| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add mask and unmask option to --security-opt
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
when formatting mount options into a string for the compat container create, the options need to be comma delimited.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The `ancestor` option was missing an equal sign. Therefore
the completion did not work as expected.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
Add support for --platform
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For docker compatibility we need to support --platform
flag.
podman create --platform
podman run --platform
podman pull --platform
Since we have --override-os and --override-arch already
this can be done just by modifying the client to split
the --platform call into os and arch and then pass those
options to the server side.
Fixes: https://github.com/containers/podman/issues/6244
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| | |
the volumes provided is seemingly useless representing what volumes
should be added to a container. instead, the host config bindings should
be used as they acurately describe the src/dest and options for
bindings.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
As described in issue #8507 this commit contains a breaking
change which is not wanted in v2.2.
We can discuss later if we want this in 3.0 or not.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The volume src path should not be validated in specgen since
the remote client also uses that part and the path must only
exists on the server. This now fails later and only on the
server and not the client.
I don't think I can add a test for this because the CI runs
server and client always on the same vm.
Fixes #8473
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Implement shell completion for podman top
|
| | |
| |
| |
| | |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes #8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
more shell completion improvements
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If we return `ShellCompDirectiveError` to the shell the shell will
provide path completion. In none of that cases we want path completion
so it will be better to return `ShellCompDirectiveNoFileComp` instead
and log the error in case we need it.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* podman image ls --filter
* podman network ls --filter
* podman volume ls --filter
* podman network connect/disconnect
* podman events --filter
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
APIv2 - wrong command and args for created container
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
use nil instead of empty string as default value for entrypoint in ContainerCLIOpts -
empty string signifies user wants to override image entry point value
Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
|
| |\ \ \
| |_|/
|/| | |
Allow containers to --restart on-failure with --rm
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Enable remote shell completion without a running endpoint
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The problem is that we always unconditionally setup up the
`ContainerEngine/ImageEngine`. This requires an running
endpoint. Most completions (e.g. flag names) do not need
them and should not fail. This commit makes sure we only
setup the engines as needed in the completions.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| |/
|/| |
Allow multiple --network flags for podman run/create
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We allow a container to be connected to several cni networks
but only if they are listed comma sperated. This is not intuitive
for users especially since the flag parsing allows multiple string
flags but only would take the last value. see: spf13/pflag#72
Also get rid of the extra parsing logic for pods. The invalid options
are already handled by `pkg/specgen`.
A test is added to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
|
|
|
| |
Currently we don't document which end of the podman-remote client server
operations uses the containers.conf. This PR begins documenting this
and then testing to make sure the defaults follow the rules.
Fixes: https://github.com/containers/podman/issues/7657
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add all available filter options for `podman ps` and `podman
pod ps` to the completions. Refactor the code a bit to make it
easier to handle key value pairs in completions. The
`completeKeyValues` function helps to reduce code duplication.
Also make use of the new filter logic in the completions.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
| |
Stop over wrapping API Calls
The API calls will return an appropriate error, and this wrapping
just makes the error message look like it is stuttering and a
big mess.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One main advantage of the new shell completion logic is that
we can easly parse flags and adjust based on the given flags
the suggestions. For example some commands accept the
`--latest` flag only if no arguments are given.
This commit implements this logic in a simple maintainable way
since it reuses the already existing `Args` function in the
cmd struct.
I also refactored the `getXXX` function to match based on the
namei/id which could speed up the shell completion with many
containers, images, etc...
I also added the degraded status to the valid pod status
filters which was implemented in #8081.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow automatic generation for shell completion scripts
with the internal cobra functions (requires v1.0.0+).
This should replace the handwritten completion scripts
and even adds support for fish. With this approach it is
less likley that completions and code are out of sync.
We can now create the scripts with
- podman completion bash
- podman completion zsh
- podman completion fish
To test the completion run:
source <(podman completion bash)
The same works for podman-remote and podman --remote and
it will complete your remote containers/images with
the correct endpoints values from --url/--connection.
The completion logic is written in go and provided by the
cobra library. The completion functions lives in
`cmd/podman/completion/completion.go`.
The unit test at cmd/podman/shell_completion_test.go checks
if each command and flag has an autocompletion function set.
This prevents that commands and flags have no shell completion set.
This commit does not replace the current autocompletion scripts.
Closes #6440
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
| |
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
when running container creation as rootless on the compatibility layer,
we need to make sure settings are not being done for memory and memory
swappiness.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Allow users to mount with unbindable flag
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Allow users to specify unbindable on volume command line
Switch internal mounts to rprivate to help prevent leaks.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new "image" mount type to `--mount`. The source of the mount is
the name or ID of an image. The destination is the path inside the
container. Image mounts further support an optional `rw,readwrite`
parameter which if set to "true" will yield the mount writable inside
the container. Note that no changes are propagated to the image mount
on the host (which in any case is read only).
Mounts are overlay mounts. To support read-only overlay mounts, vendor
a non-release version of Buildah.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
when using the compatibility endpoint to create a container, we should only set certain resources when we are provided a value for them or we result in fields with zero values.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
podman create doesn't support creating detached containers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Convert Split() calls with an equal sign to SplitN()
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After seeing #7759, I decided to look at the calls in
Podman and Buildah to see if we had issues with strings.Split()
calls where an "=" (equals) sign was in play and we expected
to split on only the first one.
There were only one or two that I found in here that I think
might have been troubling, the remainder are just adding
some extra safety.
I also had another half dozen or so that were checking length
expectations appropriately, those I left alone.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
All formatting for containers stack moved into one package
The does not correct issue with headers when using custom tables
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
| |
when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Podman 1.9.3, `podman run -p 80` would assign port 80 in the
container to a random port on the host. In Podman 2.0 and up, it
assigned Port 80 in the container to Port 80 on the host. This is
an easy fix, fortunately - just need to remove the bit that
assumed host port, if not given, should be set to container port.
We also had a test for the bad behavior, so fix it to test for
the correct way of doing things.
Fixes #7947
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Docker supports log-opt max_size and so does conmon (ALthough poorly).
Adding support for this allows users to at least make sure their containers
logs do not become a DOS vector.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |\
| |
| | |
Updating on supported restart policy
|
| | |
| |
| |
| | |
Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If user sets namespace to host, then default sysctls need to be ignored
that are specific to that namespace.
--net=host ignore sysctls that begin with net.
--ipc=host ignore fs.mqueue
--uts=host ignore kernel.domainname and kernel.hostname
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the --pull missing|always|never is ignored
This PR implements this for local API. For remote we
need to default to pullpolicy specified in the containers.conf
file.
Also fixed an issue when images were matching other images names
based on prefix, causing images to always be pulled.
I had named an image myfedora and when ever I pulled fedora, the system
thought that it there were two images named fedora since it was checking
for the name fedora as well as the prefix fedora. I changed it to check
for fedora and the prefix /fedora, to prefent failures like I had.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add a bunch of tests to ensure that --volumes-from
works as expected.
Also align the podman create and run man page.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
