summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #13455 from rhatdan/dockerOpenShift Merge Robot2022-03-09
|\ | | | | Fix handling of tmpfs-mode for tmpfs creation in compat mode
| * Fix handling of tmpfs-mode for tmpfs creation in compat modeDaniel J Walsh2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | The permissions on disk were wrong since we were not converting to octal. Fixes: https://github.com/containers/podman/issues/13108 [NO NEW TESTS NEEDED] Since we don't currently test using the docker client Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13471 from Luap99/bump-mpbv7OpenShift Merge Robot2022-03-09
|\ \ | | | | | | Use github.com/vbauerster/mpb/v7 in pkg/machine
| * | Use github.com/vbauerster/mpb/v7 in pkg/machinePaul Holzinger2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already use v7 in c/image so podman should use the same version to prevent duplication. This saves 170 KB binary size. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13470 from Luap99/yamlv2OpenShift Merge Robot2022-03-09
|\ \ \ | |/ / |/| | use gopkg.in/yaml.v2 instead of v3
| * | use gopkg.in/yaml.v2 instead of v3Paul Holzinger2022-03-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Many dependencies already import gopkg.in/yaml.v2, podman is the only user of the v3 version except github.com/stretchr/testify but this is only a testing dependency so it will not end up in the binary. This change reduces the podman binary size from 54740 to 54260 KB on my system. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13421 from hshiina/device-ruleOpenShift Merge Robot2022-03-09
|\ \ | | | | | | Set default rule at the head of device configuration
| * | Set default rule at the head of device configurationHironori Shiina2022-03-07
| | | | | | | | | | | | | | | | | | | | | | | | The default rule should be set at the head of device configuration. Otherwise, rules for user devices are overridden by the default rule so that any access to the user devices are denied. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | Merge pull request #13469 from ↵OpenShift Merge Robot2022-03-09
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/distribution-2.8.1incompatible Bump github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible
| * | | Bump github.com/docker/distributiondependabot[bot]2022-03-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.0+incompatible to 2.8.1+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.0...v2.8.1) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #13465 from n1hility/improve-install-msgOpenShift Merge Robot2022-03-09
|\ \ \ | |/ / |/| | Improve agent install message to add restart instructions
| * | Improve agent install message to add restart instructionsJason T. Greene2022-03-08
| | | | | | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #13466 from baude/machinermfOpenShift Merge Robot2022-03-09
|\ \ \ | | | | | | | | machine rm -f stops and removes machine
| * | | machine rm -f stops and removes machineBrent Baude2022-03-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you want to remove a running machine, you can now pass the --force/-f to podman machine rm and the machine will be stopped and removed without confirmations. Fixes: #13448 [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13447 from eriksjolund/add_chown_tip_to_troubleshooting.mdOpenShift Merge Robot2022-03-09
|\ \ \ | | | | | | | | [CI:DOCS] troubleshooting.md: mention "podman unshare chown 0:0 path"
| * | | [CI:DOCS] troubleshooting.md: mention "podman unshare chown 0:0 path"Erik Sjölund2022-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Mention the command "podman unshare chown 0:0 dir1/a" that changes file ownership to the regular user's UID and GID on the host. Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13460 from edsantiago/skip_flaky_pprof_testOpenShift Merge Robot2022-03-08
|\ \ \ \ | | | | | | | | | | Skip flaky pprof tests
| * | | | Skip flaky pprof testsEd Santiago2022-03-08
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pprof tests are way too flaky, and are causing problems for community contributors who don't have privs to press Re-run. There has been no activity or interest in fixing the bug, and it's not something I can fix. So, just disable the test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #13457 from ashley-cui/flakeOpenShift Merge Robot2022-03-08
|\ \ \ \ | |_|/ / |/| | | Move secret-verify-leak containerfile into its own Directory
| * | | Move secret-verify-leak containerfile into its own DirectoryAshley Cui2022-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Secret-verify-leak is causing flakes, when running in parallel tests. This is because remote secrets are copied into the context directory to send to the API server, and secret-verify-leak is doing a COPY * and then checking if the temporary secret file ends up in the container or not. Since all the temporary files are prefixed with "podman-build-secret", this test checks if podman-build-secret is in the image. However, when run in parallel with other tests, other temporary podman-build-secrets might be in the context dir. Moving secret-verify-leak into its own directory makes sure that the context dir is used only by this one test. Also renamed Dockerfile -> Containerfile and cleaned up unused Containerfiles. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #13366 from idleroamer/inspect-joined-network-ns-mainOpenShift Merge Robot2022-03-08
|\ \ \ \ | |_|_|/ |/| | | Inspect network info of a joined network namespace
| * | | Inspect network info of a joined network namespace😎 Mostafa Emami2022-03-08
| | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/13150 Signed-off-by: 😎 Mostafa Emami <mustafaemami@gmail.com>
* | | | Merge pull request #13409 from baude/virtfsdarwinOpenShift Merge Robot2022-03-07
|\ \ \ \ | |_|_|/ |/| | | MacOS improvements
| * | | MacOS improvementsBrent Baude2022-03-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | * Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu. * Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13414 from rvandernoort/exec_delayOpenShift Merge Robot2022-03-07
|\ \ \ | |_|/ |/| | Add ExitCommandDelay configuration use in API exec handler
| * | Add ExitCommandDelay configuration use in API exec handlerRover van der Noort2022-03-04
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Rover van der Noort <s.r.vandernoort@student.tudelft.nl>
* | | Merge pull request #13431 from eriksjolund/fix_some_typosOpenShift Merge Robot2022-03-07
|\ \ \ | | | | | | | | [CI:DOCS] troubleshooting.md: Improve language and fix typos
| * | | [CI:DOCS] troubleshooting.md: Improve language and fix typosErik Sjölund2022-03-05
| | | | | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #13310 from lsm5/packagingOpenShift Merge Robot2022-03-07
|\ \ \ \ | | | | | | | | | | [CI:DOCS] DISTRO_PACKAGE.md: List the packaging changes for v4
| * | | | [CI:DOCS] DISTRO_PACKAGE.md: List the packaging changes for v4Lokesh Mandvekar2022-03-07
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Co-authored-by: Ashley Cui <ashleycui16@gmail.com> Co-authored-by: Valentin Rothberg <vrothberg@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #13418 from lsm5/release-artifacts-process-2OpenShift Merge Robot2022-03-07
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] RELEASE_PROCESS.md: cosmetic fix
| * | | [CI:DOCS] RELEASE_PROCESS.md: cosmetic fixLokesh Mandvekar2022-03-07
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow up to pr#13416 Insert line breaks to get rid of the horizontal scroll bar. Resolves: https://github.com/containers/podman/pull/13416#discussion_r818991807 Co-authored-by: Ashley Cui <acui@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #13442 from tricktron/rm-mounted-host-socket-on-macosOpenShift Merge Robot2022-03-07
|\ \ \ | | | | | | | | `podman machine rm` removes the mounted socket file on macOS
| * | | Fixes: #13301 ("machine rm removes the mounted socket file on macos")Thibault Gagnaux2022-03-06
| |/ / | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
* | | Merge pull request #13406 from jwhonce/wip/docker-pyOpenShift Merge Robot2022-03-07
|\ \ \ | | | | | | | | Move all python tests to pytest
| * | | Move all python tests to pytestJhon Honce2022-03-04
| | |/ | |/| | | | | | | | | | | | | | | | * Add configuration to add report header for python client used in tests * Move report headers into the individual test runners vs runner.sh Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #13423 from umohnani8/kubeOpenShift Merge Robot2022-03-07
|\ \ \ | |_|/ |/| | Throw an error if kube yaml has duplicate ctr names
| * | Throw an error if kube yaml has duplicate ctr namesUrvashi Mohnani2022-03-04
|/ / | | | | | | | | | | | | Error out if the kube yaml passed to play kube has more than one container or init container with the same name. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #13413 from giuseppe/pod-no-use-cgroups-if-disabledOpenShift Merge Robot2022-03-04
|\ \ | | | | | | libpod: pods do not use cgroups if --cgroups=disabled
| * | libpod: pods do not use cgroups if --cgroups=disabledGiuseppe Scrivano2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | do not attempt to use cgroups with pods if the cgroups are disabled. A similar check is already in place for containers. Closes: https://github.com/containers/podman/issues/13411 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13416 from lsm5/release-artifacts-processOpenShift Merge Robot2022-03-03
|\ \ \ | | | | | | | | RELEASE_PROCESS.md: build artifacts locally
| * | | RELEASE_PROCESS.md: build artifacts locallyLokesh Mandvekar2022-03-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current PR process for release bump has the HEAD commit which bumps version/version.go to the form `release+1-dev`. This makes Cirrus publish release artifacts with `release+1-dev` and not `release`. For example, the msi generated at https://cirrus-ci.com/task/5403901196238848 says podman-v4.0.3-dev.msi . Building locally by checking out the released tag would generate the correct artifacts and would also be faster and more convenient. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #13404 from flouthoc/bump-to-race-free-depsOpenShift Merge Robot2022-03-03
|\ \ \ | |/ / |/| | deps: bump to race-free `c/image` and `c/storage` along with test to verify `concurrent/parallel` builds
| * | test: add a test to verify race free concurrent/parallel buildsAditya R2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Invoking parallel/concurrent builds from podman race against each other following behviour was fixed in https://github.com/containers/storage/pull/1153 and https://github.com/containers/image/pull/1480 Test verifies if following bug is fixed in new race-free API or not. Read more about this issue, see bz 2055487 for more details. More details here: https://github.com/containers/buildah/pull/3794 and https://github.com/containers/podman/pull/13339 Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Aditya R <arajan@redhat.com>
| * | vendor: bump c/image to main/9a9cd9Aditya R2022-03-02
| | | | | | | | | | | | | | | | | | | | | Bump c/image to upstream main/9a9cd9 so podman could use new race-free code. Signed-off-by: Aditya R <arajan@redhat.com>
| * | vendor: bump c/storage to main/d06b0fAditya R2022-03-02
| |/ | | | | | | | | | | | | Bump c/storage to main/d06b0f so we podman could use new `race-free` `AddNames` and `RemoveNames` api Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13399 from flouthoc/resolve-workdir-symlinkOpenShift Merge Robot2022-03-02
|\ \ | |/ |/| container: workdir resolution must consider `symlink` if explicitly configured
| * container: workdir resolution must consider symlink if explicitly configuredAditya R2022-03-02
|/ | | | | | | | | | | | | | | | | | | | | | | While resolving `workdir` we mostly create a `workdir` when `stat` fails with `ENOENT` or `ErrNotExist` however following cases are not true when user explicitly specifies a `workdir` while `running` using `--workdir` which tells `podman` to only use workdir if its exists on the container. Following configuration is implicity set with other `run` mechanism like `podman play kube` Problem with explicit `--workdir` or similar implicit config in `podman play kube` is that currently podman ignores the fact that workdir can also be a `symlink` and actual `link` could be valid. Hence following commit ensures that in such scenarios when a `workdir` is not found and we cannot create a `workdir` podman must perform a check to ensure that if `workdir` is a `symlink` and `link` is resolved successfully and resolved link is present on the container then we return as it is. Docker performs a similar behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #13375 from kousu/repair-13123OpenShift Merge Robot2022-03-01
|\ | | | | Use storage that better supports rootless overlayfs
| * Use storage that better supports rootless overlayfsNick Guenther2022-03-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned (as of linux 5.16.0, I believe) how to support rootless users. Previously, rootless users had to use these storage.conf(5) settings: * storage.driver=vfs (aka STORAGE_DRIVER=vfs), or * storage.driver=overlay (aka STORAGE_DRIVER=overlay), storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs (aka STORAGE_OPTS=/usr/bin/fuse-overlayfs) Now that a third backend is available, setting only: * storage.driver=overlay (aka STORAGE_DRIVER=overlay) https://github.com/containers/podman/issues/13123 reported EXDEV errors during the normal operation of their container. Tracing it out, the problem turned out to be that their container was being mounted without 'userxattr'; I don't fully understand why, but mount(8) mentions this is needed for rootless users: > userxattr > > Use the "user.overlay." xattr namespace instead of "trusted.overlay.". > This is useful for unprivileged mounting of overlayfs. https://github.com/containers/storage/pull/1156 found and fixed the issue in podman, and this just pulls in that via go get github.com/containers/storage@ebc90ab go mod vendor make vendor Closes https://github.com/containers/podman/issues/13123 Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>