summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
| | | | | | | | | | When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* container_internal: don't ignore error from cleanupNetwork()Giuseppe Scrivano2018-06-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1002 Approved by: rhatdan
* Mark containers invalid earlier during removalMatthew Heon2018-06-27
| | | | | | | | | | | Fixes a bug where we might try saving back to the database during cleanup, which would fail as the container was already removed from the database. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1001 Approved by: rhatdan
* Add --authfile to podman searchumohnani82018-06-27
| | | | | | | | | | | Since podman search requires credentials to search private registries, add the --authfile flag to allow users to pass in credentials from a different authfile than the default one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #998 Approved by: rhatdan
* Vendor in latest containers/imageumohnani82018-06-27
| | | | | | | | | | Fixes issue with podman search of private registries. Podman search was not picking up the credentials from the authfile. This fixes it. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #998 Approved by: rhatdan
* Merge pull request #1003 from rhatdan/vendorDaniel J Walsh2018-06-27
|\ | | | | Vendor in go-selinux again
| * Vendor in go-selinux againDaniel J Walsh2018-06-26
| | | | | | | | | | | | Baude found an error in non linux bindings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add podman remote clientbaude2018-06-27
|/ | | | | | | | | | | | | | | | podman client that is capable of: * images * ps * rm * rmi this is only a mockup to frame out and prove python library and ssh tunnelling usage. Signed-off-by: baude <bbaude@redhat.com> Closes: #986 Approved by: rhatdan
* Update the vendoring of github.com/opencontainers/selinuxDaniel J Walsh2018-06-26
| | | | | | | | | THis should make libpod easier to build on non linux platforms. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1000 Approved by: mheon
* Containers can dissappearDaniel J Walsh2018-06-26
| | | | | | | | | | | | Between the time that ps command gets the list of containers and is able to ask for more data, the container could have exited. This patch logs Clibpod.ErrNoSuchCtr errors and just continues processing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #996 Approved by: mheon
* Add podman-image and podman-container man page linksDaniel J Walsh2018-06-25
| | | | | | | | | | | | | | podman image and podman container have alternate CLI to standard CLI for a lot of commands. The man pages can be shared between both. This patch adds links so that of some executes `podman image load`, they will actually see the `podman load` man page. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #993 Approved by: mheon
* Update ocicni vendor to pick up bugfixesMatthew Heon2018-06-25
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #991 Approved by: rhatdan
* make varlink optional for podmanbaude2018-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some platforms and operating systems do not have varlink. in those cases, we need to be able to turn off enablement of varlink in podman. this can now be done with BUILDTAGS passed to the build though perhaps in the future will be better. the default is to build with varlink Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The API.md and cmd/podman/varlink/ioprojectatomicpodman.go targets will continue to work regardless of the presence (or not) of 'varlink' is in BUILDTAGS. However, cmd/podman/varlink/ioprojectatomicpodman.go is now only required by the podman target when BUILDTAGS contains 'varlink'. API.md had also been an podman dependency since 5b2627dd (Makefile: Drop find-godeps.sh for podman target, 2018-05-15, #776) when I expanded varlink_api_generate. It had been an indirect podman dependency (via varlink_api_generate) since 25263558 (Generate varlink API documentation automatically, 2018-05-07, #734). But the podman executable obviously doesn't depend on the Markdown file, so I'm removing that dependency here. Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The command-pointer approach will scale well if/when we add additional optional commands behind their own build tags, because those tags won't all be competing for the same getOptionalCommands namespace. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #987 Approved by: rhatdan
* Merge pull request #989 from mheon/bump-0.6.4Matthew Heon2018-06-22
|\ | | | | Bump to 0.6.4
| * Bump gitvalidation epochMatthew Heon2018-06-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.6.5-devMatthew Heon2018-06-22
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.6.4v0.6.4Matthew Heon2018-06-22
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add tests for podman refreshMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Point podman-refresh at the right manpageMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add bash completions for podman refreshMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add manpages for podman refreshMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Move podman refresh under the container subcommandMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Make CGroups cleanup optional on whether they existMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add podman refresh commandMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add Refresh() to ctrs to refresh state after db changeMatthew Heon2018-06-22
| | | | | | | | | | The Refresh() function is used to reset a container's state after a database format change to state is made that requires migration Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add information about the configuration files to the install docsDaniel J Walsh2018-06-22
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #988 Approved by: mheon
* Add unittests and fix bugsJhon Honce2018-06-22
| | | | | | | | | | * Improved error messages * Improved checking of user input Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #978 Approved by: mheon
* Fix docs on --sig-proxy to match current behaviourDaniel J Walsh2018-06-22
| | | | | | | | | | Signals are proxied to the container process whether or not the tty is used Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #984 Approved by: mheon
* Podman history now prints out intermediate image IDsumohnani82018-06-22
| | | | | | | | | | If the intermediate image exists in the store, podman history will show the IDs of the intermediate image of each layer. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #982 Approved by: mheon
* Add cap-add and cap-drop to build man pageTomSweeneyRedHat2018-06-22
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #968 Approved by: mheon
* Option handling has become large and should be a shared functionDaniel J Walsh2018-06-22
| | | | | | | | | | | Everytime we add a new option for create, we end up having to also add it to run, this makes it error prone. Moving these to the same function makes it easier to develop and prevents user mistakes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #975 Approved by: mheon
* Fix image volumes access and mount problems on restartMarco Vedovati2018-06-22
| | | | | | | | | | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> - Set srcPath permissions so that the container user can R/W it. - Fix uninitialized spec.Mount when restarting a container. - Check for srcPath instead of volumePath existence when setting up a volume mount point for a container. - Set the overlay volumePath with the same owner and permissions as srcPath to allow proper access by the container user. Closes #844 Closes: #951 Approved by: rhatdan
* We are using err in defer function, needs to be defined nameDaniel J Walsh2018-06-22
| | | | | | | | | | Since we are checking if err is non nil in defer function we need to define it, so that the check will work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #985 Approved by: mheon
* Update the version of conmon used in testDaniel J Walsh2018-06-22
| | | | | | | | | Also start using podmin in /usr/libexec/podman rather then crio. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #979 Approved by: baude
* Merge pull request #970 from giuseppe/fix-start-attachDaniel J Walsh2018-06-22
|\ | | | | libpod: fix race with attach/start
| * libpod: fix race with attach/startGiuseppe Scrivano2018-06-20
| | | | | | | | | | | | | | | | | | | | | | Move the StartContainer call after the attach to the UNIX socket. It solves a race where the StartContainer could be done earlier and a short-lived container could already exit by the time we tried to attach to the socket. Closes: https://github.com/projectatomic/libpod/issues/835 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #972 from miabbott/install_makeDaniel J Walsh2018-06-21
|\ \ | | | | | | install: need to install make on Fedora-like distros
| * | install: need to install make on Fedora-like distrosMicah Abbott2018-06-20
|/ / | | | | | | | | | | | | Somehow `make` fails to get brought in with all the build tools, so explicitly install it. Signed-off-by: Micah Abbott <miabbott@redhat.com>
* | Merge pull request #969 from jwhonce/wip/remoteBrent Baude2018-06-20
|\ \ | | | | | | Implement SSH tunnels between client and podman server
| * | Implement SSH tunnels between client and podman serverJhon Honce2018-06-19
| |/ | | | | | | | | | | | | | | * client currently forks ssh client pending finding a well maintained ssh library for python. Including support for AF_UNIX forwarding. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Vendor containers/storage for better error reporting on dupsDaniel J Walsh2018-06-20
|/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #971 Approved by: mheon
* Add carriage return to log message when using --tty flagMarco Vedovati2018-06-19
| | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> Add a raw text formatter for logrus to be used when terminal is in raw mode (i.e. when allocating a pseudo-TTY for the container). The raw text formatter terminates the log messages with the corret \r\n sequence. Closes: #967 Approved by: rhatdan
* Errors from closing a netns on removal from DB are nonfatalMatthew Heon2018-06-19
| | | | | | | | | | | | | | | | Upon updating a container, if its network namespace has been removed, we attempt to clean up the network namespace locally, to ensure we don't leave hanging file descriptors. This triggers cleanup code which assumes the network namespace still exists, but it almost certainly was removed by whoever removed it from the database. As such, we end up with unavoidable errors if we don't want to leak FDs. Make these errors nonfatal and log them because of this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #962 Approved by: rhatdan
* Vendor in latest go-selinuxDaniel J Walsh2018-06-19
| | | | | | | | | | This should fix the issue with iptables being denied execution on container cleanup Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #966 Approved by: mheon
* Added --sort to pshaircommander2018-06-19
| | | | | | | | | Also podman ps now allows user to only output size of root FS, changed language of images and ps --sort to be by "created" as opposed to "time", and refactored the way templates are created (converted from psJSONParams type). Signed-off-by: haircommander <pehunt@redhat.com> Closes: #948 Approved by: rhatdan
* Fix podman build -qDaniel J Walsh2018-06-19
| | | | | | | | | Only thing that should be printed is the image id. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #964 Approved by: mheon
* Add extra debug so we can tell apart postdelete hooksMatthew Heon2018-06-19
| | | | | | | | | | Ensure we can identify what hook is running so we can tell which are erroring. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #960 Approved by: rhatdan
* hack/ostree_tag.sh: Fill in OSTree dependenciesW. Trevor King2018-06-18
| | | | | | | | | | | | | | | | Copying the libraries from: $ git grep pkg-config vendor/github.com/containers/image/ vendor/github.com/containers/image/ostree/ostree_dest.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux vendor/github.com/containers/image/ostree/ostree_src.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 We need all of those to compile the vendored Go dependency, not just ostree-1. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #958 Approved by: giuseppe
* TLS verify is skipped per registry.haircommander2018-06-18
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #952 Approved by: rhatdan
* Add missing functionality for podman build layersumohnani82018-06-18
| | | | | | | | | | Need to pick the values from the flags and send it to buildah for build. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #947 Approved by: rhatdan