summaryrefslogtreecommitdiff
path: root/cmd/podman/main_local.go
Commit message (Collapse)AuthorAge
* rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Need to include command name in error messageDaniel J Walsh2019-08-21
| | | | | | | I hit this error and it told be to system migrate` as opposed to `podman system migrate` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* enable windows remote clientbaude2019-08-08
| | | | | | | | | rework an error path so that users can run the windows remote client. also, create the basedir path for the podman-remote.conf file if it does not exist already. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3466 from TomSweeneyRedHat/dev/tsweeney/myhomeOpenShift Merge Robot2019-08-06
|\ | | | | Touch up XDG, add rootless links
| * Touch up XDG, add rootless linksTomSweeneyRedHat2019-07-29
| | | | | | | | | | | | | | | | | | | | | | Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number of man pages. Make use of the XDG_CONFIG_HOME environment variable in a rootless environment if available, or set it if not. Also added a number of links to the Rootless Podman config page and added the location of the auth.json files to that doc. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Add a flag to set events logger typeMatthew Heon2019-07-31
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* first pass of corrections for golangci-lintbaude2019-07-10
| | | | Signed-off-by: baude <bbaude@redhat.com>
* util: drop IsCgroup2UnifiedMode and use it from cgroupsGiuseppe Scrivano2019-06-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Correctly identify the defaults for cgroup-managerDaniel J Walsh2019-06-15
| | | | | | | | | | | Currently we report cgroupmanager default as systemd, even if the user modified the libpod.conf. Also cgroupmanager does not work in rootless mode. This PR correctly identifies the default cgroup manager or reports it is not supported. Also add homeDir to correctly get the homedir if the $HOME is not set. Will attempt to get Homedir out of /etc/passwd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix storage-opts type in CobraMatthew Heon2019-06-14
| | | | | | | | | StringSliceVar was distorting options. StringArrayVar seems to not mangle them, so use that instead. Thanks to Giuseppe for finding this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
* rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: migrate stops the pause processGiuseppe Scrivano2019-05-17
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* enable podman-remote on windowsbaude2019-04-30
| | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2946 from baude/segsOpenShift Merge Robot2019-04-16
|\ | | | | Fix segfaults attribute to missing options
| * Fix segfaults attribute to missing optionsbaude2019-04-15
| | | | | | | | | | | | | | | | | | In cases where the remote client culls options to a command, we need to be sure that the lookup for that flag does not result in a nil pointer. To do so, we add a Remote attribute to the podman struct and then cli helper funcs are now aware they are remote. Signed-off-by: baude <bbaude@redhat.com>
* | rootless, mount: not create namespaceGiuseppe Scrivano2019-04-15
|/ | | | | | | we need to check if we are able to mount the container as part of the mount command itself. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Initial remote flag clean upbaude2019-04-10
The remote client should not honor most of the local podman "global" options. Many of them are only applicable to where the podman backend is actually running. Also, removing some options for push and pull that also are not applicable to the remote client environment. Additionally, take some of the code from main and pop it into functions that can be called whether local or not. This helps the remote client and darwin builds. Signed-off-by: baude <bbaude@redhat.com>