aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, tests: add tests for the pod commandGiuseppe Scrivano2018-09-04
| | | | | | | | | | also refactor the rootless_test.go to facilitate running a test in a rootless context. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, create: support --podGiuseppe Scrivano2018-09-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, run: support --podGiuseppe Scrivano2018-09-04
| | | | | | | | | | move re-exec later on, so that we can check whether we need to join the infra container user namespace or we need to create another one. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: create compatible pod infra containerGiuseppe Scrivano2018-09-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: be in an userns to initialize the runtimeGiuseppe Scrivano2018-09-04
| | | | | | | | | | | be sure to be in an userns for a rootless process before initializing the runtime. In case we are not running as uid==0, take advantage of "podman info" that creates the runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* commandNotFoundHandler: use stderr and exit code 1Valentin Rothberg2018-09-01
| | | | | | | | Fixes: #1395 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1397 Approved by: mheon
* Merge pull request #1394 from mheon/bump-0.8.5Matthew Heon2018-08-31
|\ | | | | Bump to 0.8.5
| * Bump gitvalidation epochMatthew Heon2018-08-31
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.9.1-devMatthew Heon2018-08-31
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Bump to v0.8.5v0.8.5Matthew Heon2018-08-31
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1393 from mheon/release_notes_0.8.5Matthew Heon2018-08-31
|\ \ | |/ |/| Update release notes for 0.8.5
| * Update release notes for 0.8.5Matthew Heon2018-08-31
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Merge pull request #1392 from mheon/up_wait_durationMatthew Heon2018-08-31
|\ | | | | Up time between checks for podman wait
| * Up time between checks for podman waitMatthew Heon2018-08-31
| | | | | | | | | | | | | | | | | | Prior to this patch, we were polling continuously to check if a container had died. This patch changes this to poll 10 times a second, which should be more than sufficient and drastically reduce CPU utilization. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1318 from rhatdan/systemdMatthew Heon2018-08-31
|\ \ | | | | | | Add proper support for systemd inside of podman
| * | Add proper support for systemd inside of podmanDaniel J Walsh2018-08-31
|/ / | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | We are mistakenly seeing repos as registries.Daniel J Walsh2018-08-31
| | | | | | | | | | | | | | | | | | | | | | | | Currently `podman pull rhel7/rhel-tools` is failing because it sees rhel7 as a registry. This change will verify that the returned registry from the parser is actually a registry and not a repo, if a repo it will return the correct content, and we will pull the image. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1387 Approved by: mtrmac
* | container: resolve rootfs symlinksGiuseppe Scrivano2018-08-31
|/ | | | | | | | | | | | Prevent a runc error that doesn't like symlinks as part of the rootfs. Closes: https://github.com/containers/libpod/issues/1389 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1390 Approved by: rhatdan
* Turn on test debuggingJhon Honce2018-08-31
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1369 Approved by: rhatdan
* Add support for remote commandsJhon Honce2018-08-31
| | | | | | | | | | | | | | * Add support for commit, export, inspect, kill, logs, mount, pause port commands * Refactored Report class to allow column lengths to be optionally driven by data * Refactored Ps class to truncate image names on the left vs right * Bug fixes Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #1369 Approved by: rhatdan
* fixup A few language changes and subuid(5)Naja Melan2018-08-31
| | | | | | | Signed-off-by: Naja Melan <najamelan@autistici.org> Closes: #1380 Approved by: rhatdan
* Make the documentation of user namespace options in podman-run clearerNaja Melan2018-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This proposes a more comprehensible man page. A number of things have been lost in translation and this should be reviewed: - the former docs from --userns say that it is disabled by default. I suppose that this is the same as --userns:host, but this should be confirmed. It also stated that is would use options like pid=host, which confuses me as pid namespaces are a totally different thing from user namespaces. It also mentions the enabling of --privileged. I think the difference between using --userns:host and not using any user namespace options at all is not clear and maybe not very logical. Also what would be the difference between using --userns:host and using --priveleged alone? - I found the syntax for --gidmap at the bottom of the man page in the examples. In the example it doesn't use '=', eg. podman run `--gidmap 0:30000:2000`. For consistency with the other options I have used '=' for now, but if it is optional, I would remove it everywhere, as less tokens is usually improved readability. For now the inconsistency remains between the options doc and the examples section. - It wasn't very clear to me whether one should hard wrap long lines or not as the contains a mix. - I haven't for now looked at user namespace options on other commands, but that should be done surely before merging. - I didn't know which command to run to generate the groff, so that needs doing still. from issue #1374 Signed-off-by: Naja Melan <najamelan@autistici.org> Signed-off-by: Naja Melan <najamelan@autistici.org> Closes: #1380 Approved by: rhatdan
* pod create: restore help flagValentin Rothberg2018-08-31
| | | | | | | | | | It is not necessary to hide podman-pod-create's help flag. Therefore, partially revert commit 6751b2c35040 to restore the help flag. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* catch command-not-found errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | | | | Add a special handler to catch errors caused by specifying unknown commands to Podman. This allows printing a more helpful error message. ``` $ podman Command "123123" not found. See `podman --help`. $ podman pod 123123 Command "123123" not found. See `podman pod --help`. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* don't print help message for usage errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | Don't print potentially verbose help messages in case of usage errors, but print only the usage error followed by a pointer to the command's help. This aligns with Docker. ``` $ podman run -h flag needs an argument: -h See 'podman run --help'. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* Vendor in latest containers/storage and containers/imageDaniel J Walsh2018-08-31
| | | | | | | | | | | | | Update container/image to address a commit error when copying layers and metadata. This change may require users to recreate containers. container/storage added some new lock protection to prevent possible deadlock and data corruption. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1381 Approved by: mheon
* Merge pull request #1382 from baude/addconmonBrent Baude2018-08-30
|\ | | | | add conmon to copr spec
| * add conmon to copr specbaude2018-08-30
|/ | | | | | | For COPR rpms, it is desirable to have conmon built into the podman RPM. No code is impacted. Signed-off-by: baude <bbaude@redhat.com>
* docs: consistent format for exampleValentin Rothberg2018-08-30
| | | | | | | | | | All bash examples are now placed in a code section (```). The PS1 prompt is set to `$`. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: consistent headingsValentin Rothberg2018-08-30
| | | | | | | | | | | Base heading is level 2, which is identical to the level 1. However level 3 will be indendet which is used a lot in the `## EXAMPLES` sections. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: make HISTORY consistentValentin Rothberg2018-08-30
| | | | | | | | | | | - second heading - consistent mail addresses <user@domain.com> - change order with latest changes first Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* docs: fix headersValentin Rothberg2018-08-30
| | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1375 Approved by: rhatdan
* varlink: fix --timeout usageGiuseppe Scrivano2018-08-30
| | | | | | | | | | | | | | | The varlink usage help looks like: --timeout value, -t value time until the varlink session expires in milliseconds. default is 1 second; 0 means no timeout. (default: 1000) Fix it to not repeat twice the default value. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1377 Approved by: rhatdan
* run/create: reserve `-h` flag for hostnameValentin Rothberg2018-08-30
| | | | | | | | | | | Move the `-h` short flag from `--help` to `--hostname` for podman-run, podman-create and podman-pod-create to be compatible with Docker. Fixes: #1367 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1373 Approved by: rhatdan
* podman,varlink: inform user about --timeout 0Tomas Tomecek2018-08-30
| | | | | | | Signed-off-by: Tomas Tomecek <ttomecek@redhat.com> Closes: #1363 Approved by: rhatdan
* rootless: show an error when stats is usedGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: show an error when pause/unpause are usedGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: unexport GetUserNSForPidGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless, exec: use the new function to join the usernsGiuseppe Scrivano2018-08-29
| | | | | | | | | | since we have a way for joining an existing userns use it instead of nsenter. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: fix topGiuseppe Scrivano2018-08-29
| | | | | | | | | | join the user namespace used to create the container so that psgo can work in the same way as with root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: add new function to join existing namespaceGiuseppe Scrivano2018-08-29
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* Vendor in latest projectatomic/buildahDaniel J Walsh2018-08-29
| | | | | | | | | | | | This will help document the defaults in podman build. podman build --help will now show the defaults and mention the environment variables that can be set to change them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1364 Approved by: mheon
* Set nproc in containers unless explicitly overriddenMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Do not set max open files by default if we are rootlessMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Set default max open files in specMatthew Heon2018-08-28
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1355 Approved by: rhatdan
* Resolve /etc/resolv.conf before readingbaude2018-08-28
| | | | | | | | | | | | | | | | | In some cases, /etc/resolv.conf can be a symlink to something like /run/systemd/resolve/resolv.conf. We currently check for that file and if it exists, use it instead of /etc/resolv.conf. However, we are no seeing cases where the systemd resolv.conf exists but /etc/resolv.conf is NOT a symlink. Therefore, we now obtain the endpoint for /etc/resolv.conf whether it is a symlink or not. That endpoint is now what is read to generate a container's resolv.conf. Signed-off-by: baude <bbaude@redhat.com> Closes: #1368 Approved by: rhatdan
* document `--rm` semanticsValentin Rothberg2018-08-28
| | | | | | | | | | | | | | The `--rm` flag will only cause a container to be removed when it has been created and started successfully. Otherwise, it will not be removed to allow the container to be inspected and to analyze the root cause of the failure. Document those semantics more clearly in the manpages to avoid confusion for users. Fixes: #1359 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1362 Approved by: rhatdan
* allow specification of entrypoint in the form of a sliceDaniel J Walsh2018-08-28
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1352 Approved by: mheon
* Test RPM build and install for regressionsbaude2018-08-28
| | | | | | | | | | | | On Fedora and now Centos (added), we build RPMs based on the spec in contrib/spec to make sure we protect against regressions when creating RPMs. Once the RPM is built, we then test actually installing the RPM to ensure that no deps are missing for install. Signed-off-by: baude <bbaude@redhat.com> Closes: #1356 Approved by: rhatdan