| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of a fix for an earlier bug (#5698) we added the ability
for Podman to chown volumes to correctly match the user running
in the container, even in adverse circumstances (where we don't
know the right UID/GID until very late in the process). However,
we only did this for volumes created automatically by a
`podman run` or `podman create`. Volumes made by
`podman volume create` do not get this chown, so their
permissions may not be correct. I've looked, and I don't think
there's a good reason not to do this chwon for all volumes the
first time the container is started.
I would prefer to do this as part of volume copy-up, but I don't
think that's really possible (copy-up happens earlier in the
process and we don't have a spec). There is a small chance, as
things stand, that a copy-up happens for one container and then
a chown for a second, unrelated container, but the odds of this
are astronomically small (we'd need a very close race between two
starting containers).
Fixes #9608
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/onsi/ginkgo-1.15.2
Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.1...v1.15.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Fix volumes and networks list/prune filters in http api
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the continuation work started in #9711. It turns out
that list/prune commands for volumes in libpod/compat api have
very dangerous error handling when broken filter input is supplied.
Problem also affects network list/prune in libpod. This commit
unifies filter handling across libpod/compat api and adds sanity
apiv2 testcases.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/k8s.io/apimachinery-0.20.5
Bump k8s.io/apimachinery from 0.20.4 to 0.20.5
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.20.4...v0.20.5)
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/storage-1.28.0
Bump github.com/containers/storage from 1.25.0 to 1.28.0
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.25.0 to 1.28.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.25.0...v1.28.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
add a dependabot config to automate vendoring
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While dependabot has turned out great to automate updating dependencies,
a major painpoint was that we had to manually run `make vendor` for each
and every commit. It was causing noise.
Adding the config file to `.github/dependabot.yml` will take of also
updating the `./vendor` tree. `containers/common` is using this config
for a while successfully.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Network prune filters for http api (compat and libpod)
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| | | |
| | | | |
Latest crun/runc should handle blkio-weight test
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
there was a documentation issue for the kernel that reported the range
to be different than on cgroup v1.
The issue has been fixed in crun/runc. Adapt the test.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
with cgroup v2, the cgroupns is enabled by default.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix user message image prune --all
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
User message was the same as in the case of no flag provided.
This commit aligns message with the one used in docker.
[NO TESTS NEEDED]
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
[NO TESTS NEEDED] pkg/bindings/images.Build(): fix a race condition in error reporting
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Downgrade github.com/coreos/go-systemd/v22 to a version that will build
against systemd headers that we have on CentOS 8. This also pulls in
github.com/varlink/go.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In nTar(), don't return the error value when the goroutine that's
populating the error value can continue running long after nTar()
returns. Instead, wrap the Close() method of the pipe that we're
returning in a function that collects those errors, along with any error
we get from closing the pipe, and returns them from Close() wrapper.
In Build(), if the Close() method returns an error, at least log it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \
| | | |
| | | | |
Switch all builds to pull-never
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/buildah/issues/2779
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
[CI:DOCS] removing secrets is safe for in-use secrets
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
Fix for volumes prune in http compat api when using filters
|
| |/
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \
| | |
| | | |
Fix array instead of one elem network http api
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| | | |
| | | | |
add /auth for docker compatibility
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: troyready <troy@troyready.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This endpoint just validates credentials:
https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977
Fixes: #9564
Signed-off-by: troyready <troy@troyready.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
System test cleanup
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- cp test: clean up stray image
- build test: add workaround for #9567 (ultra-slow ubuntu).
We're seeing CI flakes (timeouts) due to ubuntu 2004 being
absurdly slow. Workaround: double our timeout on one specific
test when ubuntu + remote.
- build test: clean up new copy-from test (from #9275).
The test was copy-pasted from buildah system tests, without
really adapting for podman environment (e.g. it was using
images that we don't use here, and would cause pulls, which
will cause flakes). Rewrite test so it references only $IMAGE,
remove some confusing/unnecessary stuff, selectively run
parts of it even when rootless or remote, and add a
test to confirm that copy-from succeeded.
- load test: add error-message test to new load-invalid (#9672).
Basically, make sure the command fails for the right reason.
- play test (kube): use $IMAGE, not alpine; and add pause-image
cleanup to teardown()
- apiv2 mounts test: add a maintainability comment in a tricky
section of code; and tighten up the mount point test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Do not leak libpod package into the remote client
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The New York timezone changes between summer and winter time.
Make sure the test allows both timezones.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some packages used by the remote client imported the libpod package.
This is not wanted because it adds unnecessary bloat to the client and
also causes problems with platform specific code(linux only), see #9710.
The solution is to move the used functions/variables into extra packages
which do not import libpod.
This change shrinks the remote client size more than 6MB compared to the
current master.
[NO TESTS NEEDED]
I have no idea how to test this properly but with #9710 the cross
compile should fail.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `libpod/network` package should only be used on the backend and not the
client. The client used this package only for two functions so move them
into a new `pkg/network` package.
This is needed so we can put linux only code into `libpod/network`, see #9710.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/sirupsen/logrus-1.8.1
Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.0...v1.8.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
[NO TESTS NEEDED] create endpoint for querying libpod networks
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| | | |
| | | | |
Delete all containers and pods between tests
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
New tearDown() deletes all pods and containers between tests
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |/ /
|/| | |
sdnotify tests: try real hard to kill socat processes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman gating tests are hanging in the new Fedora CI setup;
long and tedious investigation suggests that 'socat' processes
are being left unkilled, which then causes BATS to hang when
it (presumably) runs a final 'wait' in its end cleanup.
The two principal changes are to exec socat in a subshell
with fd3 closed, and to pkill its child processes before
killing the process itself. I don't know if both are needed.
The pkill definitely is; the exec may just be superstition.
Since I've wasted more than a day of PTO time on this, I'm
okay with a little superstition. What I do know is that with
these two changes, my reproducer fails to reproduce in over
one hour of trying (normally it fails within 5 minutes).
AND, update: only rawhide (f35) leaves stray socat processes
behind. f33 and ubuntu do not, so 'pkill -P' fails.
I really have no idea what's going on.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
apiv2 tests: finally fix POST as originally intended
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When I originally wrote this code I had no idea what POST
would look like so I did a sloppy job, deferring making it
usable. Now that we have some real-world examples in place,
I have a better understanding of what params look like and
how to make tests more readable/maintainable. (Deferring isn't
always bad: one of my early ideas was to separate params using
commas; that would've been a disaster because some JSON values,
such as arrays, include commas).
This commit implements a better way of dealing with POST:
* The main concept is still 'key=value'
* When value is a JSON object (dictionary, array), it
can be quoted.
* Multiple params are simply separated by spaces.
The 3-digit HTTP code is a prominent, readable separator
between POST params and expected results. The parsing
code is a little uglier, but test developers need
never see that. The important thing is that writing
tests is now easier.
* POST params can be empty (this removes the need for a
useless '')
I snuck in one unrelated change: one of the newly-added
tests, .NetworkSettings, was failing when run rootless
(which is how I test on my setup). I made it conditional.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|