| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
also refactor the rootless_test.go to facilitate running a test in a
rootless context.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
be sure to be in an userns for a rootless process before initializing
the runtime. In case we are not running as uid==0, take advantage of
"podman info" that creates the runtime.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
| |
Fixes: #1395
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1397
Approved by: mheon
|
|\
| |
| | |
Bump to 0.8.5
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \
| |/
|/| |
Update release notes for 0.8.5
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\
| |
| | |
Up time between checks for podman wait
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this patch, we were polling continuously to check if a
container had died. This patch changes this to poll 10 times a
second, which should be more than sufficient and drastically
reduce CPU utilization.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|\ \
| | |
| | | |
Add proper support for systemd inside of podman
|
|/ /
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently `podman pull rhel7/rhel-tools` is failing because it
sees rhel7 as a registry. This change will verify that the returned
registry from the parser is actually a registry and not a repo,
if a repo it will return the correct content, and we will pull the image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1387
Approved by: mtrmac
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Prevent a runc error that doesn't like symlinks as part
of the rootfs.
Closes: https://github.com/containers/libpod/issues/1389
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1390
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for commit, export, inspect, kill, logs, mount, pause
port commands
* Refactored Report class to allow column lengths to be optionally
driven by data
* Refactored Ps class to truncate image names on the left vs right
* Bug fixes
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1369
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This proposes a more comprehensible man page.
A number of things have been lost in translation and this should be reviewed:
- the former docs from --userns say that it is disabled by default. I
suppose that this is the same as --userns:host, but this should be confirmed.
It also stated that is would use options like pid=host, which confuses me
as pid namespaces are a totally different thing from user namespaces. It also
mentions the enabling of --privileged. I think the difference between using
--userns:host and not using any user namespace options at all is not clear
and maybe not very logical. Also what would be the difference between using
--userns:host and using --priveleged alone?
- I found the syntax for --gidmap at the bottom of the man page in the examples.
In the example it doesn't use '=', eg. podman run `--gidmap 0:30000:2000`.
For consistency with the other options I have used '=' for now, but if it is
optional, I would remove it everywhere, as less tokens is usually improved
readability. For now the inconsistency remains between the options doc and the
examples section.
- It wasn't very clear to me whether one should hard wrap long lines or not as the
contains a mix.
- I haven't for now looked at user namespace options on other commands, but
that should be done surely before merging.
- I didn't know which command to run to generate the groff, so that needs doing still.
from issue #1374
Signed-off-by: Naja Melan <najamelan@autistici.org>
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
It is not necessary to hide podman-pod-create's help flag. Therefore,
partially revert commit 6751b2c35040 to restore the help flag.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a special handler to catch errors caused by specifying unknown
commands to Podman. This allows printing a more helpful error message.
```
$ podman
Command "123123" not found.
See `podman --help`.
$ podman pod 123123
Command "123123" not found.
See `podman pod --help`.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print potentially verbose help messages in case of usage errors,
but print only the usage error followed by a pointer to the command's
help. This aligns with Docker.
```
$ podman run -h
flag needs an argument: -h
See 'podman run --help'.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update container/image to address a commit error when copying layers and metadata.
This change may require users to recreate containers.
container/storage added some new lock protection to prevent possible deadlock and
data corruption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1381
Approved by: mheon
|
|\
| |
| | |
add conmon to copr spec
|
|/
|
|
|
|
|
| |
For COPR rpms, it is desirable to have conmon built into the podman RPM. No
code is impacted.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
All bash examples are now placed in a code section (```). The PS1
prompt is set to `$`.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Base heading is level 2, which is identical to the level 1. However
level 3 will be indendet which is used a lot in the `## EXAMPLES`
sections.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
- second heading
- consistent mail addresses <user@domain.com>
- change order with latest changes first
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The varlink usage help looks like:
--timeout value, -t value time until the varlink session expires in
milliseconds. default is 1 second; 0 means no timeout. (default:
1000)
Fix it to not repeat twice the default value.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1377
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Move the `-h` short flag from `--help` to `--hostname` for podman-run,
podman-create and podman-pod-create to be compatible with Docker.
Fixes: #1367
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1373
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
Closes: #1363
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
since we have a way for joining an existing userns use it instead of
nsenter.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1355
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, /etc/resolv.conf can be a symlink to something like
/run/systemd/resolve/resolv.conf. We currently check for that file
and if it exists, use it instead of /etc/resolv.conf. However, we are
no seeing cases where the systemd resolv.conf exists but /etc/resolv.conf
is NOT a symlink.
Therefore, we now obtain the endpoint for /etc/resolv.conf whether it is a
symlink or not. That endpoint is now what is read to generate a container's
resolv.conf.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1368
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `--rm` flag will only cause a container to be removed when it has
been created and started successfully. Otherwise, it will not be
removed to allow the container to be inspected and to analyze the root
cause of the failure. Document those semantics more clearly in the
manpages to avoid confusion for users.
Fixes: #1359
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1362
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1352
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Fedora and now Centos (added), we build RPMs based on the spec in
contrib/spec to make sure we protect against regressions when creating
RPMs. Once the RPM is built, we then test actually installing the RPM
to ensure that no deps are missing for install.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1356
Approved by: rhatdan
|