summaryrefslogtreecommitdiff
path: root/cmd/kpod/spec.go
Commit message (Collapse)AuthorAge
* Temporarily unconditionally configure network namespacesMatthew Heon2017-12-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #109 Approved by: mheon
* Wire networking into kpod create/runMatthew Heon2017-12-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #109 Approved by: mheon
* Update kpod inspect to use the new container stateumohnani82017-12-12
| | | | | | | | | kpod inspect now uses the new libpod container state and closely matches the output of docker inspect some aspects of it are still WIP as the libpod container state is still being worked on Signed-off-by: umohnani8 <umohnani@redhat.com>
* Use debugf to allow parsing of format specifierSuraj Deshmukh2017-12-12
| | | | Signed-off-by: Suraj Deshmukh <surajd.service@gmail.com>
* Add Linux Root Propagation to kpod create and runumohnani82017-12-05
| | | | | | | | | | | Add [r]shared, [r]private, [r]slave functionality to the --volume flag for kpod create and kpod run This sets the root propagation for each bind mount Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #87 Approved by: rhatdan
* Add NetMode, UTSMode and IPCModeDaniel J Walsh2017-12-02
| | | | | | | | | | | | | | Allow kpod create/run to create contianers in different network namespaces, uts namespaces and IPC Namespaces. This patch just handles the simple join the host, or another containers namespaces. Lots more work needed to full integrate --net Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #64 Approved by: mheon
* kpod_startbaude2017-11-29
| | | | | | | | | Starts one or more containers. Signed-off-by: baude <bbaude@redhat.com> Closes: #83 Approved by: rhatdan
* Fix --volume flag for kpod create and runumohnani82017-11-29
| | | | | | | | | | Enable the --volume flag to validate user input and add functionality for :z and :Z options Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #84 Approved by: mheon
* Copy some verification code out of Docker to verify user inputDaniel J Walsh2017-11-22
| | | | | | | | | | Added lots of verification code to make sure resourses asociated with containers is correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #60 Approved by: umohnani8
* Add support for pid nsDaniel J Walsh2017-11-22
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #54 Approved by: umohnani8
* Need to block access to kernel file systems in /proc and /sysDaniel J Walsh2017-11-22
| | | | | | | | | | Users of kpod run could use these file systems to perform a breakout or to learn valuable system information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #61 Approved by: mheon
* Add support for oom functionsDaniel J Walsh2017-11-21
| | | | | | | | | Add tests for oom-kill-disable and oom-kill-adj Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #52 Approved by: TomSweeneyRedHat
* Add cgroup fs by defaultDaniel J Walsh2017-11-20
| | | | | | | | | Docker defaults to mounting the cgroup file system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #53 Approved by: mheon
* Add support for Ulimits/Rlimits to kpod create/runDaniel J Walsh2017-11-20
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #24 Approved by: mheon
* Fix up handling of environment variablesDaniel J Walsh2017-11-20
| | | | | | | | | | | | | | The way docker works is if a user specifies a non `-e Name=Value`, IE just a `-e Name`, then the environment variable Name from the clients OS.ENV is used. Also by default Docker containers run with the HOSTNAME environment set to the HOSTNAME specified for the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #21 Approved by: baude
* Convert tmpfs mounts to use generateDaniel J Walsh2017-11-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude
* Remove defaults and use runtime-tools/generate for specDaniel J Walsh2017-11-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #19 Approved by: baude
* Merge pull request #17 from rhatdan/capsDaniel J Walsh2017-11-05
|\ | | | | Add support for Caps Options.
| * Handle Linux Capabilities from command lineDaniel J Walsh2017-11-04
| | | | | | | | | | | | Had to revendor in docker/docker again, which dropped a bunch of packages Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | spec.go: Remove cli context as func argbaude2017-11-03
|/ | | | | | | Remove cli context as a func arg to make unit tests easier. Signed-off-by: baude <bbaude@redhat.com>
* Parse SecurityOptsDaniel J Walsh2017-11-03
| | | | | | | | | This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #15 Approved by: rhatdan
* Fix lint error on spec being shadowedDaniel J Walsh2017-11-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix gofmt errorsDaniel J Walsh2017-11-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod create and runbaude2017-11-01
patched version of the same code that went into crio Signed-off-by: baude <bbaude@redhat.com>