summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Properly follow linked namespace container for statsMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | Podman containers can specify that they get their network namespace from another container. This is automatic in pods, but any container can do it. The problem is that these containers are not guaranteed to have a network namespace of their own; it is perfectly valid to join the network namespace of a --net=host container, and both containers will end up in the host namespace. The code for obtaining network stats did not account for this, and could cause segfaults as a result. Fortunately, the fix is simple - the function we use to get said stats already performs appropriate checks, so we just need to recursively call it. Fixes #5652 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6435 from QiWang19/uidOpenShift Merge Robot2020-06-02
|\ | | | | check --user range for rootless containers
| * check --user range for rootless containersQi Wang2020-06-02
| | | | | | | | | | | | Check --user range if it's a uid for rootless containers. Returns error if it is out of the range. From https://github.com/containers/libpod/issues/6431#issuecomment-636124686 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6460 from vrothberg/no-truncOpenShift Merge Robot2020-06-02
|\ \ | | | | | | images --no-trunc: fix ID formatting
| * | images --no-trunc: fix ID formattingValentin Rothberg2020-06-02
| | | | | | | | | | | | | | | | | | | | | Remove the redundant `sha256:` prefix from the image IDs. Fixes: #6459 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6457 from rhatdan/psgoOpenShift Merge Robot2020-06-02
|\ \ \ | | | | | | | | Update vendor containers/psgo
| * | | Update vendor containers/psgoDaniel J Walsh2020-06-02
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6445 from ↵OpenShift Merge Robot2020-06-02
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/onsi/ginkgo-1.12.3 Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3
| * | | Bump github.com/onsi/ginkgo from 1.12.2 to 1.12.3dependabot-preview[bot]2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.12.2 to 1.12.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.12.2...v1.12.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6463 from ↵OpenShift Merge Robot2020-06-02
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/coreos/go-systemd/v22-22.1.0 Bump github.com/coreos/go-systemd/v22 from 22.0.0 to 22.1.0
| * | | | Bump github.com/coreos/go-systemd/v22 from 22.0.0 to 22.1.0dependabot-preview[bot]2020-06-02
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) from 22.0.0 to 22.1.0. - [Release notes](https://github.com/coreos/go-systemd/releases) - [Commits](https://github.com/coreos/go-systemd/compare/v22.0.0...v22.1.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6462 from ↵OpenShift Merge Robot2020-06-02
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/opencontainers/runc-1.0.0-rc90 Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
| * | | Bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90dependabot-preview[bot]2020-06-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.0-rc9 to 1.0.0-rc90. - [Release notes](https://github.com/opencontainers/runc/releases) - [Commits](https://github.com/opencontainers/runc/compare/v1.0.0-rc9...v1.0.0-rc90) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6455 from rhatdan/detatchkeysOpenShift Merge Robot2020-06-02
|\ \ \ | | | | | | | | Add information on detach-keys
| * | | Add information on detach-keysDaniel J Walsh2020-06-01
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6411 from mheon/exec_bindingsOpenShift Merge Robot2020-06-02
|\ \ \ \ | | | | | | | | | | Add bindings for exec and enable attached remote exec
| * | | | Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6443 from SCHEN2015/combine_ro_readonlyOpenShift Merge Robot2020-06-02
|\ \ \ \ \ | |_|_|/ / |/| | | | Combine the code of dealing with 'readonly' and 'ro'.
| * | | | Combine the code of dealing with 'readonly' and 'ro'.Charles Shih2020-06-02
|/ / / / | | | | | | | | | | | | | | | | | | | | https://github.com/containers/libpod/pull/6380#discussion_r432391376 Signed-off-by: Charles Shih <schrht@gmail.com>
* | | | Merge pull request #6456 from edsantiago/batsOpenShift Merge Robot2020-06-01
|\ \ \ \ | | | | | | | | | | system tests : more tests
| * | | | system tests : more testsEd Santiago2020-06-01
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - exec: add test for #5046, in which conmon swallowed chars on a large byte transfer - pod: add 'pod exists' tests, both positive and negative; consolidate tests; add '--label', and check in 'pod inspect' add 'pod ps' tests - networking: add test for #5466, in which detached run with --userns=keep-id would not forward a port Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6350 from rhatdan/buildOpenShift Merge Robot2020-06-01
|\ \ \ \ | | | | | | | | | | Don't build code on remoteclient
| * | | | Don't build code on remoteclientDaniel J Walsh2020-05-29
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #6453 from jwhonce/wip/errorsOpenShift Merge Robot2020-06-01
|\ \ \ \ \ | | | | | | | | | | | | Add invalid value to error message
| * | | | | Add invalid value to error messageJhon Honce2020-06-01
| | |_|_|/ | |/| | | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #6454 from rhatdan/remoteOpenShift Merge Robot2020-06-01
|\ \ \ \ \ | |_|_|/ / |/| | | | Remove skipifremote checks in images_test.go
| * | | | turn on remote testing for images. podman-remote build now works.Daniel J Walsh2020-06-01
| |/ / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6449 from baude/v2podlabelsOpenShift Merge Robot2020-06-01
|\ \ \ \ | |/ / / |/| | / | | |/ | |/| Add support for format {{.Label}}
| * | Add support for format {{.Label}}Brent Baude2020-06-01
|/ / | | | | | | | | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6447 from baude/v2apitarleakOpenShift Merge Robot2020-06-01
|\ \ | | | | | | Fix leak of empty tarball
| * | Fix leak of empty tarballBrent Baude2020-06-01
| | | | | | | | | | | | | | | | | | | | | | | | In cases of trying to export an image, if the image was not found, we leaked an empty tarball or directory depending on the format. Fixes: #6409 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6438 from rhatdan/manOpenShift Merge Robot2020-06-01
|\ \ \ | |/ / |/| | [CI:DOCS] Update man pages for --ip with CNI networks
| * | Update man pages for --ip with CNI networksMatthew Heon2020-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | Originally, we did not allow this, and the manpage reflects that. We added support with 1.7.0, but did not update the manpage. Fix the manpages so they are once again accurate. Signed-off-by: Matthew Heon <mheon@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6353 from lsm5/build-without-varlinkOpenShift Merge Robot2020-06-01
|\ \ \ | | | | | | | | enable building without `varlink` tag
| * | | default build without `varlink` tagLokesh Mandvekar2020-05-29
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue gh#6286 was already fixed in a prior commit but the Makefile still ran some varlink steps by default. This commit makes any varlink build steps dependent on the varlink build tag and also makes the contrib rpm spec file independent of varlink. Endpoint tests will be run only if BUILDTAGS contains varlink. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #6441 from TomSweeneyRedHat/dev/tsweeney/fixtuthttpdOpenShift Merge Robot2020-05-31
|\ \ \ | | | | | | | | [CI:DOCS] update httpd location in tutorial
| * | | [CI:DOCS] update httpd location in tutorialTomSweeneyRedHat2020-05-30
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the reference to the httpd in the Podman tutorial. This just bumps it to F29 for now to get things working, I'd prefer to get something set up in quay.io to make it more resistant to Fedora version changes. Fixes: #6439 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #5594 from edsantiago/batsOpenShift Merge Robot2020-05-30
|\ \ \ | | | | | | | | system tests: enable skopeo REGISTRY_AUTH_FILE
| * | | system tests: enable skopeo REGISTRY_AUTH_FILEEd Santiago2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | skopeo pr #829 adds REGISTRY_AUTH_FILE support; this lets us enable the following test: podman login - shares credentials with skopeo - via envariable (I seriously doubt that the CI VMs have been updated with the new skopeo, but I can leave this PR in limbo until that happens. Otherwise I'll forget to enable the test). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #6165 from ↵OpenShift Merge Robot2020-05-30
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/rootless-containers/rootlesskit-0.9.5 Bump github.com/rootless-containers/rootlesskit from 0.9.4 to 0.9.5
| * | | | Bump github.com/rootless-containers/rootlesskit from 0.9.4 to 0.9.5Daniel J Walsh2020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/rootless-containers/rootlesskit](https://github.com/rootless-containers/rootlesskit) from 0.9.4 to 0.9.5. - [Release notes](https://github.com/rootless-containers/rootlesskit/releases) - [Commits](rootless-containers/rootlesskit@v0.9.4...v0.9.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #6356 from baude/v2copyendpointsOpenShift Merge Robot2020-05-30
|\ \ \ \ \ | |_|_|/ / |/| | | | v2 copy endpoints
| * | | | v2 copy endpointsBrent Baude2020-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add copy endpoint inputs and outputs. these endpoints are not implemented yet, nor are any bindings. this allows us to update this later without having to change our api version. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #6432 from mheon/bump-2.0.0-rc3OpenShift Merge Robot2020-05-29
|\ \ \ \ \ | | | | | | | | | | | | Bump to v2.0.0-RC3
| * | | | | Bump to v2.0.0-devMatthew Heon2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | Bump to v2.0.0-rc3v2.0.0-rc3Matthew Heon2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Merge pull request #6207 from vrothberg/auth-headerOpenShift Merge Robot2020-05-29
|\ \ \ \ \ \ | |/ / / / / |/| | | | | add X-Registry-Auth header support
| * | | | | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #6380 from mheon/fix_mount_readonlyOpenShift Merge Robot2020-05-29
|\ \ \ \ \ | | | | | | | | | | | | Add support for `readonly` option to --mount
| * | | | | Add support for `readonly` option to --mountMatthew Heon2020-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is just an alias to the `ro` option, but it's already in the manpages (and Docker) so we might as well add support for it. Fixes #6379 Signed-off-by: Matthew Heon <matthew.heon@pm.me>