summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Update the OWNERS file so bot assigns sane reviewersMatthew Heon2018-09-26
| | | | | | | | | The Openshift bot assigns reviewers to each PR seemingly based on this file, which means right now it's picking runcom and jwhonce to review every PR, not our maintainers. Set said maintainers as reviewers instead. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* Put openshift dockerfiles in test/installbaude2018-09-25
| | | | | | | | | Move the location of the openshift dockerfiles and delete the old one. Signed-off-by: baude <bbaude@redhat.com> Closes: #1542 Approved by: mheon
* Merge pull request #1545 from mheon/bump-0.9.3.1Matthew Heon2018-09-25
|\ | | | | Bump to v0.9.3.1
| * Bump gitvalidation epochMatthew Heon2018-09-25
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.4-devMatthew Heon2018-09-25
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3.1v0.9.3.1Matthew Heon2018-09-25
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1544 from mheon/release_notes_0.9.3.1Matthew Heon2018-09-25
|\ | | | | Update release notes for 0.9.3.1
| * Update release notes for 0.9.3.1Matthew Heon2018-09-25
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Disable problematic SELinux code causing runc issuesMatthew Heon2018-09-25
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1541 Approved by: baude
* Merge pull request #1530 from mheon/bump-0.9.3Matthew Heon2018-09-21
|\ | | | | Bump to v0.9.3
| * Bump gitvalidation epochMatthew Heon2018-09-21
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.4-devMatthew Heon2018-09-21
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3v0.9.3Matthew Heon2018-09-21
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1529 from mheon/release_notes_0.9.3Matthew Heon2018-09-21
|\ | | | | Update release notes for 0.9.3
| * Update release notes for 0.9.3Matthew Heon2018-09-21
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* Refactor Wait() to not require a timeoutMatthew Heon2018-09-21
| | | | | | | | | | | We added a timeout for convenience, but most invocations don't care about it. Refactor it into WaitWithTimeout() and add a Wait() that doesn't require a timeout and uses the default. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1527 Approved by: mheon
* Updates from reviewsJhon Honce2018-09-21
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1519 Approved by: rhatdan
* Implement new subcommandsJhon Honce2018-09-21
| | | | | | | | | | | | | | | | | | | * Refactor create subparser to share arguments with run subparser * Add argparse.*Action subclasses to reduce duplicate code in parsers * Using BooleanAction now accept True/False value as expected * .pylintrc added to loosen variable name policing * Update AbstractBaseAction to remove unset arguments before transmitting to podman service * Align logging messages to podman output * Renamed global argument from --user to --username, to avoid conflict with create/run podman commands * Add new subcommands: run, create, history, import, info, push, restart and search Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1519 Approved by: rhatdan
* Don't mount /dev/shm if the user told you --ipc=noneDaniel J Walsh2018-09-21
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1466 Approved by: mheon
* rootless: error out if there are not enough UIDs/GIDs availableGiuseppe Scrivano2018-09-21
| | | | | | | | | | | Most container images assume there are at least 65536 UIDs/GIDs available. Raise an error if there are not enough IDs allocated to the current user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1520 Approved by: rhatdan
* Vendor in latest containers/buildahDaniel J Walsh2018-09-21
| | | | | | | | | | Fixes issues with builtin volumes having correct ownership and permissions when doing podman builds. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1525 Approved by: giuseppe
* rootless: fix create with images not in the storageGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617 Introduce it back as it solves the pull of an image that is not yet in the storage when using create/run. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1521 Approved by: baude
* rootless: skip usage of filepath.JoinGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* create, rootless: join the userns of ns:PATHGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* create, rootless: join the userns of container:CONTAINERGiuseppe Scrivano2018-09-21
| | | | | | | | | | | so that we can also join the requested namespace. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* spec: refactor ns modes to a common interfaceGiuseppe Scrivano2018-09-21
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* Don't output inodes created to run a containerDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe
* Add rpmbuild to the openshift fedora test imagebaude2018-09-20
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1517 Approved by: rhatdan
* Add new field to libpod to indicate whether or not to use labellingDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | Also update some missing fields libpod.conf obtions in man pages. Fix sort order of security options and add a note about disabling labeling. When a process requests a new label. libpod needs to reserve all labels to make sure that their are no conflicts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1406 Approved by: mheon
* Bind Mounts should be mounted read-only when in read-only modeDaniel J Walsh2018-09-20
| | | | | | | | | | We don't want to allow users to write to /etc/resolv.conf or /etc/hosts if in read only mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1510 Approved by: TomSweeneyRedHat
* test, rootless: enforce cgroupfs managerGiuseppe Scrivano2018-09-20
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1515 Approved by: baude
* report when rootlessbaude2018-09-20
| | | | | | | | | | when running as rootless, report as such. resolves: #1509 Signed-off-by: baude <bbaude@redhat.com> Closes: #1514 Approved by: rhatdan
* add the gopath environment variable to the openshift dockerfilebaude2018-09-19
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1513 Approved by: baude
* Vendor in latest opencontainers/runtime-toolsDaniel J Walsh2018-09-19
| | | | | | | | | | This will cause /proc inside of the container to match the mount options of the host. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1511 Approved by: baude
* Merge pull request #1512 from baude/addvarlinktoopenshiftimageBrent Baude2018-09-19
|\ | | | | Add python-varlink to the Fedora openshift image
| * Add python-varlink to the Fedora openshift imagebaude2018-09-19
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* Add Dockerfile for openshift lint, gofmt, and validate testingbaude2018-09-19
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1504 Approved by: mheon
* Merge pull request #1503 from rhatdan/buildahDaniel J Walsh2018-09-19
|\ | | | | Vendor in latest containers/buildah
| * Vendor in latest containers/buildahDaniel J Walsh2018-09-18
|/ | | | | | Switch from projectatomic/buildah to containers/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Don't crash if an image has no namesDaniel J Walsh2018-09-18
| | | | | | | | | | When image is not tagged, we should just set the imageName to the image.ID. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1501 Approved by: mheon
* Replace all usages of "install -D" with "install -d"Jhon Honce2018-09-18
| | | | | | | | | Fixes #1481 Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1496 Approved by: rhatdan
* Increase pidWaitTimeout to 1000msEmilien Macchi2018-09-18
| | | | | | | | | | | | | | | | | When managing the containers with systemd, it takes a bit more than 250ms to have podman creating the pidfile. Increasing the value to 1 second will avoid timeout issues when running a lot of containers managed by systemd. This patch was tested in a VM with 56 services (OpenStack) deployed by TripleO and managed by systemd. Fixes #1495 Signed-off-by: Emilien Macchi <emilien@redhat.com> Closes: #1497 Approved by: rhatdan
* Small updates to OCI spec generationMatthew Heon2018-09-17
| | | | | | | | | | | | | Firstly, when adding the privileged catch-all resource device, first remove the spec's default catch-all resource device. Second, remove our default rootfs propogation config - Docker does not set this by default, so I don't think we should either. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1491 Approved by: TomSweeneyRedHat
* Add new tests for ipc namespace sharingDaniel J Walsh2018-09-17
| | | | | | | | | | We seem to be having a few flakes on namespace sharing. Adding this test to make sure sharing with the host is working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1485 Approved by: mheon
* Hooks supports two directories, process default and overrideDaniel J Walsh2018-09-17
| | | | | | | | | | | | | ALso cleanup files section or podman man page Add description of policy.json Sort alphabetically. Add more info on oci hooks Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1487 Approved by: umohnani8
* Merge pull request #1490 from mheon/bump-0.9.2.1Matthew Heon2018-09-17
|\ | | | | Bump to 0.9.2.1
| * Bump gitvalidation epochMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.3-devMatthew Heon2018-09-17
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>