| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
In the API docs, we generally state the type of error that should be returned
if a container or image cannot be found. In several cases, the code did not
match the API doc, when the API doc was correct.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1353
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Docker expects multiple filters to be passed with multiple uses
of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d)
and not a single comma-separated list of filters as we expected.
Convert to the Docker format, and make some small cleanups to our
handling of filters along the way.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
| |
Default mount propagation inside of containes should be private
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1305
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a containers-mounts.conf(5) manpage. The mounts.conf is used by
other tools (e.g., CRI-O) as well. A dedicated manpage reduces
redundancy.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Use the "containers-" prefix for all references to the
containers-registries.conf and containers-storage.conf
configuration files.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.
Depends on: https://github.com/opencontainers/runc/pull/1832
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix the test for checking when /sys must be bind mounted from the
host. It should be done only when userNS are enabled (the
!UsernsMode.IsHost() check is not enough for that).
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.
Closes: https://github.com/containers/libpod/issues/1337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manage the case where the main process of the container creates and
joins a new user namespace.
In this case we want to join only the first child in the new
hierarchy, which is the user namespace that was used to create the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.
"unshare" is used to join the user namespace of the target container.
The current implementation assumes that the main process of the
container didn't create a new user namespace.
Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.
Closes: https://github.com/containers/libpod/issues/1329
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1346
Approved by: rhatdan
|
| |\
| |
| | |
Bump to 0.8.4
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |\
| |
| | |
Add release notes for 0.8.4
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
To ensure we can build without easyjson installed, vendor the
easyjson repository as the generated files use the easyjson
library.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1336
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1339
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
CtrInfo now is formatted in the way originally intended. s/Number Of Containers/# Of Containers and s/Infra Container ID/Infra ID. Make json camel case.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1338
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
When in rootless mode it's not possible to load profiles or
check which profiles are loaded.
Added a few baseline tests to check all possible cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1250
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
Also it fix the issue of exposing both tc/udp port even if
only one proto specified.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Closes: #1325
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
skopeo-containers is available everywhere, but not containers-common
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Closes: #1332
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to podman build for unknown image and ADD with url
when doing --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1330
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This results in some functionality changes:
If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats.
As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur.
GetContainerStats will return the ErrCtrStateInvalid as well.
Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
remove slirp4netns as hard dep as it isn't available on rhel7.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Closes: #1328
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1327
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
| |
We need a useradd binary in the container for this test, so swap
from Alpine to fedora-minimal.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
Runc exec expects the --user flag to be formatted as UID:GID.
Use chrootuser code to translate whatever user is passed to exec
into this format.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
|
