| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Use host's resolv.conf if no network namespace enabled
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
My host system runs Fedora Silverblue 29 and I have NetworkManager's
`dns=dnsmasq` setting enabled, so my `/etc/resolv.conf` only has
`127.0.0.1`.
I also run my development podman containers with `--net=host`
for various reasons.
If we have a host network namespace, there's no reason not to just
use the host's nameserver configuration either.
This fixes e.g. accessing content on a VPN, and is also faster
since the container is using cached DNS.
I know this doesn't solve the bigger picture issue of localhost-DNS
conflicting with bridged networking, but that's far more involved,
probably requiring a DNS proxy in the container. This patch
makes my workflow a lot nicer and was easy to write.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|\ \
| | |
| | | |
Stopping a stopped container is not an error for Podman
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We regressed on this at some point. Adding a new test should help
ensure that doesn't happen again.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \ \
| |/ /
|/| | |
Add tcp-established to checkpoint/restore
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds checkpoint/restore test cases for the newly added options
* --leave-running
* --tcp-established
* --all
* --latest
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman container restore -a was using the wrong filter to restore
checkpointed containers. This switches from 'running' containers to
'exited' containers.
Restoring with -a only works if all exited containers have been
checkpointed. Maybe it would make sense to track which containers have
been really checkpointed. This is just to fix '-a' to work at least
if all exited containers have been checkpointed.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This brings all the recent changes to checkpoint/restore to the bash
completion.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CRIU can checkpoint and restore processes/containers with established
TCP connections if the correct option is specified. To implement
checkpoint and restore with support for established TCP connections with
Podman this commit adds the necessary options to runc during checkpoint
and also tells conmon during restore to use 'runc restore' with
'--tcp-established'.
For this Podman feature to work a corresponding conmon change is
required.
Example:
$ podman run --tmpfs /tmp --name podman-criu-test -d docker://docker.io/yovfiatbeb/podman-criu-test
$ nc `podman inspect -l | jq -r '.[0].NetworkSettings.IPAddress'` 8080
GET /examples/servlets/servlet/HelloWorldExample
Connection: keep-alive
1
GET /examples/servlets/servlet/HelloWorldExample
Connection: keep-alive
2
$ # Using HTTP keep-alive multiple requests are send to the server in the container
$ # Different terminal:
$ podman container checkpoint -l
criu failed: type NOTIFY errno 0
$ # Looking at the log file would show errors because of established TCP connections
$ podman container checkpoint -l --tcp-established
$ # This works now and after the restore the same connection as above can be used for requests
$ podman container restore -l --tcp-established
The restore would fail without '--tcp-established' as the checkpoint image
contains established TCP connections.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
The old commit points to the development branch and is not stable.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is basically the same change as
ff47a4c2d5485fc49f937f3ce0c4e2fd6bdb1956 (Use a struct to pass options to Checkpoint())
just for the Restore() function. It is used to pass multiple restore
options to the API and down to conmon which is used to restore
containers. This is for the upcoming changes to support checkpointing
and restoring containers with '--tcp-established'.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| | |
| | | |
rootless: add new netmode "slirp4netns"
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
so that inspect reports the correct network configuration.
Closes: https://github.com/containers/libpod/issues/1453
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
exec: remove polling for PID file
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
prefer a fsnotify watcher to polling the file, we take advantage of
inotify on Linux and react more promptly to the PID file being
created.
If the watcher cannot be created, then fallback to the old polling
mechanism.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
don't wait for the timeout to expire if the runtime process exited.
I've noticed podman to hang on exit and keeping the container lock
taken when the OCI runtime already exited.
Additionally, it reduces the waiting time as we won't hit the 25
milliseconds waiting time in the worst case.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
rootless: store only subset of storage.conf
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
do not store the entire file but only the subset of what we have
modified. Also, we were not writing the correct data. Since it is
not trivial to serialize storage.conf correctly and all the various
supported options, serialize only what we care about.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor: update selinux
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
inherit a change for not failing a recursive relabelling if the file
is removed between the directory is read and the lsetxattr syscall.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
rootless: fix cleanup
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The conmon exit command is running inside of a namespace where the
process is running with uid=0. When it launches again podman for the
cleanup, podman is not running in rootless mode as the uid=0.
Export some more env variables to tell podman we are in rootless
mode.
Closes: https://github.com/containers/libpod/issues/1859
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
test: cleanup CNI network used by the tests
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
issue introduced with:
https://github.com/containers/libpod/pull/1871
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Improve podman run --mount test
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In some test env, mount with shared options is not included relatime
in the mountinfo file. So remove this from the test case.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update the test case name to make it easier to filter --mount related
test cases with -ginkgo.focus.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|\ \ \
| | | |
| | | | |
Actually set version for podman module / pypodman
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The environment variable wasn't set, giving 0.0.0
It is a still a problem if you use python3 to build,
rather than make. You *need* to set $PODMAN_VERSION,
or your module and packages won't have the version.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
exec: always make explicit the tty value
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
otherwise runc will take by default the value used for creating the
container. Setting it explicit overrides its default value and we
won't end up trying to use a terminal when not available.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1625876
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Add some tests for --ip flag with run and create command
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
set root propagation based on volume properties
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Set the root propagation based on the properties of volumes and default
mounts. To remain compatibility, follow the semantics of Docker. If a
volume is shared, keep the root propagation shared which works for slave
and private volumes too. For slave volumes, it can either be shared or
rshared. Do not change the root propagation for private volumes and
stick with the default.
Fixes: #1834
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
libpod should know if the network is disabled
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
/etc/resolv.conf and /etc/hosts should not be created and mounted when the
network is disabled.
We should not be calling the network setup and cleanup functions when it is
disabled either.
In doing this patch, I found that all of the bind mounts were particular to
Linux along with the generate functions, so I moved them to
container_internal_linux.go
Since we are checking if we are using a network namespace, we need to check
after the network namespaces has been created in the spec.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add history field to image inspect
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Vendor in latest containers/buildah
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Pulls in fix for COPY --from when using --layers
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
add podman container|image exists
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add an exists subcommand to podman container and podman image that allows
users to verify the existence of a container or image by ID or name. The return
code can be 0 (success), 1 (failed to find), or 125 (failed to work with runtime).
Issue #1845
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
implement --format for version command
|