| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
When in rootless mode it's not possible to load profiles or
check which profiles are loaded.
Added a few baseline tests to check all possible cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1250
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
The "unconfined" profile must be treated specially to turn off apparmor
confinement and to avoid applying any other profile.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1241
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1167
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1145
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1145
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1145
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1145
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Make this clear in the docs and Command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1138
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Check at runtime if AppArmor is enabled on the host.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1128
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
podman now supports --volumes-from flag, which allows users
to add all the volumes an existing container has to a new one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #931
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Everytime we add a new option for create, we end up having to also
add it to run, this makes it error prone. Moving these to the same
function makes it easier to develop and prevents user mistakes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #975
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
so that the user has rw access to it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Have to specify all names.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #933
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Also add annotations from the image the container was created
from.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #886
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #862
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
we cannot set additional ports on an existing container namespace, so we should
not allow --network=container with publish or publish-all.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #853
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #831
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
First pass at implement API endpoints for create and start.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #805
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
If the user does not provide a host port when adding -p to create/run, podman should inject an available random port.
podman run -p 80 .... podman should assign a random port to the host and expose the container port 80 to it
Signed-off-by: baude <bbaude@redhat.com>
Closes: #703
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #628
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where you have an image local, if the the user runs
podman pull, we should always attempt to pull an updated image.
Added a forceRemote bool to New (image) so we can differentiate
between "pull" or run because the actions differ. Run does not
need to pull the latest -- only run.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #618
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Resolves: #572
Signed-off-by: baude <bbaude@redhat.com>
Closes: #585
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
so that it is possible to use systemd to automatically restart the
container:
[Service]
Type=forking
PIDFile=/run/awesome-service.pid
ExecStart=/usr/bin/podman run --conmon-pidfile=/run/awesome-service.pid --name awesome -d IMAGE /usr/bin/do-something
ExecStopPost=/usr/bin/podman rm awesome
Restart=always
Closes: https://github.com/projectatomic/libpod/issues/534
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #549
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both podman run and create have an option to write the container ID to a file. The option
is called cidfile. If the cidfile exists, we should not create or run a container but rather
output a sensical error message.
Resolves: #530
Signed-off-by: baude <bbaude@redhat.com>
Closes: #531
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #525
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Migrate the podman create and commit subcommandis to leverage the images library. I also had
to migrate the cmd/ portions of run and rmi.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #498
Approved by: mheon
|
|
|
|
|
|
|
| |
Also removes sig-proxy from 'podman create', where is does not
make sense.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Having a default workdir is causing us not to use the
container images workdir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #501
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This represents the stage3 implementation for the image library. At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references. This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #484
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #369
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
podman save would write the progress bar to the image tar file
when the output was redirected with >.
Fixed the writer to write to stderr for all commands using writer
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #362
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an image does not have an ENTRYPOINT nor a CMD and the
user does not provide a command in the CLI, we should fail
gracefully.
This resolves issue #328
Signed-off-by: baude <bbaude@redhat.com>
Closes: #333
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Changing these fields caused the output of podman inspect to more
closely match docker inspect.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #306
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an image has an ENTRYPOINT defined, we should be honoring it. The
problem is described in issue #321.
Also, added buildah binary to test runtimes for testing entrypoint and
will also allow us to test podman build as well.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #322
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Rework port code for generalized clean up and to address
issue #269 where additional portbindings between host
and containers we being introduced by error.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #308
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #299
Approved by: rhatdan
|