summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #12098 from Luap99/slirp-dadOpenShift Merge Robot2021-10-26
|\ | | | | Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
| * Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0Paul Holzinger2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Duplicate Address Detection slows the ipv6 setup down for 1-2 seconds. Since slirp4netns is run it is own namespace and not directly routed we can skip this to make the ipv6 address immediately available. We change the default to make sure the slirp tap interface gets the correct value assigned so DAD is disabled for it. Also make sure to change this value back to the original after slirp4netns is ready in case users rely on this sysctl. Fixes #11062 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12067 from hshiina/logs-journal-tailOpenShift Merge Robot2021-10-26
|\ \ | | | | | | Fix a few problems in 'podman logs --tail' with journald driver
| * | Fix a few problems in 'podman logs --tail' with journald driverHironori Shiina2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following problems regarding `logs --tail` with the journald log driver are fixed: - One more line than a specified value is displayed. - '--tail 0' displays all lines while the other log drivers displays nothing. - Partial lines are not considered. - If the journald events backend is used and a container has exited, nothing is displayed. Integration tests that should have detected the bugs are also fixed. The tests are executed with json-file log driver three times without this fix. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | Merge pull request #12092 from rhatdan/buildOpenShift Merge Robot2021-10-26
|\ \ \ | | | | | | | | If Dockerfile exists in same directory as service, we should not use it.
| * | | If Dockerfile exists in same directory as service, we should not use it.Daniel J Walsh2021-10-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only use the Containerfiles/Dockerfiles found in the context directory. Fixes: https://github.com/containers/podman/issues/12054 [NO NEW TESTS NEEDED] It is difficult to setup a test for this in the CI/CD system, but build tests should find if this PR broke anything. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12088 from adrianreber/2021-10-25-fix-label-ipc-hostOpenShift Merge Robot2021-10-26
|\ \ \ \ | | | | | | | | | | Allow 'container restore' with '--ipc host'
| * | | | Allow 'container restore' with '--ipc host'Adrian Reber2021-10-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trying to restore a container that was started with '--ipc host' fails with: Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified We already fixed this exact same error message for containers started with '--privileged'. The previous fix was to check if the to be restored container is a privileged container (c.config.Privileged). Unfortunately this does not work for containers started with '--ipc host'. This commit changes the check for a privileged container to check if both the ProcessLabel and the MountLabel is actually set and only then re-uses those labels. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12096 from ↵OpenShift Merge Robot2021-10-26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.10incompatible Bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible
| * | | | Bump github.com/docker/dockerdependabot[bot]2021-10-26
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.9+incompatible to 20.10.10+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md) - [Commits](https://github.com/docker/docker/compare/v20.10.9...v20.10.10) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #12099 from Luap99/cni-k8s-envOpenShift Merge Robot2021-10-26
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] Document to not set K8S envars for CNI
| * | | Document to not set K8S envars for CNIPaul Holzinger2021-10-26
|/ / / | | | | | | | | | | | | | | | | | | Setting these environment variables can cause issues with custom CNI plugins, see #12083. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12086 from rhatdan/logOpenShift Merge Robot2021-10-26
|\ \ \ | | | | | | | | Add support to play kube for --log-opt
| * | | Add support to play kube for --log-optDaniel J Walsh2021-10-25
| |/ / | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11727 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12084 from rhatdan/VENDOROpenShift Merge Robot2021-10-26
|\ \ \ | |/ / |/| | Update vendor github.com/opencontainers/runtime-tools
| * | Update vendor github.com/opencontainers/runtime-toolsDaniel J Walsh2021-10-25
|/ / | | | | | | | | | | | | | | | | This will change mount of /dev within container to noexec, making containers slightly more secure. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12079 from stweil/lgtmOpenShift Merge Robot2021-10-25
|\ \ | | | | | | [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
| * | [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)Stefan Weil2021-10-25
| | | | | | | | | | | | | | | | | | | | | | | | LGTM alert: Off-by-one index comparison against length may lead to out-of-bounds read. Signed-off-by: Stefan Weil <sw@weilnetz.de>
* | | Merge pull request #12078 from stweil/typosOpenShift Merge Robot2021-10-25
|\ \ \ | |/ / |/| | [CI:DOCS Fix some typos in documentation and comments (found by codespell)
| * | Fix some typos in documentation and comments (found by codespell)Stefan Weil2021-10-25
| | | | | | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* | | Merge pull request #12071 from eriksjolund/fix_typo_keep_idOpenShift Merge Robot2021-10-24
|\ \ \ | | | | | | | | [CI:DOCS] Fix typo keep_id -> keep-id
| * | | [CI:DOCS] Fix typo keep_id -> keep-idErik Sjölund2021-10-24
| |/ / | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | Merge pull request #12077 from stweil/mainOpenShift Merge Robot2021-10-24
|\ \ \ | |/ / |/| | [CI:DOCS] Replace 'an user' => 'a user'
| * | Replace 'an user' => 'a user'Stefan Weil2021-10-24
|/ / | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* | Merge pull request #12061 from dancerj/typoOpenShift Merge Robot2021-10-22
|\ \ | | | | | | [CI:DOCS] fuse-overlay probably means fuse-overlayfs.
| * | fuse-overlay probably means fuse-overlayfs.Junichi Uekawa2021-10-22
| |/ | | | | | | | | | | fuse-overlayfs is usually the package name. Signed-off-by: Junichi Uekawa <dancer@debian.org>
* | Merge pull request #11991 from rhatdan/sizeOpenShift Merge Robot2021-10-22
|\ \ | | | | | | Allow API to specify size and inode quota
| * | Allow API to specify size and inode quotaDaniel J Walsh2021-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11016 [NO NEW TESTS NEEDED] We have no easy way to tests this in CI/CD systems. Requires quota to be setup on directories to work. Fixes: https://github.com/containers/podman/issues/11016 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12021 from rhatdan/kubeOpenShift Merge Robot2021-10-22
|\ \ \ | |_|/ |/| | Generate Kube should not print default structs
| * | Generate Kube should not print default structsDaniel J Walsh2021-10-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If podman uses Workdir="/" or the workdir specified in the image, it should not add it to the yaml. If Podman find environment variables in the image, they should not get added to the yaml. If the container or pod do not have changes to SELinux we should not print seLinuxOpt{} If the container or pod do not change any dns options the yaml should not have a dnsOption={} If the container is not privileged it should not have privileged=false in the yaml. Fixes: https://github.com/containers/podman/issues/11995 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12048 from rhatdan/manOpenShift Merge Robot2021-10-22
|\ \ | | | | | | Remove --kernel-memory options
| * | Remove --kernel-memory optionsDaniel J Walsh2021-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kernel memory option has been depracated in runtime-spec, It is believed that it will not work properly on certain kernels. runc ignores it. This PR removes documentation of the flag and also prints a warning if a user uses it. [NO NEW TESTS NEEDED] Helps Fix: https://github.com/containers/podman/issues/12045 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12047 from mheon/remove_infra_from_dbOpenShift Merge Robot2021-10-21
|\ \ \ | |/ / |/| | [NO NEW TESTS NEEDED] Remove infra ID from DB before removing containers
| * | Remove infra ID from DB before removing containersMatthew Heon2021-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we interrupt pod removal between removing containers and removing the whole pod, the infra ID was still in the DB, and most pod operations would try to retrieve the infra container (and would this fail). Clear the infra ID from the DB just before we remove all containers to prevent this. Fixes #12034 [NO NEW TESTS NEEDED] This is a very narrow race and I have no idea how to repro it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #12057 from flouthoc/allow-tagging-manifest-listOpenShift Merge Robot2021-10-21
|\ \ \ | | | | | | | | tag: Support tagging manifest list instead of resolving to images
| * | | tag: Support tagging manifest list instead of resolving to imagesAditya Rajan2021-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following commit makes sure when buildah tag is invoked on a manifest list, it tags the same manifest list instead of resolving to an image and tagging it. Port of: https://github.com/containers/buildah/pull/3483 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #12028 from edsantiago/test_system_connectionOpenShift Merge Robot2021-10-21
|\ \ \ \ | |/ / / |/| | | Add test for system connection
| * | | Add test for system connectionEd Santiago2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First a basic (connectionless) one to make sure we 'add', 'ls', and 'rm' work; then an actual one with a service; then (if ssh to localhost is set up and works) test ssh Requires a little trickery to work around the CI definition of $PODMAN, which includes "--url /path/to/sock", which overrides podman's detection of whether to use a connection or not. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #12049 from edsantiago/test_dash_a_with_lOpenShift Merge Robot2021-10-20
|\ \ \ \ | |_|/ / |/| | | System tests: confirm that -a and -l clash
| * | | System tests: confirm that -a and -l clashEd Santiago2021-10-20
|/ / / | | | | | | | | | | | | | | | ...and fix one instance where there was no check Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #11851 from cdoern/podRmOpenShift Merge Robot2021-10-20
|\ \ \ | | | | | | | | Pod Rm Infra Handling Improvements
| * | | Pod Rm Infra Improvementscdoern2021-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Made changes so that if the pod contains all exited containers and only infra is running, remove the pod. resolves #11713 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #12017 from nalind/exponentialOpenShift Merge Robot2021-10-20
|\ \ \ \ | | | | | | | | | | Use exponential backoff when waiting for a journal entry
| * | | | Use exponential backoff when waiting for a journal entryNalin Dahyabhai2021-10-18
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When looking for a cursor that matches the first journal entry for a given container, wait and try to find it using exponential backoff. [NO NEW TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #12032 from eastonman/eastonman-systemd-patch-1OpenShift Merge Robot2021-10-20
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Change systemd service file to be compatible with rootless mode
| * | | | systemd: compatible with rootless modeEaston Man2021-10-20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | - change the type to forking to allow fork. - add default.target for user systemd service Signed-off-by: Easton Man <manyang.me@outlook.com>
* | | | Merge pull request #12041 from edsantiago/container_envOpenShift Merge Robot2021-10-20
|\ \ \ \ | | | | | | | | | | system tests: CONTAINER_* and --help: cleanup
| * | | | system tests: CONTAINER_* and --help: cleanupEd Santiago2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A small part of this test was written in a confusing and fragile way: it was very hard to understand, and in fact only worked through pure luck (using 'echo $output', which emitted everything in one long line, vs the standard quoted 'echo "$output"' which would've kept the formatting and caused the test to pass, incorrectly, no matter whether --remote was in the output or not). Plus, the '$?' check in the next line would never trigger on failure anyway, so the failure message would've been unhelpful if the test were ever to fail. Anyhow. Make it readable and make it work. (Followup to #11990) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #12024 from rhatdan/podmanOpenShift Merge Robot2021-10-20
|\ \ \ \ \ | |/ / / / |/| | | | podman run --memory=0 ... should not set memory limit
| * | | | podman run --memory=0 ... should not set memory limitDaniel J Walsh2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Docker this is ignored, and it should be on Podman as well. This is documented in the man page. Fixes: https://github.com/containers/podman/issues/12002 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>