| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
So far, the infra containers of pods required pulling down an image
rendering pods not usable in disconnected environments. Instead, build
an image locally which uses local pause binary.
Fixes: #10354
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add the k8s pause binary to `pause/pause.c` and do the plumbing in the
Makefile to install it in $libexec/podman/pause/pause. It is intended to
replace the k8s pause image and hence the need for network connectivity
when creating pods.
[NO NEW TESTS NEEDED] since it will be tested in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
Mount a directory from /var/tmp to /tmp to make sure that /tmp is not on
an overlay mount. This should make overlay mounts possible in the
containerized tests which we're currently skipping.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure to create the mounts for containers with an overlay root FS in
the runtime dir (e.g., /run/user/1000/...) to guarantee that we can
actually overlay mount on the specific path which is not the case for
the graph root.
[NO NEW TESTS NEEDED] since it is not a user-facing change.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Add support to play kube for --log-opt
|
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/11727
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Update vendor github.com/opencontainers/runtime-tools
|
|/
|
|
|
|
|
|
|
| |
This will change mount of /dev within container to noexec, making
containers slightly more secure.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
[NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
|
| |
| |
| |
| |
| |
| |
| |
| | |
LGTM alert:
Off-by-one index comparison against length may lead to out-of-bounds read.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|\ \
| |/
|/| |
[CI:DOCS Fix some typos in documentation and comments (found by codespell)
|
| |
| |
| |
| | |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|\ \
| | |
| | | |
[CI:DOCS] Fix typo keep_id -> keep-id
|
| |/
| |
| |
| | |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Replace 'an user' => 'a user'
|
|/
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
|\
| |
| | |
[CI:DOCS] fuse-overlay probably means fuse-overlayfs.
|
| |
| |
| |
| |
| |
| | |
fuse-overlayfs is usually the package name.
Signed-off-by: Junichi Uekawa <dancer@debian.org>
|
|\ \
| | |
| | | |
Allow API to specify size and inode quota
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/11016
[NO NEW TESTS NEEDED] We have no easy way to tests this in
CI/CD systems. Requires quota to be setup on directories to work.
Fixes: https://github.com/containers/podman/issues/11016
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Generate Kube should not print default structs
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If podman uses Workdir="/" or the workdir specified in the image, it
should not add it to the yaml.
If Podman find environment variables in the image, they should not
get added to the yaml.
If the container or pod do not have changes to SELinux we should not
print seLinuxOpt{}
If the container or pod do not change any dns options the yaml should
not have a dnsOption={}
If the container is not privileged it should not have privileged=false
in the yaml.
Fixes: https://github.com/containers/podman/issues/11995
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Remove --kernel-memory options
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Kernel memory option has been depracated in runtime-spec, It is
believed that it will not work properly on certain kernels. runc
ignores it.
This PR removes documentation of the flag and also prints a warning if
a user uses it.
[NO NEW TESTS NEEDED]
Helps Fix: https://github.com/containers/podman/issues/12045
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
[NO NEW TESTS NEEDED] Remove infra ID from DB before removing containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If we interrupt pod removal between removing containers and
removing the whole pod, the infra ID was still in the DB, and
most pod operations would try to retrieve the infra container
(and would this fail). Clear the infra ID from the DB just before
we remove all containers to prevent this.
Fixes #12034
[NO NEW TESTS NEEDED] This is a very narrow race and I have no
idea how to repro it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
tag: Support tagging manifest list instead of resolving to images
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Following commit makes sure when buildah tag is invoked on a manifest
list, it tags the same manifest list instead of resolving to an image and
tagging it.
Port of: https://github.com/containers/buildah/pull/3483
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add test for system connection
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
First a basic (connectionless) one to make sure we 'add', 'ls',
and 'rm' work; then an actual one with a service; then (if
ssh to localhost is set up and works) test ssh
Requires a little trickery to work around the CI definition
of $PODMAN, which includes "--url /path/to/sock", which
overrides podman's detection of whether to use a connection
or not.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
System tests: confirm that -a and -l clash
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
...and fix one instance where there was no check
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Pod Rm Infra Handling Improvements
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Made changes so that if the pod contains all exited containers and only infra is running, remove the pod.
resolves #11713
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Use exponential backoff when waiting for a journal entry
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When looking for a cursor that matches the first journal entry for a
given container, wait and try to find it using exponential backoff.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] Change systemd service file to be compatible with rootless mode
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- change the type to forking to allow fork.
- add default.target for user systemd service
Signed-off-by: Easton Man <manyang.me@outlook.com>
|
|\ \ \ \
| | | | |
| | | | | |
system tests: CONTAINER_* and --help: cleanup
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A small part of this test was written in a confusing and fragile
way: it was very hard to understand, and in fact only worked
through pure luck (using 'echo $output', which emitted everything
in one long line, vs the standard quoted 'echo "$output"' which
would've kept the formatting and caused the test to pass,
incorrectly, no matter whether --remote was in the output
or not). Plus, the '$?' check in the next line would never
trigger on failure anyway, so the failure message would've
been unhelpful if the test were ever to fail.
Anyhow. Make it readable and make it work.
(Followup to #11990)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
podman run --memory=0 ... should not set memory limit
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On Docker this is ignored, and it should be on Podman as
well. This is documented in the man page.
Fixes: https://github.com/containers/podman/issues/12002
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
[CI:DOCS] Add information on how to discover default log driver
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/12008
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
libpod: change mountpoint ownership when creating overlays on top of external rootfs
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
external rootfs
Allow chainging ownership of mountpoint created on top external overlay
rootfs to support use-cases when custom --uidmap and --gidmap are
specified.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Change podman connection list to use default field
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Stop using "*" to indicate default. Add default field to make
it more obvios and the json field more machine usable.
Fixes: https://github.com/containers/podman/issues/12019
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
We should only be relabeling when on first run
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On the second runs, the labels should be the same so no
need to relabel.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2013548
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|