summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* When first mounting any named volume, copy upMatthew Heon2019-09-09
| | | | | | | | | | | Previously, we only did this for volumes created at the same time as the container. However, this is not correct behavior - Docker does so for all named volumes, even those made with 'podman volume create' and mounted into a container later. Fixes #3945 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3960 from mheon/ignore_umount_enoentOpenShift Merge Robot2019-09-06
|\ | | | | Ignore ENOENT on umount of SHM
| * Ignore ENOENT on umount of SHMMatthew Heon2019-09-06
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3918 from rhatdan/infoOpenShift Merge Robot2019-09-06
|\ \ | |/ |/| Return information about mount_program (fuse-overlayfs)
| * Return information about mount_program (fuse-overlayfs)Daniel J Walsh2019-09-06
| | | | | | | | | | | | | | | | | | | | We want to get podman info to tell us about the version of the mount program to help us diagnose issues users are having. Also if in rootless mode and slirp4netns is installed reveal package info on slirp4netns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3958 from haircommander/play-kube-secOpenShift Merge Robot2019-09-06
|\ \ | | | | | | play kube: fix segfault
| * | play kube: fix segfaultPeter Hunt2019-09-06
| | | | | | | | | | | | | | | | | | | | | when securityContext wasn't specified in yaml. add a test as well Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3954 from mheon/hardcode_default_storepathsOpenShift Merge Robot2019-09-06
|\ \ \ | | | | | | | | Ensure good defaults on blank c/storage configuration
| * | | Ensure good defaults on blank c/storage configurationMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If c/storage paths are explicitly set to "" (the empty string) it will use compiled-in defaults. However, it won't tell us this via `storage.GetDefaultStoreOptions()` - we just get the empty string (which can put our defaults, some of which are relative to c/storage, in a bad spot). Hardcode a sane default for cases like this. Furthermore, add some sanity checks to paths, to ensure we don't use relative paths for core parts of libpod. Fixes #3952 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3931 from mheon/volumes_with_optionsOpenShift Merge Robot2019-09-06
|\ \ \ \ | |_|_|/ |/| | | Add support for mounting volumes with local driver and options
| * | | Correctly report errors on unmounting SHMMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we fail to remove a container's SHM, that's an error, and we need to report it as such. This may be part of our lingering storage woes. Also, remove MNT_DETACH. It may be another cause of the storage removal failures. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add ability for volumes with options to mount/umountMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When volume options and the local volume driver are specified, the volume is intended to be mounted using the 'mount' command. Supported options will be used to volume the volume before the first container using it starts, and unmount the volume after the last container using it dies. This should work for any local filesystem, though at present I've only tested with tmpfs and btrfs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add volume stateMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to track the number of times a volume has been mounted for tmpfs/nfs/etc volumes. As such, we need a mutable state for volumes. Add one, with the expected update/save methods in both states. There is backwards compat here, in that older volumes without a state will still be accepted. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Change volume driver and options JSON tagsMatthew Heon2019-09-05
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In upcoming commits, we're going to turn on the backends for these fields. Volumes with these set will act fundamentally differently from other volumes. There will probably be validation required for each field. Until now, though, we've freely allowed creation of volumes with these set - they just did nothing. So we have no idea what could be in the DB with old volumes. Change the struct tags so we don't have to worry about old, unvalidated data. We'll start fresh with new volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3951 from rhatdan/readmeOpenShift Merge Robot2019-09-05
|\ \ \ | |_|/ |/| | Fixup README.md to give proper information
| * | Fixup README.md to give proper informationDaniel J Walsh2019-09-05
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3948 from openSUSE/buildah-updateOpenShift Merge Robot2019-09-05
|\ \ | | | | | | Update buildah to v1.11.0
| * | Update buildah to v1.11.0Sascha Grunert2019-09-05
| |/ | | | | | | | | | | | | Vendor in the latest changes for buildah to apply the implemented features here as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #3947 from rhatdan/tmpdirOpenShift Merge Robot2019-09-05
|\ \ | |/ |/| Set TMPDIR to /var/tmp by default
| * Set TMPDIR to /var/tmp by defaultDaniel J Walsh2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | We have had some issues with users squashing large images or pulling large content from github, that could trigger crashes based on the size of /tmp. Docker had an issue with this back in 2016. https://github.com/golang/go/issues/14021 The discussion there was to change the default to /var/tmp. This change will only effect systems that do not set the TMPDIR environment variable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3943 from gabibeyer/fix_testsOpenShift Merge Robot2019-09-05
|\ \ | | | | | | Fix unit tests missing comparative for 'Expect'
| * | Fix unit tests missing comparative for 'Expect'gabi beyer2019-09-04
| | | | | | | | | | | | | | | | | | | | | | | | Add '.To(BeTrue())' to 'Expect(' statements in unit tests that are missing them. These tests weren't being compared to anything, thus reporting false positives. Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
* | | Merge pull request #3940 from edsantiago/batsOpenShift Merge Robot2019-09-04
|\ \ \ | | | | | | | | System tests: support for crun on f31/rawhide
| * | | System tests: support for crun on f31/rawhideEd Santiago2019-09-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | crun emits wildly different error messages than runc in two cases: podman run ... /no/such/path (enoent) podman run ... /etc (trying to exec a directory) Deal with it by getting the runtime from 'podman info' and, if crun, changing what we expect. There may be more tweaks needed to get system tests working with crun, but right now podman rawhide is too broken to have any hope of finding them all. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #3876 from mheon/fix_mount_flagsOpenShift Merge Robot2019-09-04
|\ \ \ | | | | | | | | Allow suid, exec, dev mount options to cancel nosuid/noexec/nodev
| * | | Add test to verify noexec works with volume mountsMatthew Heon2019-09-04
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add a test for the new suid/exec/dev optionsMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Fix addition of mount options when using RO tmpfsMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For read-only containers set to create tmpfs filesystems over /run and other common destinations, we were incorrectly setting mount options, resulting in duplicate mount options. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Allow :z and :Z with ProcessOptionsMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Set base mount options for bind mounts from base systemMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If I mount, say, /usr/bin into my container - I expect to be able to run the executables in that mount. Unconditionally applying noexec would be a bad idea. Before my patches to change mount options and allow exec/dev/suid being set explicitly, we inferred the mount options from where on the base system the mount originated, and the options it had there. Implement the same functionality for the new option handling. There's a lot of performance left on the table here, but I don't know that this is ever going to take enough time to make it worth optimizing. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Don't double-process tmpfs optionsMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already process the options on all tmpfs filesystems during final addition of mounts to the spec. We don't need to do it before that in parseVolumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add support for 'exec', 'suid', 'dev' mount flagsMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we explicitly set noexec/nosuid/nodev on every mount, with no ability to disable them. The 'mount' command on Linux will accept their inverses without complaint, though - 'noexec' is counteracted by 'exec', 'nosuid' by 'suid', etc. Add support for passing these options at the command line to disable our explicit forcing of security options. This also cleans up mount option handling significantly. We are still parsing options in more than one place, which isn't good, but option parsing for bind and tmpfs mounts has been unified. Fixes: #3819 Fixes: #3803 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Update buildah to current masterMatthew Heon2019-08-28
| | | | | | | | | | | | | | | | | | | | | | | | Vendor some changes to parsing code that we need for Podman. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3933 from giuseppe/skip-polling-on-runOpenShift Merge Robot2019-09-04
|\ \ \ \ | |_|_|/ |/| | | libpod: avoid polling container status
| * | | libpod: avoid polling container statusGiuseppe Scrivano2019-09-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use the inotify backend to be notified on the container exit instead of polling continuosly the runtime. Polling the runtime slowns significantly down the podman execution time for short lived processes: $ time bin/podman run --rm -ti fedora true real 0m0.324s user 0m0.088s sys 0m0.064s from: $ time podman run --rm -ti fedora true real 0m4.199s user 0m5.339s sys 0m0.344s Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3902 from baude/dnsmasqaddresponseOpenShift Merge Robot2019-09-04
|\ \ \ | |/ / |/| | handle dns response from cni
| * | handle dns response from cnibaude2019-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when cni returns a list of dns servers, we should add them under the right conditions. the defined conditions are as follows: - if the user provides dns, it and only it are added. - if not above and you get a cni name server, it is added and a forwarding dns instance is created for what was in resolv.conf. - if not either above, the entries from the host's resolv.conf are used. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3928 from edsantiago/enable_man_page_checker_in_ciOpenShift Merge Robot2019-09-04
|\ \ \ | | | | | | | | Enable hack/man-page-checker in CI
| * | | Enable hack/man-page-checker in CIEd Santiago2019-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With huge thanks to @rwha for #3915. All man pages are clean and consistent now - let's keep them that way. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #3930 from cevich/update_irc_tableOpenShift Merge Robot2019-09-04
|\ \ \ \ | | | | | | | | | | Cirrus: Update e-mail -> IRC Nick table
| * | | | Cirrus: Update e-mail -> IRC Nick tableChris Evich2019-09-03
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also add fixes to help prevent 'fatal: Invalid revision range' error. Should obtaining all authors from the range still fail, only grab the HEAD commit author as a fallback. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3926 from giuseppe/add-warning-mismatch-configurationOpenShift Merge Robot2019-09-03
|\ \ \ \ | | | | | | | | | | rootless: detect user namespace configuration changes
| * | | | pkg/util: use rootless function to read additional usersGiuseppe Scrivano2019-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make pkg/rootless.GetConfiguredMappings public so that it can be used from pkg/util. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3904 from cevich/fix_img_pruneOpenShift Merge Robot2019-09-03
|\ \ \ \ \ | |_|/ / / |/| | | | Cirrus: imgprune fixes
| * | | | Cirrus: Load base-image names indirectlyChris Evich2019-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than hard-coding all four base-image env. var name, load the values based on the shared variable name suffix. Thanks to Ed Santiago <santiago@redhat.com> for the suggestion. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | Cirrus: Remove image_prune YAML-alias workaroundChris Evich2019-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Originally when written, the image_prune_task was passing incorrect credentials into it's container. This was traced back to mishandling of a YAML-alias, and worked-around (including a comment). However, as of this commit, it appear YAML-alias substitution problem has been addressed. Restore the (correct) use of a YAML-alias so the correct credentials are passed into the prune container. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #3915 from rwha/fix_man_page_testsOpenShift Merge Robot2019-09-03
|\ \ \ \ \ | | | | | | | | | | | | Fix formatting and enable hack/man-page-checker
| * | | | | Add command aliases to SYNOPSIS sectionRyan Whalen2019-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The files under docs/links reference another man page, e.g. `man podman-container-list` displays `podman-ps(1)`. This adds the alias to the in the displayed page's SYNOPSIS section. Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>
| * | | | | Exclude podman-remoteRyan Whalen2019-08-31
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Ryan Whalen <rj.whalen@gmail.com>