| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
enabled e2e tests for netavark
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
libpod: enforce noexec,nosuid,nodev for /dev/shm
|
| |
| |
| |
| |
| |
| |
| | |
these mount flags are already used for the /dev/shm mount on the host,
but they are not set for the bind mount itself.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
Cirrus: Add [CI:BUILD] magic that only builds
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is intended for cases where no code changes were made in this repo.
but something did change which could affect the toolchain. For example,
`Makefile` or packaging changes.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
COPR: fix dependencies
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
containers-common rpm now `Recommends: netavark` and
`Provides: container-network-stack` which are
actually provided by both cni-plugins and netavark.
Netavark has a `Recommends: aardvark-dns` already.
So, we should only depend on the containers-common package and let it
handle everything.
Also, dnsname no longer needs to be recommended if we want new users to
use netavark / aardvark-dns.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
Clarify remote client means Mac and Windows
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
play kube envVar.valueFrom.fieldRef
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add support for env vars values from pod spec fields
see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
relates to issue https://github.com/containers/podman/issues/12756
Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Cirrus: Add e2e task w/ upstream netavark
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This involves a minor code-change so the download/install can run in a
loop for the two different repositories and binaries. Given everything
is exactly the same except the URLs and names.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This PR adds the CI mechanisms to obtain the latest upstream netavark
binary, and set a magic env-var to indicate e2e tests should execute
podman with `--network-driver=netavark`. A future commit implement
this functionality within the e2e tests.
Due to the way the new environment is enabled, the standard task name
is too long for github to display without adding ellipsis. Force the
custom task name `Netavark Integration` to workaround this. At some
future point, when netavark is more mainstream/widely supported, this
custom task and upstream binary install can simply be removed - i.e.
netavark will simply be used by default in the normal e2e tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
libpod: report slirp4netns network stats
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
by default slirp4netns uses the tap0 device. When slirp4netns is
used, use that device by default instead of eth0.
Closes: https://github.com/containers/podman/issues/11695
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Add notes to "--oom-kill-disable" not supported on cgroups V2
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Clarify "--oom-kill-disable" is not supported on cgroups V2 in
documentation.
Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix use of infra image to clarify default
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
CI: fix nightly builds
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Nightly builds were failing on CI ever since the Makefile change to have
install target independent of build targets.
See: e4636ebdc84ca28cf378873435cc9a27c81756f8
This commit ensures everything is built before installation.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
[CI:DOCS] Adapt podman images ls filters docs to be aligned with prune filters docs
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
ignition, machine: delegate `cpu,io,memory,pid cgroup controllers` to machine's non-root users.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Makes sure that ignition setups up systemd config so cgroup controllers
like `cpu, io` are also delegated to `non-root` along with `memory,
pid`.
This allows general users of `podman` on `macOS` and `podman-remote` to
do operations which are dependent on `cpu, io` cgroup controllers.
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
We don't have a CI infra to test this, please pull the tree and run
`podman info` inside the machine to confirm.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
volume: add support for non-volatile `upperdir`,`workdir` for overlay volumes
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Often users want their overlayed volumes to be `non-volatile` in nature
that means that same `upper` dir can be re-used by one or more
containers but overall of nature of volumes still have to be `overlay`
so work done is still on a overlay not on the actual volume.
Following PR adds support for more advanced options i.e custom `workdir`
and `upperdir` for overlayed volumes. So that users can re-use `workdir`
and `upperdir` across new containers as well.
Usage
```console
$ podman run -it -v myvol:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh
```
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
[CI:DOCS] Cirrus: Fix get_ci_vm.sh initial setup
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Due to some recent changes in the Makefile, the setup part of the script
is now breaking with the error:
```
install: cannot stat 'bin/rootlessport': No such file or directory
make: *** [Makefile:767: install.bin] Error 1
```
The root-cause seems to be the `install` targets not
properly specifying their build dependencies. This may lead to other
problems WRT automation, but for now I'm just patching this tool to
workaround the issue.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] github: label issues based on os fix regex
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Good news the github action works, however I noticed that we cannot use
a multiline regex so we have to use serviceIsRemote to detect if this is
a remote client. Also change the os regex so that it matches both the
output of podman version and podman info.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] github: label issues based on os
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We get a lot of issues for podman-remote on macos. Since the fact that
this is a remote client is often overlooked by us lets add windows, macos
and remote label automatically based on a regex which should match the
output of podman version.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
System tests: emergency skip of checkpoint tests
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
...on kernel 5.17, because it's broken
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
network create: allow multiple subnets
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman network create --subnet, --gateway and --ip-range can now be
specified multiple times to join the network to more than one subnet.
This is very useful if you want to use a dual stack network and assign a
fixed ipv4 and ipv6 subnet. The order of the options is important here,
the first --gateway/--ip-range will be assigned to the first subnet and
so on.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
CI:DOCS: Add troublshooting info on podman machine remove followed by podman machine init
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Bart Zhang bazhang@redhat.com
Co-authored-by: Erik Sjölund <erik.sjolund@gmail.com>
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
CI:DOCS: Unify podman prune filter description: volumes, networks, system
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
follow up of #12976
Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Bump Buildah to v1.24.0
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps Buildah to v1.24.0 and adopts the new values for pull:
true, false, never, and always. The pull-never and pull-always options
for the build command are still usable, but they have been removed from
the man page documentation with this change.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
switch podman image scp from depending on machinectl to just os/exec
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
machinectl does not propogate error messages and adds extra lines in the output, exec.Cmd is able to clear the env besides PATH and TERM,
and use the given UID and GID to execute the command properly.
machinectl is still used to create a user session. Ubuntu support is limited by this.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
giuseppe/drop-permission-check-privileged-rootless-devices
rootless: drop permission check for devices
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 350ede1eeb6ab33bce2918d7768b940c255e63c6 added the feature.
Do not check whether the device is usable by the rootless user before
adding to the container.
Closes: https://github.com/containers/podman/issues/12704
[NO NEW TESTS NEEDED] it requires changes on the host to test it
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/image/v5-5.19.0
Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
|