summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Create user storage dir with correct permissionsBlake Burkhart2021-06-14
| | | | | | | | Docker VOLUMEs will inherit permissions from an existing directory at the same path. If the path does not exist, the directory will be owned by root which makes this image unusable in rootless mode. Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
* Merge pull request #10651 from rhatdan/buildOpenShift Merge Robot2021-06-14
|\ | | | | Add support for podman remote build -f - .
| * Add support for podman remote build -f - .Daniel J Walsh2021-06-11
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10621 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10652 from rhatdan/devicesOpenShift Merge Robot2021-06-14
|\ \ | | | | | | Fix handling of podman-remote build --device
| * | Fix handling of podman-remote build --deviceDaniel J Walsh2021-06-13
|/ / | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10614 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10525 from rhatdan/docs1OpenShift Merge Robot2021-06-12
|\ \ | | | | | | [CI:DOCS] Add documentation on ignore_chown_errors
| * | Add documentation on ignore_chown_errorsDaniel J Walsh2021-06-10
| | | | | | | | | | | | | | | | | | fixes: https://github.com/containers/podman/issues/10145 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10601 from Procyhon/07062021_manpageOpenShift Merge Robot2021-06-12
|\ \ \ | | | | | | | | [CI:DOCS] UPDATE manpages with MANPAGE_SYNTAX
| * | | UPDATE manpages with MANPAGE_SYNTAXAlexander Richter2021-06-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following manpages have been adapted to the MANPAGE_SYNTAX: - podman-completion - podman-container-checkpoint - podman-container-cleanup - podman-container-exists The following manpages have had little changes: - podman-attach - podman-commit - MANPAGE_SYNTAX - Makefile Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
* | | | Merge pull request #10635 from adrianreber/2021-06-04-privilegedOpenShift Merge Robot2021-06-12
|\ \ \ \ | | | | | | | | | | Fix restoring of privileged containers
| * | | | Fix restoring of privileged containersAdrian Reber2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpointed containers started with --privileged fail during restore with: Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified This commit fixes it by not setting the labels when restoring a privileged container. [NO TESTS NEEDED] Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | | Merge pull request #10661 from mwhahaha/issue-10660OpenShift Merge Robot2021-06-12
|\ \ \ \ \ | | | | | | | | | | | | Fall back to string for dockerfile parameter
| * | | | | Fall back to string for dockerfile parameterAlex Schultz2021-06-11
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9cb824981db3fee6b8445b29e513c89e9b9b00b changed the expectations of the dockerfile parameter to be json data however it's a string. In order to support both, let's attempt json and fall back to a string if the json parsing fails. Closes #10660 Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | | | | Merge pull request #10654 from Luap99/net-connectOpenShift Merge Robot2021-06-12
|\ \ \ \ \ | | | | | | | | | | | | Fix network connect race with docker-compose
| * | | | | Fix network connect race with docker-composePaul Holzinger2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Network connect/disconnect has to call the cni plugins when the network namespace is already configured. This is the case for `ContainerStateRunning` and `ContainerStateCreated`. This is important otherwise the network is not attached to this network namespace and libpod will throw errors like `network inspection mismatch...` This problem happened when using `docker-compose up` in attached mode. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #10405 from mheon/always_cleanup_execOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Always spawn a cleanup process with exec
| * | | | | | Add ExecDied event and use it to retrieve exit codesMatthew Heon2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When making Exec Cleanup processes mandatory, I introduced a race wherein attached exec sessions could be cleaned up and removed by the cleanup process before the frontend had a chance to get their exit code. Fortunately, we've dealt with this issue before in containers, and the same solution can be applied here. I added an event for an exec session's process exiting, `exec_died` (Docker has an identical event, so this actually improves our compatibility there) that includes the exit code of the exec session. If the race happens and the exec session no longer exists when we go to remove it, pick up exit code from the event and exit cleanly. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | | | Always spawn a cleanup process with execMatthew Heon2021-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were previously only doing this for detached exec. I don't know why we did that, but I don't see any reason not to extend it to all exec sessions - it guarantees that we will always clean up exec sessions, even if the original `podman exec` process died. [NO TESTS NEEDED] because I don't really know how to test this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | | Merge pull request #10638 from Luap99/volumeOpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Fix volumes with uid and gid options
| * | | | | | Fix volumes with uid and gid optionsPaul Holzinger2021-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman uses the volume option map to check if it has to mount the volume or not when the container is started. Commit 28138dafcc39 added to uid and gid options to this map, however when only uid/gid is set we cannot mount this volume because there is no filesystem or device specified. Make sure we do not try to mount the volume when only the uid/gid option is set since this is a simple chown operation. Also when a uid/gid is explicity set, do not chown the volume based on the container user when the volume is used for the first time. Fixes #10620 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #10542 from alvistack/master-linux-amd64OpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Update nix pin with `make nixpkgs`
| * | | | | | | Update nix pin with `make nixpkgs`Wong Hoi Sing Edison2021-06-10
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Bugfix `make nixpkgs` which pin with branch `nixos-21.05` - Code lint with `nixpkgs-fmt` - Code sync between x86\_64 and aarch64 Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* | | | | | | Merge pull request #10646 from edsantiago/arm64OpenShift Merge Robot2021-06-11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | System tests: the continuing multiarch saga
| * | | | | | | System tests: the continuing multiarch sagaEd Santiago2021-06-10
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TL;DR podman needs "arm64" as arch, not "arm64v8". Unexpurgated version: docker.io publishes ${ARCH}/alpine for several values of ARCH. Unfortunately, the arm64 one is called "arm64v8", which is sensible, but podman needs the --arch value of the manifest to be exactly "arm64". So we need to special-case this value in our loop. Do so, and build/publish a new 20210610 testimage. Use that in tests moving forward. And, since we need to jump through the same hoops to build the nonlocal image, include it in the build loop instead of as a tacked-on comment. Try to be helpful by determining the next-available numeric tag. And: don't push anything by default. Instead, just tell the user what buildah-push commands to run. And: refactor $PODMAN_NONLOCAL_IMAGE_TAG, to make it easier for the RHEL-arch-testing folx to override using envariables instead of inplace-sed. (Not that they should ever need to override again, because this is the final multiarch commit that should be forevermore perfect and need no further commits ever again). And, finally, bump up to latest alpine/busybox images. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | | Merge pull request #10628 from ↵OpenShift Merge Robot2021-06-10
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/storage-1.32.2 Bump github.com/containers/storage from 1.32.1 to 1.32.2
| * | | | | | Bump github.com/containers/storage from 1.32.1 to 1.32.2dependabot[bot]2021-06-10
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.1 to 1.32.2. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.32.1...v1.32.2) --- updated-dependencies: - dependency-name: github.com/containers/storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | Merge pull request #10609 from giuseppe/ignore-named-hierarchiesOpenShift Merge Robot2021-06-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | container: ignore named hierarchies
| * | | | | | container: ignore named hierarchiesGiuseppe Scrivano2021-06-10
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when looking up the container cgroup, ignore named hierarchies since containers running systemd as payload will create a sub-cgroup and move themselves there. Closes: https://github.com/containers/podman/issues/10602 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #10639 from adrianreber/2021-06-10-pre-dump-fixOpenShift Merge Robot2021-06-10
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix pre-checkpointing
| * | | | | Fix pre-checkpointingAdrian Reber2021-06-10
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unfortunately --pre-checkpointing never worked as intended and recent changes to runc have shown that it is broken. To create a pre-checkpoint CRIU expects the paths between the pre-checkpoints to be a relative path. If having a previous checkpoint it needs the be referenced like this: --prev-images-dir ../parent Unfortunately Podman was giving runc (and CRIU) an absolute path. Unfortunately, again, until March 2021 CRIU silently ignored if the path was not relative and switch back to normal checkpointing. This has been now fixed in CRIU and runc and running pre-checkpoint with the latest runc fails, because runc already sees that the path is absolute and returns an error. This commit fixes this by giving runc a relative path. This commit also fixes a second pre-checkpointing error which was just recently introduced. So summarizing: pre-checkpointing never worked correctly because CRIU ignored wrong parameters and recent changes broke it even more. Now both errors should be fixed. [NO TESTS NEEDED] Signed-off-by: Adrian Reber <areber@redhat.com> Signed-off-by: Adrian Reber <adrian@lisas.de>
* | | | | Merge pull request #10642 from cevich/fix_linksOpenShift Merge Robot2021-06-10
|\ \ \ \ \ | |_|_|/ / |/| | | | [CI:DOCS] Fix docs links due to branch rename
| * | | | Fix docs links due to branch renameChris Evich2021-06-10
|/ / / / | | | | | | | | | | | | | | | | | | | | Ref: https://github.com/containers/common/issues/549 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #10634 from Luap99/machine-buildOpenShift Merge Robot2021-06-10
|\ \ \ \ | |/ / / |/| | | Fix build tags for pkg/machine...
| * | | Fix build tags for pkg/machine...Paul Holzinger2021-06-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman machine is only intended for amd64 and arm64 architectures, set the correct buildtags so that the `pkg/machine`, `pkg/machine/qemu` and `pkg/machine/libvirt` packages compile correctly. [NO TESTS NEEDED] Fixes #10625 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10611 from giuseppe/fix-fast-rootless-join-pathOpenShift Merge Robot2021-06-10
|\ \ \ | |/ / |/| | rootless: fix fast join userns path
| * | rootless: fix fast join userns pathGiuseppe Scrivano2021-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit ab886328357184cd0a8375a5dedf816ba91789f9 changed the path for the pause.pid file but didn't update the same path in the C code. This prevented Podman to take the fast path when the userns is already created and to join it without re-execing itself. Fix the path in the C code as well so we can join the rootless user+mount namespace without having to re-exec Podman. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #10618 from edsantiago/batsOpenShift Merge Robot2021-06-09
|\ \ \ | |/ / |/| | System tests: deal with crun 0.20.1
| * | System tests: deal with crun 0.20.1Ed Santiago2021-06-09
|/ / | | | | | | | | | | | | | | | | | | crun 0.20.1 changed an error message that we relied on. Deal with it by accepting the old and new message. Also (unrelated): sneak in some doc fixes to get rid of nasty go-md2man warnings that have crept into man pages. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10550 from rhatdan/DockerfileOpenShift Merge Robot2021-06-09
|\ \ | | | | | | podman-remote build should handle -f option properly
| * | podman-remote build should handle -f option properlyDaniel J Walsh2021-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote build has to handle multiple different locations for the Containerfile. Currently this works in local mode but not when using podman-remote. Fixes: https://github.com/containers/podman/issues/9871 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10607 from jwhonce/issues/10559OpenShift Merge Robot2021-06-09
|\ \ \ | | | | | | | | [CI:DOCS] Update swagger for inspect network
| * | | [CI:DOCS] Update swagger for inspect networkJhon Honce2021-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | struct for swagger was pointing to wrong internal type Fixes #10559 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #10390 from jmguzik/fix-cmd-prune-filter-imagesOpenShift Merge Robot2021-06-09
|\ \ \ \ | |/ / / |/| | | Fix image prune --filter cmd behavior
| * | | Fix image prune --filter cmd behaviorJakub Guzik2021-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Image prune --filter is fully implemented in the api, http api yet not connected with the cli execution. User trying to use filters does not see the effect. This commit adds glue code to enable possiblity of using --filter in prune in the cli execution. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #10603 from cdoern/networksQueryCharlie Doern2021-06-08
|\ \ \ \ | |_|/ / |/| | | implemented verbose and scope as possible
| * | | fixed docs and schemascdoern2021-06-08
| | | | | | | | | | | | | | | | Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #10594 from ↵OpenShift Merge Robot2021-06-08
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/containers/buildah-1.21.1 Bump github.com/containers/buildah from 1.21.0 to 1.21.1
| * | | | Bump github.com/containers/buildah from 1.21.0 to 1.21.1dependabot[bot]2021-06-08
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.21.0 to 1.21.1. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/v1.21.1/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.21.0...v1.21.1) --- updated-dependencies: - dependency-name: github.com/containers/buildah dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #10600 from vrothberg/fix-10596OpenShift Merge Robot2021-06-08
|\ \ \ \ | | | | | | | | | | logs: k8s-file: fix race
| * | | | logs: k8s-file: fix raceValentin Rothberg2021-06-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a race in the k8s-file logs driver. When "following" the logs, Podman will print the container's logs until the end. Previously, Podman logged until the state transitioned into something non-running which opened up a race with the container still running, possibly in the "stopping" state. To fix the race, log until we've seen the wait event for the specific container. In that case, conmon will have finished writing all logs to the file, and Podman will read it until EOF. Further tweak the integration tests for testing `logs -f` on a running container. Previously, the test only checked for one of two lines stating that there was a race. Indeed the race was in using `run --rm` where a log file may be removed before we could fully read it. Fixes: #10596 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>