summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* netavark e2e testsBrent Baude2022-02-02
| | | | | | enabled e2e tests for netavark Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13110 from giuseppe/enforce-dev-shm-with-noexec-nosuid-nodevOpenShift Merge Robot2022-02-02
|\ | | | | libpod: enforce noexec,nosuid,nodev for /dev/shm
| * libpod: enforce noexec,nosuid,nodev for /dev/shmGiuseppe Scrivano2022-02-02
| | | | | | | | | | | | | | these mount flags are already used for the /dev/shm mount on the host, but they are not set for the bind mount itself. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #13106 from cevich/not_buildOpenShift Merge Robot2022-02-02
|\ \ | |/ |/| Cirrus: Add [CI:BUILD] magic that only builds
| * Cirrus: Add [CI:BUILD] magic that only buildsChris Evich2022-02-01
| | | | | | | | | | | | | | | | This is intended for cases where no code changes were made in this repo. but something did change which could affect the toolchain. For example, `Makefile` or packaging changes. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #13105 from lsm5/copr-fix-dependenciesOpenShift Merge Robot2022-02-01
|\ \ | | | | | | COPR: fix dependencies
| * | COPR: fix dependenciesLokesh Mandvekar2022-02-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers-common rpm now `Recommends: netavark` and `Provides: container-network-stack` which are actually provided by both cni-plugins and netavark. Netavark has a `Recommends: aardvark-dns` already. So, we should only depend on the containers-common package and let it handle everything. Also, dnsname no longer needs to be recommended if we want new users to use netavark / aardvark-dns. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #13066 from rhatdan/manOpenShift Merge Robot2022-02-01
|\ \ \ | | | | | | | | Clarify remote client means Mac and Windows
| * | | Clarify remote client means Mac and WindowsDaniel J Walsh2022-01-28
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13085 from ydayagi/mainOpenShift Merge Robot2022-02-01
|\ \ \ \ | |_|_|/ |/| | | play kube envVar.valueFrom.fieldRef
| * | | play kube envVar.valueFrom.fieldRefYaron Dayagi2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for env vars values from pod spec fields see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core relates to issue https://github.com/containers/podman/issues/12756 Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | | Merge pull request #12814 from cevich/netavarkOpenShift Merge Robot2022-02-01
|\ \ \ \ | |_|_|/ |/| | | Cirrus: Add e2e task w/ upstream netavark
| * | | Cirrus: Also download aardvark-dns binaryChris Evich2022-01-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This involves a minor code-change so the download/install can run in a loop for the two different repositories and binaries. Given everything is exactly the same except the URLs and names. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | Cirrus: Add e2e task w/ upstream netavarkChris Evich2022-01-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds the CI mechanisms to obtain the latest upstream netavark binary, and set a magic env-var to indicate e2e tests should execute podman with `--network-driver=netavark`. A future commit implement this functionality within the e2e tests. Due to the way the new environment is enabled, the standard task name is too long for github to display without adding ellipsis. Force the custom task name `Netavark Integration` to workaround this. At some future point, when netavark is more mainstream/widely supported, this custom task and upstream binary install can simply be removed - i.e. netavark will simply be used by default in the normal e2e tasks. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #13101 from giuseppe/report-slirp4netns-statsOpenShift Merge Robot2022-02-01
|\ \ \ \ | | | | | | | | | | libpod: report slirp4netns network stats
| * | | | libpod: report slirp4netns network statsGiuseppe Scrivano2022-02-01
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by default slirp4netns uses the tap0 device. When slirp4netns is used, use that device by default instead of eth0. Closes: https://github.com/containers/podman/issues/11695 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13100 from fj-tsubasa/oom-kill-disable-manOpenShift Merge Robot2022-02-01
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add notes to "--oom-kill-disable" not supported on cgroups V2
| * | | | Add notes to "--oom-kill-disable" not supported on cgroups V2Tsubasa Watanabe2022-01-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clarify "--oom-kill-disable" is not supported on cgroups V2 in documentation. Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
* | | | | Merge pull request #13064 from rhatdan/pauseOpenShift Merge Robot2022-02-01
|\ \ \ \ \ | | | | | | | | | | | | Fix use of infra image to clarify default
| * | | | | Fix use of infra image to clarify defaultDaniel J Walsh2022-01-31
|/ / / / / | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13091 from lsm5/fix-nightly-ci-buildsOpenShift Merge Robot2022-01-31
|\ \ \ \ \ | | | | | | | | | | | | CI: fix nightly builds
| * | | | | CI: fix nightly buildsLokesh Mandvekar2022-01-31
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nightly builds were failing on CI ever since the Makefile change to have install target independent of build targets. See: e4636ebdc84ca28cf378873435cc9a27c81756f8 This commit ensures everything is built before installation. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #13078 from patrycja-guzik/podman-image-ls-filtersOpenShift Merge Robot2022-01-31
|\ \ \ \ \ | |/ / / / |/| | | | [CI:DOCS] Adapt podman images ls filters docs to be aligned with prune filters docs
| * | | | Adapt podman images ls filters docs to be aligned with prune filters docsPatrycja Guzik2022-01-29
|/ / / / | | | | | | | | | | | | Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com>
* | | | Merge pull request #13061 from flouthoc/podman-vm-delegate-subsystemOpenShift Merge Robot2022-01-28
|\ \ \ \ | |_|_|/ |/| | | ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
| * | | ignition, machine: delegate cpu,io cgroup controllers to machine's default usersAditya R2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Makes sure that ignition setups up systemd config so cgroup controllers like `cpu, io` are also delegated to `non-root` along with `memory, pid`. This allows general users of `podman` on `macOS` and `podman-remote` to do operations which are dependent on `cpu, io` cgroup controllers. [NO TESTS NEEDED] [NO NEW TESTS NEEDED] We don't have a CI infra to test this, please pull the tree and run `podman info` inside the machine to confirm. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #12712 from flouthoc/volume_overlay_advancedOpenShift Merge Robot2022-01-28
|\ \ \ \ | | | | | | | | | | volume: add support for non-volatile `upperdir`,`workdir` for overlay volumes
| * | | | volume: add support for non-volatile upperdir,workdir for overlay volumesAditya Rajan2022-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Often users want their overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be `overlay` so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console $ podman run -it -v myvol:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #13048 from cevich/fix_get_ci_vmOpenShift Merge Robot2022-01-28
|\ \ \ \ \ | |_|/ / / |/| | | | [CI:DOCS] Cirrus: Fix get_ci_vm.sh initial setup
| * | | | Cirrus: Fix get_ci_vm.sh initial setupChris Evich2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to some recent changes in the Makefile, the setup part of the script is now breaking with the error: ``` install: cannot stat 'bin/rootlessport': No such file or directory make: *** [Makefile:767: install.bin] Error 1 ``` The root-cause seems to be the `install` targets not properly specifying their build dependencies. This may lead to other problems WRT automation, but for now I'm just patching this tool to workaround the issue. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #13052 from Luap99/issues2OpenShift Merge Robot2022-01-28
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] github: label issues based on os fix regex
| * | | | | github: label issues based on os fix regexPaul Holzinger2022-01-27
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Good news the github action works, however I noticed that we cannot use a multiline regex so we have to use serviceIsRemote to detect if this is a remote client. Also change the os regex so that it matches both the output of podman version and podman info. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | Merge pull request #13050 from Luap99/issuesOpenShift Merge Robot2022-01-27
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] github: label issues based on os
| * | | | | github: label issues based on osPaul Holzinger2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We get a lot of issues for podman-remote on macos. Since the fact that this is a remote client is often overlooked by us lets add windows, macos and remote label automatically based on a regex which should match the output of podman version. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #13049 from edsantiago/batsDaniel J Walsh2022-01-27
|\ \ \ \ \ \ | | | | | | | | | | | | | | System tests: emergency skip of checkpoint tests
| * | | | | | System tests: emergency skip of checkpoint testsEd Santiago2022-01-27
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | ...on kernel 5.17, because it's broken Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #13042 from Luap99/subnetsOpenShift Merge Robot2022-01-27
|\ \ \ \ \ \ | |/ / / / / |/| | | | | network create: allow multiple subnets
| * | | | | network create: allow multiple subnetsPaul Holzinger2022-01-27
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman network create --subnet, --gateway and --ip-range can now be specified multiple times to join the network to more than one subnet. This is very useful if you want to use a dual stack network and assign a fixed ipv4 and ipv6 subnet. The order of the options is important here, the first --gateway/--ip-range will be assigned to the first subnet and so on. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13035 from rhatdan/docs1OpenShift Merge Robot2022-01-27
|\ \ \ \ \ | | | | | | | | | | | | CI:DOCS: Add troublshooting info on podman machine remove followed by podman machine init
| * | | | | Update troubleshooting.mdbazhang872022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Bart Zhang bazhang@redhat.com Co-authored-by: Erik Sjölund <erik.sjolund@gmail.com> Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #13034 from rhatdan/docsOpenShift Merge Robot2022-01-27
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | CI:DOCS: Unify podman prune filter description: volumes, networks, system
| * | | | | Fix sort ordering of filtersDaniel J Walsh2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | | | Unify podman prune filter description: volumes, networks, systemPatrycja Guzik2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | follow up of #12976 Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com>
* | | | | | Merge pull request #13029 from TomSweeneyRedHat/dev/tsweeney/mergepull2OpenShift Merge Robot2022-01-27
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Bump Buildah to v1.24.0
| * | | | | Bump Buildah to v1.24.0tomsweeneyredhat2022-01-27
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps Buildah to v1.24.0 and adopts the new values for pull: true, false, never, and always. The pull-never and pull-always options for the build command are still usable, but they have been removed from the man page documentation with this change. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* | | | | Merge pull request #12867 from cdoern/scpOpenShift Merge Robot2022-01-27
|\ \ \ \ \ | |_|/ / / |/| | | | switch podman image scp from depending on machinectl to just os/exec
| * | | | switch podman image scp from depending on machinectl to just os/execcdoern2022-01-26
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | machinectl does not propogate error messages and adds extra lines in the output, exec.Cmd is able to clear the env besides PATH and TERM, and use the given UID and GID to execute the command properly. machinectl is still used to create a user session. Ubuntu support is limited by this. Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #13031 from ↵OpenShift Merge Robot2022-01-27
|\ \ \ \ | |/ / / |/| | | | | | | | | | | giuseppe/drop-permission-check-privileged-rootless-devices rootless: drop permission check for devices
| * | | rootless: drop permission check for devicesGiuseppe Scrivano2022-01-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 350ede1eeb6ab33bce2918d7768b940c255e63c6 added the feature. Do not check whether the device is usable by the rootless user before adding to the container. Closes: https://github.com/containers/podman/issues/12704 [NO NEW TESTS NEEDED] it requires changes on the host to test it Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13017 from ↵OpenShift Merge Robot2022-01-26
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.19.0 Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0