summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* rootless: require subids to be presentGiuseppe Scrivano2018-07-16
| | | | | | | | | | | | | | | | | | Most images won't work without multiple ids/gids. Error out immediately if there are no multiple ids available. The error code when the user is not present in /etc/sub{g,u}id looks like: $ bin/podman run --rm -ti alpine echo hello ERRO[0000] No subuid ranges found for user "gscrivano" Closes: https://github.com/projectatomic/libpod/issues/1087 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1097 Approved by: rhatdan
* Downgrade setup.pyJhon Honce2018-07-14
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1095 Approved by: mheon
* Merge pull request #1093 from mheon/bump-0.7.2Matthew Heon2018-07-13
|\ | | | | Bump to 0.7.2
| * Bump gitvalidation epochMatthew Heon2018-07-13
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.7.3-devMatthew Heon2018-07-13
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.7.2v0.7.2Matthew Heon2018-07-13
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1089 from mheon/add_exitedMatthew Heon2018-07-13
|\ | | | | Record whether the container has exited
| * Change logic for detecting conflicting flags in psMatthew Heon2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | There's no reason --size cannot be used together with a Go template - in fact, using a Go template for {{.Size}} without --size being passed will not work. Allow use of --namespace and --size with Go templates, but not with --quiet. Do not allow --namespace and --size at the same time. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Fix ps --sort=size testMatthew Heon2018-07-13
| | | | | | | | | | | | | | I don't know how the previous test was succeeding, as we never actually fetched the sizes to sort with. The test now does. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Only print container size JSON if --size was requestedMatthew Heon2018-07-13
| | | | | | | | | | | | | | To do this, move it into a separate struct, and embed that in the JSON we return. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Don't print rootfs and rw sizes if they're emptyMatthew Heon2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | We're printing them unconditionally now, even if --size is not passed, which is confusing (you see a pair of 0s for container size, when it is clearly not 0). This may introduce bugs related to containers with an rwsize of 0 (freshly created from an image) and --size specified, but is definitely better than what we have now. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Major fixes to podman ps --format=json outputMatthew Heon2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | A number of fields were never being populated. Populate them as best we can. Add a new field, exited, to indicate whether the exit code has meaning (IE, the container has exited). Fix handling of running time - it stops ticking when the container stops. There is further work needed here, I suspect. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Ignore running containers in ps exit-code filtersMatthew Heon2018-07-13
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | | | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1081 from jwhonce/wip/clientMatthew Heon2018-07-13
|\ \ | |/ |/| remote python client for podman
| * Update python directories to better support setup.pyJhon Honce2018-07-13
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * remote python client for podmanJhon Honce2018-07-13
|/ | | | | | | | * Use podman library for access * Verbose error checking * Planned windows and macosx ports Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #1091 from giuseppe/rootless-unshare-mount-nsDaniel J Walsh2018-07-13
|\ | | | | rootless: unshare mount namespace
| * rootless: unshare mount namespaceGiuseppe Scrivano2018-07-13
| | | | | | | | | | | | | | | | | | | | | | unshare the mount namespace as well when creating an user namespace so that we are the owner of the mount namespace and we can mount FUSE file systems on Linux 4.18. Tested on Fedora Rawhide: podman --storage-opt overlay.fuse_program=/usr/bin/fuse-overlayfs run alpine echo hello hello Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ \ | | | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * | rootless: correctly propagate the exit status from the containerGiuseppe Scrivano2018-07-13
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | runtime: delete unused functionGiuseppe Scrivano2018-07-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: resolve the user home directoryGiuseppe Scrivano2018-07-11
| | | | | | | | | | | | | | | | | | Closes: https://github.com/projectatomic/libpod/issues/1073 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ \ | | | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
| * | | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>
* | | | Need to wait for container to exit before completing run/start completesDaniel J Walsh2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a race condition where conmon is still writing the exit file and the container is exiting. Also we should not be ignoring the -a stdin flag if the user specifies --interactive mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | | | If proxy fails then then signal should be sent to the main processDaniel J Walsh2018-07-13
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | This way ^c will actually kill the host process if the container is not actually running. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | | fix pull image that includes a shabaude2018-07-13
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when pulling an image that includes a sha such as: centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7 the final image name in libpod should not contain portions of the sha itself nor the sha identifier. and like docker, we provide a 'none' tag as well. this should fix #877 Signed-off-by: baude <bbaude@redhat.com> Closes: #1085 Approved by: mheon
* | Added created time to pod statehaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1079 Approved by: rhatdan
* | Support multiple networksbaude2018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a refresh of Dan William's PR #974 with a rebase and proper vendoring of ocicni and containernetworking/cni. It adds the ability to define multiple networks as so: podman run --network=net1,net2,foobar ... Signed-off-by: baude <bbaude@redhat.com> Closes: #1082 Approved by: baude
* | Log all output of logrus to syslog as well as stdout/stderrDaniel J Walsh2018-07-12
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1084 Approved by: baude
* | podman rmi should only untag image if parent of anotherumohnani82018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | podman rmi was deleting an image even if it was a parent of another image. This fix just untags the image instead. This also fixes podman rmi to remove intermediate images of an image when the image is removed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1055 Approved by: mheon
* | Changed container status of Unknown from being printed as Dead to Error in Pshaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1083 Approved by: rhatdan
* | Fix podman build completionsDaniel J Walsh2018-07-12
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1077 Approved by: giuseppe
* | Refactor attach()/start() after podman changesJhon Honce2018-07-12
| | | | | | | | | | | | | | | | | | | | | | * Update examples * Update/Clean up unittests * Add Mixins for container attach()/start() Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1080 Approved by: baude
* | create conmon sockets when getting their pathsbaude2018-07-11
| | | | | | | | | | | | | | | | | | | | | | | | when using the getattachsockets endpoint, which returns the sockets needed to create and use a terminal, we should check if the container is just in the configured state. if so, we need to perform a container init to have conmon create the required sockets so we can attach to them prior to starting the container. Signed-off-by: baude <bbaude@redhat.com> Closes: #1067 Approved by: jwhonce
* | build: enable ostree in containers/storage when availableGiuseppe Scrivano2018-07-11
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1071 Approved by: rhatdan
* | podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
|/ | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* rootless: fix when argv[0] is not an absolute pathGiuseppe Scrivano2018-07-10
| | | | | | | | | | | | use execvp instead of exec so that we keep the PATH environment variable and the lookup for the "podman" executable works. Closes: https://github.com/projectatomic/libpod/issues/1070 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1072 Approved by: mheon
* Allow Init() on stopped containersMatthew Heon2018-07-09
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1068 Approved by: baude
* urfave/cli: fix regression in short-opts parsingValentin Rothberg2018-07-09
| | | | | | | | | | | Add the actual argument, not the one we're looking for when searching the to-be-translated short-opt string. Otherwise, we're likely to hit an infinite loop. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1066 Approved by: rhatdan
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Vendor in latest buildah to add masks for /proc/keys and /proc/acpiDaniel J Walsh2018-07-09
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1062 Approved by: baude
* Vendor in latest containers/storageDaniel J Walsh2018-07-08
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1061 Approved by: baude
* Mask /proc/keys to protect information leak about keys on hostDaniel J Walsh2018-07-08
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1060 Approved by: mheon
* ctime: Drop 32-/64-bit distinction on LinuxW. Trevor King2018-07-07
| | | | | | | | | | | We added the explicit int64 casts for 32-bit builds in 35e1ad78 (Make libpod build on 32-bit systems, 2018-02-12, #324), but the explicit casts work fine on 64-bit systems too. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1058 Approved by: mheon
* Podman stats with no containers listed is the same as podman stats --allhaircommander2018-07-07
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1031 Approved by: rhatdan
* Refactor unittest for change in history APIJhon Honce2018-07-06
| | | | | | | | | | | * test_images.TestImages.test_history changed to allow '<missing>' as legal image ID. Previously all layers used the image ID. Now layer 0 reports '<missing>'. Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1056 Approved by: jwhonce