| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the issue is caused by the Go Runtime that messes up with the process
signals, overriding SIGSETXID and SIGCANCEL which are used internally
by glibc. They are used to inform all the threads to update their
stored uid/gid information. This causes a hang on the set*id glibc
wrappers since the handler installed by glibc is never invoked.
Since we are running with only one thread, we don't really need to
update other threads or even the current thread as we are not using
getuid/getgid before the execvp.
Closes: https://github.com/containers/libpod/issues/1625
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Paprdind
|
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\
| |
| | |
Fix pod status reporting for new Exited state
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Vendor in latest github.com/containers/storage,image, buildah
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Grab latest fixes from subpackages
Including fixes for usernamespace chowning retaining file attributes
Better logging of error messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
re-add BR for golang compiler to contrib/spec/podman.spec.in
|
| |/
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Lower Cirrus-CI CPU + Re-add verify step
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't waste GCE VM resources for 30-min of testing,
when verify would fail after 3-minutes. This is
the simpelest mechanism to save cloud CPU-time
while GCE is under trial-status (can not set quotas).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These can increase again, once we have more control over setting quotas
in GCE. At the moment it's limited because of trial-account status.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
added links to buildah.io and podman.io to README.md
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: jtligon <jligon@redhat.com>
|
|\ \ \
| | | |
| | | | |
runlabel: execute /proc/self/exe and avoid recursion
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \ \
| | | | |
| | | | | |
skip userns tests on non-fedora distributions for now
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Remove Travis
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now that we are testing ubuntu-bionic on a VM, we no longer need
travis.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
docker: Double quote array expansions to avoid re-splitting elements
|
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Petr Kubat <pkubat@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Switch to using libnetwork's resolvconf package
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds a few missing things from writeStringToRundir() to the new
resolv.conf function, specifically relabelling and returning a
path compatible with rootless podman
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The vendoring issues with libnetwork were significant (it was
dragging in massive amounts of code) and were just not worth
spending the time to work through. Highly unlikely we'll ever end
up needing to update this code, so move it directly into pkg/ so
we don't need to vendor libnetwork. Make a few small changes to
remove the need for the remainder of libnetwork.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Avoid a Sirupsen vs sirupsen class for logrus by updating to
master.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Libnetwork provides a well-tested package for generating
resolv.conf from the host's that has some features our current
implementation does not. Swap to using their code and remove our
built-in implementation.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add cirrus-ci: eventual replacement for papr and travis
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Testing podman requires exercising on a full-blown VM. The current
containerized-approach is complicated, and mostly a band-aid over
shortcomings in the other CI systems. Namely, we want:
* To pre-build environments with dependencies to reduce the
setup time needed for testing.
* The ability to verify the pre-built environments are working
before utilizing them for further testing.
* A simple, single set of flexible automation instructions to
reduce maintenance burden.
* Ease of environment reproduction across clouds or locally, for
debugging failures.
This change leverages Cirrus-CI + Packer + collection of shell scripts
to realize all of the above.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman: allow usage of gVisor as OCI runtime
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
read the OCI status from stdout, not the combined stdout+stderr
stream.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix an issue when using gVisor that couldn't start the container since
the XDG_RUNTIME_DIR env variable used for the "create" and "start"
commands is different. Set the environment variable for each command
so that the OCI runtime gets always the same value.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add support to checkpoint/restore containers
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds the podman-container-checkpoint and
podman-container-restore man pages.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
runc uses CRIU to support checkpoint and restore of containers. This
brings an initial checkpoint/restore implementation to podman.
None of the additional runc flags are yet supported and container
migration optimization (pre-copy/post-copy) is also left for the future.
The current status is that it is possible to checkpoint and restore a
container. I am testing on RHEL-7.x and as the combination of RHEL-7 and
CRIU has seccomp troubles I have to create the container without
seccomp.
With the following steps I am able to checkpoint and restore a
container:
# podman run --security-opt="seccomp=unconfined" -d registry.fedoraproject.org/f27/httpd
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden # <-- this is actually a good answer
# podman container checkpoint <container>
# curl -I 10.22.0.78:8080
curl: (7) Failed connect to 10.22.0.78:8080; No route to host
# podman container restore <container>
# curl -I 10.22.0.78:8080
HTTP/1.1 403 Forbidden
I am using CRIU, runc and conmon from git. All required changes for
checkpoint/restore support in podman have been merged in the
corresponding projects.
To have the same IP address in the restored container as before
checkpointing, CNI is told which IP address to use.
If the saved network configuration cannot be found during restore, the
container is restored with a new IP address.
For CRIU to restore established TCP connections the IP address of the
network namespace used for restore needs to be the same. For TCP
connections in the listening state the IP address can change.
During restore only one network interface with one IP address is handled
correctly. Support to restore containers with more advanced network
configuration will be implemented later.
v2:
* comment typo
* print debug messages during cleanup of restore files
* use createContainer() instead of createOCIContainer()
* introduce helper CheckpointPath()
* do not try to restore a container that is paused
* use existing helper functions for cleanup
* restructure code flow for better readability
* do not try to restore if checkpoint/inventory.img is missing
* git add checkpoint.go restore.go
v3:
* move checkpoint/restore under 'podman container'
v4:
* incorporated changes from latest reviews
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| | |
| | | |
Don't tmpcopyup on systemd cgroup
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
disable gce building of images
|
|/ /
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Add Ubuntu-18.04 to CI testing
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
unfortunately the papr CI system cannot test ubuntu as a VM; therefore,
this PR still keeps travis. but it does include fixes that will be required
for running on modern versions of ubuntu.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
selinux: drop superflous relabel
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The same relabel is already done in writeStringToRundir so we don't
need to do it twice. The version in writeStringToRundir takes into
account the correct file path when using user namespaces.
Closes: https://github.com/containers/libpod/pull/1584
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|