| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
| |
Also, test-build critical container images depended upon for
CI-purposes.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Git displays a huge and confusing warning when doing a checkout of
a specific commit if the --detach option is not mentioned.
This cleans up our build logs, making it easier to spot real problems.
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
|
|
|
|
|
|
|
| |
it is going to be removed from containers/image as well, so no longer
depend on it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
|
|
|
|
| |
Instead of unconditionally pulling the x86 binary, clone the repository
and build the binary to make it independent of the architecture.
Fixes: #2699
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
bump conmon to 0.3.0
|
| |
| |
| |
| |
| |
| | |
This enables cgroup v2 OOM
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
We're no longer using either of these JSON libraries, dropped
them in favor of jsoniter. We can't completely remove ffjson as
c/storage uses it and can't easily migrate, but we can make sure
that libpod itself isn't doing anything with them anymore.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
|
|
| |
There were some build issues updating cri-o to cri-o/cri-o. Since the only thing we need cri-o for is conmon, we should just build using conmon.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Update Dockerfile to use golang:1.12 image
|
| |
| |
| |
| | |
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|/
|
|
|
|
|
|
| |
This commit adds unzip and python3-yaml to the Dockerfile, which are
needed to run the tests in contrib/cirrus/packer within the libpod
container image.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
|
| |
libpod code added at end of Dockerfile, avoids
git clone of other packages in Dockerfile on subsequent builds.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also, bump the Dockerfile to use the latest Golang image, as most
of our testing is now done on 1.11
Fixes: #1999
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
the regression we noticed in runc was fixed upstream:
https://github.com/opencontainers/runc/pull/1943
so we can use again runc from master.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
|
|
|
|
| |
Use image ubuntu-1804-bionic-v20180911-libpod-63a86a18 which was built
with RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
|
|
|
| |
Switch from projectatomic/buildah to containers/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1425
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1248
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1232
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1199
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
The auto decompression functionality was already vendored in
with containers/image. Adding a test for it.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1137
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Also start using podmin in /usr/libexec/podman rather then crio.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #979
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
- Improve error message when podman varlink service is not running
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #800
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
The struct of the varlink command changed to accept a URI
as input. This was never updated in the service file
Signed-off-by: baude <bbaude@redhat.com>
Closes: #691
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Vendor in buildah and use as much of commit and bug as possible for podman
build and commit.
Resolves #586
Signed-off-by: baude <bbaude@redhat.com>
Closes: #681
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
We don't have a CRI API, we'll never use it
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #570
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an image has an ENTRYPOINT defined, we should be honoring it. The
problem is described in issue #321.
Also, added buildah binary to test runtimes for testing entrypoint and
will also allow us to test podman build as well.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #322
Approved by: rhatdan
|