| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
do not fail if we cannot detect the cgroup ownership. The detection
fails when running in a container, since the cgroup showed in
/proc/self/cgroup is not accessible, due to the runtime mounting it
directly as the cgroup root.
Closes: https://github.com/containers/libpod/issues/5488
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
vendor in c/common config pkg for containers.conf
Signed-off-by: Qi Wang qiwan@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
The tracing flag is not really something users should worry about.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While string variables are shown to expect a string argument, boolean
variables are not. This easily tricks users into believing they are
simple switches without arguments. Hence, explicitly mention the
default to clarify it a bit more.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
...in a consistent manner: ("a"|"b"|"c")
This makes it possible (and easy) for zsh completion to
pick those out of the --help messages and offer them
as values when user hits TAB.
I chose this format because it's an already-existing
convention in cmd/podman/common.go.
Also: removed two duplicate "default: x" messages (Cobra
displays those automatically where a non-null default
is specified).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This fixes a double-locking issue of the container storage when running
rootless podman.
Closes #4591
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\
| |
| | |
Add missing information to podman.1 man page
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add missing options.
Define the use of the TMPDIR environment variable for the storing of container images
when they are being pulled to the system.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
| |
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not generate an entire `config.Config` for displaying the default
value for the --cgroup-manager flag and just default to systemd. Not
using the `config.Config` is okay as 1) the value may change at runtime
in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly
parse the system config files and to generate the hard-coded default
config, and 3) the log-level and other attributes are not yet set during
init() causing undesirable side effects.
Fixes: #4456
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the `RuntimeConfig` along with related code from libpod into
libpod/config. Note that this is a first step of consolidating code
into more coherent packages to make the code more maintainable and less
prone to regressions on the long runs.
Some libpod definitions were moved to `libpod/define` to resolve
circular dependencies.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
if the cgroup manager is set to systemd, detect if dbus is available,
otherwise fallback to --cgroup-manager=cgroupfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
if the pause process cannot be joined, remove the pause.pid while
keeping a lock on it, and try to recreate it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
when using the remote client, users may need to specify a non-standard
port for ssh connections. we can do so on the command line and within
the remote-client configuration file.
Fixes: #3987
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
| |
do not shadow the err variable so that the correct error message can
be reported when utils.RunUnderSystemdScope fails.
Closes: https://github.com/containers/libpod/issues/4012
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
detect if the current user namespace doesn't match the configuration
in the /etc/subuid and /etc/subgid files.
If there is a mismatch, raise a warning and suggest the user to
recreate the user namespace with "system migrate", that also restarts
the containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
I hit this error and it told be to system migrate`
as opposed to `podman system migrate`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
rework an error path so that users can run the windows remote client.
also, create the basedir path for the podman-remote.conf file if it does
not exist already.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Touch up XDG, add rootless links
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number
of man pages. Make use of the XDG_CONFIG_HOME environment variable
in a rootless environment if available, or set it if not.
Also added a number of links to the Rootless Podman config page and
added the location of the auth.json files to that doc.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|/
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we report cgroupmanager default as systemd, even if the user modified
the libpod.conf. Also cgroupmanager does not work in rootless mode. This
PR correctly identifies the default cgroup manager or reports it is not supported.
Also add homeDir to correctly get the homedir if the $HOME is not set. Will
attempt to get Homedir out of /etc/passwd.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
StringSliceVar was distorting options. StringArrayVar seems to
not mangle them, so use that instead.
Thanks to Giuseppe for finding this one.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
move the logic for joining existing namespaces down to the rootless
package. In main_local we still retrieve the list of conmon pid files
and use it from the rootless package.
In addition, create a temporary user namespace for reading these
files, as the unprivileged user might not have enough privileges for
reading the conmon pid file, for example when running with a different
uidmap and root in the container is different than the rootless user.
Closes: https://github.com/containers/libpod/issues/3187
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
it is useful to migrate existing containers to a new version of
podman. Currently, it is needed to migrate rootless containers that
were created with podman <= 1.2 to a newer version which requires all
containers to be running in the same user namespace.
Closes: https://github.com/containers/libpod/issues/2935
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fix segfaults attribute to missing options
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In cases where the remote client culls options to a command, we need to
be sure that the lookup for that flag does not result in a nil pointer.
To do so, we add a Remote attribute to the podman struct and then cli
helper funcs are now aware they are remote.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
| |
we need to check if we are able to mount the container as part of the
mount command itself.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
The remote client should not honor most of the local podman "global"
options. Many of them are only applicable to where the podman backend
is actually running.
Also, removing some options for push and pull that also are not
applicable to the remote client environment.
Additionally, take some of the code from main and pop it into functions
that can be called whether local or not. This helps the remote client
and darwin builds.
Signed-off-by: baude <bbaude@redhat.com>
|