aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman/exec.go
Commit message (Collapse)AuthorAge
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix regression when using exec on old containersGiuseppe Scrivano2019-03-27
| | | | | | | | | fallback to the previous behavior of joining only the user namespace, when we cannot join the conmon userns+mount namespaces. Closes: https://github.com/containers/libpod/issues/2673 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* preparation for remote-client create containerbaude2019-03-11
| | | | | | | | | to prepare for being able to remotely run a container, we need to perform a refactor to get code out of main because it is not reusable. the shared location is a good starting spot though eventually some will likely end up in pkg/spec/ at some point. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2569 from giuseppe/rootless-fix-exec-with-userOpenShift Merge Robot2019-03-08
|\ | | | | rootless: exec join the user+mount namespace
| * rootless: exec join the user+mount namespaceGiuseppe Scrivano2019-03-07
| | | | | | | | | | | | | | | | | | | | | | it is not enough to join the user namespace where the container is running. We also need to join the mount namespace so that we can correctly look-up inside of the container rootfs. This is necessary to lookup the mounted /etc/passwd file when --user is specified. Closes: https://github.com/containers/libpod/issues/2566 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix help commands to show short and long description.Daniel J Walsh2019-03-07
|/ | | | | | Cleanup lots of help information to look good when displayed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* exec: support --preserve-fdsGiuseppe Scrivano2019-03-02
| | | | | | | | Allow to pass additional FDs to the process being executed. Closes: https://github.com/containers/libpod/issues/2372 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Allow Exec API user to override streamsPeter Hunt2019-02-28
| | | | | | Allow passing in of AttachStreams to libpod.Exec() for usage in podman healthcheck. An API caller can now specify different streams for stdout, stderr and stdin, or no streams at all. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Better usage synopses for subcommandsEd Santiago2019-02-26
| | | | | | | Conceptually simple: include, where applicable, a brief description of command-line options for each subcommand. Signed-off-by: Ed Santiago <santiago@redhat.com>
* hide --latest on the remote-clientbaude2019-02-22
| | | | | | | | in the case of the remote-client, it was decided to hide the latest flag to avoid confusion for end-users on what the "last" container, volume, or pod are. Signed-off-by: baude <bbaude@redhat.com>
* Second chunk of Cobra helpTomSweeneyRedHat2019-02-15
| | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Adds examples to Cobra help for a second chunk of commands. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Don't show global flags except for podman commandDaniel J Walsh2019-02-12
| | | | | | | | | Subcommands should not be showing the global flags. This causes the important information to scroll off the screen. Also fixed a typo on runCommmand (Too many 'm's) Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Separate remote and local commandsbaude2019-02-11
| | | | | | | | In the previous CLI, we had an accurate depiction of commands available for the remote client and those available for the local client. Signed-off-by: baude <bbaude@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Honor image environment variables with execAnders F Björklund2019-01-07
| | | | | | | | Was reading the "env" argument twice instead of image. Closes #2063 Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Sort all command flagsQi Wang2018-10-11
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* don't print help message for usage errorsValentin Rothberg2018-08-31
| | | | | | | | | | | | | | | | | Don't print potentially verbose help messages in case of usage errors, but print only the usage error followed by a pointer to the command's help. This aligns with Docker. ``` $ podman run -h flag needs an argument: -h See 'podman run --help'. ``` Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1379 Approved by: rhatdan
* rootless, exec: use the new function to join the usernsGiuseppe Scrivano2018-08-29
| | | | | | | | | | since we have a way for joining an existing userns use it instead of nsenter. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* varlink imagesbaude2018-04-26
| | | | | | | | | | | | | implement varlink image functions for working with libpod with the exception of a couple due to incompletions on the libpod side of things (build). also, created a first pass at a libpodpy package which will stand as a client to working with libpod's varlink methods using python. Signed-off-by: baude <bbaude@redhat.com> Closes: #669 Approved by: baude
* Add -i to exec for compatibility reasonsbaude2018-04-11
| | | | | | | | | | | No change to functionality Issue: #606 Signed-off-by: baude <bbaude@redhat.com> Closes: #607 Approved by: rhatdan
* podman exec should handle options --env fooDaniel J Walsh2018-03-26
| | | | | | | | | | | | | If the user does not specify foo=bar, then the exec code should look for the foo environment variable in its environment and pass it in. This is the way podman run works. Also added tests to make sure this all works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #552 Approved by: mheon
* Stage3 Image Librarybaude2018-03-14
| | | | | | | | | | | | | This represents the stage3 implementation for the image library. At this point, we are moving the image-centric functions to pkg/image including migration of args and object-oriented references. This is a not a one-for-one migration of funcs and some funcs will need to continue to reside in runtime_img as they are overly specific to libpod and probably not useful to others. Signed-off-by: baude <bbaude@redhat.com> Closes: #484 Approved by: baude
* Shortcut for most recent containerbaude2018-01-08
| | | | | | | | | | | | It is desirable to have a shortcut for the most recently created container. We can now use "**latest" to represent the most recent container instead of its container ID or name. For example: Signed-off-by: baude <bbaude@redhat.com> Closes: #179 Approved by: baude
* Exec: No arg reorderbaude2017-12-28
| | | | | | | | | | | Do not re-order the args for exec. Like run, it is very possible that a user will pass a -something in their command and this currently does not work. Signed-off-by: baude <bbaude@redhat.com> Closes: #168 Approved by: baude
* Rename all references to kpod to podmanDaniel J Walsh2017-12-18
The decision is in, kpod is going to be named podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #145 Approved by: umohnani8