summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Podman Image SCP rootful to rootless transfercdoern2021-11-05
| | | | | | | | | | | Added functionality for users to transfer images from root storage to rootless storage without using sshd. This is done through rootful podman by running `sudo podman image scp root@localhost::image user@localhost:: the user is needed in order to find and use their uid/gid to exec a new process. added necessary tests, and functions for this implementation. Created new image function Transfer so that the underlying code is majorly removed from CLI Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #12119 from ashley-cui/updatesOpenShift Merge Robot2021-10-30
|\ | | | | [CI:DOCS] Add information on how podman machine is updated
| * Add information on how podman machine is updatedAshley Cui2021-10-28
| | | | | | | | | | | | | | Update documentation on how the default podman machine distribution, FCOS, is updated. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #12141 from kprav33n/help-docOpenShift Merge Robot2021-10-30
|\ \ | | | | | | Fix help message case for `podman version`
| * | Fix help message case for `podman version`Praveen Kumar2021-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is a cosmetic change. The help message for `podman version` is in title case whereas all other command help messages are not in title case. This stands out as inconsistent when looking at the output of `podman help`. Signed-off-by: Praveen Kumar <praveen+git@kumar.in>
* | | Merge pull request #12090 from afbjorklund/image-streamOpenShift Merge Robot2021-10-29
|\ \ \ | | | | | | | | Record the image stream along with the path
| * | | Record the image stream along with the pathAnders F Björklund2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | | Merge pull request #12128 from ↵OpenShift Merge Robot2021-10-29
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/k8s.io/api-0.22.3 Bump k8s.io/api from 0.22.2 to 0.22.3
| * | | Bump k8s.io/api from 0.22.2 to 0.22.3dependabot[bot]2021-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.22.2 to 0.22.3. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](https://github.com/kubernetes/api/compare/v0.22.2...v0.22.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #12127 from vrothberg/bz-2014149OpenShift Merge Robot2021-10-29
|\ \ \ \ | | | | | | | | | | volumes: be more tolerant and fix infinite loop
| * | | | volumes: be more tolerant and fix infinite loopValentin Rothberg2021-10-28
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make Podman more tolerant when parsing image volumes during container creation and further fix an infinite loop when checking them. Consider `VOLUME ['/etc/foo', '/etc/bar']` in a Containerfile. While it looks correct to the human eye, the single quotes are wrong and yield the two volumes to be `[/etc/foo,` and `/etc/bar]` in Podman and Docker. When running the container, it'll create a directory `bar]` in `/etc` and a directory `[` in `/` with two subdirectories `etc/foo,`. This behavior is surprising to me but how Docker behaves. We may improve on that in the future. Note that the correct way to syntax for volumes in a Containerfile is `VOLUME /A /B /C` or `VOLUME ["/A", "/B", "/C"]`; single quotes are not supported. This change restores this behavior without breaking container creation or ending up in an infinite loop. BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2014149 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12138 from gsanchietti/doc_pause_typoOpenShift Merge Robot2021-10-29
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Fix pause usage example
| * | | | Fix pause usage exampleGiacomo Sanchietti2021-10-29
|/ / / / | | | | | | | | | | | | | | | | | | | | The page contains a wrong 'stop' command example. Signed-off-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
* | | | Merge pull request #12133 from jwhonce/issues/12102OpenShift Merge Robot2021-10-29
|\ \ \ \ | | | | | | | | | | Allow label and labels when creating volumes
| * | | | Allow label and labels when creating volumesJhon Honce2021-10-28
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JSON payload may have either key. Labels will override any values set via Label. Fixes #12102 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #12124 from giuseppe/allow-devpts-optionsOpenShift Merge Robot2021-10-28
|\ \ \ \ | | | | | | | | | | volumes: allow more options for devpts
| * | | | volumes: allow more options for devptsGiuseppe Scrivano2021-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow to pass down more options that are supported by the kernel. Discussion here: https://github.com/containers/toolbox/issues/568 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | volumes: do not pass mount opt as formatter stringGiuseppe Scrivano2021-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | otherwise passing a formatter string as an option causes a weird error message: $ podman run --mount type=devpts,destination=/dev/pts,%sfoo ... Error: %!s(MISSING)foo: invalid mount option Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12117 from ↵OpenShift Merge Robot2021-10-28
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | adrianreber/2021-10-27-set-checkpointed-false-after-restore Set Checkpointed state to false after restore
| * | | | Set Checkpointed state to false after restoreAdrian Reber2021-10-27
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A restored container still had the state set to 'Checkpointed: true' which seems wrong if it running again. [NO NEW TESTS NEEDED] Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12126 from giuseppe/fix-race-warning-messageOpenShift Merge Robot2021-10-28
|\ \ \ \ | | | | | | | | | | runtime: change PID existence check
| * | | | runtime: change PID existence checkGiuseppe Scrivano2021-10-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 6b3b0a17c625bdf71b0ec8b783b288886d8e48d7 introduced a check for the PID file before attempting to move the PID to a new scope. This is still vulnerable to TOCTOU race condition though, since the PID file or the PID can be removed/killed after the check was successful but before it was used. Closes: https://github.com/containers/podman/issues/12065 [NO NEW TESTS NEEDED] it fixes a CI flake Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12120 from giuseppe/rename-cgroup-subtreeOpenShift Merge Robot2021-10-28
|\ \ \ \ | |/ / / |/| | | oci: rename sub-cgroup to runtime instead of supervisor
| * | | oci: rename sub-cgroup to runtime instead of supervisorGiuseppe Scrivano2021-10-28
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we are having a hard time figuring out a failure in the CI: https://github.com/containers/podman/issues/11191 Rename the sub-cgroup created here, so we can be certain the error is caused by this part. [NO NEW TESTS NEEDED] we need this for the CI. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #12066 from matejvasek/set-docker-hostOpenShift Merge Robot2021-10-27
|\ \ \ | | | | | | | | Set DOCKER_HOST in the VM
| * | | Set DOCKER_HOST in the VMMatej Vasek2021-10-23
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | Merge pull request #12064 from vrothberg/fix-11933OpenShift Merge Robot2021-10-27
|\ \ \ \ | | | | | | | | | | container create: fix --tls-verify parsing
| * | | | container create: fix --tls-verify parsingValentin Rothberg2021-10-27
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that the value is only set if specified on the CLI. c/image already defaults to true but if set in the system context, we'd skip settings in the registries.conf. Fixes: #11933 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12111 from giuseppe/fix-warning-move-pause-processOpenShift Merge Robot2021-10-27
|\ \ \ \ | | | | | | | | | | runtime: check for pause pid existence
| * | | | runtime: check for pause pid existenceGiuseppe Scrivano2021-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | check that the pause pid exists before trying to move it to a separate scope. Closes: https://github.com/containers/podman/issues/12065 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | utils: do not overwrite the err variableGiuseppe Scrivano2021-10-27
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12110 from cevich/fix_systemd_pid1OpenShift Merge Robot2021-10-27
|\ \ \ \ \ | |_|/ / / |/| | | | Fix systemd PID1 test
| * | | | Fix systemd PID1 testChris Evich2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously this test used an ad-hoc timeout mechanism to synchronize with output of the container ID. However, depending on runtime conditions this may not correctly correspond with complete startup of the systemd process. Consequently this test fails under some conditions with an error like: `System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down` Fix this by using the more appropriate `WaitContainerReady()` against output from system startup, close to finalization. In this way, the test status command cannot run until systemd is fully operational. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #11956 from vrothberg/pauseOpenShift Merge Robot2021-10-27
|\ \ \ \ \ | |_|/ / / |/| | | | remove need to download pause image
| * | | | pod create: remove need for pause imageValentin Rothberg2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, the infra containers of pods required pulling down an image rendering pods not usable in disconnected environments. Instead, build an image locally which uses local pause binary. Fixes: #10354 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | add kubernetes pauseValentin Rothberg2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the k8s pause binary to `pause/pause.c` and do the plumbing in the Makefile to install it in $libexec/podman/pause/pause. It is intended to replace the k8s pause image and hence the need for network connectivity when creating pods. [NO NEW TESTS NEEDED] since it will be tested in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | cirrus: containers: mount directory in /var/tmp to /tmpValentin Rothberg2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mount a directory from /var/tmp to /tmp to make sure that /tmp is not on an overlay mount. This should make overlay mounts possible in the containerized tests which we're currently skipping. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | overlay root fs: create mount on runtime dirValentin Rothberg2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to create the mounts for containers with an overlay root FS in the runtime dir (e.g., /run/user/1000/...) to guarantee that we can actually overlay mount on the specific path which is not the case for the graph root. [NO NEW TESTS NEEDED] since it is not a user-facing change. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12107 from giuseppe/fix-dbus-process-leakOpenShift Merge Robot2021-10-27
|\ \ \ \ \ | | | | | | | | | | | | cgroups: use SessionBusPrivateNoAutoStartup
| * | | | | cgroups: use SessionBusPrivateNoAutoStartupGiuseppe Scrivano2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not start up a dbus daemon if it is not already running. [NO NEW TESTS NEEDED] the fix is in a dependency. Closes: https://github.com/containers/podman/issues/9727 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | vendor: update godbus to v5.0.6Giuseppe Scrivano2021-10-26
| | |_|_|/ | |/| | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #12098 from Luap99/slirp-dadOpenShift Merge Robot2021-10-26
|\ \ \ \ \ | |_|_|/ / |/| | | | Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
| * | | | Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0Paul Holzinger2021-10-26
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Duplicate Address Detection slows the ipv6 setup down for 1-2 seconds. Since slirp4netns is run it is own namespace and not directly routed we can skip this to make the ipv6 address immediately available. We change the default to make sure the slirp tap interface gets the correct value assigned so DAD is disabled for it. Also make sure to change this value back to the original after slirp4netns is ready in case users rely on this sysctl. Fixes #11062 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #12067 from hshiina/logs-journal-tailOpenShift Merge Robot2021-10-26
|\ \ \ \ | |_|/ / |/| | | Fix a few problems in 'podman logs --tail' with journald driver
| * | | Fix a few problems in 'podman logs --tail' with journald driverHironori Shiina2021-10-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following problems regarding `logs --tail` with the journald log driver are fixed: - One more line than a specified value is displayed. - '--tail 0' displays all lines while the other log drivers displays nothing. - Partial lines are not considered. - If the journald events backend is used and a container has exited, nothing is displayed. Integration tests that should have detected the bugs are also fixed. The tests are executed with json-file log driver three times without this fix. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | Merge pull request #12092 from rhatdan/buildOpenShift Merge Robot2021-10-26
|\ \ \ \ | | | | | | | | | | If Dockerfile exists in same directory as service, we should not use it.
| * | | | If Dockerfile exists in same directory as service, we should not use it.Daniel J Walsh2021-10-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only use the Containerfiles/Dockerfiles found in the context directory. Fixes: https://github.com/containers/podman/issues/12054 [NO NEW TESTS NEEDED] It is difficult to setup a test for this in the CI/CD system, but build tests should find if this PR broke anything. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12088 from adrianreber/2021-10-25-fix-label-ipc-hostOpenShift Merge Robot2021-10-26
|\ \ \ \ \ | | | | | | | | | | | | Allow 'container restore' with '--ipc host'
| * | | | | Allow 'container restore' with '--ipc host'Adrian Reber2021-10-26
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trying to restore a container that was started with '--ipc host' fails with: Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified We already fixed this exact same error message for containers started with '--privileged'. The previous fix was to check if the to be restored container is a privileged container (c.config.Privileged). Unfortunately this does not work for containers started with '--ipc host'. This commit changes the check for a privileged container to check if both the ProcessLabel and the MountLabel is actually set and only then re-uses those labels. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | | Merge pull request #12096 from ↵OpenShift Merge Robot2021-10-26
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/docker/docker-20.10.10incompatible Bump github.com/docker/docker from 20.10.9+incompatible to 20.10.10+incompatible
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-08 01:05:18 +0000