| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
the regression we noticed in runc was fixed upstream:
https://github.com/opencontainers/runc/pull/1943
so we can use again runc from master.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
|
| |
Use image ubuntu-1804-bionic-v20180911-libpod-63a86a18 which was built
with RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
| |
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
| |
Switch from projectatomic/buildah to containers/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1425
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1248
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1232
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1199
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
The auto decompression functionality was already vendored in
with containers/image. Adding a test for it.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1137
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
Also start using podmin in /usr/libexec/podman rather then crio.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #979
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
- Improve error message when podman varlink service is not running
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #800
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #690
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
The struct of the varlink command changed to accept a URI
as input. This was never updated in the service file
Signed-off-by: baude <bbaude@redhat.com>
Closes: #691
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Vendor in buildah and use as much of commit and bug as possible for podman
build and commit.
Resolves #586
Signed-off-by: baude <bbaude@redhat.com>
Closes: #681
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
We don't have a CRI API, we'll never use it
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #570
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When an image has an ENTRYPOINT defined, we should be honoring it. The
problem is described in issue #321.
Also, added buildah binary to test runtimes for testing entrypoint and
will also allow us to test podman build as well.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #322
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Completion of the migration from bats to ginkgo. This includes:
* load
* mount
* pause
* port
* run_networking
* search
Note: build will be done within a different PR
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate ps, pull, push, and rm from bats to ginkgo.
Also, fixed a conditional issue with adding ports
when an image defines the port and the user wants
to override it.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #277
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements the ginkgo integration test framework for
podman. As tests are migrated from bats to ginkgo, we will
still run both integration suites. When a test is migrated,
we remove the tests from bats at that time. All new tests
should be just for the ginkgo framework.
One exception is that we only run the ginkgo suit in the
travis/ubuntu environment. The CentOS and Fedora PAPR nodes
will more than cover those.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #261
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
| |
conmon should not be built in two different places.
conmon is now a separate package in Fedora so we can just
add requires, for use on Ubuntu we can just require cri-o to
be installed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #151
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set up nbetworking ports for the following use cases:
* bind the same port between host and container
* bind a specific host port to a different container port
* bind a random host port to a specific container port
Signed-off-by: baude <bbaude@redhat.com>
Closes: #214
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
| |
podman needs a pair of configuration files to set up its default
network configuration: a bridge and loopback file.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #161
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #109
Approved by: mheon
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
