| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line. Otherwise, we just do a
presence check. Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir. That
caused a regression when running on a read-only root fs.
Fixes: #9230
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
added skip to test case where selinux not enabled
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
fixed typo in the label comparison
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
test case added to e2e test suite to validate process label being correctly set
on play kube
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The allocated `tmpNetworkStatus` must be allocated with the length 0.
Otherwise append would add new elements to the end of the slice and
not at the beginning of the allocated memory.
This caused inspect to fail since the number of networks did not
matched the number of network statuses.
Fixes #9234
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The spec of a Kube Container has a `Command` and `Args`. While both are
slices, the `Command` is the counterpart of the entrypoint of a libpod
container. Kube is also happily accepting the arguments to as following
items in the slice but it's cleaner to move those to `Args`.
Fixes: #9211
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need an extra field in the pod infra container config. We may
want to reevaluate that struct at some point, as storing network
modes as bools will rapidly become unsustainable, but that's a
discussion for another time. Otherwise, straightforward plumbing.
Fixes #9165
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- When one or more containers in the Pod reports an error on an operation
report StatusConflict and report the error(s)
- jsoniter type encoding used to marshal error as string using error.Error()
- Update test framework to allow setting any flag when creating pods
- Fix test_resize() result check
Fixes #8865
Signed-off-by: Jhon Honce <jhonce@redhat.com>
<MH: Fix cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The resize warning logged the wrong error. While this does not fix
#9172, it may very well be helpful finding its root cause.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The mtu default value is currently forced to 65520.
This let the user control it using the config key network_cmd_options,
i.e.: network_cmd_options=["mtu=9000"]
Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In a systemd unit dollar and percent signs are used for variables. A backslash
is used for escape sequences. If any of these characters are used in the create
command we have to properly escape them so systemd does not try to interpret them.
Fixes #9176
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `--network` flag is parsed differently for `podman pod create`.
This causes confusion and problems for users. The extra parsing
logic ignored unsupported network options such as `none`,
`container:...` and `ns:...` and instead interpreted them as cni
network names.
Tests are added to ensure the correct errors are shown.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Eclipse and Intellij Docker plugin determines the state of the
container via the Status field, returned from /containers/json call.
Podman always returns empty string, and because of that, both IDEs
show the wrong state of the container.
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1915332
```
According to the Docker docs, the consistency option should be ignored on Linux.
the possible values are 'cached', 'delegated', and 'consistent', but they should be ignored equally.
This is a widely used option in scripts run by developer machines, as this makes file I/O less horribly slow on MacOS.
```
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when creating kubernetes yaml from containers and pods, we should honor
any custom dns settings the user provided. in the case of generate kube,
these would be provided by --dns, --dns-search, and --dns-opt. if
multiple containers are involved in the generate, the options will be
cumulative and unique with the exception of dns-opt.
when replaying a kube file that has kubernetes dns information, we now
also add that information to the pod creation.
the options for dnspolicy is not enabled as there seemed to be no direct
correlation between kubernetes and podman.
Fixes: #9132
Signed-off-by: baude <bbaude@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is fairly common for certain cgroups controllers to
not be enabled on a system. We should Warn when this happens
versus failing, when doing podman stats command. This way users
can get information from the other controllers.
Fixes: https://github.com/containers/podman/issues/8588
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED]
Signed-off-by: Gerard Braad <me@gbraad.nl>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| | | |
| | | | |
Bump to containers/common v0.33.4
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
[backport v3.0] Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v0.8.0...v0.8.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Backport to v3.0
(cherry picked from commit 9dc795191537149503822acc3171f735a53192f4)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \
| |/ /
|/| | |
Fix CVE-2021-20199 for Podman v3.0
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
set the source IP to the slirp4netns address instead of 127.0.0.1 when
using rootlesskit.
Closes: https://github.com/containers/podman/issues/5138
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
[v3.0] Gating tests: diff test: workaround for RHEL8 failure
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
RHEL8 rootless gating tests are inconsistently failing with:
$ podman diff --format json -l
#
{"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]}
# #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# #| FAIL: added
# #| expected: '/pMOm1Q0fnN'
# #| actual: '/sys/fs'
# #| > '/sys/fs/cgroup'
# #| > '/pMOm1Q0fnN'
# #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Reason: PR #8561, I think (something to do with /sys on RHEL).
Workaround: ignore '/sys/fs' in diffs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Bump to containers/common v0.33.2
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[3.0] podman build --pull: refine help message and docs
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Refine and correct the wording of the `--pull` flag in the help message
and the docs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[3.0]add macvlan as a supported network driver
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
instead of using the --macvlan to indicate that you want to make a
macvlan network, podman network create now honors the driver name of
*macvlan*. Any options to macvlan, like the parent device, should be
specified as a -o option. For example, -o parent=eth0.
the --macvlan option was marked as deprecated in the man page but is
still supported for the duration of 3.0.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[v3.0] Use cachix for static build & include podman-remote build
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Prior to this commit, the "Static Build" task only produced a
`bin/podman`. Update this to also include a `bin/podman-remote`
binary.
Update the pr-should-include-tests checker to ignore the `nix`
directory, which isn't applicable.
Lastly, restore the static build task to 'required' for CI success.
Leaving the comment inplace in case it needs to be bypassed in the
future on short notice.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It looks like we always hit the caching issue in Cirrus CI described
within #8313. A solution around that is to use cachix, which has been
pre-populated from my local machine.
To push all (runtime and build) dependencies, we can leverage a
pre-populated store by:
```
> nix-store -qR --include-outputs $(nix-instantiate nix/default.nix) | cachix push podman
```
The cache can be re-used by everybody to rapidly build static Podman
binaries: https://app.cachix.org/cache/podman
[NO TESTS NEEDED]
Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
|
| |\ \ \
| |/ /
|/| | |
[v3.0] Cirrus: Fix running Validate task on branches
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Followup to 4c60523
Despite skipping the `Smoke` check, it was observed on a *new* branch,
the `validate` task (specifically `git-validation`) will fail. This
is because:
* `$CIRRUS_LAST_GREEN_CHANGE` will be empty on a new branch.
* `$CIRRUS_BASE_SHA` is always empty for runs triggered by branch-push
* `$EPOCH_TEST_COMMIT` will be set to `YOU_FOUND_A_BUG`.
Fix this by eliminating the `Smoke` task entirely, simplifying all
the `make validate` operations into the `validate` cirrus task. Ensure
this task does not run when a new branch or tag is pushed.
Also, eliminate the `$CIRRUS_BUILD_ID` value as it's confusing and not
actually used anywhere. It was formerly used for building VM images,
but this has moved to another repo entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| | |
| | | |
Backports for v3.0 RC2
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure that bindings are in sync with the code. The check is similar
to what's already being done with `make vendor`, so integrate the two.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of implicitly generating the bindings, make it explicit, similar
to `make vendor`. This should prevent redundant and possibly error
prone generations. A following commit will shield CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Go gods did not shine upon us trying to understand what's going on
in #9000. The symptom is that `go generate` did not add required
imports to a generated file, ultimately breaking subsequent compilation.
While it still remains unclear *why* Go is behaving like that, the
symptom disappears when `go generate` runs in module mode; that is
without `-mod=vendor` and without `GO111MODULE=off`. This was
reproducible on two separate machines (Ubuntu and Fedora).
Also, when facing an unset GOPATH, set it to Go's default (i.e.,
$HOME/go) and make sure that GOBIN is in PATH since `goimports`
is required by `go generate`.
Fixes: #9000
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Run `go generate ./pkg/bindings/...` once for all bindings instead of
generating them separately. This should speed up bindings generation
as a given package is visited only once, and it fixes #8989 by dropping
the use of pushd and popd.
Fixes: #8989
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Set `-mod=vendor` when generating the bindings. We expect all
dependencies to be vendored already. This should slightly speed
up the bindings generation and prevent redundant network accesses.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
