summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3909 from giuseppe/rootless-bind-mount-devOpenShift Merge Robot2019-09-02
|\ | | | | rootless: bind mount devices instead of creating them
| * spec: provide custom implementation for getDevicesGiuseppe Scrivano2019-09-02
| | | | | | | | | | | | | | | | | | | | | | | | provide an implementation for getDevices that skip unreadable directories for the current user. Based on the implementation from runc/libcontainer. Closes: https://github.com/containers/libpod/issues/3919 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * spec: do not set devices cgroup when rootlessGiuseppe Scrivano2019-09-02
| | | | | | | | | | | | eBPF requires to be root in the init namespace. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
| * rootless: bind mount devices instead of creating themGiuseppe Scrivano2019-09-02
| | | | | | | | | | | | | | | | | | | | | | when running in rootless mode, --device creates a bind mount from the host instead of specifying the device in the OCI configuration. This is required as an unprivileged user cannot use mknod, even when root in a user namespace. Closes: https://github.com/containers/libpod/issues/3905 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* | Merge pull request #3922 from giuseppe/add-note-failing-systemd-cgroups-v1OpenShift Merge Robot2019-09-02
|\ \ | |/ |/| docs: add note about failing rhel7 systemd on cgroups v2
| * docs: add note about failing rhel7 systemd on cgroups v2Giuseppe Scrivano2019-09-02
| | | | | | | | | | | | Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1747933 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3916 from cevich/personalize_successOpenShift Merge Robot2019-09-01
|\ \ | | | | | | Personalize CI success messages to IRC
| * | Cirrus: On success, add IRC nick mention to msgChris Evich2019-08-30
|/ / | | | | | | | | | | | | | | | | | | | | Rather than spamming the podman channel with impersonal success messages referring to PR numbers, mention the author by nick name and include the PR title and link. Also avoid needless logging of all bot-script interactions with IRC when there is no error detected. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3911 from vrothberg/go-proxyOpenShift Merge Robot2019-08-30
|\ \ | | | | | | Makefile: use go proxy
| * | Makefile: use go proxyValentin Rothberg2019-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use GOPROXY=https://proxy.golang.org to speed up fetching dependencies. Setting it makes `make vendor` three times faster in my local env. For details please refer to https://proxy.golang.org/. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #3913 from rwha/fix/manpage-linksOpenShift Merge Robot2019-08-30
|\ \ \ | | | | | | | | Fix links to manpages
| * | | Fix links to manpagesRyan Whalen2019-08-30
|/ / / | | | | | | | | | Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
* | | Merge pull request #3908 from TomasTomecek/man-ev-bkndOpenShift Merge Robot2019-08-30
|\ \ \ | |/ / |/| | man: events-logger → events-backend
| * | man: events-logger → events-backendTomas Tomecek2019-08-29
| | | | | | | | | | | | Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* | | Merge pull request #3907 from baude/commitcapsOpenShift Merge Robot2019-08-29
|\ \ \ | |/ / |/| | dont panic when using varlink commit and uppercase image names
| * | dont panic when using varlink commit and uppercase image namesbaude2019-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | when using an upper case image name for container commit, we observed panics due to a channel closing early. Fixes: #3897 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3710 from cevich/release_redoOpenShift Merge Robot2019-08-29
|\ \ \ | | | | | | | | Release redo
| * | | Cirrus: Reimplement release archive + uploadChris Evich2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial implementation was far more complicated than necessary. Strip out the complexities in favor of a simpler and more direct approach. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Readme: Links for automatic binary releasesChris Evich2019-08-28
| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3833 from QiWang19/cert-dirOpenShift Merge Robot2019-08-28
|\ \ \ \ | | | | | | | | | | add --cert-dir image sign
| * | | | add --cert-dir image signQi Wang2019-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requirement from #2726 Add --cert-dir for `podman image sign`. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #3892 from cevich/google_vpcOpenShift Merge Robot2019-08-28
|\ \ \ \ \ | | | | | | | | | | | | Cirrus: Block CNI use of google VPCs
| * | | | | Cirrus: Block CNI use of google VPCsChris Evich2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically pertaining to executing tests in google cloud, there are default, pre-allocated class-a subnetworks for each region (data-center). Each includes a gateway using a `.1` LSB and all are routable from other regions in google cloud via these gateways. Because the default CNI configuration also utilizes class-a subnetworks, this creates the possibility for IPv4 address-space clashes. Since the default regional cloud subnets are pre-defined/known, preventing clashes can be accomplished by seeding these subnets in a dummy CNI configuration. The default behavior of podman is to grab the highest priority CNI configuration. Name the dummy config. appropriate so it always loads last. Also name the bridge itself with an obvious name `do-not-use`, such that any related testing errors should be easier to debug. Also: * Minor cleanup of `install_test_configs()` * Move install_test_configs in `setup_environment.sh` to after possible run of `remove_packaged_podman_files()` because that also strips out `/etc/cni/net.d/87-podman-bridge.conflist`. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3893 from mheon/readd_volume_locksOpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | Re-add volume locks
| * | | | | | Re-add locks to volumes.Matthew Heon2019-08-28
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will require a 'podman system renumber' after being applied to get lock numbers for existing volumes. Add the DB backend code for rewriting volume configs and use it for updating lock numbers as part of 'system renumber'. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | Merge pull request #3728 from mheon/systemd_container_testOpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Add an integration test for systemd in a container
| * | | | | Temporarily disable systemd test for CGroups V2Matthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert this one CGroups V2 support for systemd containers is added. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | Add an integration test for systemd in a containerMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | | | clean up after remote buildbaude2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when performing an image build over a varlink connection, we should clean up tmp files that are a result of sending the file to the host and untarring it for the build. Fixes: #3869 Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #3823 from cevich/prune_old_imagesOpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Cirrus: Enable VM image housekeeping
| * | | | | Cirrus: Enable VM image housekeepingChris Evich2019-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also do some minor cleanup and add additional safety-checks to pruning script (container image). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3898 from dcbw/remove-decomposeOpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | image: remove unused Decompose method
| * | | | | | image: remove unused Decompose methodDan Williams2019-08-28
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Decompose() returns an error defined in CNI which has been removed upstream because it had no in-tree (eg in CNI) users. Signed-off-by: Dan Williams <dcbw@redhat.com>
* | | | | | Merge pull request #3889 from abitrolly/patch-1OpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | Test build snap with Cirrus CI
| * | | | | | Add snap build test to success and release checkAnatoli Babenia2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | | | | | Run `apt-get update` to avoid missing package while buildingAnatoli Babenia2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | | | | | Use snapcraft on Ubuntu 18.04 for libostree-devAnatoli Babenia2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
| * | | | | | Test build snap with Cirrus CIAnatoli Babenia2019-08-28
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
* | | | | | Merge pull request #3887 from edsantiago/batsOpenShift Merge Robot2019-08-28
|\ \ \ \ \ \ | |/ / / / / |/| | | | | podman cp: big set of system tests
| * | | | | podman cp: big set of system testsEd Santiago2019-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman cp has had some unexpected bugs, and still has some surprising behavior. It looks like this part of the code is fragile. Add tests to try to prevent future breakages. Note that two of the new tests are disabled (skipped) until #3829 gets fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #3888 from jwhonce/wip/apiOpenShift Merge Robot2019-08-27
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Update varlink doc and code for images
| * | | | | Update varlink doc and codeJhon Honce2019-08-26
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improved error message * Added documentation * Updated messages to include missing data Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #3886 from baude/addiprouteOpenShift Merge Robot2019-08-26
|\ \ \ \ \ | |/ / / / |/| | | | add iproute to podman in podman image
| * | | | add iproute to podman in podman imagebaude2019-08-26
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | the network create function relies on the prescense of iproute's binary 'ip'. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3883 from baude/varlinkbuildcleanupOpenShift Merge Robot2019-08-26
|\ \ \ \ | |/ / / |/| | | clean up after remote build
| * | | clean up after remote buildbaude2019-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when performing an image build over a varlink connection, we should clean up tmp files that are a result of sending the file to the host and untarring it for the build. Fixes: #3869 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3824 from baude/varlinkendpointtestOpenShift Merge Robot2019-08-26
|\ \ \ \ | | | | | | | | | | Create framework for varlink endpoint integration tests
| * | | | Create framework for varlink endpoint integration testsbaude2019-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to write integration tests similar to our e2e tests for the varlink endpoints. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #3755 from mheon/fix_cninameOpenShift Merge Robot2019-08-26
|\ \ \ \ \ | |_|/ / / |/| | | | Adjust name of Podman CNI network bridge