| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles
update tests
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
Bump to v1.7.0-RC2
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Update release notes with further changes from 1.7.0
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
refactor network commands
|
| |
| |
| |
| |
| |
| |
| | |
move core of network commands from pkg/adapter to pkg/network to assist
with api development and remote podman commands.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
[Issue #4703] Add the pod name when we use `podman ps -p`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The pod name does not appear when doing `podman ps -p`.
It is missing as the documentation says:
-p, --pod Print the ID and name of the pod the containers are associated with
The pod name is added in the ps output and checked in unit tests.
Closes #4703
Signed-off-by: NevilleC <neville.cain@qonto.eu>
|
|\ \ \
| | | |
| | | | |
Fix race condition in kill test leading to hang
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When you open a FIFO for reading, but there's no writer, you hang.
This is just one of those obscure UNIXisms we all know but just
forget all too often.
My last PR was guilty of introducing such a condition; I caught
it by accident while testing other stuff. In short, the signal
container was doing 'echo DONE' as its last step, and we (BATS)
were reading the FIFO to check for it; but if the container
exited before we opened the FIFO for read, the open would hang.
This is not a hang that we can catch in the test: it would hang
the entire job forever. CI would presumably time out eventually,
but with no useful indication of the cause of the error.
Solution: use 'exec' to open the FIFO early and keep it open,
and use 'read -u FD' instead of 'read <$fifo': the former
reads from an open FD, the latter forces a new open() each time.
There is a shorter, more maintainable solution -- see #4755 -- but
that suffers from the same hanging problem in the (unlikely) case
where the signal-handling container exits, e.g. if signal handling
is broken in podman. The test would hang, with no helpful indicator.
Although this PR is a little more advanced scripting, I have
commented the relevant code well and believe the maintenance
cost is worth the risk of undebuggable hangs.
There is still a hang risk: if 'podman logs -f' fails and exits
immediately, the 'exec' will hang. I can't think of a non-racy
way to prevent that, and choose to live with that risk.
Tested by temporarily including 9 (SIGKILL) in the signals list.
The read timeout triggers, and the end user has a fair chance
of tracking down the root cause.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Ensure 'make uninstall' removes bin and conf files.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I updated the 'make uninstall' command to remove:
1. podman and remote bin
2. cni/net.d/87-podman-bridge.conflist
3. podman.conf
4. systemd conf files: io.podman.socket.*
Closes #4572
Signed-off-by: Neville Cain <neville.cain@qonto.eu>
|
|\ \
| | |
| | | |
Ensure SizeRw is shown when a user does 'inspect --size -t container'.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, if a user requests the size on a container (inspect --size -t container),
the SizeRw does not show up if the value is 0. It's because InspectContainerData is
defined as int64 and there is an omit when empty.
We do want to display it even if the value is empty. I have changed the type of SizeRw to be a pointer to an int64 instead of an int64. It will allow us todistinguish the empty value to the missing value.
I updated the test "podman inspect container with size" to ensure we check thatSizeRw is displayed correctly.
Closes #4744
Signed-off-by: NevilleC <neville.cain@qonto.eu>
|
|\ \
| | |
| | | |
signal parsing - better input validation
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The helper function we use for signal name mapping does not
check for negative numbers nor invalid (too-high) ones. This
can yield unexpected error messages:
# podman kill -s -1 foo
ERRO[0000] unknown signal "18446744073709551615"
This PR introduces a small wrapper for it that:
1) Strips off a leading dash, allowing '-1' or '-HUP'
as valid inputs; and
2) Rejects numbers <1 or >64 (SIGRTMAX)
Also adds a test suite checking signal handling as well as
ensuring that invalid signals are rejected by the command line.
Fixes: #4746
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
The --quiet flag does not conflict with templates in ps
|
|/
|
|
|
|
|
|
| |
To match Docker behavior, make `--quiet` and `--format` with a Go
template not conflict. Instead, just turn off `--quiet` in such
cases, as we'll be using Go template output instead.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Update containers/storage to v1.15.4
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
add struct response for removal of images
|
| |/
| |
| |
| |
| |
| |
| |
| | |
when removing an image from storage, we should return a struct that
details what was untagged vs deleted. this replaces the simple
println's used previously and assists in API development.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
zsh completion: ignore multi-line output in Flags
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PR #4475 introduced an interesting twist on --help: a help
string that spans multiple lines. This broke zsh completion.
I'm not keen on that multi-line output, but it shouldn't
break completion. Fix is simple: look only for flag lines
beginning with '-', filter out anything else.
Fixes: #4738
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
Set contextdir to current PWD if user did not specify a context dir.
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/containers/image/v5-5.1.0
build(deps): bump github.com/containers/image/v5 from 5.0.0 to 5.1.0
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.0.0...v5.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
if container is not in a pid namespace, stop all processes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a container is in a PID namespace, it is enought to send
the stop signal to the PID 1 of the namespace, only send signals
to all processes in the container when the container is not in
a pid namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
libpod: drop arbitrary memory limit of 4M
|
| | |
| | |
| | |
| | |
| | |
| | | |
drop the arbitrary limit of 4M for creating a container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Remove volumes after containers in pod remove
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When trying to reproduce #4704 I noticed that the named volumes
from the Postgres containers in the reproducer weren't being
removed by `podman pod rm -f` saying that the container they were
attached to was still in use. This was rather odd, considering
they were only in use by one container, and that container was in
the process of being removed with the pod.
After a bit of tracing, I realized that the cause is the ordering
of container removal when we remove a pod. Normally, it's done
in removeContainer() before volume removal (which is the last
thing in that function). However, when we are removing a pod, we
remove containers all at once, after removeContainer has already
finished - meaning the container still exists when we try to
remove its volumes, and thus the volume can't be removed.
Solution: collect a list of all named volumes in use by the pod,
and remove them all at once after every container in the pod is
gone. This ensures that there are no dependency issues.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|_|/
|/| | | |
container config: add CreateCommand
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Store the full command plus arguments of the process the container has
been created with. Expose this data as a `Config.CreateCommand` field
in the container-inspect data as well.
This information can be useful for debugging, as we can find out which
command has created the container, and, if being created via the Podman
CLI, we know exactly with which flags the container has been created
with.
The immediate motivation for this change is to use this information for
`podman-generate-systemd` to generate systemd-service files that allow
for creating new containers (in contrast to only starting existing
ones).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
update c/buildah to v1.12.0
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also bump docker/docker.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
podman images history test - clean up
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As initially written the test does not work other than in
a CI environment because it relies on an empty tag history.
Rewrite so we can guarantee that, by creating a new image.
Also add slightly more helpful tests: the initial tests
would just show "expected 0, got 1" which is unhelpful.
Tweak so we test on actual history contents, which will
show more informative messages on failure.
And, finally, clean up after ourselves.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Correctly export the root file-system changes
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When doing a checkpoint with --export the root file-system diff was not
working as expected. Instead of getting the changes from the running
container to the highest storage layer it got the changes from the
highest layer to that parent's layer. For a one layer container this
could mean that the complete root file-system is part of the checkpoint.
With this commit this changes to use the same functionality as 'podman
diff'. This actually enables to correctly diff the root file-system
including tracking deleted files.
This also removes the non-working helper functions from libpod/diff.go.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
docs: add workaround for --device with rootless containers
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixes #4477
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
podman: mirror information
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Update podman info command to show the registries data and the search
table.
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Updates the podman info command to show registries from v1 config file
in the search table format.
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|