summaryrefslogtreecommitdiff
path: root/cmd/podman/common
Commit message (Collapse)AuthorAge
* Implements Windows volume/mount supportJason T. Greene2022-04-25
| | | | | | | Based on WSL2 9p support: remaps windows paths to /mnt/<drive> locations for both podman and Docker API clients. Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Add support for --userns=nomapDaniel J Walsh2022-04-21
| | | | | | | | | | | From a security point of view, it would be nice to be able to map a rootless usernamespace that does not use your own UID within the container. This would add protection against a hostile process escapping the container and reading content in your homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add missing events to podman-events man pageDaniel J Walsh2022-04-19
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13868 from cdoern/cloneSwapOpenShift Merge Robot2022-04-15
|\ | | | | Fix Memory Swappiness passing in Container Clone
| * Fix Memory Swappiness passing in Container Clonecdoern2022-04-14
| | | | | | | | | | | | | | | | | | `DefineCreateFlags` was excluding clone from using the memory-swappiness flag leading the value to be zero when our deafult is -1. Rearrange the if/else to give clone these memory related options resolves #13856 Signed-off-by: cdoern <cdoern@redhat.com>
* | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
| | | | | | | | | | | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | compat api: use network mode bridge as defaultPaul Holzinger2022-04-13
| | | | | | | | | | | | | | | | | | | | | | For better docker compatibility we should use the bridge network mode as default for rootless. This was already done previously but commit 535818414c2a introduced this regression in v4.0. Since the apiv2 test are only run rootful we cannot catch this problem in CI. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13787 from Luap99/nohost-apiOpenShift Merge Robot2022-04-12
|\ \ | |/ |/| API: use no_hosts from containers.conf
| * API: use no_hosts from containers.confPaul Holzinger2022-04-11
| | | | | | | | | | | | | | | | | | The API endpoints should properly honour the `no_hosts=true` setting in containers.conf. Fixes #13719 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | network create: add support for ipam-driver nonePaul Holzinger2022-04-11
|/ | | | | | | | | Add a new flag to set the ipam-driver. Also adds a new ipam driver none mode which only creates interfaces but does not assign addresses. Fixes #13521 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* specgen: do not set OOMScoreAdj by defaultGiuseppe Scrivano2022-04-04
| | | | | | | | | do not force a value of OOMScoreAdj=0 if it is wasn't specified by the user. Closes: https://github.com/containers/podman/issues/13731 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* container: allow clone to an existing podGiuseppe Scrivano2022-03-24
| | | | | | Closes: https://github.com/containers/podman/issues/3979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* linter: enable wastedassignValentin Rothberg2022-03-22
| | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Deduplicate between Volumes and Mounts in compat APIMatthew Heon2022-03-17
| | | | | | | | | | | | | Docker Compose v2.0 passes mount specifications in two different places: Volumes (just the destination) and Mounts (full info provided - source, destination, etc). This was causing Podman to refuse to create containers, as the destination was used twice. Deduplicate between Mounts and Volumes, preferring volumes, to resolve this. Fixes #11822 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add support for --chrootdirsLStandman2022-03-14
| | | | Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
* Fix handling of tmpfs-mode for tmpfs creation in compat modeDaniel J Walsh2022-03-09
| | | | | | | | | | | | The permissions on disk were wrong since we were not converting to octal. Fixes: https://github.com/containers/podman/issues/13108 [NO NEW TESTS NEEDED] Since we don't currently test using the docker client Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* create: Fix key=value annotation in the flag outputMorten Linderud2022-02-14
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Morten Linderud <morten@linderud.pw>
* Move each search dns to its own lineDaniel J Walsh2022-02-02
| | | | | | | | | | Alpine does not seem to use search correctly when there are multiple search domains on the same line. It only uses the first with the advent. When podman runs within a separate network we are appending on dns.podman as a search, if you add a search domain, then this causes the local search on network to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Only change network fields if they were actually changed by the userDaniel J Walsh2022-02-02
| | | | | | Fixes: https://github.com/containers/podman/issues/13065 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Standardize on capatalized CgroupsDaniel J Walsh2022-01-14
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12642 from Luap99/libnetworkOpenShift Merge Robot2022-01-13
|\ | | | | use libnetwork from c/common
| * use libnetwork from c/commonPaul Holzinger2022-01-12
| | | | | | | | | | | | | | | | The libpod/network packages were moved to c/common so that buildah can use it as well. To prevent duplication use it in podman as well and remove it from here. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Podman Pod Create --sysctl supportcdoern2022-01-12
|/ | | | | | | | | | added support for pod wide sysctls. The sysctls supported are the same as the continer run controls. These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl resolves #12747 Signed-off-by: cdoern <cdoern@redhat.com>
* fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
| | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ | | | | Pod Security Option support and Infra Inheritance changes
| * Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | add --ip6 flag to podman create/runPaul Holzinger2022-01-03
|/ | | | | | | | | | | | Add the --ipv6 flag to podman create/run and pod create. We support the --network name:ip6=<ip> syntax now but for docker compat we should also support the --ip6 flag. Note that there is no validation if the ip is actually a v6 or v4 address because the backend does not care either. Fixes #7511 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Allow users to add host user accounts to /etc/passwdDaniel J Walsh2021-12-23
| | | | | | | | | | | Some containers require certain user account(s) to exist within the container when they are run. This option will allow callers to add a bunch of passwd entries from the host to the container even if the entries are not in the local /etc/passwd file on the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ | | | | network db rewrite
| * support advanced network configuration via cliPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework the --network parse logic to support multiple networks with specific network configuration settings. --network can now be set multiple times. For bridge network mode the following options have been added: - **alias=name**: Add network-scoped alias for the container. - **ip=IPv4**: Specify a static ipv4 address for this container. - **ip=IPv6**: Specify a static ipv6 address for this container. - **mac=MAC**: Specify a static mac address address for this container. - **interface_name**: Specify a name for the created network interface inside the container. So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99 for the default bridge network as well as for network names. This is better than using --ip because we can set the ip per network without any confusion which network the ip address should be assigned to. The --ip, --mac-address and --network-alias options are still supported but --ip or --mac-address can only be set when only one network is set. This limitation already existed previously. The ability to specify a custom network interface name is new Fixes #11534 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Add new networks format to spegecenPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | Add the new networks format to specgen. For api users cni_networks is still supported to make migration easier however the static ip and mac fields are removed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12595 from Luap99/network-idOpenShift Merge Robot2021-12-14
|\ \ | | | | | | fix network id handling
| * | fix network id handlingPaul Holzinger2021-12-14
| |/ | | | | | | | | | | | | | | | | We have to get the network ID from the network backend. With the netavark backend we no longer use the sha from the name as ID. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / Add secret list --filter to cliJakub Guzik2021-12-14
|/ | | | | | | This PR is a follow-up of #11431. It adds possibility of filtering secret list based on id and name. Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman, push: expose --compression-formatGiuseppe Scrivano2021-12-01
| | | | | | support overriding the compression format at push time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix: parsing of HostConfig.Mounts for container createMatej Vasek2021-11-29
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* podman-remote does not support signature-policyDaniel J Walsh2021-11-19
| | | | | | Fixes: https://github.com/containers/podman/issues/12357 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add flag to overwrite network backend from configPaul Holzinger2021-11-11
| | | | | | | To make testing easier we can overwrite the network backend with the global `--network-backend` option. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* tweak a couple of flag descriptions in help outputNalin Dahyabhai2021-11-04
| | | | | | Descriptions of flags don't need to start with whitespace of their own. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* container create: fix --tls-verify parsingValentin Rothberg2021-10-27
| | | | | | | | | Make sure that the value is only set if specified on the CLI. c/image already defaults to true but if set in the system context, we'd skip settings in the registries.conf. Fixes: #11933 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11991 from rhatdan/sizeOpenShift Merge Robot2021-10-22
|\ | | | | Allow API to specify size and inode quota
| * Allow API to specify size and inode quotaDaniel J Walsh2021-10-18
| | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11016 [NO NEW TESTS NEEDED] We have no easy way to tests this in CI/CD systems. Requires quota to be setup on directories to work. Fixes: https://github.com/containers/podman/issues/11016 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Remove --kernel-memory optionsDaniel J Walsh2021-10-21
|/ | | | | | | | | | | | | | | Kernel memory option has been depracated in runtime-spec, It is believed that it will not work properly on certain kernels. runc ignores it. This PR removes documentation of the flag and also prints a warning if a user uses it. [NO NEW TESTS NEEDED] Helps Fix: https://github.com/containers/podman/issues/12045 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix panic in container create compat apiPaul Holzinger2021-10-14
| | | | | | | | | The bind and tmpfs options can be nil, we have to check that before we try to use it. Fixes #11961 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Pod Volumes From Supportcdoern2021-10-01
| | | | | | | added support for a volumes from container. this flag just required movement of the volumes-from flag declaration out of the !IsInfra block, and minor modificaions to container_create.go Signed-off-by: cdoern <cdoern@redhat.com>