summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* [CI:DOCS] elaborate on image lookups of foreign platformsValentin Rothberg2022-08-22
| | | | | | | | | | | | | | After pulling/creating an image of a foreign platform, Podman will happily use it when looking it up in the local storage and will not pull down the image matching the host platform. As discussed in #12682, the reasoning for it is Docker compatibility and the fact that user already rely on the behavior. While Podman is now emitting a warning when an image is in use not matching the local platform, the documentation was lacking that information. Fixes: #15300 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #15401 from vrothberg/fix-15388OpenShift Merge Robot2022-08-22
|\ | | | | fix CI: remove hardcodeded alpine version
| * fix CI: remove hardcodeded alpine versionValentin Rothberg2022-08-22
| | | | | | | | | | | | | | | | The apiv2 test hardcoded the tag of the alpine image. Remove it to unblock CI. Fixes: #15388 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #15342 from edsantiago/docs_dedup_authfileOpenShift Merge Robot2022-08-22
|\ \ | |/ |/| Man pages: refactor common options: authfile
| * Man pages: refactor common options: authfileEd Santiago2022-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the --authfile option. My suggestion for review: 1) run hack/markdown-preprocess-review and immediately Ctrl-Q to quit out of diffuse, which is completely unusable for this many files; then 2) cd /tmp/markdown-preprocess-review.diffs/authfile - this is the directory created by the review script 3) rm podman-image-sign* podman-log* podman-search.1.md.in - because they're essentially identical to podman-create 4) rm podman-manifest-* podman-push.* - because they're 100% identical to podman-kube-play 5) rm podman-kube-play* - because it's apart-from-whitespace identical to podman-build (use "wdiff" to confirm) 6) rm podman-auto-update* - because that's the one I chose (hence == zzz-chosen.md) (You should obviously run your own diff/cmp before rm, to confirm my assertions about which files are identical). After all that, you have a manageable number of files which you can scan, read, diff against zzz-chosen.md, even run diffuse. This option is IMHO the poster child for why we need this kind of man page refactoring. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #15365 from edsantiago/test_kube_generateOpenShift Merge Robot2022-08-18
|\ \ | | | | | | podman kube generate - add actual tests
| * | podman generate kube - add actual testsEd Santiago2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This exposed a nasty bug in our system-test setup: Ubuntu (runc) was writing a scratch containers.conf file, and setting CONTAINERS_CONF to point to it. This was well-intentionedly introduced in #10199 as part of our long sad history of not testing runc. What I did not understand at that time is that CONTAINERS_CONF is **dangerous**: it does not mean "I will read standard containers.conf and then override", it means "I will **IGNORE** standard containers.conf and use only the settings in this file"! So on Ubuntu we were losing all the default settings: capabilities, sysctls, all. Yes, this is documented in containers.conf(5) but it is such a huge violation of POLA that I need to repeat it. In #14972, as yet another attempt to fix our runc crisis, I introduced a new runc-override mechanism: create a custom /etc/containers/containers.conf when OCI_RUNTIME=runc. Unlike the CONTAINERS_CONF envariable, the /etc file actually means what you think it means: "read the default file first, then override with the /etc file contents". I.e., we get the desired defaults. But I didn't remember this helpers.bash workaround, so our runc testing has actually been flawed: we have not been testing with the system containers.conf. This commit removes the no-longer-needed and never-actually-wanted workaround, and by virtue of testing the cap-drops in kube generate, we add a regression test to make sure this never happens again. It's a little scary that we haven't been testing capabilities. Also scary: this PR requires python, for converting yaml to json. I think that should be safe: python3 'import yaml' and 'json' works fine on a RHEL8.7 VM from 1minutetip. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #15371 from dfr/freebsd-conmonOpenShift Merge Robot2022-08-18
|\ \ \ | | | | | | | | libpod: Add FreeBSD support for ConmonOCIRuntime
| * | | libpod: Build oci_conmon_common.go and oci_conmon_attach_common on FreeBSDDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This also adds FreeBSD equivalents to the functions moved to oci_conmon*_linux.go. For openUnixSocket, we create a temporary symlink to shorten the path to something that fits into sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move openUnixSocket to oci_conmon_attach_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function depends on linux-specific functionality in /proc/fd to allow connecting to local domain sockets with pathnames too long for sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move moveConmonToCgroupAndSignal and GetLimits to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move socket label handling from oci_conmon_common.go to ↵Doug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | oci_conmon_linux.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move rootless handling from oci_conmon_common.go to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move oci_conmon_exec_linux.go to oci_conmon_exec_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move oci_conmon_attach_linux.go to oci_conmon_attach_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | libpod: Move oci_conmon_linux.go to oci_conmon_common.goDoug Rabson2022-08-18
| |/ / | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #15305 from dilyanpalauzov/reword_exit_policyDaniel J Walsh2022-08-18
|\ \ \ | | | | | | | | Reword --exit-policy option
| * | | Reword --exit-policy optionДилян Палаузов2022-08-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot assume that the submitter has time or will to read texts about symbolism in software contributions. If the system wants to see the text nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae in each commit, people will write this, or any other text, that the system wants to see. All such text, which presence is mandated by the system, has the same value. Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
* | | | Merge pull request #15340 from giuseppe/conmon-rs-version-parseOpenShift Merge Robot2022-08-18
|\ \ \ \ | |_|/ / |/| | | runtime: parse conmon-rs version
| * | | runtime: use FindCommon from c/commonGiuseppe Scrivano2022-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it detects conmon-rs. [NO NEW TESTS NEEDED] no functionalities added. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | vendor: update containers/commonGiuseppe Scrivano2022-08-17
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #15368 from m0duspwnens/api_sort_hc_bindsOpenShift Merge Robot2022-08-17
|\ \ \ \ | | | | | | | | | | sort hc.Binds returned from compat api
| * | | | sort hc.Binds returned from compat apiJosh Patterson2022-08-17
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
* | | | | Merge pull request #15364 from rhatdan/statsOpenShift Merge Robot2022-08-17
|\ \ \ \ \ | | | | | | | | | | | | Add podman stats --no-trunc option
| * | | | | Add podman stats --no-trunc optionDaniel J Walsh2022-08-17
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is for compatibility with Docker. Partial fix for https://github.com/containers/podman/issues/14917 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #15362 from rhatdan/manifest1OpenShift Merge Robot2022-08-17
|\ \ \ \ \ | |/ / / / |/| | | | Add podman manifest create -a. Alias for --amend:Docker compatibility
| * | | | Add podman manifest create -a. Alias for --amend:Docker compatibilityDaniel J Walsh2022-08-17
|/ / / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15341 from rhatdan/kubeOpenShift Merge Robot2022-08-17
|\ \ \ \ | | | | | | | | | | Fix podman kube generate --help to show correct help message
| * | | | Fix podman kube generate --help to show correct help messageDaniel J Walsh2022-08-16
| |/ / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15031 from lsm5/ec2-aarch64-machineOpenShift Merge Robot2022-08-17
|\ \ \ \ | | | | | | | | | | Cirrus: add podman_machine_aarch64
| * | | | Cirrus: add podman_machine_aarch64Lokesh Mandvekar2022-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Run machine tests on every PR as label-driven machine test triggering is currently hard to predict and debug. Co-authored-by: Ed Santiago <santiago@redhat.com> Co-authored-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | | Merge pull request #15357 from dfr/freebsd-buildOpenShift Merge Robot2022-08-17
|\ \ \ \ \ | |/ / / / |/| | | | Add non-linux build stubs for libpod
| * | | | libpod: Move uses of unix.O_PATH to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The O_PATH flag is a recent addition to the open syscall and is not present in darwin or in FreeBSD releases before 13.1. The constant is not present in the FreeBSD version of x/sys/unix since that package supports FreeBSD 12.3 and later. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | libpod: Move rootless network setup details to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes a use of state.NetNS which is a linux-specific field defined in container_linux.go from the generic container_internal.go, allowing that to build on non-linux platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | libpod: Add stubs for non-linux buildsDoug Rabson2022-08-17
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note: this makes info.go linux-only since it mixes linux-specific and generic code. This should be addressed in a separate refactoring PR. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | Merge pull request #14999 from sstosh/restart-optionOpenShift Merge Robot2022-08-17
|\ \ \ \ | | | | | | | | | | Add restart --cidfile, --filter
| * | | | Update cmd/podman/containers/restart.goTom Sweeney2022-08-12
| | | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: Tom Sweeney <tsweeney@redhat.com> Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
| * | | | Add restart --cidfile, --filterToshiki Sonoda2022-08-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --cidfile : Read container ID from the specified file and restart the container. --filter : restart the filtered container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | Merge pull request #15350 from nalind/manifest-amendOpenShift Merge Robot2022-08-17
|\ \ \ \ \ | | | | | | | | | | | | podman manifest create: accept --amend and --insecure flags
| * | | | | podman manifest create: accept --amend and --insecure flagsNalin Dahyabhai2022-08-16
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accept a --amend flag in `podman manifest create`, and treat `--insecure` as we would `--tls-verify=false` in `podman manifest`'s "add", "create", and "push" subcommands. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | Merge pull request #15324 from dfr/freebsd-buildOpenShift Merge Robot2022-08-17
|\ \ \ \ \ | |/ / / / |/| | | | utils: Add missing symbols for FreeBSD
| * | | | utils: Add missing symbols for FreeBSDDoug Rabson2022-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | | Merge pull request #15345 from edsantiago/runc_fixOpenShift Merge Robot2022-08-16
|\ \ \ \ \ | |_|_|_|/ |/| | | | system tests: fix broken runc test
| * | | | system tests: fix broken runc testEd Santiago2022-08-16
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #14613, which was never actually tested until this week in RHEL8 gating tests (see issue #15337). * add missing backslash in '|' expression * allow extra text after error (e.g., "invalid argument") No way to test this until it makes its way into RHEL8, so, fingers crossed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #15317 from rhatdan/debugOpenShift Merge Robot2022-08-16
|\ \ \ \ | | | | | | | | | | Add compatibility support for --debug flag from docker
| * | | | Add compatibility support for --debug -D flag from dockerDaniel J Walsh2022-08-15
| | |_|/ | |/| | | | | | | | | | | | | | | | | | This is another fix for https://github.com/containers/podman/issues/14917 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #15339 from edsantiago/docs_dedup_annotationOpenShift Merge Robot2022-08-16
|\ \ \ \ | | | | | | | | | | Man pages: refactor common options: --annotation
| * | | | Man pages: refactor common options: --annotationEd Santiago2022-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the --annotation option, but only between podman create, kube play, and run. This does not include: * podman build: - usage is in terms of images, not containers/pods * manifest add, manifest annotate: - usage is in terms of images, not containers/pods - also, wording is slightly different Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #15270 from nicrowe00/kubegenerateOpenShift Merge Robot2022-08-16
|\ \ \ \ \ | |/ / / / |/| | | | Add "podman kube generate" command
| * | | | Add "podman kube generate" commandNiall Crowe2022-08-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "podman kube generate" creates Kubernetes YAML from Podman containers, pods or volumes. Users will still be able to use "podman generate kube" as an alias of "kube generate". Signed-off-by: Niall Crowe <nicrowe@redhat.com>