summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Allow creating anonymous volumes with --mountAndrew Aylett2022-04-02
| | | | | | | | | | | This fixes #13756. All the mechanics to create anonymous volumes is already present, but there's still a validation preventing that path from being taken. We remove the validation, which allows the volume to be created successfully. Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
* Merge pull request #13665 from jwhonce/issues/13535OpenShift Merge Robot2022-04-01
|\ | | | | Add build test for .containerignore tar file
| * Add build test for .containerignore tar fileJhon Honce2022-03-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure a directory added to .containerignore on client is not included in tar sent to remote podman API service * Clean up podman invocations to not include duplicate --remote and --url flags * Use pkill vs. pgrep when cleaning up podman API service in tests * Add exit code when logging error when testing Closes #13535 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #13594 from cdoern/podVolumesOpenShift Merge Robot2022-04-01
|\ \ | | | | | | fix pod volume passing and alter infra inheritance
| * | fix pod volume passing and alter infra inheritancecdoern2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #13744 from giuseppe/allow-privileged-cap-addOpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | specgen: permit --privileged and --cap-add
| * | | specgen: permit --privileged and --cap-addGiuseppe Scrivano2022-04-01
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | --cap-add is useful when running a privileged container with UID != 0, so that individual capabilities can be added to the container process. Closes: https://github.com/containers/podman/issues/13449 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13738 from Luap99/remote-commandOpenShift Merge Robot2022-03-31
|\ \ \ | |_|/ |/| | cli commands: better error for unsupported commands
| * | cli commands: better error for unsupported commandsPaul Holzinger2022-03-31
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman-remote unsahre for example you currently get: Error: unrecognized command `podman-remote unshare` This is because we do not add the command to the cobra tree when we run in remote mode. However this is a bad user experience since it is not clear that the command is only supported for local podman. Users are left wondering why this does not work and could think the documentation is wrong. To fix it we add a clear error message: Error: cannot use command "podman-remote unshare" with the remote podman client Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13732 from flouthoc/reuse-configmap-volumeOpenShift Merge Robot2022-03-31
|\ \ | | | | | | kube: `configmap` volume should be reused if already exists
| * | kube: configmap volume should be reused if already existsAditya R2022-03-31
|/ / | | | | | | | | | | | | | | `podman play kube` creates a new volume for configmap, if same configmap is applied again volume can be re-used, there is no need to remove and re-create the volume again Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13697 from edsantiago/upgrade_test_matrixOpenShift Merge Robot2022-03-30
|\ \ | | | | | | Upgrade tests: reexamine cross-testing matrix
| * | Upgrade tests: reexamine cross-testing matrixEd Santiago2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - removed: v1.9.0, v2.0.6 + added: v3.4.0 (Cannot add v4 because there's no such image on quay. As soon as one appears, we should add it.) Add a workaround for a UTS namespace conflict new in v3.4 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #13704 from baude/refactor2OpenShift Merge Robot2022-03-30
|\ \ \ | | | | | | | | Machine refactor part 2
| * | | Machine refactor part 2Brent Baude2022-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR further implements a more structured approach to handling the files needed by machine. More files are now made as MachineFile which can then have a symlink (using a shorter path) to them. Also added Set and Get methods for many of the files. The next part of the refactor will implement the use of symlinks on MacOS. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #13646 from Luap99/slirp4netns-portrangeOpenShift Merge Robot2022-03-30
|\ \ \ \ | | | | | | | | | | fix slirp4netns port forwarding with ranges
| * | | | fix slirp4netns port forwarding with rangesPaul Holzinger2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes #13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13716 from giuseppe/enable-all-controllers-serviceOpenShift Merge Robot2022-03-30
|\ \ \ \ \ | | | | | | | | | | | | systemd: enable all cgroups when running as a service
| * | | | | systemd: enable all cgroups when running as a serviceGiuseppe Scrivano2022-03-30
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable cgroup delegation when running as a systemd service so all the available controllers are correctly detected. Closes: https://github.com/containers/podman/issues/13710 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #13712 from Luap99/netns-scope-systemdOpenShift Merge Robot2022-03-30
|\ \ \ \ \ | |/ / / / |/| | | | rootless netns: move process to scope only with systemd
| * | | | rootless netns: move process to scope only with systemdPaul Holzinger2022-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman on a non systemd system we should not try to move the process under a new systemd scope. [NO NEW TESTS NEEDED] Ref #13703 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #13705 from jwmatthews/issue13690OpenShift Merge Robot2022-03-30
|\ \ \ \ \ | |/ / / / |/| | | | Add 'Os' to be queried via 'version' output
| * | | | Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
| | |/ / | |/| | | | | | | | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* | | | Merge pull request #13478 from cevich/build_pushOpenShift Merge Robot2022-03-29
|\ \ \ \ | |/ / / |/| | | Cirrus: Build multi-arch images + manifests
| * | | Cirrus: Build multi-arch images + manifestsChris Evich2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Github-actions for large/complex tasks is hard to read and maintain. Reimplement the multi-arch image build workflow into a set of bash scripts that use all native contrainer-org tooling. This requires a special VM image setup with emulation to build foreign architectures. It also requires renaming the `helloimage` directory, because the build script uses the directory name in the image FQIN. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #13693 from edsantiago/show_sizeOpenShift Merge Robot2022-03-29
|\ \ \ \ | | | | | | | | | | size-check: display binary size and growth
| * | | | size-check: display binary size and growthEd Santiago2022-03-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | This won't actually be seen except by someone who takes the time to clickety-click into Cirrus - but that's better than not showing it at all. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #13692 from Luap99/upgrade-testOpenShift Merge Robot2022-03-29
|\ \ \ \ | |/ / / |/| | | upgrade tests: fix networking problems
| * | | upgrade tests: fix networking problemsPaul Holzinger2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With podman4 we support netavark, however old versions will still use cni. Since netavark and cni can conflict we should not mix them. Remove the network setup from the inital podman command and create the directories manually to prevent such conflicts. Also the update to 4.0 changes the network db structure. While it is compatible from 3.X to 4.0 it will fail the other way around. In this test it will happen because the cleanup process still uses the old podman while the network connect/disconnect test already changed the db format. Therefore the cleanup process cannot see any networks and will not tear it down. The following start will fail because the ip address is already assigned. Fixes #13679 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13686 from vrothberg/nxadmOpenShift Merge Robot2022-03-29
|\ \ \ \ | |_|_|/ |/| | | replace hpcloud/tail with nxadm/tail
| * | | replace hpcloud/tail with nxadm/tailValentin Rothberg2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hpcloud is not maintained anymore. nxadm is already part of the dependency chain, so it won't add work for downstream packages. While testing upcoming changes to the events-file backend, I noticed that nxadm is shipping required fixes. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13619 from rhatdan/systemdOpenShift Merge Robot2022-03-29
|\ \ \ \ | | | | | | | | | | Set systemd mode if entrypoint begins with /bin/sh -c
| * | | | Set systemd mode if entrypoint begins with /bin/sh -cDaniel J Walsh2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13324 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13681 from baude/qmpmonitorfixOpenShift Merge Robot2022-03-29
|\ \ \ \ \ | |_|/ / / |/| | | | Migrate machine configs
| * | | | Migrate machine configsBrent Baude2022-03-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If podman detects a Machinev1 config, it will automatically migrate it to the new format. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED]
* | | | Merge pull request #13682 from patrycja-guzik/docu2OpenShift Merge Robot2022-03-29
|\ \ \ \ | |_|_|/ |/| | | [CI:DOCS] Unify examples section across several man pages
| * | | Unify examples section across several man pagesPatrycja Guzik2022-03-28
| |/ / | | | | | | | | | | | | | | | | | | This commit adjusts example sections across several man pages to the format seen in other pages. Signed-off-by: Patrycja Guzik <patrycja.k.guzik@gmail.com>
* | | Merge pull request #13564 from naveensrinivasan/naveen/feat/pin-actionsOpenShift Merge Robot2022-03-28
|\ \ \ | |_|/ |/| | [CI:DOCS] Pin actions to a full length commit SHA
| * | Pin actions to a full length commit SHAnaveensrinivasan2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions >Pin actions to a full length commit SHA >Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions Also dependabot supports upgrades based on SHA. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* | | Merge pull request #13565 from naveensrinivasan/naveen/feat/dependabot-updateOpenShift Merge Robot2022-03-28
|\ \ \ | |_|/ |/| | Updated dependabot to GitHub actions
| * | Updated dependabot to GitHub actionsnaveensrinivasan2022-03-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Updated dependabot to get updates for GitHub actions. GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository as well as when there are new updates to the dependency. https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack. When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* | Merge pull request #13674 from baude/refactor1OpenShift Merge Robot2022-03-28
|\ \ | | | | | | Machine refactor - part 1
| * | Machine refactor - part 1Brent Baude2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the way machine was written was very adjunct and as such is in dire need of refactoring to better structures and structure methods where appropriate. the weekest part is specifically around all the files that machine requires and how some are just dynamically built on the fly. this pr defines a new machinefile type which allows us to work with the file and also takes into account the use of symlinks which are going to be needed on macos due to its relatively short file length restriction. also, added unit tests for new methods as well as anywhere else I saw a need. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13640 from Luap99/slirp4netns-failOpenShift Merge Robot2022-03-28
|\ \ \ | |/ / |/| | network setup: fail if slirp4netns is not installed
| * | network setup: fail if slirp4netns is not installedPaul Holzinger2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | I do not see why we should only log an error. If slirp4netns is requested but not installed we should error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13651 from jwmatthews/fix13650OpenShift Merge Robot2022-03-28
|\ \ \ | | | | | | | | Fixes errors from 'manifest push' being dropped in remote case
| * | | Fixes errors from 'manifest push' being dropped in remote caseJohn Matthews2022-03-27
| | | | | | | | | | | | | | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* | | | Merge pull request #13677 from flouthoc/rename-eventOpenShift Merge Robot2022-03-28
|\ \ \ \ | | | | | | | | | | libpod, event: generate a valid event on container `rename` operation
| * | | | event: generate a valid event on container rename operationAditya R2022-03-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | Following commit ensures that podman generates a valid event on `podman container rename` where event specifies that it is a rename event and container name swtichted to the latest name. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13668 from rhatdan/walkOpenShift Merge Robot2022-03-28
|\ \ \ \ | | | | | | | | | | Switch all calls to filepath.Walk to filepath.WalkDir