| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman containers can specify that they get their network
namespace from another container. This is automatic in pods, but
any container can do it.
The problem is that these containers are not guaranteed to have a
network namespace of their own; it is perfectly valid to join the
network namespace of a --net=host container, and both containers
will end up in the host namespace. The code for obtaining network
stats did not account for this, and could cause segfaults as a
result. Fortunately, the fix is simple - the function we use to
get said stats already performs appropriate checks, so we just
need to recursively call it.
Fixes #5652
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
check --user range for rootless containers
|
| |
| |
| |
| |
| |
| | |
Check --user range if it's a uid for rootless containers. Returns error if it is out of the range. From https://github.com/containers/libpod/issues/6431#issuecomment-636124686
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
images --no-trunc: fix ID formatting
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the redundant `sha256:` prefix from the image IDs.
Fixes: #6459
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Update vendor containers/psgo
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/onsi/ginkgo-1.12.3
Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.12.2 to 1.12.3.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.12.2...v1.12.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/coreos/go-systemd/v22-22.1.0
Bump github.com/coreos/go-systemd/v22 from 22.0.0 to 22.1.0
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.0.0 to 22.1.0.
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](https://github.com/coreos/go-systemd/compare/v22.0.0...v22.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.0-rc90
Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0-rc9 to 1.0.0-rc90.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Commits](https://github.com/opencontainers/runc/compare/v1.0.0-rc9...v1.0.0-rc90)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add information on detach-keys
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add bindings for exec and enable attached remote exec
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds bindings for starting exec sessions, and then uses them
to wire up detached exec. Code is heavily based on Attach code
for containers, slightly modified to handle exec sessions.
Bindings are presently attached-only, detached is pending on a
Conmon update landing in CI. I'll probably get to that next.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Combine the code of dealing with 'readonly' and 'ro'.
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/containers/libpod/pull/6380#discussion_r432391376
Signed-off-by: Charles Shih <schrht@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
system tests : more tests
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- exec: add test for #5046, in which conmon swallowed chars
on a large byte transfer
- pod: add 'pod exists' tests, both positive and negative;
consolidate tests; add '--label', and check in 'pod inspect'
add 'pod ps' tests
- networking: add test for #5466, in which detached run
with --userns=keep-id would not forward a port
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Don't build code on remoteclient
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add invalid value to error message
|
| | |_|_|/
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Remove skipifremote checks in images_test.go
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | /
| | |/
| |/| |
Add support for format {{.Label}}
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented.
Fixes #6448
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Fix leak of empty tarball
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In cases of trying to export an image, if the image was not found, we leaked an empty tarball or directory depending on the format.
Fixes: #6409
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
[CI:DOCS] Update man pages for --ip with CNI networks
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Originally, we did not allow this, and the manpage reflects that.
We added support with 1.7.0, but did not update the manpage. Fix
the manpages so they are once again accurate.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
enable building without `varlink` tag
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Issue gh#6286 was already fixed in a prior commit but the Makefile still
ran some varlink steps by default.
This commit makes any varlink build steps dependent on the varlink
build tag and also makes the contrib rpm spec file independent of
varlink.
Endpoint tests will be run only if BUILDTAGS contains varlink.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] update httpd location in tutorial
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update the reference to the httpd in the Podman tutorial.
This just bumps it to F29 for now to get things working,
I'd prefer to get something set up in quay.io to make it
more resistant to Fedora version changes.
Fixes: #6439
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
system tests: enable skopeo REGISTRY_AUTH_FILE
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
skopeo pr #829 adds REGISTRY_AUTH_FILE support; this lets us
enable the following test:
podman login - shares credentials with skopeo - via envariable
(I seriously doubt that the CI VMs have been updated with the
new skopeo, but I can leave this PR in limbo until that happens.
Otherwise I'll forget to enable the test).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.9.5
Bump github.com/rootless-containers/rootlesskit from 0.9.4 to 0.9.5
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.4 to 0.9.5.
- [Release notes](https://github.com/rootless-containers/rootlesskit/releases)
- [Commits](rootless-containers/rootlesskit@v0.9.4...v0.9.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
v2 copy endpoints
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Bump to v2.0.0-RC3
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
add X-Registry-Auth header support
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Support the `X-Registry-Auth` http-request header.
* The content of the header is a base64 encoded JSON payload which can
either be a single auth config or a map of auth configs (user+pw or
token) with the corresponding registries being the keys. Vanilla
Docker, projectatomic Docker and the bindings are transparantly
supported.
* Add a hidden `--registries-conf` flag. Buildah exposes the same
flag, mostly for testing purposes.
* Do all credential parsing in the client (i.e., `cmd/podman`) pass
the username and password in the backend instead of unparsed
credentials.
* Add a `pkg/auth` which handles most of the heavy lifting.
* Go through the authentication-handling code of most commands, bindings
and endpoints. Migrate them to the new code and fix issues as seen.
A final evaluation and more tests is still required *after* this
change.
* The manifest-push endpoint is missing certain parameters and should
use the ABI function instead. Adding auth-support isn't really
possible without these parts working.
* The container commands and endpoints (i.e., create and run) have not
been changed yet. The APIs don't yet account for the authfile.
* Add authentication tests to `pkg/bindings`.
Fixes: #6384
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add support for `readonly` option to --mount
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This is just an alias to the `ro` option, but it's already in the
manpages (and Docker) so we might as well add support for it.
Fixes #6379
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|