
[NO TESTS NEEDED] since machine isn't tested yet.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Enforce "docker.io" to be the only search registry. Short-name
resolution for remote clients is not fully supported since there is no
means to prompt. Enforcing a single registry works around the problem
since prompting only fires with more than one search registry.
Fixes: #11489
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
containers/dependabot/go_modules/github.com/containers/psgo-1.6.0
Bump github.com/containers/psgo from 1.5.2 to 1.6.0
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/containers/psgo](https://github.com/containers/psgo) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/containers/psgo/releases)
- [Commits](https://github.com/containers/psgo/compare/v1.5.2...v1.6.0)
---
updated-dependencies:
- dependency-name: github.com/containers/psgo
dependency-type: direct:production
update-type: version-update:semver-minor
...
[NO TESTS NEEDED] since it's migrating to a new version.
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Fix missing args `NAME` in examples
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
stats: detect container restart and allow paused containers
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if the current cpu usage time is lower than what previously recorded,
then it means the container was restarted and now it runs in a new
cgroup. When this happens, reset the prevStats.
Closes: https://github.com/containers/podman/issues/11469
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
override the outer scope variable instead of creating a local one.
Otherwise the wrong variable would be used for the next iterations.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
paused containers still a cgroup we can use to grab the stats.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
[CI:DOCS] Add response to /libpod/containers/stats documentation
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Include the response schema for a succesful request in the
/containers/stats API documentation
Additionally remove http 409 from /libpod/containers/stats docs, the
documentation was copied from the deprecated stats endpoint, when a
container is unavailabe the endpoint returns an empty list and no 409.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
try to create the runroot before we warn that it is not writable
|