summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* add pkg/capabilitiesValentin Rothberg2020-02-14
| | | | | | | | | Add pkg/capabibilities to deal with capabilities. The code has been copied from Docker (and attributed with the copyright) but changed significantly to only do what we really need. The code has also been simplified and will perform better due to removed redundancy. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5190 from baude/apiv2cockpit3OpenShift Merge Robot2020-02-14
|\ | | | | filtering behavior correction
| * filtering behavior correctionBrent Baude2020-02-12
| | | | | | | | | | | | when filtering containers, if a status= is provided as an input filter, then we should override the all to always be true. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5074 from jwhonce/wip/swagger_endpointOpenShift Merge Robot2020-02-14
|\ \ | | | | | | Add /swagger/ endpoint to serve swagger yaml to clients
| * | Add /swagger/ endpoint to serve swagger yaml to clientsJhon Honce2020-02-04
| | | | | | | | | | | | | | | | | | The provided yaml file will describe the current Podman REST API. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #5189 from mheon/only_set_all_on_statusOpenShift Merge Robot2020-02-13
|\ \ \ | | | | | | | | Only set --all when a status filter is given to ps
| * | | Only set --all when a status filter is given to psMatthew Heon2020-02-12
| | |/ | |/| | | | | | | | | | | | | | | | | | | The changes in #5075 turn out to be too aggressive; we should only be setting --all if a status= filter is given. Otherwise only running containers are filtered. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #5195 from vrothberg/fix-5106OpenShift Merge Robot2020-02-13
|\ \ \ | | | | | | | | [CI:DOCS] README: fix docs links
| * | | README: fix docs linksValentin Rothberg2020-02-13
| | | | | | | | | | | | | | | | | | | | Fix: #5106 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5172 from giuseppe/api-fix-cpu-statsOpenShift Merge Robot2020-02-13
|\ \ \ \ | | | | | | | | | | api: fix the CPU stats reported
| * | | | stats: add SystemUsageGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | api: fix the CPU stats reportedGiuseppe Scrivano2020-02-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #5179 from containers/dependabot/go_modules/k8s.io/api-0.17.3OpenShift Merge Robot2020-02-13
|\ \ \ \ \ | | | | | | | | | | | | build(deps): bump k8s.io/api from 0.17.2 to 0.17.3
| * | | | | build(deps): bump k8s.io/api from 0.17.2 to 0.17.3dependabot-preview[bot]2020-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.17.2...v0.17.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #5177 from rhatdan/kubeOpenShift Merge Robot2020-02-13
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix up play kube to use image data
| * | | | | Fix up play kube to use image dataDaniel J Walsh2020-02-13
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #5115 from QiWang19/images-formatOpenShift Merge Robot2020-02-13
|\ \ \ \ \ | |/ / / / |/| | | | images --format compatible with docker
| * | | | images --format compatible with dockerQi Wang2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince. Keep CreatedTime and Created are valid as hidden options. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #5191 from baude/fedoraminimaliskillingmeOpenShift Merge Robot2020-02-13
|\ \ \ \ \ | | | | | | | | | | | | use quay.io/libpod/fedora-minimal for reliability
| * | | | | use quay.io/libpod/fedora-minimal for reliabilityBrent Baude2020-02-12
| | |_|/ / | |/| | | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5183 from giuseppe/rootlessport-avoid-hangOpenShift Merge Robot2020-02-13
|\ \ \ \ \ | | | | | | | | | | | | rootlessport: fix potential hang
| * | | | | rootlessport: drop Pdeathsig in favor of KillGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | there is a race condition where the child process is immediately killed: [pid 2576752] arch_prctl(0x3001 /* ARCH_??? */, 0x7ffdf612f170) = -1 EINVAL (Invalid argument) [pid 2576752] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [pid 2576752] --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=2576742, si_uid=0} --- [pid 2576752] +++ killed by SIGTERM +++ this happens because the parent process here really means the "parent thread". Since there is no way of running it on the main thread, let's skip this functionality altogether and use kill(2). Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | rootlessport: fix potential hangGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | write to the error pipe only in case of an error. Otherwise we may end up in a race condition in the select statement below as the read from errChan happens before initComplete and the function returns immediately nil. Closes: https://github.com/containers/libpod/issues/5182 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #5181 from ↵OpenShift Merge Robot2020-02-13
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/gorilla/mux-1.7.4 build(deps): bump github.com/gorilla/mux from 1.7.3 to 1.7.4
| * | | | | | build(deps): bump github.com/gorilla/mux from 1.7.3 to 1.7.4dependabot-preview[bot]2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/gorilla/mux/releases) - [Commits](https://github.com/gorilla/mux/compare/v1.7.3...v1.7.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #5180 from ↵OpenShift Merge Robot2020-02-13
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.17.3 build(deps): bump k8s.io/apimachinery from 0.17.2 to 0.17.3
| * | | | | | | build(deps): bump k8s.io/apimachinery from 0.17.2 to 0.17.3dependabot-preview[bot]2020-02-12
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.17.2...v0.17.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #5152 from QiWang19/device-cgroup-ruleOpenShift Merge Robot2020-02-13
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | support device-cgroup-rule
| * | | | | | support device-cgroup-ruleQi Wang2020-02-12
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #5171 from baude/apiv2cockpit2OpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix container filters
| * | | | | | Fix container filtersBrent Baude2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | container filters were being double encoded (maybe triple) which resulted in the wrong encoding representation of filters being sent by the go-bindings. Also, on the server side, Filter needed to be changed to Filter to decode properly. Finally, due to the changed return type of List Containers, the go bindings return values needed to be changed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | | Merge pull request #5187 from vrothberg/pkg-seccompOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | add pkg/seccomp
| * | | | | | | add pkg/seccompValentin Rothberg2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add pkg/seccomp to consolidate all seccomp-policy related code which is currently scattered across multiple packages and complicating the creatconfig refactoring. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | | Merge pull request #5168 from mheon/do_not_overwrite_volumesOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Do not copy up when volume is not empty
| * | | | | | | | Do not copy up when volume is not emptyMatthew Heon2020-02-12
| | |_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Docker performs a copy up, it first verifies that the volume being copied into is empty; thus, for volumes that have been modified elsewhere (e.g. manually copying into then), the copy up will not be performed at all. Duplicate this behavior in Podman by checking if the volume is empty before copying. Furthermore, move setting copyup to false further up. This will prevent a potential race where copy up could happen more than once if Podman was killed after some files had been copied but before the DB was updated. This resolves CVE-2020-1726. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | | Merge pull request #5185 from vrothberg/v2-pull-fixOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | [CI:DOCS] api: pull: fix reference parsing
| * | | | | | | api: pull: fix reference parsingValentin Rothberg2020-02-12
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #5184 from vrothberg/refactor-pullOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | cmd/podman/pull: refactor code
| * | | | | | cmd/podman/pull: refactor codeValentin Rothberg2020-02-12
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor and simplify the code in cmd/podman/pull.go to address a couple of issues w.r.t. how the arguments were passed. Also make sure to always use the c/image API for parsing instead of working around it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #5144 from marusak/doc_fixesOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] podman system service doc fixes
| * | | | | | bash-completions: Add missing subcommands in 'podman system'Matej Marusak2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Marusak <mmarusak@redhat.com>
| * | | | | | doc: Fix examples for 'podman system service'Matej Marusak2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Marusak <mmarusak@redhat.com>
* | | | | | | Merge pull request #5175 from baude/apiv2eventsOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | apiv2 stream events
| * | | | | | | apiv2 stream eventsBrent Baude2020-02-11
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | | Merge pull request #5165 from edsantiago/test_apiv2OpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | API v2 tests: catch up to moving target
| * | | | | | API v2 tests: catch up to moving targetEd Santiago2020-02-11
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Lots has changed since I first checked this in: * Switch to new podman system service invocation * /containers API has changed drastically * /pods API has some fixes; check for them (e.g. container-exists is now 409 Conflict, not 500) * One test ('?invalidparam=x') still doesn't work; comment it out so we can get everything passing. Also, some work on the test framework itself: * Cleaner port-open testing (the bash /dev/tcp check). * Add a 'podman' function to invoke local podman and log its output. The above two allow us to: * Get rid of stderr special-casing Furthermore: * t() no longer needs leading '.'; this allows jq features such as 'length' and perhaps other filters * special-case handling of 204 and 304: rfc2616 demands that they return no message body; assert that it is so. * new root & rootless helper functions (check server) * remove the "unlikely to work" message for rootless; it seems to be working fine * fix pod tests for rootless * BUT: add a bolder FIXME because the ID field seems wrong Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #5176 from edsantiago/304_is_not_an_errorOpenShift Merge Robot2020-02-12
|\ \ \ \ \ \ | |/ / / / / |/| | | | | HTTP 304 (NotModified) is not an error!
| * | | | | HTTP 304 (NotModified) is not an error!Ed Santiago2020-02-11
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even after #5169, my test logs kept showing: ERRO[0004] unable to write json: "http: request method or response status code does not allow body" Cause: overly-helpful code trying to treat condition as an error and include a diagnostic message. This is forbidden per rfc2616. This PR fixes the faulty response, as well as three others found via: $ ack 'Error.*NotMod' (4 hits total) $ ack 'Error.*NoCont' (no hits) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #5169 from edsantiago/apiv2_pod_status_codesOpenShift Merge Robot2020-02-11
|\ \ \ \ \ | | | | | | | | | | | | API v2: pods: fix two incorrect return codes
| * | | | | API v2: pods: fix two incorrect return codesEd Santiago2020-02-11
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) /pods/<X>/exists - is documented to return 204, and that's the correct value, but until now it has been returning 200. 2) /pods/create - return 409 (conflict), not 500, when pod already exists Also: in WriteResponse(), if code is 204 (No Content) or 304 (Not Modified), emit the status code only but no content-type headers nor content. Signed-off-by: Ed Santiago <santiago@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-01 11:41:58 +0000