| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
* Use `pkg/adapter` to increase code reuse and reduce code redundancy.
* Extend swagger docs to mention AIX descriptors.
* Document the libpod endpoint which shares the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
v2 api: stats improvements
|
| | |
| |
| |
| |
| |
| | |
Also remove the redundant stats handler in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The docker and libpod endpoints provide the same functionality, so
we can use the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also expect the container to be running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also add some comments.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We must check all errors and handle them properly. Otherwise, we can run
into nil dereferences ultimately killing the service.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
`NumProcs` and `StorageStats` are windows specific and are not
popoulated on Linux. Hence, we can safely remove them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
oci_conmon: not make accessible dirs if not needed
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not change the permissions mask for the rundir and the tmpdir when
running a container with a user namespace and the current user is
mapped inside the user namespace.
The change was introduced with
849548ffb8e958e901317eceffdcc2d918cafd8d, that dropped the
intermediate mount namespace in favor of allowing root into the user
namespace to access these directories.
Closes: https://github.com/containers/libpod/issues/4846
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Bump to Buildah v1.13.1
|
| | | |
| | |
| | |
| | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \ \
| | | |
| | | | |
policy for seccomp-profile selection
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rename `data` to `imageData` to make it more obvious which kind of data
the variable refers to.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
[CI:DOCS]swagger corrections
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
make lint: extend checks
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Include the unit tests (i.e., _test.go files) for linting to make the
tests more robust and enforce the linters' coding styles etc.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
swagger documentation updates
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
adhere closer to the spec by using description and summary fields and
also ensuring that the id is unique to avoid collision between generic
and libpod endpoints.
also, make swagger output work with redoc which seems to display our
information better for our needs.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
revert accidental change from codespell pr.
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
This should use `od` not `of`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
clarify cont
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the --force parameter should only be used for the CLI and should only
dictate whether to prompt the user for confirmation.
Fixes: #4844
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix linting
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Once the gating image doesn't ship with pre-installed tools, we can
remove the workaround.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Blacklist linters instead of whitelisting them. This way, we will
benefit from new linters when updating and it's easier to actually
find and fix open issues.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The latest versions have regressions in --skip-dirs where some linters
will still run and error out.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Perftest was intended to be used for testing CPU intensive tasks of
Podman. However, it does not compile for a long while and is not
integrated in the CI which clearly indicates that it has not been
used for a considerable amount of time.
Remove contrib/perftest entirely. If the desire arises to revive it,
all code is still reachable in the git history.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We should only use `make golangci-lint` which is also used in `make
validate`. However, we need to enable more linters which we can
do step by step in future commits.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Do not configure CNI when slirp4netns is requested
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Our networking code bakes in a lot of assumptions about how
networking should work - that CNI is *always* used with root, and
that slirp4netns is *always* used only with rootless. These are
not safe assumptions. This fixes one particular issue, which
would cause CNI to also be run when slirp4netns was requested as
root.
Fixes: #4687
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Add codespell to validate spelling mistakes in code.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix all errors found by codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Add history names to image inspect data
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
During writing the tests I found it would be probably useful to have the
tag history part of the inspect data.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Cirrus: Fix libpod base images going stale
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
VM Base images are used as a starting point for runtime VM images.
The in-use VM base images should never be pruned, which is an
operation that potentially occurs periodically from automation
running on the master branch of the libpod repo.
However the only place which updates timestamps (blocking pruning)
of base images, occurs during runtime VM image building. Therefor,
if images are not regularly rebuilt, it's possible their base images
go stale and are pruned.
Changes:
* Add freshly-produced base images (old ones got pruned)
* Wrap the timestamp update script to include base image names
in the update list.
Notes:
* Regularly updating base image timestamps only needs to happen
on the libpod repo's meta task, since all base images live there.
* Using a wrapper is needed to maintain compatibility with multiple
versions of the imgts container image used by other repos / branchs.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
docs: --privileged docs completeness, consistency
|
| | | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
As discussed in https://github.com/containers/libpod/issues/4840
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
| |\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | | |
podman-generate-systemd --new
|
| | | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add a --new flag to podman-generate-systemd to create a new container
via podman-run instead of starting an existing container.
Creating a new container presents the challenge to find a reverse
mapping from a container to the CLI flags it can be created with. We
are doing this via `(Container).Config.CreateCommand` field, which
includes a copy of the process' command from procFS at creating time.
This field may not be useful when the container was not created via the
Podman CLI (e.g., via a Python script). Hence, we do not guarantee the
correctness of the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
[Makefile] Ensure .gopathok dependency is met for varlink
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When executing make in parallel, e.g `make -j8`, there is a chance steps are
executed at the same time. There is a chance .gopathok and the actual varlink
generation happening at the same time, causing a race and ultimately failing the
build.
Ensuring the .gopathok dependency is met at the actual step fixes the problem.
Signed-off-by: Morten Linderud <morten@linderud.pw>
|
