summaryrefslogtreecommitdiff
path: root/cmd/podman/main_local.go
Commit message (Collapse)AuthorAge
* Cleanup whether to enter user namespace for rootless commandsDaniel J Walsh2020-04-03
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: make cgroup ownership detection not fatalGiuseppe Scrivano2020-03-30
| | | | | | | | | | | do not fail if we cannot detect the cgroup ownership. The detection fails when running in a container, since the cgroup showed in /proc/self/cgroup is not accessible, due to the runtime mounting it directly as the cgroup root. Closes: https://github.com/containers/libpod/issues/5488 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add support for containers.confDaniel J Walsh2020-03-27
| | | | | | | vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* hide --trace flagValentin Rothberg2020-03-10
| | | | | | The tracing flag is not really something users should worry about. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman --help: mention defaults of boolsValentin Rothberg2020-03-10
| | | | | | | | | While string variables are shown to expect a string argument, boolean variables are not. This easily tricks users into believing they are simple switches without arguments. Hence, explicitly mention the default to clarify it a bit more. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Usage messages: show possible option valuesEd Santiago2020-01-08
| | | | | | | | | | | | | | | | | ...in a consistent manner: ("a"|"b"|"c") This makes it possible (and easy) for zsh completion to pick those out of the --help messages and offer them as values when user hits TAB. I chose this format because it's an already-existing convention in cmd/podman/common.go. Also: removed two duplicate "default: x" messages (Cobra displays those automatically where a non-null default is specified). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Do not initialize store on rootless podmanSascha Grunert2019-11-29
| | | | | | | | | This fixes a double-locking issue of the container storage when running rootless podman. Closes #4591 Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #4475 from rhatdan/tmpdirOpenShift Merge Robot2019-11-26
|\ | | | | Add missing information to podman.1 man page
| * Add missing information to podman.1 man pageDaniel J Walsh2019-11-08
| | | | | | | | | | | | | | | | Add missing options. Define the use of the TMPDIR environment variable for the storing of container images when they are being pulled to the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | codespell: spelling correctionsDmitry Smirnov2019-11-13
|/ | | | Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
* help message: don't parse the config for cgroup-manager defaultValentin Rothberg2019-11-06
| | | | | | | | | | | | | Do not generate an entire `config.Config` for displaying the default value for the --cgroup-manager flag and just default to systemd. Not using the `config.Config` is okay as 1) the value may change at runtime in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly parse the system config files and to generate the hard-coded default config, and 3) the log-level and other attributes are not yet set during init() causing undesirable side effects. Fixes: #4456 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* add libpod/configValentin Rothberg2019-10-31
| | | | | | | | | | | | Refactor the `RuntimeConfig` along with related code from libpod into libpod/config. Note that this is a first step of consolidating code into more coherent packages to make the code more maintainable and less prone to regressions on the long runs. Some libpod definitions were moved to `libpod/define` to resolve circular dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* support non-standard ssh port for remote-clientbaude2019-09-17
| | | | | | | | | | when using the remote client, users may need to specify a non-standard port for ssh connections. we can do so on the command line and within the remote-client configuration file. Fixes: #3987 Signed-off-by: baude <bbaude@redhat.com>
* rootless: report the correct errorGiuseppe Scrivano2019-09-13
| | | | | | | | | do not shadow the err variable so that the correct error message can be reported when utils.RunUnderSystemdScope fails. Closes: https://github.com/containers/libpod/issues/4012 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Need to include command name in error messageDaniel J Walsh2019-08-21
| | | | | | | I hit this error and it told be to system migrate` as opposed to `podman system migrate` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* enable windows remote clientbaude2019-08-08
| | | | | | | | | rework an error path so that users can run the windows remote client. also, create the basedir path for the podman-remote.conf file if it does not exist already. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3466 from TomSweeneyRedHat/dev/tsweeney/myhomeOpenShift Merge Robot2019-08-06
|\ | | | | Touch up XDG, add rootless links
| * Touch up XDG, add rootless linksTomSweeneyRedHat2019-07-29
| | | | | | | | | | | | | | | | | | | | | | Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number of man pages. Make use of the XDG_CONFIG_HOME environment variable in a rootless environment if available, or set it if not. Also added a number of links to the Rootless Podman config page and added the location of the auth.json files to that doc. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Add a flag to set events logger typeMatthew Heon2019-07-31
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* first pass of corrections for golangci-lintbaude2019-07-10
| | | | Signed-off-by: baude <bbaude@redhat.com>
* util: drop IsCgroup2UnifiedMode and use it from cgroupsGiuseppe Scrivano2019-06-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Correctly identify the defaults for cgroup-managerDaniel J Walsh2019-06-15
| | | | | | | | | | | Currently we report cgroupmanager default as systemd, even if the user modified the libpod.conf. Also cgroupmanager does not work in rootless mode. This PR correctly identifies the default cgroup manager or reports it is not supported. Also add homeDir to correctly get the homedir if the $HOME is not set. Will attempt to get Homedir out of /etc/passwd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix storage-opts type in CobraMatthew Heon2019-06-14
| | | | | | | | | StringSliceVar was distorting options. StringArrayVar seems to not mangle them, so use that instead. Thanks to Giuseppe for finding this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
* rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: migrate stops the pause processGiuseppe Scrivano2019-05-17
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* enable podman-remote on windowsbaude2019-04-30
| | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2946 from baude/segsOpenShift Merge Robot2019-04-16
|\ | | | | Fix segfaults attribute to missing options
| * Fix segfaults attribute to missing optionsbaude2019-04-15
| | | | | | | | | | | | | | | | | | In cases where the remote client culls options to a command, we need to be sure that the lookup for that flag does not result in a nil pointer. To do so, we add a Remote attribute to the podman struct and then cli helper funcs are now aware they are remote. Signed-off-by: baude <bbaude@redhat.com>
* | rootless, mount: not create namespaceGiuseppe Scrivano2019-04-15
|/ | | | | | | we need to check if we are able to mount the container as part of the mount command itself. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Initial remote flag clean upbaude2019-04-10
The remote client should not honor most of the local podman "global" options. Many of them are only applicable to where the podman backend is actually running. Also, removing some options for push and pull that also are not applicable to the remote client environment. Additionally, take some of the code from main and pop it into functions that can be called whether local or not. This helps the remote client and darwin builds. Signed-off-by: baude <bbaude@redhat.com>