| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* runlabel
* checkpoint
* restore
* container|image exists
* mount
* unmount
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed [1], the runlabel command should execute any command
specified in a label. The reasoning behind is that we cannot restrict
which options are passed to Podman which thereby has full access to the
host (runlabels must be used with care).
With the updated semantics, runlabel will substitute the commands with a
basepath equal to "docker" or "podman" with "/proc/self/exe", and
otherwise leave the command unchanged to execute any other command on
the host.
[1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
| |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|
|
|
| |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
|
Execute the command as described by a container image. The value of the label is processed
into a command by:
1. Ensuring the first argument of the command is podman.
2. Substituting any variables with those defined by the environment or otherwise.
If no label exists in the container image, nothing is done.
podman container runlabel LABEL IMAGE extra_args
Signed-off-by: baude <bbaude@redhat.com>
|