summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Remove libpod.conf from repoMatthew Heon2020-05-12
| | | | | | | | | | | Now that we're shipping containers.conf, we don't want to provide a libpod.conf anymore. This removes libpod.conf from the repo and as many direct uses as I can find. There are a few more mentions in the documentation, but someone more familiar with containers.conf should make those edits. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6174 from giuseppe/fix-events-rootlessOpenShift Merge Robot2020-05-12
|\ | | | | rootless: do not set pids limits with cgroupfs
| * test: enable networking test for rootlessGiuseppe Scrivano2020-05-12
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: do not set pids limits with cgroupfsGiuseppe Scrivano2020-05-12
| | | | | | | | | | | | and enable events tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6182 from baude/v2remotedfOpenShift Merge Robot2020-05-12
|\ \ | | | | | | add podman remote system df
| * | add podman remote system dfBrent Baude2020-05-12
| | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6154 from baude/v2signOpenShift Merge Robot2020-05-12
|\ \ \ | | | | | | | | v2podman image sign
| * | | v2podman image signBrent Baude2020-05-11
| | | | | | | | | | | | | | | | | | | | | | | | this is a straight port to add the podman image sign command. no improvements or refactoring done Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6181 from baude/v2remoteportOpenShift Merge Robot2020-05-12
|\ \ \ \ | |_|/ / |/| | | add port to podman remote command
| * | | add port to podman remote commandBrent Baude2020-05-11
| | |/ | |/| | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6189 from vrothberg/ocicniOpenShift Merge Robot2020-05-12
|\ \ \ | | | | | | | | vendor crio/ocicni@v0.2.0
| * | | vendor crio/ocicni@v0.2.0Valentin Rothberg2020-05-12
|/ / / | | | | | | | | | | | | Fixes: #5193 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6173 from ↵OpenShift Merge Robot2020-05-12
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.11.2 Bump github.com/containers/common from 0.11.1 to 0.11.2
| * | | Bump github.com/containers/common from 0.11.1 to 0.11.2dependabot-preview[bot]2020-05-11
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.11.1 to 0.11.2. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.11.1...v0.11.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6187 from openSUSE/netgoOpenShift Merge Robot2020-05-12
|\ \ \ | | | | | | | | Add netgo build tag to static binary
| * | | Add netgo build tag to static binarySascha Grunert2020-05-12
| | |/ | |/| | | | | | | | | | | | | | | | This allows us to system independently resolve DNS requests in static Podman binaries. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #6101 from sujil02/systemreset-v2OpenShift Merge Robot2020-05-12
|\ \ \ | | | | | | | | Adds tunnel routes for system reset.
| * | | Adds tunnel routes for system reset.Sujil022020-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds tunnel routes for system reset. Makes forces flag local as options are not propogated down the stack. Adds relevant test cases and swagger docs. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #6172 from ↵OpenShift Merge Robot2020-05-12
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/image/v5-5.4.4 Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4
| * | | | Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4dependabot-preview[bot]2020-05-11
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.4.3 to 5.4.4. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.4.3...v5.4.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6186 from vrothberg/auto-updateOpenShift Merge Robot2020-05-12
|\ \ \ \ | |_|_|/ |/| | | auto-update: support authfiles
| * | | auto-update: support authfilesValentin Rothberg2020-05-12
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Support using custom authfiles for auto updates by adding a new `--authfile` flag and passing it down into the backend. Also do some minor fixes in the help text and the man page. Fixes: #6159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6176 from edsantiago/bats_moreOpenShift Merge Robot2020-05-11
|\ \ \ | |/ / |/| | Some BATS cleanup: run and systemd tests
| * | Some BATS cleanup: run and systemd testsEd Santiago2020-05-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | run test: run positive test before negative; and actually implement real negative tests. Also, add confirmation tests for cidfile/pidfile, not just 'exit status is good'. systemd test: enable rootless, and again add actual content testing. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6169 from vrothberg/fix-6164OpenShift Merge Robot2020-05-11
|\ \ \ | | | | | | | | shm_lock_test: add nil check
| * | | shm_lock_test: add nil checkValentin Rothberg2020-05-11
| |/ / | | | | | | | | | | | | Fixes: #6164 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #5566 from openSUSE/static-binaryOpenShift Merge Robot2020-05-11
|\ \ \ | | | | | | | | Add podman static build
| * | | Add podman static buildSascha Grunert2020-05-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We’re now able to build a static podman binary based on a custom nix derivation. This is integrated in cirrus as well, whereas a later target would be to provide a self-contained static binary bundle which can be installed on any Linux x64-bit system. Fixes: https://github.com/containers/libpod/issues/1399 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #6168 from vrothberg/mount-testsOpenShift Merge Robot2020-05-11
|\ \ \ | | | | | | | | enable rootless mount tests
| * | | enable rootless mount testsValentin Rothberg2020-05-11
| |/ / | | | | | | | | | | | | | | | | | | Remove the annotation from the umount command to make mount tests pass and let podman-umount run as a non-root user. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6167 from giuseppe/fix-setting-limitsOpenShift Merge Robot2020-05-11
|\ \ \ | |/ / |/| | spec: fix order for setting rlimits
| * | spec: fix order for setting rlimitsGiuseppe Scrivano2020-05-11
|/ / | | | | | | | | | | | | also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6156 from TomSweeneyRedHat/secOpenShift Merge Robot2020-05-10
|\ \ | | | | | | [CI:DOCS] Add Security Policy
| * | [CI:DOCS] Add Security PolicyTomSweeneyRedHat2020-05-09
| | | | | | | | | | | | | | | | | | As the title says Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #6126 from baude/v2rootlessOpenShift Merge Robot2020-05-10
|\ \ \ | | | | | | | | enable rootless integration testing
| * | | enable rootless integration testingBrent Baude2020-05-10
| | |/ | |/| | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6151 from lsm5/tests-apiv2-inspect-removeOpenShift Merge Robot2020-05-10
|\ \ \ | |/ / |/| | bindings tests for container remove and inspect
| * | bindings tests for container remove and inspectLokesh Mandvekar2020-05-08
| | | | | | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #6152 from mheon/fix_pod_join_cgroupnsOpenShift Merge Robot2020-05-09
|\ \ \ | | | | | | | | Fix bug where pods would unintentionally share cgroupns
| * | | Ensure `podman inspect` output for NetworkMode is rightMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I realized that setting NetworkMode to private when we are making a network namespace but not configuring it with CNI or Slirp is wrong; that's considered `--net=none` not `--net=private`. At the same time, realized that we actually store whether Slirp is in use, so we can be more specific than just "default" and instead say slirp4netns or bridge. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Fix bug where pods would unintentionally share cgroupnsMatthew Heon2020-05-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #6148 from jwhonce/wip/versionOpenShift Merge Robot2020-05-09
|\ \ \ | |_|/ |/| | V2 Implement tunnelled podman version
| * | V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6145 from baude/v2rootlesssearchDaniel J Walsh2020-05-09
|\ \ \ | | | | | | | | v2 podman search rootless
| * | | v2 podman search rootlessBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | enable the search command for rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6147 from mheon/fix_inspect_annotationsDaniel J Walsh2020-05-09
|\ \ \ \ | |_|/ / |/| | | Add remaining annotations for `podman inspect`
| * | | Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6146 from baude/v2unshareDaniel J Walsh2020-05-08
|\ \ \ \ | |_|_|/ |/| | | v2 podman unshare command
| * | | v2 podman unshare commandBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6049 from ↵OpenShift Merge Robot2020-05-08
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.23.1incompatible build(deps): bump github.com/uber/jaeger-client-go from 2.22.1+incompatible to 2.23.1+incompatible