| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-names
Fixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Only open save output file with WRONLY
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous code fails on a MAC when opening /dev/stdout
Fixes: https://github.com/containers/podman/issues/12402
[NO NEW TESTS NEEDED] No easy way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] List /etc/containers/certs.d as default for --cert-path
|
| | |
| | |
| | |
| | |
| | |
| | | |
Helps Document https://github.com/containers/podman/issues/10116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bindings test: emit GIT_COMMIT, for links in logs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a magic 'echo' to runner.sh, displaying $GIT_COMMIT in
a special syntax. The logformatter script, seeing this,
will hyperlink error messages to the failing source file.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Move the chown to after the ADDs
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I have noticed that the containers.conf file in the /home/podman
directory is owned by root and not Podman. This change fixes the
ownership.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
compat: Add compatiblity with `Docker/Moby` API for scenarios where build fails.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to maintain compatiblity with `moby API` we must the field
`errorDetail` which is primary error reporting field with stream.
Currently podman is using `error` which is already deprecated by moby.
Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147
[NO NEW TESTS NEEDED]
We can't test this in podman CI since we dont have a docker client.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix: parsing of HostConfig.Mounts for container create
|
| | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
e2e tests: enable golint
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
...and fix problems found therewith.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix: error reporting for archive endpoint
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Returning 500 when copying to read-only destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \
| | | |
| | | | |
checkpoint do not modify XDG_RUNTIME_DIR
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should not modify the XDG_RUNTIME_DIR env value during runtime of
libpod, this can cause hard to find bugs. Only set it for the OCI
runtime, this matches the other commands such as start, stop, kill...
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |/ /
|/| | |
libpod: improve heuristic to detect cgroup
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
improve the heuristic to detect the scope that was created for the container.
This is necessary with systemd running as PID 1, since it moves itself
to a different sub-cgroup, thus stats would not account for other
processes in the same container.
Closes: https://github.com/containers/podman/issues/12400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OCI runtimes may set the memory limits in different ways, e.g., crun
creates a sub-cgroup where the limits are applied, while runc applies
them directly on the created cgroup. Since there is standardization
on the cgroup path to use, just use the limit specified in the spec
file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
libpod: leave thread locked on errors
|
|/
|
|
|
|
|
|
|
|
| |
if the SELinux label could not be restored correctly, leave the OS
thread locked so that it is terminated once it returns to the threads
pool.
[NO NEW TESTS NEEDED] the failure is hard to reproduce
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
continue e2e test cleanup
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That previous commit made me wonder if there are any other
instances of Expect() with no assertions.
grep Expect test/e2e/*_test.go |egrep -v '\.(To|NotTo|Should)'
...finds a couple of handfuls, most of which are OK (continued
on the next line) but a few of which are bugs. Fix those.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
These were NOPs, and were testing the wrong thing (pod ID,
not container ID). Fixed manually.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| | |
via: sed -i -e 's/Expect(StringInSlice(\(.*\), \(.*\))).To(BeTrue())/Expect(\2)\.To(ContainElement(\1))/' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Continue eliminating GrepString() and BeTrue(), in tiny
incremental steps. Here I take the liberty of refactoring
some hard-to-read code by adding a helper.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
Unset SocketLabel after system finishes checkpointing
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This should fix the SELinux issue we are seeing with talking to
/run/systemd/private.
Fixes: https://github.com/containers/podman/issues/12362
Also unset the XDG_RUNTIME_DIR if set, since we don't know when running
as a service if this will cause issue.s
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Support env variables based on ConfigMaps sent in payload
|
| |
| |
| |
| |
| |
| | |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
|\ \
| | |
| | | |
Warn on failing to update container status
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
failed to send a signal to the container's PID1, but ignored the
results of that update. That's generally bad practice, since even
if we can't directly take action on an error, we should still
make an effort to report it for debugging purposes. I used Infof
instead of something more serious to avoid duplicate reporting to
the user if something has gone seriously wrong.
[NO NEW TESTS NEEDED] this is just adding additional error reporting.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Update basic_networking.md
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Correct a missing link in basic networking tutorial.
Signed-off-by: Mark Zhang <markzhang1994@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
compat: Add subnet mask behind IP address to match Docker API
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Ambrose Chua <ambrose@hey.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
podman-remote does not support signature-policy
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/12357
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
oci: exit `gracefully` if container is already dead instead of trying to `kill` it.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`crun status ctrid` outputs `No such file or directory` when container
is not there so podman much ack it.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
While trying to kill a container with a `signal` we cant do anything if
container is already dead so `exit` gracefully instead of trying to
delete container again. Get container status from runtime.
[ NO NEW TESTS NEEDED ]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
image lookup: do not match *any* tags
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For reasons buried in the history of Podman, looking up an untagged
image would match any tag of matching image. For instance, looking up
centos would match a local image centos:foobar. Change that behavior
to only match the latest tag.
Fix: #11964
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
generate systemd: add --start-timeout flag
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new flag to set the start timeout for a generated systemd unit.
To make naming consistent, add a new --stop-timeout flag as well and let
the previous --time map to it.
Fixes: #11618
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
e2e tests: clean up antihelpful BeTrue()s
|