aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Add HairpinMode to our CNI configsMatthew Heon2020-05-11
| | | | | | | This may resolve some issues with routing traffic between containers using the host's IP. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6176 from edsantiago/bats_moreOpenShift Merge Robot2020-05-11
|\ | | | | Some BATS cleanup: run and systemd tests
| * Some BATS cleanup: run and systemd testsEd Santiago2020-05-11
| | | | | | | | | | | | | | | | | | | | | | run test: run positive test before negative; and actually implement real negative tests. Also, add confirmation tests for cidfile/pidfile, not just 'exit status is good'. systemd test: enable rootless, and again add actual content testing. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6169 from vrothberg/fix-6164OpenShift Merge Robot2020-05-11
|\ \ | | | | | | shm_lock_test: add nil check
| * | shm_lock_test: add nil checkValentin Rothberg2020-05-11
| |/ | | | | | | | | Fixes: #6164 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5566 from openSUSE/static-binaryOpenShift Merge Robot2020-05-11
|\ \ | | | | | | Add podman static build
| * | Add podman static buildSascha Grunert2020-05-11
| |/ | | | | | | | | | | | | | | | | | | | | We’re now able to build a static podman binary based on a custom nix derivation. This is integrated in cirrus as well, whereas a later target would be to provide a self-contained static binary bundle which can be installed on any Linux x64-bit system. Fixes: https://github.com/containers/libpod/issues/1399 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #6168 from vrothberg/mount-testsOpenShift Merge Robot2020-05-11
|\ \ | | | | | | enable rootless mount tests
| * | enable rootless mount testsValentin Rothberg2020-05-11
| |/ | | | | | | | | | | | | Remove the annotation from the umount command to make mount tests pass and let podman-umount run as a non-root user. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6167 from giuseppe/fix-setting-limitsOpenShift Merge Robot2020-05-11
|\ \ | |/ |/| spec: fix order for setting rlimits
| * spec: fix order for setting rlimitsGiuseppe Scrivano2020-05-11
|/ | | | | | | also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6156 from TomSweeneyRedHat/secOpenShift Merge Robot2020-05-10
|\ | | | | [CI:DOCS] Add Security Policy
| * [CI:DOCS] Add Security PolicyTomSweeneyRedHat2020-05-09
| | | | | | | | | | | | As the title says Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #6126 from baude/v2rootlessOpenShift Merge Robot2020-05-10
|\ \ | | | | | | enable rootless integration testing
| * | enable rootless integration testingBrent Baude2020-05-10
| | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6151 from lsm5/tests-apiv2-inspect-removeOpenShift Merge Robot2020-05-10
|\ \ \ | |/ / |/| | bindings tests for container remove and inspect
| * | bindings tests for container remove and inspectLokesh Mandvekar2020-05-08
| | | | | | | | | | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #6152 from mheon/fix_pod_join_cgroupnsOpenShift Merge Robot2020-05-09
|\ \ \ | | | | | | | | Fix bug where pods would unintentionally share cgroupns
| * | | Ensure `podman inspect` output for NetworkMode is rightMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I realized that setting NetworkMode to private when we are making a network namespace but not configuring it with CNI or Slirp is wrong; that's considered `--net=none` not `--net=private`. At the same time, realized that we actually store whether Slirp is in use, so we can be more specific than just "default" and instead say slirp4netns or bridge. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | Fix bug where pods would unintentionally share cgroupnsMatthew Heon2020-05-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #6148 from jwhonce/wip/versionOpenShift Merge Robot2020-05-09
|\ \ \ | |_|/ |/| | V2 Implement tunnelled podman version
| * | V2 Impliment tunnelled podman versionJhon Honce2020-05-08
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #6145 from baude/v2rootlesssearchDaniel J Walsh2020-05-09
|\ \ \ | | | | | | | | v2 podman search rootless
| * | | v2 podman search rootlessBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | enable the search command for rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6147 from mheon/fix_inspect_annotationsDaniel J Walsh2020-05-09
|\ \ \ \ | |_|/ / |/| | | Add remaining annotations for `podman inspect`
| * | | Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6146 from baude/v2unshareDaniel J Walsh2020-05-08
|\ \ \ \ | |_|_|/ |/| | | v2 podman unshare command
| * | | v2 podman unshare commandBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add unshare command add cp and init to container sub-command allow mount to run as rootless Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | Merge pull request #6049 from ↵OpenShift Merge Robot2020-05-08
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/uber/jaeger-client-go-2.23.1incompatible build(deps): bump github.com/uber/jaeger-client-go from 2.22.1+incompatible to 2.23.1+incompatible
| * | | build(deps): bump github.com/uber/jaeger-client-godependabot-preview[bot]2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/uber/jaeger-client-go](https://github.com/uber/jaeger-client-go) from 2.22.1+incompatible to 2.23.1+incompatible. - [Release notes](https://github.com/uber/jaeger-client-go/releases) - [Changelog](https://github.com/jaegertracing/jaeger-client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber/jaeger-client-go/compare/v2.22.1...v2.23.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6120 from mheon/update_readme_novarlinkOpenShift Merge Robot2020-05-08
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] Update the Podman readme
| * | | Update the Podman readmeMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed a large number of searches for Varlink on the Github page, and that the readme still called it out as our only supported API. This updates the readme to remove links to Varlink API documentation, and points to docs for the new HTTP API. I also updated other parts to reflect the current direction the project is taking (Podman v2 and the HTTP API). Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #6144 from mheon/fix_pod_create_noinfraOpenShift Merge Robot2020-05-08
|\ \ \ \ | | | | | | | | | | Fix `podman pod create --infra=false`
| * | | | Fix `podman pod create --infra=false`Matthew Heon2020-05-08
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | We were accidentally setting incorrect defaults for the network namespace for rootless `pod create` when infra containers were not being created. This should resolve that issue. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #6106 from mheon/fix_manpagesOpenShift Merge Robot2020-05-08
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Update manpages for image volumes and MAC address
| * | | | Update manpages for image volumes and MAC addressMatthew Heon2020-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reviewing the manpages for `podman run` to find options to test, I found a few mistakes. The description of how we handle image volumes is extremely outdated, and we now provide full support for the `--mac-address` option. Update the docs for these flags so they're accurate. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #6135 from nbycomp/masterOpenShift Merge Robot2020-05-08
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Fix typo in path
| * | | | | Fix typo in pathTom Fenech2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Tom Fenech <tomjwfenech@gmail.com>
* | | | | | Merge pull request #6143 from rhatdan/remoteOpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | default to tunnel without ABISupport tag
| * | | | | default to tunnel without ABISupport tagDaniel J Walsh2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When compiling a Linux binary without ABISupport, default to use the tunnel. The behaviour is expected in `podman-remote`. Also set a default for the remote flag so `podman-remote` works OOB. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #6118 from baude/v2bindingsenforceOpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ | | | | | | | | | | | | | | set binding tests to required
| * | | | | | fix pod stats flakeBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it appears that the pod stats flake can be attributed to the fact that the container being run is not fully running when the stats call is made. because the stats call is in format of json, it fails when nil Signed-off-by: Brent Baude <bbaude@redhat.com>
| * | | | | | set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | | Merge pull request #6137 from rhatdan/VENDOROpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix handling of overridden paths from database
| * | | | | | | Fix handling of overridden paths from databaseDaniel J Walsh2020-05-08
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the first time you run podman in a user account you do a su - USER, and the second time, you run as the logged in USER podman fails, because it is not handling the tmpdir definition in the database. This PR fixes this problem. vendor containers/common v0.11.1 This should fix a couple of issues we have seen in podman 1.9.1 with handling of libpod.conf. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #6133 from e-minguez/only_bridge_man_podman_network_createOpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] Fixed typo on podman network create man
| * | | | | | | Fixed typo on podman network create manEduardo Minguez Perez2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Eduardo Minguez Perez <e.minguez@gmail.com>
* | | | | | | | Merge pull request #6136 from liuming50/fix-a-makefile-dependency-issueOpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Makefile: fix a dependency issue
| * | | | | | | | Makefile: fix a dependency issueMing Liu2020-05-08
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of being depended by docs, targets '.install.md2man' and 'docdir' should be depended by 'MANPAGES', or else the path 'docs/build/man' or 'GOMD2MAN' might not exist when it tries to generate files in it. This fixes a following build error: | open docs/build/man/podman-volume-ls.1: no such file or directory | Makefile:377: recipe for target 'docs/source/markdown/podman-volume-ls.1' failed | make: *** [docs/source/markdown/podman-volume-ls.1] Error 1 | make: *** Waiting for unfinished jobs.... | open docs/build/man/podman-init.1: no such file or directory | Makefile:377: recipe for target 'docs/source/markdown/podman-init.1' failed Signed-off-by: Ming Liu <ming.liu@toradex.com>
* | | | | | | | Merge pull request #6141 from giuseppe/rootless-fixOpenShift Merge Robot2020-05-08
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | abi: do not attempt to setup rootless if euid==0