summaryrefslogtreecommitdiff
path: root/cmd/podman/create.go
Commit message (Collapse)AuthorAge
* Do not try to enable AppArmor in rootless modeMarco Vedovati2018-08-24
| | | | | | | | | | | When in rootless mode it's not possible to load profiles or check which profiles are loaded. Added a few baseline tests to check all possible cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1250 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* apparmor: respect "unconfined" settingValentin Rothberg2018-08-09
| | | | | | | | | | The "unconfined" profile must be treated specially to turn off apparmor confinement and to avoid applying any other profile. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1241 Approved by: mheon
* Cleanup descriptions and help informationDaniel J Walsh2018-07-27
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1167 Approved by: baude
* podman: allow to specify the IPC namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* podman: allow to specify the UTS namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* podman: allow to specify the PID namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* podman: allow to specify the userns to joinGiuseppe Scrivano2018-07-24
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* We don't currently support --mac-addressDaniel J Walsh2018-07-24
| | | | | | | | | Make this clear in the docs and Command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1138 Approved by: mheon
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Option handling has become large and should be a shared functionDaniel J Walsh2018-06-22
| | | | | | | | | | | Everytime we add a new option for create, we end up having to also add it to run, this makes it error prone. Moving these to the same function makes it easier to develop and prevents user mistakes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #975 Approved by: mheon
* podman: use a different store for the rootless caseGiuseppe Scrivano2018-06-15
| | | | | | | | | so that the user has rw access to it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: accept option --rootfs to use exploded imagesGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* Aliases do not work with IsSetDaniel J Walsh2018-06-12
| | | | | | | | | Have to specify all names. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #933 Approved by: baude
* Add flag to add annotations to a containerMatthew Heon2018-06-04
| | | | | | | | | | Also add annotations from the image the container was created from. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #886 Approved by: rhatdan
* Remove --net flag and make it an alias for --networkMatthew Heon2018-05-31
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #862 Approved by: rhatdan
* do not allow port related args to be used with --network=container:Daniel J Walsh2018-05-30
| | | | | | | | | | | we cannot set additional ports on an existing container namespace, so we should not allow --network=container with publish or publish-all. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #853 Approved by: baude
* Spell check strings and commentsJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #831 Approved by: rhatdan
* podman create, start, getattachsocketbaude2018-05-21
| | | | | | | | | First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* podman should assign a host port to -p when omittedbaude2018-05-01
| | | | | | | | | | | If the user does not provide a host port when adding -p to create/run, podman should inject an available random port. podman run -p 80 .... podman should assign a random port to the host and expose the container port 80 to it Signed-off-by: baude <bbaude@redhat.com> Closes: #703 Approved by: rhatdan
* varlink imagesbaude2018-04-26
| | | | | | | | | | | | | implement varlink image functions for working with libpod with the exception of a couple due to incompletions on the libpod side of things (build). also, created a first pass at a libpodpy package which will stand as a client to working with libpod's varlink methods using python. Signed-off-by: baude <bbaude@redhat.com> Closes: #669 Approved by: baude
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* regression: tls verify should be set on registries.conf if insecurebaude2018-04-18
| | | | | | | | | | | In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude <bbaude@redhat.com> Closes: #626 Approved by: mheon
* validate dns-search values prior to creationbaude2018-04-16
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #628 Approved by: baude
* podman pull should always try to pullbaude2018-04-14
| | | | | | | | | | | | | | In the case where you have an image local, if the the user runs podman pull, we should always attempt to pull an updated image. Added a forceRemote bool to New (image) so we can differentiate between "pull" or run because the actions differ. Run does not need to pull the latest -- only run. Signed-off-by: baude <bbaude@redhat.com> Closes: #618 Approved by: baude
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Only allocate tty when -tbaude2018-04-03
| | | | | | | | | | | In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it. Resolves: #573 Signed-off-by: baude <bbaude@redhat.com> Closes: #574 Approved by: rhatdan
* --entrypoint= should delete existing entrypointbaude2018-04-03
| | | | | | | | | Resolves: #572 Signed-off-by: baude <bbaude@redhat.com> Closes: #585 Approved by: mheon
* Add secrets patch to podmanumohnani82018-03-29
| | | | | | | | | | Adds support for mounting secrets especially on RHEL where the container can use the host subsription to run yum Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #544 Approved by: rhatdan
* podman: new option --conmon-pidfile=Giuseppe Scrivano2018-03-29
| | | | | | | | | | | | | | | | | | | so that it is possible to use systemd to automatically restart the container: [Service] Type=forking PIDFile=/run/awesome-service.pid ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something ExecStopPost=/usr/bin/podman rm awesome Restart=always Closes: https://github.com/projectatomic/libpod/issues/534 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #549 Approved by: rhatdan
* If cidfile exists, do not proceedbaude2018-03-23
| | | | | | | | | | | | | Both podman run and create have an option to write the container ID to a file. The option is called cidfile. If the cidfile exists, we should not create or run a container but rather output a sensical error message. Resolves: #530 Signed-off-by: baude <bbaude@redhat.com> Closes: #531 Approved by: rhatdan
* Migrate podman inspect and tag to image librarybaude2018-03-21
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #525 Approved by: baude
* Image library stage 4 - create and commitbaude2018-03-20
| | | | | | | | | | Migrate the podman create and commit subcommandis to leverage the images library. I also had to migrate the cmd/ portions of run and rmi. Signed-off-by: baude <bbaude@redhat.com> Closes: #498 Approved by: mheon
* Add signal proxying to podman run, start, and attachMatthew Heon2018-03-15
| | | | | | | Also removes sig-proxy from 'podman create', where is does not make sense. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* We should not have a default workdirDaniel J Walsh2018-03-15
| | | | | | | | | | Having a default workdir is causing us not to use the container images workdir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #501 Approved by: mheon
* Stage3 Image Librarybaude2018-03-14
| | | | | | | | | | | | | This represents the stage3 implementation for the image library. At this point, we are moving the image-centric functions to pkg/image including migration of args and object-oriented references. This is a not a one-for-one migration of funcs and some funcs will need to continue to reside in runtime_img as they are overly specific to libpod and probably not useful to others. Signed-off-by: baude <bbaude@redhat.com> Closes: #484 Approved by: baude
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Fix podman save when redirecting outputumohnani82018-02-20
| | | | | | | | | | | podman save would write the progress bar to the image tar file when the output was redirected with >. Fixed the writer to write to stderr for all commands using writer Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #362 Approved by: mheon
* No entrpoint, cmd, or commandbaude2018-02-15
| | | | | | | | | | | | | When an image does not have an ENTRYPOINT nor a CMD and the user does not provide a command in the CLI, we should fail gracefully. This resolves issue #328 Signed-off-by: baude <bbaude@redhat.com> Closes: #333 Approved by: mheon
* Change json to match docker inspectDaniel J Walsh2018-02-11
| | | | | | | | | | Changing these fields caused the output of podman inspect to more closely match docker inspect. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #306 Approved by: mheon
* Honor ENTRYPOINT in imagebaude2018-02-11
| | | | | | | | | | | | | When an image has an ENTRYPOINT defined, we should be honoring it. The problem is described in issue #321. Also, added buildah binary to test runtimes for testing entrypoint and will also allow us to test podman build as well. Signed-off-by: baude <bbaude@redhat.com> Closes: #322 Approved by: rhatdan
* Rework port codebaude2018-02-09
| | | | | | | | | | | Rework port code for generalized clean up and to address issue #269 where additional portbindings between host and containers we being introduced by error. Signed-off-by: baude <bbaude@redhat.com> Closes: #308 Approved by: mheon
* Change stop signal default to SIGTERMMatthew Heon2018-02-06
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #299 Approved by: rhatdan