| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
add a shortcut for joining immediately the namespace so we don't need
to re-exec Podman.
With the pause process simplificaton, we can now attempt to join the
namespaces as soon as Podman starts (and before the Go runtime kicks
in), so that we don't need to re-exec and use just one process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
this leaves the containers stopped but we won't risk to use the wrong
user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
rootless: allow resource isolation with cgroup v2
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
skip resources validation when cgroup v2 is detected, as we don't
support it yet.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
We were always raising an error when the rootless user attempted to
setup resources, but this is not the case anymore with cgroup v2.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Fix a typo in release notes, and bump README version
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Bump github.com/containers/storage to v1.12.7
|
|/ /
| |
| |
| | |
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \
| | |
| | | |
remote: version: fix nil dereference
|
|/ /
| |
| |
| |
| |
| |
| | |
Fix a nil dereference by passing the PodmanCommand to GetRuntime().
Fixes: #3145
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Replace root-based rootless tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since CI automation is now executing all tests as a regular user, there
is no need for root-based testing to run special rootless tests. Remove
them.
However, the root-based rootless tests did include one test for exercising
the '--rootfs' option which is needed. Add a new general, and more through
test to replace it - meaning it will be executed as root and non-root.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bump to v1.3.1
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
Revert "Add VarlinkCall.RequiresUpgrade() type and method"
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit bd3154fcf6a48b37cfde5d9b1226900cd863c0d9.
Commit in question may be breaking upstream CI.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
More release notes for 1.3.1
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Add VarlinkCall.RequiresUpgrade() type and method
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Type varlinkapi.VarlinkCall currently only used as receiver for
RequiresUpgrade() future helpers could be added to this type.
RequiresUpgrade() verifies caller has given correct options to the call
for the given operation.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
network: raise a clearer error when using CNI
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
print a clearer error message when an unprivileged user attempts to
create a network using CNI.
Closes: https://github.com/containers/libpod/issues/3118
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add unshare to podman
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes #1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \ \ \ \
| | |_|/ /
| |/| | | |
Release notes for 1.3.1
|
|/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Ensure that start() in StartAndAttach() is locked
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Need this to re-trigger CI
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
StartAndAttach() runs start() in a goroutine, which can allow it
to fire after the caller returns - and thus, after the defer to
unlock the container lock has fired.
The start() call _must_ occur while the container is locked, or
else state inconsistencies may occur.
Fixes #3114
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
split remote tests from distro tests
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We want the remote tests for our distributions to be tested in a
different VM than the local tests. This allows for faster CI runs and
easier debug as well as seperation of flakes.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
When removing pods, free their locks
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
Without this we leak allocated locks, which is definitely not a
good thing.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |/ / /
|/| | | |
set default event logger based on build tags
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
once the default event logger was removed from libpod.conf, we need to
set the default based on whether the systemd build tag is used or not.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
varlink: fix usage message, URI is now optional
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
38199f4c made the URI argument to podman-varlink optional.
Fix the usage message to indicate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix libpod.conf option ordering
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adding the journald configuration broke decoding the default
libpod.conf, because it was after the [runtimes] table (and was
being interpreted as a member of the table, and not the larger
config). We can't easily fix this on the TOML side, so our best
bet is to move it above the table and add a comment to try and
make sure this doesn't happen again.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |/ / /
|/| | | |
podman: fix events help string
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
make it uppercase as all the other ones.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add `systemd` build tag
|