summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #13583 from rhatdan/ipcOpenShift Merge Robot2022-04-16
|\ | | | | Add support for ipc namespace modes "none, private, sharable"
| * Add support for ipc namespace modes "none, private, sharable"Daniel J Walsh2022-04-12
| | | | | | | | | | | | Fixes: #13265 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13849 from baude/defaultvolumessOpenShift Merge Robot2022-04-15
|\ \ | | | | | | Mount $HOME:$HOME by default in podman machine init
| * | Add container.conf default volume to initBrent Baude2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers.conf now has a default volumes field for podman machine. this pr inserts those values as the default volumes in init. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13641 from nicrowe00/logfileOpenShift Merge Robot2022-04-15
|\ \ \ | | | | | | | | Add log rotation based on log size
| * | | Add log rotation based on log sizeNiall Crowe2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new functions to logfile.go for rotating and truncating the events log file once the log file and its contents exceed the maximum size limit while keeping 50% of the log file's content Also add tests to verify log rotation and truncation Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13868 from cdoern/cloneSwapOpenShift Merge Robot2022-04-15
|\ \ \ \ | | | | | | | | | | Fix Memory Swappiness passing in Container Clone
| * | | | Fix Memory Swappiness passing in Container Clonecdoern2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `DefineCreateFlags` was excluding clone from using the memory-swappiness flag leading the value to be zero when our deafult is -1. Rearrange the if/else to give clone these memory related options resolves #13856 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #13616 from giuseppe/passwd-entryOpenShift Merge Robot2022-04-14
|\ \ \ \ \ | |_|_|/ / |/| | | | run, create: add --passwd-entry
| * | | | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13874 from vrothberg/test-for-CVE-2022-1227OpenShift Merge Robot2022-04-14
|\ \ \ \ | | | | | | | | | | add a regression test for CVE-2022-1227
| * | | | add a regression test for CVE-2022-1227Valentin Rothberg2022-04-14
|/ / / / | | | | | | | | | | | | | | | | | | | | Will also be included in the upcoming backports. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13866 from edsantiago/batsOpenShift Merge Robot2022-04-14
|\ \ \ \ | | | | | | | | | | System tests: Usage checks: better error messages
| * | | | System tests: Usage checks: better error messagesEd Santiago2022-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current error messages are really awful, and cause great suffering every time someone adds a new subcommand. Let's see if these are better. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #13857 from rhatdan/logsOpenShift Merge Robot2022-04-14
|\ \ \ \ \ | | | | | | | | | | | | Fix --tail log on restart problem
| * | | | | Fix --tail log on restart problemDaniel J Walsh2022-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --tail=1 is not working f you restart a container with journald logging. We see the exit status and then call into the logging a second time causing all of the logs to print. Removing the tail log on exited seems to fix the problem. Fixes: https://github.com/containers/podman/issues/13098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #13872 from vrothberg/revert-sizeOpenShift Merge Robot2022-04-14
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Revert "images --size"
| * | | | | Revert "images --size"Valentin Rothberg2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit e133a06d2f4a3e94bfbd60b647046f2f515c9c24. @nalind found a proper fix in c/storage [1] to address the performance issue. So we really don't need the flag anymore. Note the flag has never made it into any release. [1] https://github.com/containers/storage/commit/d76b3606fc9ca975bf436379f91105f0fac1555f Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | | | Merge pull request #13867 from rhatdan/commonOpenShift Merge Robot2022-04-14
|\ \ \ \ \ \ | | | | | | | | | | | | | | Update containers/common to main branch
| * | | | | | Update containers/common to main branchDaniel J Walsh2022-04-13
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Want to add support for Machine.Volumes Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #13863 from mheon/stopped_can_attachOpenShift Merge Robot2022-04-14
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Allow HTTP attach to stopped containers
| * | | | | Allow HTTP attach to stopped containersMatthew Heon2022-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's a potential race condition where we attempt to attach to a container immediately after it's been stopped, but before the cleanup process has run on it. The existing code doesn't allow an attach to containers in the Stopped state (cleanup process has not run) but does allow an attach to containers in the Exited state (cleanup process has run). This doesn't make very much sense and there's no technical reason to restrict attach to only Exited containers, so allow attaching to Stopped containers. [NO NEW TESTS NEEDED] Testing this is very racy - we need to get in before the cleanup process runs, which isn't really deterministic when we're invoked from a script - like the CI tests. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #13844 from Luap99/compat-netmodeOpenShift Merge Robot2022-04-13
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | compat api: use network mode bridge as default
| * | | | | compat api: use network mode bridge as defaultPaul Holzinger2022-04-13
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For better docker compatibility we should use the bridge network mode as default for rootless. This was already done previously but commit 535818414c2a introduced this regression in v4.0. Since the apiv2 test are only run rootful we cannot catch this problem in CI. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13853 from ↵OpenShift Merge Robot2022-04-13
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | chuanchang/fix_typo_in_podman_container_clone_docs [CI:DOCS] fix typo in podman-container-clone.1.md
| * | | | | docs: fix typo in podman-container-clone.1.mdAlex Jia2022-04-13
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | | | Merge pull request #13829 from baude/machineinspectOpenShift Merge Robot2022-04-13
|\ \ \ \ \ | |_|/ / / |/| | | | Introduce machine inspect
| * | | | Introduce machine inspectBrent Baude2022-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to inspect their podman virtual machines. This will be helpful for debug and development alike, because more details about the machine can be collected. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #13852 from elezar/bump-cdi-0.3.2OpenShift Merge Robot2022-04-13
|\ \ \ \ \ | |_|/ / / |/| | | | build(deps) bump github.com/container-orchestrated-devices/container-device-interface from 0.3.0 to 0.3.2
| * | | | build(deps) bump CDI dependency from 0.3.0 to 0.3.2Evan Lezar2022-04-13
|/ / / / | | | | | | | | | | | | | | | | | | | | bump github.com/container-orchestrated-devices/container-device-interface from 0.3.0 to 0.3.2 Signed-off-by: Evan Lezar <elezar@nvidia.com>
* | | | Merge pull request #13841 from lsm5/main-cve-2022-27191OpenShift Merge Robot2022-04-12
|\ \ \ \ | | | | | | | | | | Bump golang.org/x/crypto to 7b82a4e
| * | | | Bump golang.org/x/crypto to 7b82a4eLokesh Mandvekar2022-04-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191 Podman doesn't seem to be directly affected as the logic in question is not called. golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the latest upstream commit to also include support for SHA-2. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #13846 from edsantiago/batsOpenShift Merge Robot2022-04-12
|\ \ \ \ | | | | | | | | | | System tests: fix oops in start --filter tests
| * | | | System tests: fix oops in start --filter testsEd Santiago2022-04-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bad code got committed by accident: test description on run_podman line, not test line. Did not seem to affect tests, but fix it anyway. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #13814 from rhatdan/systemdOpenShift Merge Robot2022-04-12
|\ \ \ \ | | | | | | | | | | Pretty print systemd services file
| * | | | Pretty print systemd services fileAbhijeet Kasurde2022-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: #13337 I added newline only on options IE Begin with "-" [NO NEW TESTS NEEDED] Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13787 from Luap99/nohost-apiOpenShift Merge Robot2022-04-12
|\ \ \ \ \ | |_|_|_|/ |/| | | | API: use no_hosts from containers.conf
| * | | | API: use no_hosts from containers.confPaul Holzinger2022-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The API endpoints should properly honour the `no_hosts=true` setting in containers.conf. Fixes #13719 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13788 from flouthoc/support-volume-optsOpenShift Merge Robot2022-04-12
|\ \ \ \ \ | |_|_|/ / |/| | | | run, mount: allow setting driver specific option using `volume-opt=`
| * | | | run, mount: allow setting driver specific option using volume-optAditya R2022-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--mount` should allow setting driver specific options using `volume-opt` when `type=volume` is set. This ensures parity with docker's `volume-opt`. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #13837 from rhatdan/VENDOROpenShift Merge Robot2022-04-12
|\ \ \ \ \ | |_|_|_|/ |/| | | | Update vendor of storage,common,image
| * | | | Update vendor of storage,common,imageDaniel J Walsh2022-04-12
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Preparing for release candidate. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13836 from flouthoc/machine-rm-ignore-enoentOpenShift Merge Robot2022-04-12
|\ \ \ \ | | | | | | | | | | machine,rm: Ignore `ENOENT` while cleaning machine paths
| * | | | machine,rm: Ignore ENOENT while cleaning machineAditya R2022-04-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain paths like `../containers/podman/machine/my-test/podman.sock` do not exist when machine is not started, so removing a machine before starting it will result in ENOENT which we should ignore cause these paths do not exists Closes: https://github.com/containers/podman/issues/13834 [NO TESTS NEEDED] [NO NEW TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13828 from cevich/fix_cron_checkOpenShift Merge Robot2022-04-12
|\ \ \ \ | |/ / / |/| | | [CI:BUILD] Cirrus: Fix unsupported cirrus-cron build status
| * | | Cirrus: Fix unsupported cirrus-cron build statusChris Evich2022-04-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Every weekday when the `check_cirrus_cron` github-actions workflow runs. It checks the status of all cirrus-cron jobs. If a build is found with a 'FAILED' status, it triggers an alert e-mail to be sent. However, the `test_image_build` is marked as a manually-triggered, resulting in a perpetual status of 'EXECUTING', even if there were failures. Fix this by only allowing the problematic task to run in pull requests without the `[CI:DOCS]` magic keyword. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #13821 from eriksjolund/fix_userns_auto_docsOpenShift Merge Robot2022-04-12
|\ \ \ | | | | | | | | [CI:DOCS] Rewrite rootless --userns=auto docs
| * | | [CI:DOCS] Rewrite rootless --userns=auto docsErik Sjölund2022-04-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove the statement that rootless --userns=auto does not work. * Mention that --userns=keep-id consumes all subuids and subgids. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | Merge pull request #13093 from 0xC0ncord/selinux-conmon-agnosticOpenShift Merge Robot2022-04-12
|\ \ \ | | | | | | | | selinux: remove explicit range transition when starting conmon
| * | | selinux: remove explicit range transition when starting conmonKenton Groombridge2022-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not explicitly transition to s0 when starting conmon. Instead, the policy should implement this behavior. [NO NEW TESTS NEEDED] This is dependent on the SELinux policy to implement the desired behavior. Additionally, entirely custom SELinux policies may choose to implement the behavior differently. Signed-off-by: Kenton Groombridge <me@concord.sh>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-07 00:34:19 +0000