summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add container runlabel commandbaude2018-09-28
| | | | | | | | | | | | | Execute the command as described by a container image. The value of the label is processed into a command by: 1. Ensuring the first argument of the command is podman. 2. Substituting any variables with those defined by the environment or otherwise. If no label exists in the container image, nothing is done. podman container runlabel LABEL IMAGE extra_args Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1551 from baude/complexnamesOpenShift Merge Robot2018-09-28
|\ | | | | run complex image names with short names
| * run complex image names with short namesbaude2018-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | In cases where the image name is more complex like: quay/baude/alpine_nginx:latest and is not from the docker registry, we need to be able to run the image by its shortname such as baude/alpine_nginx. The same goes when the image is not from a registry but instead has the localhost repository. This resolves buildah issue #1034 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1561 from baude/addbuildahdisttoinfoOpenShift Merge Robot2018-09-28
|\ \ | |/ |/| Add buildah version and distribution to info
| * Add buildah version and distribution to infobaude2018-09-28
|/ | | | | | | | For the sake of debug and problem reporting, we would benefit from knowing what buildah version was vendored into podman. Also, knowing the distribution and distribution version would also be handy. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1556 from baude/disablecentos7OpenShift Merge Robot2018-09-28
|\ | | | | Disable CentOS7 VM testing
| * Disable Fedora 29 and CentOS7 VM testingbaude2018-09-27
|/ | | | | | | | Due to packaging levels of container-selinux, we have a systemic failure in the podman integration tests. We have decided to disable this test until the this problem can be sorted out. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1559 from rhatdan/spcMatthew Heon2018-09-27
|\ | | | | podman runs disabled containers and privileged containers as spc_t
| * podman runs disabled containers and privileged containers as spc_tDaniel J Walsh2018-09-27
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #1549 from mheon/update_ownersDaniel J Walsh2018-09-27
|\ | | | | Update the OWNERS file so bot assigns sane reviewers
| * Update the OWNERS file so bot assigns sane reviewersMatthew Heon2018-09-26
| | | | | | | | | | | | | | | | | | The Openshift bot assigns reviewers to each PR seemingly based on this file, which means right now it's picking runcom and jwhonce to review every PR, not our maintainers. Set said maintainers as reviewers instead. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #818 from wking/python-2-cleanMatthew Heon2018-09-27
|\ \ | |/ |/| Makefile: Call contrib/python's clean regardless of HAS_PYTHON3
| * contrib/python/*/Makefile: Fallback to unversioned 'python'W. Trevor King2018-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And pull these from the PATH by default. This way systems like CentOS that don't have a python3 can still execute 'make clean', which doesn't care about the Python major version. The setup.py shebang, mode change, and ./ prefixing helps address cases where PYTHON is empty. This could be the result of improper user configuration: $ make PYTHON='' clean It could also be the state on systems with no Python installed, in which case you'll see: $ make PYTHON='' clean ./setup.py clean --all /usr/bin/env: 'python': No such file or directory make: *** [Makefile:13: clean] Error 127 I've also shifted the Python invocations to the end of the clean recipies so that as much as possible gets cleaned up even on systems without Python installed. Signed-off-by: W. Trevor King <wking@tremily.us>
| * Makefile: Drop PYTHONW. Trevor King2018-09-13
| | | | | | | | | | | | | | This line landed in 8493dba2 (Initial varlink implementation, 2018-03-26, #627), but this Makefile has never consumed that variable. Signed-off-by: W. Trevor King <wking@tremily.us>
| * Makefile: Call contrib/python's clean regardless of HAS_PYTHON3W. Trevor King2018-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only Python dependency in contrib/python's clean is: $(PYTHON) setup.py clean --all and our setup.pys work on both major Python versions: $ make -C contrib/python/podman PYTHON=python2 clean make: Entering directory `/.../libpod/contrib/python/podman' python2 setup.py clean --all /usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires' warnings.warn(msg) running clean 'build/lib' does not exist -- can't clean it 'build/bdist.linux-x86_64' does not exist -- can't clean it 'build/scripts-2.7' does not exist -- can't clean it rm -rf podman.egg-info dist find . -depth -name __pycache__ -exec rm -rf {} \; find . -depth -name \*.pyc -exec rm -f {} \; make: Leaving directory `/.../libpod/contrib/python/podman' $ echo $? 0 $ make -C contrib/python/pypodman PYTHON=python2 clean make: Entering directory `/.../libpod/contrib/python/pypodman' python2 setup.py clean --all /usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires' warnings.warn(msg) running clean removing 'build/lib' (and everything under it) removing 'build/bdist.linux-x86_64' (and everything under it) 'build/scripts-2.7' does not exist -- can't clean it removing 'build' rm -rf pypodman.egg-info dist find . -depth -name __pycache__ -exec rm -rf {} \; find . -depth -name \*.pyc -exec rm -f {} \; make: Leaving directory `/.../libpod/contrib/python/pypodman' $ echo $? 0 This rolls back part of 390bd16d (tidy up the copr spec, 2018-05-20, #813). I've also shifted the submake cleans to the end of the main clean recipe. That way, if one of the submake cleans dies (e.g. because the system lacks Python entirely), the temp-file removal will still happen. The way I have it setup now, the podman clean dying will keep any of the pypodman clean from happening. You could probably work around that with something like: $(MAKE) -C contrib/python/podman clean & \ $(MAKE) -C contrib/python/pypodman clean & \ wait but that seems too fancy for such a corner case. Signed-off-by: W. Trevor King <wking@tremily.us>
* | rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* | Put openshift dockerfiles in test/installbaude2018-09-25
| | | | | | | | | | | | | | | | | | Move the location of the openshift dockerfiles and delete the old one. Signed-off-by: baude <bbaude@redhat.com> Closes: #1542 Approved by: mheon
* | Merge pull request #1545 from mheon/bump-0.9.3.1Matthew Heon2018-09-25
|\ \ | | | | | | Bump to v0.9.3.1
| * | Bump gitvalidation epochMatthew Heon2018-09-25
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Bump to v0.9.4-devMatthew Heon2018-09-25
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Bump to v0.9.3.1v0.9.3.1Matthew Heon2018-09-25
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1544 from mheon/release_notes_0.9.3.1Matthew Heon2018-09-25
|\ \ | | | | | | Update release notes for 0.9.3.1
| * | Update release notes for 0.9.3.1Matthew Heon2018-09-25
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Disable problematic SELinux code causing runc issuesMatthew Heon2018-09-25
| | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1541 Approved by: baude
* | Merge pull request #1530 from mheon/bump-0.9.3Matthew Heon2018-09-21
|\ \ | | | | | | Bump to v0.9.3
| * | Bump gitvalidation epochMatthew Heon2018-09-21
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Bump to v0.9.4-devMatthew Heon2018-09-21
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * | Bump to v0.9.3v0.9.3Matthew Heon2018-09-21
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1529 from mheon/release_notes_0.9.3Matthew Heon2018-09-21
|\ \ | | | | | | Update release notes for 0.9.3
| * | Update release notes for 0.9.3Matthew Heon2018-09-21
|/ / | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* | Refactor Wait() to not require a timeoutMatthew Heon2018-09-21
| | | | | | | | | | | | | | | | | | | | | | We added a timeout for convenience, but most invocations don't care about it. Refactor it into WaitWithTimeout() and add a Wait() that doesn't require a timeout and uses the default. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1527 Approved by: mheon
* | Updates from reviewsJhon Honce2018-09-21
| | | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1519 Approved by: rhatdan
* | Implement new subcommandsJhon Honce2018-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor create subparser to share arguments with run subparser * Add argparse.*Action subclasses to reduce duplicate code in parsers * Using BooleanAction now accept True/False value as expected * .pylintrc added to loosen variable name policing * Update AbstractBaseAction to remove unset arguments before transmitting to podman service * Align logging messages to podman output * Renamed global argument from --user to --username, to avoid conflict with create/run podman commands * Add new subcommands: run, create, history, import, info, push, restart and search Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1519 Approved by: rhatdan
* | Don't mount /dev/shm if the user told you --ipc=noneDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1466 Approved by: mheon
* | rootless: error out if there are not enough UIDs/GIDs availableGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | | | | | | | | | Most container images assume there are at least 65536 UIDs/GIDs available. Raise an error if there are not enough IDs allocated to the current user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1520 Approved by: rhatdan
* | Vendor in latest containers/buildahDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | | | | | | | Fixes issues with builtin volumes having correct ownership and permissions when doing podman builds. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1525 Approved by: giuseppe
* | rootless: fix create with images not in the storageGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | | | | | | | | | | | This chunk was mistakenly removed with ecec1a5430885baf96d2e3d6153c7454c41a4617 Introduce it back as it solves the pull of an image that is not yet in the storage when using create/run. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1521 Approved by: baude
* | rootless: skip usage of filepath.JoinGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* | create, rootless: join the userns of ns:PATHGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* | create, rootless: join the userns of container:CONTAINERGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | | | | | | | | | so that we can also join the requested namespace. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* | spec: refactor ns modes to a common interfaceGiuseppe Scrivano2018-09-21
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1507 Approved by: rhatdan
* | Don't output inodes created to run a containerDaniel J Walsh2018-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a group of inodes that get created when running a container if they do not exist. containerMounts = map[string]bool{ "/dev": true, "/etc/hostname": true, "/etc/hosts": true, "/etc/resolv.conf": true, "/proc": true, "/run": true, "/run/.containerenv": true, "/run/secrets": true, "/sys": true, } If the destination inode does not exist, libpod/runc will create the inode. This can cause programs like podman diff to see the image as having changed, when actually it has not. This patch ignores changes in these inodes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1508 Approved by: giuseppe
* | Add rpmbuild to the openshift fedora test imagebaude2018-09-20
| | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1517 Approved by: rhatdan
* | Add new field to libpod to indicate whether or not to use labellingDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also update some missing fields libpod.conf obtions in man pages. Fix sort order of security options and add a note about disabling labeling. When a process requests a new label. libpod needs to reserve all labels to make sure that their are no conflicts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1406 Approved by: mheon
* | Bind Mounts should be mounted read-only when in read-only modeDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | | | | | | We don't want to allow users to write to /etc/resolv.conf or /etc/hosts if in read only mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1510 Approved by: TomSweeneyRedHat
* | test, rootless: enforce cgroupfs managerGiuseppe Scrivano2018-09-20
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1515 Approved by: baude
* | report when rootlessbaude2018-09-20
| | | | | | | | | | | | | | | | | | | | when running as rootless, report as such. resolves: #1509 Signed-off-by: baude <bbaude@redhat.com> Closes: #1514 Approved by: rhatdan
* | add the gopath environment variable to the openshift dockerfilebaude2018-09-19
| | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1513 Approved by: baude
* | Vendor in latest opencontainers/runtime-toolsDaniel J Walsh2018-09-19
| | | | | | | | | | | | | | | | | | | | This will cause /proc inside of the container to match the mount options of the host. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1511 Approved by: baude