| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Now that we're shipping containers.conf, we don't want to provide
a libpod.conf anymore. This removes libpod.conf from the repo and
as many direct uses as I can find.
There are a few more mentions in the documentation, but someone
more familiar with containers.conf should make those edits.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
rootless: do not set pids limits with cgroupfs
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
and enable events tests.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
add podman remote system df
|
| | |
| | |
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
v2podman image sign
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
this is a straight port to add the podman image sign command. no improvements or refactoring done
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
add port to podman remote command
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor crio/ocicni@v0.2.0
|
|/ / /
| | |
| | |
| | |
| | | |
Fixes: #5193
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/common-0.11.2
Bump github.com/containers/common from 0.11.1 to 0.11.2
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.11.1 to 0.11.2.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.11.1...v0.11.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add netgo build tag to static binary
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
This allows us to system independently resolve DNS requests in static
Podman binaries.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \
| | | |
| | | | |
Adds tunnel routes for system reset.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds tunnel routes for system reset.
Makes forces flag local as options are not propogated down the stack.
Adds relevant test cases and swagger docs.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
containers/dependabot/go_modules/github.com/containers/image/v5-5.4.4
Bump github.com/containers/image/v5 from 5.4.3 to 5.4.4
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.4.3 to 5.4.4.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.4.3...v5.4.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
auto-update: support authfiles
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support using custom authfiles for auto updates by adding a new
`--authfile` flag and passing it down into the backend.
Also do some minor fixes in the help text and the man page.
Fixes: #6159
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Some BATS cleanup: run and systemd tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
run test: run positive test before negative; and actually
implement real negative tests. Also, add confirmation tests for
cidfile/pidfile, not just 'exit status is good'.
systemd test: enable rootless, and again add actual content
testing.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
shm_lock_test: add nil check
|
| |/ /
| | |
| | |
| | |
| | | |
Fixes: #6164
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add podman static build
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We’re now able to build a static podman binary based on a custom nix
derivation. This is integrated in cirrus as well, whereas a later target
would be to provide a self-contained static binary bundle which can be
installed on any Linux x64-bit system.
Fixes: https://github.com/containers/libpod/issues/1399
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \
| | | |
| | | | |
enable rootless mount tests
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the annotation from the umount command to make mount tests pass
and let podman-umount run as a non-root user.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
spec: fix order for setting rlimits
|
|/ /
| |
| |
| |
| |
| |
| | |
also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Add Security Policy
|
| | |
| | |
| | |
| | |
| | |
| | | |
As the title says
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \ \
| | | |
| | | | |
enable rootless integration testing
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
bindings tests for container remove and inspect
|
| | |
| | |
| | |
| | | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
Fix bug where pods would unintentionally share cgroupns
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I realized that setting NetworkMode to private when we are making
a network namespace but not configuring it with CNI or Slirp is
wrong; that's considered `--net=none` not `--net=private`. At the
same time, realized that we actually store whether Slirp is in
use, so we can be more specific than just "default" and instead
say slirp4netns or bridge.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This one was a massive pain to track down.
The original symptom was an error message from rootless Podman
trying to make a container in a pod. I unfortunately did not look
at the error message closely enough to realize that the namespace
in question was the cgroup namespace (the reproducer pod was
explicitly set to only share the network namespace), else this
would have been quite a bit shorter.
I spent considerable effort trying to track down differences
between the inspect output of the two containers, and when that
failed I was forced to resort to diffing the OCI specs. That
finally proved fruitful, and I was able to determine what should
have been obvious all along: the container was joining the cgroup
namespace of the infra container when it really ought not to
have.
From there, I discovered a variable collision in pod config. The
UsePodCgroup variable means "create a parent cgroup for the pod
and join containers in the pod to it". Unfortunately, it is very
similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares
this namespace", so an accessor was accidentally added for it
that indicated the pod shared the cgroup namespace when it really
did not. Once I realized that, it was a quick fix - add a bool to
the pod's configuration to indicate whether the cgroup ns was
shared (distinct from UsePodCgroup) and use that for the
accessor.
Also included are fixes for `podman inspect` and
`podman pod inspect` that fix them to actually display the state
of the cgroup namespace (for container inspect) and what
namespaces are shared (for pod inspect). Either of those would
have made tracking this down considerably quicker.
Fixes #6149
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
V2 Implement tunnelled podman version
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
v2 podman search rootless
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
enable the search command for rootless
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add remaining annotations for `podman inspect`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should finish support for `podman inspect` in APIv2.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|_|/
|/| | | |
v2 podman unshare command
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add unshare command
add cp and init to container sub-command
allow mount to run as rootless
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.23.1incompatible
build(deps): bump github.com/uber/jaeger-client-go from 2.22.1+incompatible to 2.23.1+incompatible
|