summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ | | | | rootless: fix stop and rm when the container is running with uid != 0
| * rootless: fix pod stop|rm if uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | join the user namespace where the pod is running, so that we can both manage the storage and correctly send the kill signal to a process which is not running as root in the namespace. Closes: https://github.com/containers/libpod/issues/2577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: fix rm when uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: disable pod statsGiuseppe Scrivano2019-03-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: do not create automatically a userns for pod killGiuseppe Scrivano2019-03-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * errors: fix error cause comparisonGiuseppe Scrivano2019-03-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2597 from jwhonce/issue/2016OpenShift Merge Robot2019-03-11
|\ \ | | | | | | Initialize field in InfoHost struct
| * | Initialize field in InfoHost structJhon Honce2019-03-11
| | | | | | | | | | | | | | | | | | Fixes #2016 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #2538 from giuseppe/slirp4netns-pathOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | libpod: allow to configure path to the slirp4netns binary
| * | | libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2604 from giuseppe/allow-single-mappingsOpenShift Merge Robot2019-03-11
|\ \ \ | |_|/ |/| | rootless: allow single ID mappings
| * | rootless: allow single mappingsGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | pull: promote debug statement to errorGiuseppe Scrivano2019-03-11
| |/ | | | | | | | | | | print an error if there is any failure pulling an image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2606 from TomSweeneyRedHat/dev/tsweeney/builddocfixOpenShift Merge Robot2019-03-11
|\ \ | |/ |/| Remove --rm and --detach don't coexist note
| * Remove --rm and --detach don't coexist noteTomSweeneyRedHat2019-03-11
|/ | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> With later changes of Podman, you can now use both the --rm and --detach in a single run command. This PR removes the documentation in the man pages saying this is not allowed. Fixes: #2601
* Merge pull request #2603 from mheon/misc_pod_fixesOpenShift Merge Robot2019-03-11
|\ | | | | Misc pod fixes
| * Fix generation of infra container commandMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | | | When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Remove an unused if statement I addedMatthew Heon2019-03-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Don't delete another container's resolv and hosts filesMatthew Heon2019-03-10
| | | | | | | | | | | | | | | | | | | | | | The logic of deleting and recreating /etc/hosts and /etc/resolv.conf only makes sense when we're the one that creates the files - when we don't, it just removes them, and there's nothing left to use. Fixes #2602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix a potential segfault during infra container createMatthew Heon2019-03-10
|/ | | | | | | | | I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2516 from rhatdan/secretsOpenShift Merge Robot2019-03-09
|\ | | | | Move secrets package to buildah
| * Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2576 from rhatdan/troubleshootingOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Add troublshoot information about SELinux labeling of containers/storage
| * | Add troublshoot information about SELinux labeling of containers/storageDaniel J Walsh2019-03-08
| |/ | | | | | | | | | | | | We have some bug reports about people moving containers storage to new directories and this troubleshooter should help them fix this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2531 from cevich/rootless_stubOpenShift Merge Robot2019-03-09
|\ \ | | | | | | Cirrus: Add dedicated rootless mode testing
| * | Cirrus: Add dedicated rootless mode testingChris Evich2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain integration tests require execution as a regular user. This is acomplished by `PodmanTest.PodmanAsUserBase()` wrapping a specialized execution environment, in `test/utils/utils.go`. However, doing this requires passing through python, which vastly increases the complexity of debugging low-level problems. This commit introduces a new parallel task, run as a regular user on the VM as set by three environment variables. All commands executed in the ``rootless_test.sh`` script, will occur as a real user with a name and home directory, just as `$DIETY` intended. All env. vars established during `environment_setup.sh` (for root) are available. The PR source in `$GOSRC` and `$GOPATH` are owned by this user, and ready for use. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #2598 from mheon/crio_umount_is_uselessOpenShift Merge Robot2019-03-09
|\ \ \ | | | | | | | | We don't use crio-umount.conf
| * | | We don't use crio-umount.confMatthew Heon2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It also causes conflicts with CRI-O packages. Also, change the path on seccomp.json so it lives in /usr/share by default, with everything else. Fixes #2596 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #2592 from baude/testfixupsOpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | test docs fixups
| * | | | test docs fixupsbaude2019-03-08
| | |_|/ | |/| | | | | | | | | | | | | | | | | | adding some clarification on testing based on tom's input. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2590 from haircommander/pause_entry_cmdOpenShift Merge Robot2019-03-08
|\ \ \ \ | |/ / / |/| | | Default to image entrypoint for infra container
| * | | Default to image entrypoint for infra containerPeter Hunt2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease. Also use process environment variables from image Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #2560 from baude/ginkgoimprovementsOpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | ginkgo status improvements
| * | | | ginkgo status improvementsbaude2019-03-08
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #2591 from baude/issue2209OpenShift Merge Robot2019-03-08
|\ \ \ \ | | | | | | | | | | podman play kube defaults
| * | | | podman play kube defaultsbaude2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | if an input YAML file lacks securitycontext and working dir for a container, we need to be able to handle that. if no default for working dir is provided, we use a default of "/". fixes issue #2209 Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #2589 from baude/issue2171OpenShift Merge Robot2019-03-08
|\ \ \ \ \ | | | | | | | | | | | | container runlabel respect $PWD
| * | | | | container runlabel respect $PWDbaude2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing environment variable substitution, we need to make sure $PWD is replaced with the current working directory. fixes issue #2171 Signed-off-by: baude <bbaude@redhat.com>
* | | | | | Merge pull request #2588 from giuseppe/rootless-propagate-error-from-infoOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | rootless: propagate errors from info
| * | | | | rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2557 from QiWang19/filter2241OpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | | | | | | | | | | | | | | fix bug in podman images list all images with same name
| * | | | | | fix bug in podman images list all images with same nameQi Wang2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | | Merge pull request #2257 from cevich/system_test_beginningOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [ci skip] System-test: Begin list of needed high-level tests
| * | | | | | | System-test: Documentation and TODO listChris Evich2019-03-06
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #2569 from giuseppe/rootless-fix-exec-with-userOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | rootless: exec join the user+mount namespace
| * | | | | | create: join also the mount ns of the dependencyGiuseppe Scrivano2019-03-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when we are creating a container that depends on another one, be sure we also join its mount namespace in addition to the user namespace. Closes: https://github.com/containers/libpod/issues/2556 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: exec join the user+mount namespaceGiuseppe Scrivano2019-03-07
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is not enough to join the user namespace where the container is running. We also need to join the mount namespace so that we can correctly look-up inside of the container rootfs. This is necessary to lookup the mounted /etc/passwd file when --user is specified. Closes: https://github.com/containers/libpod/issues/2566 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #2586 from mheon/fix_ps_statesOpenShift Merge Robot2019-03-08
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Remove 'podman ps' restarting filter and fix stopped
| * | | | | Remove 'podman ps' restarting filter and fix stoppedMatthew Heon2019-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has no concept of a "restarting" container - such a container is just transitioning from running to stopped and then back to running through our ordinary state machine. As such, filtering "restarting" containers doesn't work and does nothing. Also, make "stopped" containers show as exited - this is a momentary state we transition to before proper exited. Signed-off-by: Matthew Heon <matthew.heon@pm.me>