| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Callers that only care about the IDs should try to convert the
identifier to an integer before calling the Get* functions, so they
can save the cost of hitting the filesystem and maybe or maybe not
finding the other fields (User.Name, etc.). But callers that *want*
the other fields but only actually need the ID can, with this commit,
just call the Get* function and ignore ErrNo*Entries responses:
user, err := lookup.GetUser(mount, userIDorName)
if err != nil && err != ErrNoPasswdEntries {
return err
}
Previously, they'd have to perform their own integer-conversion
attempt in Get* error handling, with logic like:
user, err := lookup.GetUser(mount, userIDorName)
if err == ErrNoPasswdEntries {
uuid, err := strconv.ParseUint(userIDorName, 10, 32)
if err == nil {
user.Uid = int(uuid)
}
} else if err != nil {
return err
}
Signed-off-by: W. Trevor King <wking@tremily.us>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an image config sets config.User [1] to a numeric group (like
1000:1000), but those values do not exist in the container's
/etc/group, libpod is currently breaking:
$ podman run --rm registry.svc.ci.openshift.org/ci-op-zvml7cd6/pipeline:installer --help
error creating temporary passwd file for container 228f6e9943d6f18b93c19644e9b619ec4d459a3e0eb31680e064eeedf6473678: unable to get gid 1000 from group file: no matching entries in group file
However, the OCI spec requires converters to copy numeric uid and gid
to the runtime config verbatim [2].
With this commit, I'm frontloading the "is groupspec an integer?"
check and only bothering with lookup.GetGroup when it was not.
I've also removed a few .Mounted checks, which are originally from
00d38cb3 (podman create/run need to load information from the image,
2017-12-18, #110). We don't need a mounted container filesystem to
translate integers. And when the lookup code needs to fall back to
the mounted root to translate names, it can handle erroring out
internally (and looking it over, it seems to do that already).
[1]: https://github.com/opencontainers/image-spec/blame/v1.0.1/config.md#L118-L123
[2]: https://github.com/opencontainers/image-spec/blame/v1.0.1/conversion.md#L70
Signed-off-by: W. Trevor King <wking@tremily.us>
|
| |\
| |
| | |
Only include container SizeRootFs when requested
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* API always returns value, so we remove it if not asked for
Fixes #1876
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
create pod on the fly
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when a user specifies --pod to podman create|run, we should create that pod
automatically. the port bindings from the container are then inherited by
the infra container. this signicantly improves the workflow of running
containers inside pods with podman. the user is still encouraged to use
podman pod create to have more granular control of the pod create options.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
podman pod exists
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
like containers and images, users would benefit from being able to check
if a pod exists in local storage. if the pod exists, the return code is 0.
if the pod does not exists, the return code is 1. Any other return code
indicates a real errors, such as permissions or runtime.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
rootless: raise error if newuidmap/newgidmap are not installed
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
it was reported on IRC that Podman on Ubuntu failed as
newuidmap/newgidmap were not installed by default.
Raise an error if we are not allowing single mappings (used only by
the tests suite) and any of the binaries is not present.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add short-option handling to logs
|
| |/ /
| |
| |
| |
| |
| |
| | |
podman logs already supports the latest command line switch. users should be able
to use the short-options combined (i.e. podman logs -lf).
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
tests: fix rootless tests on Ubuntu
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| | |
| | | |
Add create test with --mount flag
|
| | |/
| |
| |
| | |
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
| |\ \
| | |
| | | |
pypod run: ignore args intended for container command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't try to argparse command-line arguments on the right-hand
side of the image; those are intended for the container command:
pypodman create fedora ls -l
pypodman run fedora find / -name foo
pypodman run fedora bash -c 'echo hi'
If/when `pypodman exec` gets implemented, it should use this too.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Disable mount options when running --privileged
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We now default to setting storage options to "nodev", when running
privileged containers, we need to turn this off so the processes can
manipulate the image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This allows us to modify the containers mount option on a per/container basis
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
/dev/shm should be mounted even in rootless mode.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently we are mounting /dev/shm from disk, it should be from a tmpfs.
User Namespace supports tmpfs mounts for nonroot users, so this section of
code should work fine in bother root and rootless mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
add pod short option to ps
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
podman ps has a flag --pod; simply adding a short option of -p
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
disable checkpoint tests on f29
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
temporarily disabling checkpoint tests on f29 as they don't currently pass.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
tests: fix rootless tests with an updated runc
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 803efd4d380f091c85cd45e0b3c35cf6333d47b7.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Cleaning up completions.
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Also add missing --help and -h and add some consistency to the
usage of boolean_options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
hide kube command for now
|
| |/ /
| |
| |
| |
| |
| |
| | |
until the kube commands are ironed out, we dont want it drawing
attention in any release
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Add support for --all in pypodman ps command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Updated field widths to match changes in go code
Fixes #1654
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| | | |
| | | | |
systemd: fix NOTIFY_SOCKET with patched runc
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
with https://github.com/opencontainers/runc/pull/1807 we moved the
systemd notify initialization from "create" to "start", so that the
OCI runtime doesn't hang while waiting on reading from the notify
socket. This means we also need to set the correct NOTIFY_SOCKET when
start'ing the container.
Closes: https://github.com/containers/libpod/issues/746
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
do not make any assumption on the path inside of the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
_split_token(): handle None
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The conditional + list comprehension in images.py:_split_token()
wasn't quite working as intended; in particular, when fed None,
it chokes with
TypeError: 'NoneType' object is not iterable
This is the correct behavior: comprehensions iterate first,
then apply the conditional.
Solution: special-case None, and remove the now-unnecessary
conditional.
Context: seen when trying 'pypodman run' against
docker.io/stackbrew/centos:7, which has no .ContainerConfig.Eng
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fixes #1867
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Some items included in the CLI and currently not supported by the API.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Fix golang formatting issues
|
