| Commit message (Collapse) | Author | Age |
|\
| |
| | |
spec: fix order for setting rlimits
|
|/
|
|
|
|
|
| |
also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Add Security Policy
|
| |
| |
| |
| |
| |
| | |
As the title says
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| | |
| | | |
enable rootless integration testing
|
| | |
| | |
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
bindings tests for container remove and inspect
|
| | |
| | |
| | |
| | | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
Fix bug where pods would unintentionally share cgroupns
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I realized that setting NetworkMode to private when we are making
a network namespace but not configuring it with CNI or Slirp is
wrong; that's considered `--net=none` not `--net=private`. At the
same time, realized that we actually store whether Slirp is in
use, so we can be more specific than just "default" and instead
say slirp4netns or bridge.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This one was a massive pain to track down.
The original symptom was an error message from rootless Podman
trying to make a container in a pod. I unfortunately did not look
at the error message closely enough to realize that the namespace
in question was the cgroup namespace (the reproducer pod was
explicitly set to only share the network namespace), else this
would have been quite a bit shorter.
I spent considerable effort trying to track down differences
between the inspect output of the two containers, and when that
failed I was forced to resort to diffing the OCI specs. That
finally proved fruitful, and I was able to determine what should
have been obvious all along: the container was joining the cgroup
namespace of the infra container when it really ought not to
have.
From there, I discovered a variable collision in pod config. The
UsePodCgroup variable means "create a parent cgroup for the pod
and join containers in the pod to it". Unfortunately, it is very
similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares
this namespace", so an accessor was accidentally added for it
that indicated the pod shared the cgroup namespace when it really
did not. Once I realized that, it was a quick fix - add a bool to
the pod's configuration to indicate whether the cgroup ns was
shared (distinct from UsePodCgroup) and use that for the
accessor.
Also included are fixes for `podman inspect` and
`podman pod inspect` that fix them to actually display the state
of the cgroup namespace (for container inspect) and what
namespaces are shared (for pod inspect). Either of those would
have made tracking this down considerably quicker.
Fixes #6149
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
V2 Implement tunnelled podman version
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
v2 podman search rootless
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
enable the search command for rootless
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add remaining annotations for `podman inspect`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should finish support for `podman inspect` in APIv2.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|_|/
|/| | | |
v2 podman unshare command
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add unshare command
add cp and init to container sub-command
allow mount to run as rootless
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.23.1incompatible
build(deps): bump github.com/uber/jaeger-client-go from 2.22.1+incompatible to 2.23.1+incompatible
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.22.1+incompatible to 2.23.1+incompatible.
- [Release notes](https://github.com/uber/jaeger-client-go/releases)
- [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber/jaeger-client-go/compare/v2.22.1...v2.23.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
[CI:DOCS] Update the Podman readme
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I noticed a large number of searches for Varlink on the Github
page, and that the readme still called it out as our only
supported API. This updates the readme to remove links to Varlink
API documentation, and points to docs for the new HTTP API.
I also updated other parts to reflect the current direction the
project is taking (Podman v2 and the HTTP API).
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix `podman pod create --infra=false`
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We were accidentally setting incorrect defaults for the network
namespace for rootless `pod create` when infra containers were
not being created. This should resolve that issue.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Update manpages for image volumes and MAC address
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When reviewing the manpages for `podman run` to find options to
test, I found a few mistakes. The description of how we handle
image volumes is extremely outdated, and we now provide full
support for the `--mac-address` option. Update the docs for these
flags so they're accurate.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Fix typo in path
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Tom Fenech <tomjwfenech@gmail.com>
|
|\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
default to tunnel without ABISupport tag
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When compiling a Linux binary without ABISupport, default to use the
tunnel. The behaviour is expected in `podman-remote`.
Also set a default for the remote flag so `podman-remote` works OOB.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
set binding tests to required
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
it appears that the pod stats flake can be attributed to the fact that the container being run is not fully running when the stats call is made. because the stats call is in format of json, it fails when nil
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
some small fix ups for binding tests and then make them required.
update containers-common
V2 bindings tests were failing because of changes introduced in commit
a2ad5bb.
Fix some typos.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix handling of overridden paths from database
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
If the first time you run podman in a user account you do a
su - USER, and the second time, you run as the logged in USER
podman fails, because it is not handling the tmpdir definition
in the database. This PR fixes this problem.
vendor containers/common v0.11.1
This should fix a couple of issues we have seen in podman 1.9.1
with handling of libpod.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
[CI:DOCS] Fixed typo on podman network create man
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Eduardo Minguez Perez <e.minguez@gmail.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Makefile: fix a dependency issue
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Instead of being depended by docs, targets '.install.md2man' and
'docdir' should be depended by 'MANPAGES', or else the path
'docs/build/man' or 'GOMD2MAN' might not exist when it tries to
generate files in it.
This fixes a following build error:
| open docs/build/man/podman-volume-ls.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-volume-ls.1' failed
| make: *** [docs/source/markdown/podman-volume-ls.1] Error 1
| make: *** Waiting for unfinished jobs....
| open docs/build/man/podman-init.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-init.1' failed
Signed-off-by: Ming Liu <ming.liu@toradex.com>
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
abi: do not attempt to setup rootless if euid==0
|
| | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
if the process has already euid==0 do not attempt to setup rootless.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add podman-remote-static target
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We should not be building podman-remote with the BUILDTAGS, these
only effect server side.
CRC Group wants to use a static version of podman-remote in order
to install the same podman-remote client on any Linux box.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Fix parsing of --network for `podman pod create`
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Interpreting CNI networks was a bit broken, and it was causing
rootless `podman pod create` to fail. Also, we were missing the
`--net` alias for `--network`, so add that.
Fixes #6119
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
fix and enable systemd system tests
|
| | |_|/ / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The systemd unit test never ran in CI and was broken for various
reasons. Fix the test to execute Podman in systemd units and to also
run generated units files.
Note: more tests will be added in the future. The simple check for now
will prevent regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
containers/dependabot/go_modules/github.com/onsi/gomega-1.10.0
Bump github.com/onsi/gomega from 1.9.0 to 1.10.0
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.9.0...v1.10.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|