| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the new firewall code vendored from CNI to replace the
existing iptables rule addition handler we had in place. This
adds proper support for firewalld and should be much better at
interacting with the firewall.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1431
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream CNI project has a PR open for adding iptables and
firewalld support, but this has been stalled for the better part
of a year upstream.
On advice of several maintainers, we are vendoring this code into
libpod, to perform the relevant firewall configuration ourselves.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1431
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this change if an error is raised when fetching the size of the
image, the error string will be printed as the size (instead of
panicing). In this particular case, the error string is "unable to
determine size".
This fixes bug #1405
Signed-off-by: Steve Baker <sbaker@redhat.com>
Closes: #1423
Approved by: mheon
|
| |\
| |
| | |
Bump to v0.9.1
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Update RELEASE_NOTES for 0.9.1 release
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We should be sharing cgroups namespace by default in pods
uts namespace sharing was broken in pods.
Create a new libpod/pkg/namespaces for handling of namespace fields
in containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1418
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When there was a conflict between a user-added volume and a mount
already in the spec, we previously respected the mount already in
the spec and discarded the user-added mount. This is counter to
expected behavior - if I volume-mount /dev into the container, I
epxect it will override the default /dev in the container, and
not be ignored.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1419
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
When user-specified volume mounts overlap with mounts already in
the spec, remove the mount in the spec to ensure there are no
conflicts.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1419
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1425
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
podman build docs should now reflect that the --layers default value is true.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1424
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to more closely mimic docker default behavior, the --layers
cli option is set to true by default for podman. the buildah
environment variable of BUILDAH_LAYERS is still honored and will
override the command line input.
this should be considered in place of PR #1383.
Many thanks for Scott McCarty for inspiring this welcome change.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1422
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
This bash script is meant to compliment the podman baseline
test script. It primarily focuses on exercising the common
actions of pods.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1421
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
This tests fails a lot, I think because of a race condition. Changing to
just make sure the inode of the /dev/shm on the host is the same as inside
the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1420
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1416
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
| |
Small amount of clean up on the baseline script to handle failing
on error. I also added an option to not use docker at all for platoforms
where docker cannot be installed.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1411
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
Figuring out the difference between a User and a USERNS
as well as Cgroup and CGROUPNS
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1417
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
When we create a pod that also has an infra container, we should
start the infra container automatically. This allows users to add
running containers to the pod immediately.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1415
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to vendor in the latest containerd/cgroups for a fix related to
slice delegation and systemd <= 239. The opencontainer/runtime-spec is
brought along for the ride.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1414
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
Remove podman --config option, since it does not do anything.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1410
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Right now, we don't print errors from c/image while trying to
pull images. This prints the errors when log-level=debug is set
so we can debug errors while pulling.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #1409
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1408
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ ./bin/podman --foo
$ echo $?
125
$ ./bin/podman foo
Command "foo" not found.
See `podman --help`.
$ echo $?
1
After this change
$ ./bin/podman foo
Command "foo" not found.
See `podman --help`.
$ echo $?
125
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1398
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
Podman logs was not parsing CRI logs well, especially
the F and P logs. Now using the same parsing code as
in kube here.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1403
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
When running podman rm -a on a storage where no images exist,
the exit code should NOT be non-zero.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1402
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
also refactor the rootless_test.go to facilitate running a test in a
rootless context.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
be sure to be in an userns for a rootless process before initializing
the runtime. In case we are not running as uid==0, take advantage of
"podman info" that creates the runtime.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
| |
Fixes: #1395
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1397
Approved by: mheon
|
| |\
| |
| | |
Bump to 0.8.5
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \
| |/
|/| |
Update release notes for 0.8.5
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Up time between checks for podman wait
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this patch, we were polling continuously to check if a
container had died. This patch changes this to poll 10 times a
second, which should be more than sufficient and drastically
reduce CPU utilization.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\ \
| | |
| | | |
Add proper support for systemd inside of podman
|
| |/ /
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently `podman pull rhel7/rhel-tools` is failing because it
sees rhel7 as a registry. This change will verify that the returned
registry from the parser is actually a registry and not a repo,
if a repo it will return the correct content, and we will pull the image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1387
Approved by: mtrmac
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Prevent a runc error that doesn't like symlinks as part
of the rootfs.
Closes: https://github.com/containers/libpod/issues/1389
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1390
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for commit, export, inspect, kill, logs, mount, pause
port commands
* Refactored Report class to allow column lengths to be optionally
driven by data
* Refactored Ps class to truncate image names on the left vs right
* Bug fixes
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
|
