aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #2709 from haircommander/journaldOpenShift Merge Robot2019-05-29
|\ | | | | Add libpod journald logging
| * Add --follow to journald ctr loggingPeter Hunt2019-05-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * Address commentsPeter Hunt2019-05-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * Implement podman logs with log-driver journaldPeter Hunt2019-05-28
| | | | | | | | | | | | | | | | Add a journald reader that translates the journald entry to a k8s-file formatted line, to be added as a log line Note: --follow with journald hasn't been implemented. It's going to be a larger undertaking that can wait. Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * bump go-systemd versionPeter Hunt2019-05-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * Added --log-driver and journald loggingPeter Hunt2019-05-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * Update completions and docs to use k8s file as log driverPeter Hunt2019-05-28
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #3223 from cevich/multi-zone-hackOpenShift Merge Robot2019-05-29
|\ \ | | | | | | hack: support setting local region/zone
| * | hack: support setting local region/zoneChris Evich2019-05-29
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #3188 from giuseppe/fix-join-existing-containersOpenShift Merge Robot2019-05-29
|\ \ \ | |/ / |/| | rootless: new function to join existing conmon processes
| * | rootless: make JoinUserAndMountNS privateGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | as it is used only by the rootless package now. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | Revert "rootless: change default path for conmon.pid"Giuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | since we now enter the user namespace prior to read the conmon.pid, we can write the conmon.pid file again to the runtime dir. This reverts commit 6c6a8654363457a9638d58265d0a7e8743575d7a. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: enable loginctl lingerGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | otherwise the processes we leave around will be killed once the session terminates. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: block signals for pauseGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | block signals for the pause process, so it can't be killed by mistake. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3210 from haircommander/conmon-0.2.0OpenShift Merge Robot2019-05-28
|\ \ \ | | | | | | | | bump conmon to v0.2.0
| * | | bump conmon to v0.2.0Peter Hunt2019-05-28
| | | | | | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | Merge pull request #3208 from vrothberg/fix-3207OpenShift Merge Robot2019-05-28
|\ \ \ \ | | | | | | | | | | runtime: unlock the alive lock only once
| * | | | runtime: unlock the alive lock only onceValentin Rothberg2019-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlock the alive lock only once in the deferred func call. Fixes: #3207 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #3137 from giuseppe/unshare-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ \ | | | | | | | | | | | | unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
| * | | | | unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOTGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | define two environment variables, that simplify the task of cleaning up the storage, as we can do something like: podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT' Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | unshare: use rootless from libpodGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #3194 from QiWang19/cptarOpenShift Merge Robot2019-05-28
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | fix bug dest path of copying tar
| * | | | | fix bug dest path of copying tarQi Wang2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #3189 from vrothberg/apparmor-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Apparmor fixes
| * | | | | warn when --security-opt and --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Log a warning when --security-opt and --privileged are used together to indicate that it has no effect since --privileged will set everything. To avoid regressions, only warn, do not error out and do not print on error level. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | baseline tests: apparmor with --privilegedValentin Rothberg2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/containers/libpod/issues/3112 has revealed a regression in apparmor when running privileged containers where the profile must not be set or loaded. Add a simple test to avoid potential future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | apparmor: don't load/set profile in privileged modeValentin Rothberg2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 27f9e23a0b9e already prevents setting the profile when creating the spec but we also need to avoid loading and setting the profile when creating the container. Fixes: #3112 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #3198 from jjwatt/patch-1OpenShift Merge Robot2019-05-26
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Update install.md ostree Debian dependencies.
| * | | | | Update install.md ostree Debian dependencies.Jesse Wattenbarger2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add more Debian dependencies that I needed in Debian 9.9. Signed-off-by: Jesse Wattenbarger <jesse.j.wattenbarger@gmail.com>
* | | | | | Merge pull request #3196 from giuseppe/keep-idOpenShift Merge Robot2019-05-25
|\ \ \ \ \ \ | | | | | | | | | | | | | | userns: add new option --userns=keep-id
| * | | | | | podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | rootless: store also the original GID in the hostGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #3185 from mheon/fix_cp_testOpenShift Merge Robot2019-05-25
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix a potential flake in the tests for podman cp
| * | | | | | | Fix a potential flake in the tests for podman cpMatthew Heon2019-05-23
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using the working directory, use a subdirectory of the temporary directory created for the individual test, to prevent a potential EEXIST for shared working directory. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | | | Merge pull request #3192 from cevich/add_zipOpenShift Merge Robot2019-05-24
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Cirrus: Add zip package to images
| * | | | | | cirrus: update images w/ zip pkgChris Evich2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | | | Cirrus: Add zip package to imagesChris Evich2019-05-23
| | |_|/ / / | |/| | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #3186 from baude/varlinkdocsnullableOpenShift Merge Robot2019-05-23
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | document nullable types
| * | | | | document nullable typesbaude2019-05-22
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the varlink doc generator was ignoring all nullable types when generating its documentation Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #3190 from giuseppe/fix-userns-psgoOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|_|/ / |/| | | | rootless: fix top huser and hgroup
| * | | | rootless: fix top huser and hgroupGiuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode, be sure psgo is honoring the user namespace settings for huser and hgroup. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | vendor: update psgo to v1.3.0Giuseppe Scrivano2019-05-23
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3097 from cevich/show_ipOpenShift Merge Robot2019-05-23
|\ \ \ \ \ | |_|/ / / |/| | | | hack: Display IP address of VM from script
| * | | | hack: ignore from all VCS files when tarballingChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: shrink xfer tarball sizeChris Evich2019-05-22
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * | | | hack: Display IP address of VM from scriptChris Evich2019-05-22
|/ / / / | | | | | | | | | | | | | | | | | | | | Useful for accessing it from other terminals. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ \ \ \ | | | | | | | | | | Fixup Flags
| * | | | Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>