| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Set enableServiceLinks to false in generated yaml
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Since podman doesn't set/use the needed service env
variable, always set enableServiceLinks to false in
the generated kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
Cirrus: pick UIDs/GIDs starting at 1500, not 1000
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reason: looks like UIDs 1001, 1003, 1006 are already taken
in the CI VMs.
Fixes: #15573
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
api: return imageID instead of imageName, for "Image" when Podman api is queried
|
| | |\ \ \ |
|
| | |\ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add FreeBSD support for pkg/specgen/generate
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Everthing except for hostname management is linux-specific.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
stubs.
Almost all of SpecGenToOCI deals with linux-specific aspects of the
runtime spec. Rather than try to factor this out piecemeal, I think it
is cleaner to move the whole function along with its implementation
helper functions. This also meams we don't need non-linux stubs for
functions called from oci_linux.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The security features (selinux, apparmor, capabilities) are linux
specific.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \ \ \ \
| |_|_|_|_|/ /
|/| | | | | | |
[CI:BUILD] Packit: Disable until proved in other repos
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
There are concerns with Packit causing flakes and delays on Podman so
let's have Packit prove itself in other repos and only then make its way
into Podman.
See: https://github.com/containers/podman/pull/15549#issuecomment-1233230573
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Inhibit SIGTERM during Conmon startup
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If we get a SIGTERM immediately after Conmon starts but before we
record its PID in the database, we end up leaking a Conmon and
associated OCI runtime process. Inhibit shutdown using the logic
we originally wrote to prevent similar issues during container
creation to prevent this problem.
[NO NEW TESTS NEEDED] No real way to test this I can think of.
Fixes #15557
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add emptyDir volume support to kube play
|
| | | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] Man pages: refactor common options: --signal
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Would've been an easy one, except I decided to fix the text
to conform to our guidelines. I haven't been doing this,
but in this case it's only two man pages and the text is
short enough to make for easy review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Makefile: Mount . with --security-opt label=disable instead of using --privileged
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux
as then the container cannot read or write anything inside /src/. This has been
worked around with the --privileged flag, but that's a rather brutal
solution. Adding :Z is also suboptimal, as that requires a full relabeling after
every run. Instead, we disable security labeling via `--security-opt
label=disable` for this development container allowing us to run `make
vendor-in-container` unprivileged.
Signed-off-by: Dan Čermák <dcermak@suse.com>
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
podman rmi: emit untag events
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Emit untag events for each tag when removing an image.
Fixes: #15485
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Allow to override default username via command line
|
| | | |_|_|_|_|_|_|/
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
podman: add uid and gid options to keep-id
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
add two new options to the keep-id user namespace option:
- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.
For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:
$ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map
0 1 11
11 0 1
12 12 65525
Closes: https://github.com/containers/podman/issues/15294
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ /
|/| | | | | | | | |
Mark some of the option fields as ignored in pkg/bindings
|
| | | |_|/ / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
I realized that `params.Del("SkipTLSVerify")` doesn't have any
effect because keys are always lowercased. So it should really
be `params.Del("skiptlsverify")`.
There's also a little bug introduced by 3bf52aa and b1d1248: if
one passes `ProgressWriter` object having `Stringer` interface
i.e. `bytes.Buffer` it ends up been serialized in query with
`util.ToParams()`.
To circumvent both problems I propose to mark non-serializable
parameters with `schema:"-"` so there's no need to delete them from
resulting `url.Values`.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
libpod: Make sure writeConmonPipeData is called on FreeBSD
|
| |/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
I managed to miss this while factoring out moveConmonToCgroupAndSignal.
Perhaps the signalling part should move to the caller instead?
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
[CI:DOCS] Man pages: refactor common options: --restart
|
| |/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Only applicable to podman-create and -run. I went with the -run
version because it is cleaner and more recently updated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
[CI:DOCS] Man pages: refactor common options: --subXidname
|
| | | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Whew! This one started off identical everywhere, but the version
in podman-run got fixed in #1380, then again in #5192, with no
corresponding fixes to any of the other man pages.
I went with the podman-run version, with a small change in wording.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
remove github.com/docker/libnetwork dependency
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Code from this dependency was replaced with a simple version. As a
result Podman's memory consumption has been reduced by ~10%.
[NO NEW TESTS NEEDED]
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[CI:DOCS] Man pages: refactor common options: --http-proxy
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Only between podman-create and -run. (podman-build is too
different). I went with the podman-run version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | | |
e2e tests: try to deflake 5000
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We keep getting flakes in tests that use port 5000. Try to
find and fix, by switching ports where possible, and locking
5000 when not possible (or not easy) to switch.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
[CI:BUILD] Packit: Re-introduce packit with fix-spec-file action
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Any new files installed by new PRs and those present in unreleased
versions of Podman will need additional manipulation of the
dist-git spec file in the files section to workaround the
`installed but unpackaged files` issue.
The fix-spec-file packit action is useful for this.
The default fix-spec-file action often has trouble guessing the correct
version from upstream code, so it would be beneficial to specify the
correct upstream version as well.
See: https://packit.dev/docs/actions/#fix-spec-file
Rename cirrus task: `Test build RPM` to
`Test build podman-next Copr RPM` for clarity.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Man pages: refactor common options: --dns-*
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
--dns-opt and --dns-search, but only in podman-create and -run.
Went with the -run version in both cases; --dns-opt remained
unchanged, but in --dns-search I changed 'and' to 'with'.
Did not consolidate podman-build or podman-pod-create: too
different.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
