summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* service: do not run under the root cgroupGiuseppe Scrivano2022-06-30
| | | | | | | | | | | | | at startup, when running on a cgroup v2 system, check if the current process is running in the root cgroup and move it to a sub-cgroup, otherwise Podman is not able to create cgroups and move processes there. Closes: https://github.com/containers/podman/issues/14573 [NO NEW TESTS NEEDED] it needs nested podman Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: move the cgroup if root on cgroupv2Giuseppe Scrivano2022-06-30
| | | | | | | if we are running on cgroupv2, force the creation of a sub-cgroup even when we are at the root for the cgroup v2 unified mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #14770 from ↵openshift-ci[bot]2022-06-29
|\ | | | | | | | | containers/dependabot/go_modules/github.com/stretchr/testify-1.8.0 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
| * build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0dependabot[bot]2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | Merge pull request #14720 from sstosh/rm-optionopenshift-ci[bot]2022-06-29
|\ \ | | | | | | Fix: Prevent OCI runtime directory remain
| * | Fix: Prevent OCI runtime directory remainToshiki Sonoda2022-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug was introduced in https://github.com/containers/podman/pull/8906. When we use 'podman rm/restart/stop/kill etc...' command to the container running with --rm, the OCI runtime directory remains at /run/<runtime name> (root user) or /run/user/<user id>/<runtime name> (rootless user). This bug could cause other bugs. For example, when we checkpoint the container running with --rm (podman checkpoint --export) and restore it (podman restore --import) with crun, error message "Error: OCI runtime error: crun: container `<container id>` already exists" is outputted. This error is caused by an attempt to restore the container with the same container ID as the remaining OCI runtime's container ID. Therefore, I fix that the cleanupRuntime() function runs to remove the OCI runtime directory, even if the container has already been removed by --rm option. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | Merge pull request #14706 from ashley-cui/rootmachopenshift-ci[bot]2022-06-29
|\ \ \ | | | | | | | | Only allow Rootless runs of Podman Machine
| * | | Only allow Rootless runs of Podman MachineAshley Cui2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #14775 from cevich/podman_image_commentopenshift-ci[bot]2022-06-29
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Update podmanimage comment.
| * | | | [CI:DOCS] Update podmanimage comment.Chris Evich2022-06-29
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Drop a reference as to why the `rpm --setcaps...` line is needed, along with a `TODO` reminder to check if it's still needed. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #14764 from cdoern/cgroupopenshift-ci[bot]2022-06-29
|\ \ \ \ | |_|_|/ |/| | | limit cgroupfs when rootless
| * | | only create crgoup when not rootless if using cgroupfsCharlie Doern2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] now that podman's cgroup config tries to initialize controllers, cgroupfs errors out on pod creation we need to mimic the behavior that used to exist and only create the cgroup when running as rootful Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #14740 from flouthoc/bindings-remove-manifestopenshift-ci[bot]2022-06-29
|\ \ \ \ | | | | | | | | | | bindings: Add support for `Delete` for deleting manifest list from local storage.
| * | | | bindings: Add support for Delete in pkg/bingings/manifestAditya R2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bindings already support `Remove` which removes a manifest from the list following function adds support for removing entire manifest for local storage. Similar functionality can be also used indirectly by using `Remove` defined in image bindings Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14666 from shanesmith/machine-pidfileopenshift-ci[bot]2022-06-29
|\ \ \ \ \ | | | | | | | | | | | | Make `podman machine stop` wait for qemu to exit
| * | | | | Make `podman machine stop` wait for qemu to exitShane Smith2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - New `VMPidFilePath` field in MachineVM config holds the path for the qemu PID file - qemu is now started with the `-pidfile` argument set to `VMPidFilePath` - Machines created before this won't have the VM PID file configured, stopping these VMs will revert back to waiting on the state to change away from `Running`, plus an added 2s sleep to give time for the VM to exit and to avoid potential issues - Machines created after this will have a VM PID file configured and stopping the machine will wait indefinitely for the VM to exit [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | | Merge pull request #14765 from giuseppe/unpause-before-killopenshift-ci[bot]2022-06-29
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | runtime: unpause the container before killing it
| * | | | | runtime: unpause the container before killing itGiuseppe Scrivano2022-06-28
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the new version of runc has the same check in place and it automatically resume the container if it is paused. So when Podman tries to resume it again, it fails since the container is not in the paused state. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2100740 [NO NEW TESTS NEEDED] the CI doesn't use a new runc on cgroup v1 systems. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #14754 from vrothberg/fix-14669openshift-ci[bot]2022-06-28
|\ \ \ \ \ | | | | | | | | | | | | vendor containers/common
| * | | | | vendor containers/commonValentin Rothberg2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull in fixes for platform checks to silence annoying warnings when pulling images by platforms using uname values. Fixes: #14669 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #14755 from cdoern/systemopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix volume reporting in system df
| * | | | | | fix volume reporting in system dfCharlie Doern2022-06-28
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | currently, podman system df incorrectly calculates the reclaimable storage for volumes, using a cumulative reclaimable variable that is incremented and placed into each report entry causing values to rise above 100%. Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does. resolves #13516 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #14717 from ZeyadYasser/fix-restore-runtime-checkopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix runtime check during restore
| * | | | | | Add test for restore runtime verification using non-default runtimeZeyad Yasser2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Runtime verification test for container checkpoint with export used the default runtime for test which causes test to always pass. Problem rises when using non-default runtime, then doing a restore. This test forcse using a non-default runtime during container creation. Edge case: 1. Default runtime is crun 2. Container is created with runc 3. Checkpoint without setting --runtime into archive 4. Restore without setting --runtime from archive It should be expected that podman identifies runtime from the checkpoint archive. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
| * | | | | | Fix runtime check during restoreZeyad Yasser2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cfg.RuntimePath was set to default runtime, so the empty string check fails. Instead we could check if the flag was changed. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
* | | | | | | Merge pull request #14400 from cdoern/scpopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | podman image scp remote support & podman image scp tagging
| * | | | | | podman image scp remote support & podman image scp taggingcdoern2022-06-28
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | | | Merge pull request #14700 from shuttle-hq/bug/docker-compat-initializedopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ | | | | | | | | | | | | | | Docker compat returning unknown "initialized" for `status.status`
| * | | | | | Docker compat returning unknown "initialized" for `status.status`chesedo2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some background for this PR is in discussion #14641. In short, ever so often a container inspect will return a `status.status` of `initialized` from the Docker compat socket. From the discussion I found these lines which tries to fix a "configured" status to "created". https://github.com/containers/podman/blob/c936d1e61154b6826e9d8df46e9660aba6c86cfe/pkg/api/handlers/compat/containers.go#L291-L294 However, commit 141de8686289 (Revamp Libpod state strings for Docker compat) removed the "configured" return value from the `String()` method called on line 291 above. Thus, making the `if` check redundant as it will never hit. But the same commit also introduces a return for "initialized" which this `if` should probably have been adapted for. Signed-off-by: Pieter Engelbrecht <pieter@shuttle.rs>
* | | | | | | Merge pull request #14734 from giuseppe/copyup-switch-orderopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | volume: add two new options copy and nocopy
| * | | | | | | volume: new options [no]copyGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add two new options to the volume create command: copy and nocopy. When nocopy is specified, the files from the container image are not copied up to the volume. Closes: https://github.com/containers/podman/issues/14722 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | volume: drop TODO commentGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the two operations are equivalent since securejoin.SecureJoin() has solved the symlinks. Prefer the Lstat version though to make sure symlinks are never resolved and we do not end up using a path on the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | volumes: switch order of checksGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | avoid any I/O operation on the volume if the source directory is empty. This is useful on network file systems (since CAP_DAC_OVERRIDE is not honored) where the root user might not have enough privileges to perform an I/O operation on the NFS mount but the user running inside the container has. [NO NEW TESTS NEEDED] it needs a setup with a network file system Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | vendor: update containers/commonGiuseppe Scrivano2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | | Merge pull request #14751 from dfr/freebsd-makeopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ \ | |_|_|/ / / / / |/| | | | | | | FreeBSD build support
| * | | | | | | Makefile: don't try to build rootlessport on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless containers are not possible on FreeBSD. While I would like to close that gap, getting the necessary changes into the FreeBSD kernel is a long term project so until then, this removes the rootlessport helper from the build on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | Makefile: don't use '-t' to specify the directory to install manpagesDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This option doesn't exist on freebsd or macos' install utility. In this case, we can use the 'install file1 file2 ... dir' pattern which is supported by all implementations of install that I'm aware of. The makefile rule already creates the target directory so there is no ambiguity. No new tests are needed here since the same files are being installed in the same places. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | Makefile: use GNU sed to convert manpages on FreeBSDDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sed implementation on FreeBSD has a strict interpretation of posix 'basic' regular expressions. It would be better to re-implement this using 'extended' regular expressions but for now, just use GNU sed. This should have no functional difference on currently supported platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | | | | Makefile: use bash to evaluate tool pathsDoug Rabson2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The makefile uses the pattern $(shell command -v path1 path2 ...) to deduce pathnames for various executables. On FreeBSD, the default shell does have a 'command' builtin which supports the '-v' option but only allows a single path as argument. Rather than work around this limitation with alternatives like for, just set bash as the default shell. We already require bash to be installed for various helper scripts. This change only affects FreeBSD so no new tests are needed. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | | | | Merge pull request #14741 from giuseppe/pod-ps-no-raceopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | pod: ps does not race with rm
| * | | | | | | pod: ps does not race with rmGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the "pod ps" command first retrieves the list of all pods, then iterates over the list to inspect each pod. This introduce a race since a pod could be deleted in the meanwhile by another process. Solve it by ignoring the define.ErrNoSuchPod error. Closes: https://github.com/containers/podman/issues/14736 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | | pods: move code to a new functionGiuseppe Scrivano2022-06-28
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is a preparatory change for the next commit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #14742 from rhatdan/machineopenshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Show starting state when machine is starting
| * | | | | | | Show starting state when machine is startingDaniel J Walsh2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman machine list never shows the starting state. Fixes: https://github.com/containers/podman/issues/14738 [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | | Merge pull request #14597 from containers/closes_14583openshift-ci[bot]2022-06-28
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Use Regexp in volume ls --filter name
| * | | | | | | | Use Regexp in volume ls --filter nameBoaz Shuster2022-06-27
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | | | | | Merge pull request #14713 from Luap99/volume-pluginopenshift-ci[bot]2022-06-27
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | add podman volume reload to sync volume plugins
| * | | | | | | | add podman volume reload to sync volume pluginsPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod requires that all volumes are stored in the libpod db. Because volume plugins can be created outside of podman, it will not show all available plugins. This podman volume reload command allows users to sync the libpod db with their external volume plugins. All new volumes from the plugin are also created in the libpod db and when a volume from the db no longer exists it will be removed if possible. There are some problems: - naming conflicts, in this case we only use the first volume we found. This is not deterministic. - race conditions, we have no control over the volume plugins. It is possible that the volumes changed while we run this command. Fixes #14207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | | | test/testvol: rework testvol binaryPaul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add 4 new subcommands to the testvol binary, instead of just serving the volume api it now also can create/list/remove plugins. This is required to test new functionality where volumes are create outside of podman in the plugin. Podman should then be able to pick up the new volumes. The new testvol commands are: - serve: serve the podman api like the the testvol command before - create: create a volume with the given name - list: list all volume names - remove: remove the volume with the given name Also make a small update to the testvol Containerfile so that it can build correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | | | test/testvol: update container image golang to 1.18Paul Holzinger2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the golang verion for the testvol image to the latest version 1.18. This requires us to build with GO111MODULE=off. Use the FQDN to prevent the shortnames prompt. Also add --network none to the podman build command to make sure we are only using the copied deps and nothing else. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-26 16:03:18 +0000