summaryrefslogtreecommitdiff
path: root/cmd/podman/shared
Commit message (Collapse)AuthorAge
* Merge pull request #4337 from QiWang19/check_auth_pathOpenShift Merge Robot2019-11-08
|\ | | | | fix bug check nonexist authfile
| * fix bug check nonexist authfileQi Wang2019-11-05
| | | | | | | | | | | | | | | | | | Use GetDefaultAuthFile() from buildah. For podman command(except login), if authfile does not exist returns error. close #4328 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Split up create config handling of namespaces and securityPeter Hunt2019-11-07
| | | | | | | | | | | | | | | | As it stands, createconfig is a huge struct. This works fine when the only caller is when we create a container with a fully created config. However, if we wish to share code for security and namespace configuration, a single large struct becomes unweildy, as well as difficult to configure with the single createConfigToOCISpec function. This PR breaks up namespace and security configuration into their own structs, with the eventual goal of allowing the namespace/security fields to be configured by the pod create cli, and allow the infra container to share this with the pod's containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | podman: add support for specifying MACJakub Filak2019-11-06
|/ | | | | | | | I basically copied and adapted the statements for setting IP. Closes #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>
* Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
| | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* systemd: accept also /sbin/initGiuseppe Scrivano2019-10-15
| | | | | | | | | it is a regression caused by 3ba3e1c7510d1780b6527a4aa52e40ac2c5b576a. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1761514 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4237 from giuseppe/ps-not-nullOpenShift Merge Robot2019-10-11
|\ | | | | container: initialize results list
| * container: initialize results listGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | it solves: $ podman ps --format=json null Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4232 from csomh/auth-file-pathOpenShift Merge Robot2019-10-11
|\ \ | | | | | | Fix default path for auth.json
| * | Fix default path for auth.jsonHunor Csomortáni2019-10-10
| |/ | | | | | | | | | | | | | | | | | | | | Default path should be ${XDG_RUNTIME_DIR}/containers/auth.json according to the docs. This regressed to ${XDG_RUNTIME_DIR}/auth.json in #3760. Fixes: #4227 Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* | cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
|/ | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ | | | | Setup a reasonable default for pids-limit 4096
| * Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | | | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
|/ | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add function for looking up volumes by partial nameMatthew Heon2019-09-09
|/ | | | | | | | | | This isn't included in Docker, but seems handy enough. Use the new API for 'volume rm' and 'volume inspect'. Fixes #3891 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Update varlink doc and codeJhon Honce2019-08-26
| | | | | | | | * Improved error message * Added documentation * Updated messages to include missing data Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman-remote: cp crashesbaude2019-08-21
| | | | | | | | | | prune unwanted messages when running a container remotely. also, cp is not remote-enabled yet and as such should not be available on the remote client. Fixes: #3861 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3760 from rhatdan/authOpenShift Merge Robot2019-08-19
|\ | | | | Use GetRuntimeDir to setup auth.json for login
| * Use GetRuntimeDir to setup auth.json for loginDaniel J Walsh2019-08-12
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3617 from QiWang19/create_pullOpenShift Merge Robot2019-08-17
|\ \ | |/ |/| add --pull flag for podman create&run
| * add --pull flag for podman create&runQi Wang2019-08-09
| | | | | | | | | | | | | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #3751 from TomSweeneyRedHat/dev/tsweeney/squishnitsOpenShift Merge Robot2019-08-12
|\ \ | | | | | | Squish a few tpyo nits in container.go doc
| * | Squish a few tpyo nits in container.go docTomSweeneyRedHat2019-08-07
| | | | | | | | | | | | | | | | | | | | | | | | A quick fix a few nits in documentation within cmd/podman/shared/containers.go. This gets the last bits as noted in #3577 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | cmd: drop check for euid==0Giuseppe Scrivano2019-08-12
| |/ |/| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3737 from QiWang19/create_authOpenShift Merge Robot2019-08-09
|\ \ | | | | | | fix create&run getting --authfile from cli
| * | fix create&run getting --authfile from cliQi Wang2019-08-09
| | | | | | | | | | | | | | | | | | Add flag `--authfile` to create and run so Podman can read authfile path from not only environemnt variable REGISTRY_AUTH_FILE but also CLI Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Improve dns-search validation, empty domains now return an errorJhon Honce2019-08-09
|/ / | | | | | | | | | | Fixes #3426 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Allow the passing of '.' to --dns-searchDaniel J Walsh2019-08-08
| | | | | | | | | | | | --dns-search is defined to remove all search domains from a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | When populating CMD, do not include EntrypointMatthew Heon2019-08-06
|/ | | | | | | | | | | | | | | Previously, we use CreateConfig's Command to populate container Command (which is used as CMD for Inspect and Commit). Unfortunately, CreateConfig's Command is the container's full command, including a prepend of Entrypoint - so we duplicate Entrypoint for images that include it. Maintain a separate UserCommand in CreateConfig that does not include the entrypoint, and use that instead. Fixes #3708 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3665 from QiWang19/envOpenShift Merge Robot2019-07-30
|\ | | | | Set -env variables as appropriate
| * Set -env variables as appropriateQi Wang2019-07-30
| | | | | | | | | | | | | | | | close #3648 podman create and podman run do not set --env variable if the environment is not present with a value Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Touch up input argument error on createTomSweeneyRedHat2019-07-30
| | | | | | | | | | | | | | Add an error when there are not enough input arguments for remote create. Addresses comments in #3656 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Fix commit --changes env=X=YJhon Honce2019-07-26
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #3639 from giuseppe/user-ns-containerOpenShift Merge Robot2019-07-26
|\ | | | | podman: support --userns=ns|container
| * pods: do not to join a userns if there is not anyGiuseppe Scrivano2019-07-25
| | | | | | | | | | | | | | do not attempt to join the user namespace if the pod is running in the host user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | fix import not ignoring url pathQi Wang2019-07-24
|/ | | | | | | fix #3609 Podman import used to check filename to only allow tarball path as a file. It should also allow an url as the doc mentioned. This PR allows the program to continue if the input is a valid URL Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fixes issue #3577.John Hooks2019-07-23
| | | | | | Fix punctuation and wording in some places. Signed-off-by: John Hooks <hooksie11@gmail.com>
* golangci-lint round #3baude2019-07-21
| | | | | | | this is the third round of preparing to use the golangci-lint on our code base. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3599 from QiWang19/ps-regexpOpenShift Merge Robot2019-07-19
|\ | | | | support podman ps filter regular expressions
| * support podman ps filter regular expressionsQi Wang2019-07-18
| | | | | | | | | | | | podman ps --filter use regexp to match the container name. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | libpod: support for cgroup namespaceGiuseppe Scrivano2019-07-18
|/ | | | | | | | | | | | | | allow a container to run in a new cgroup namespace. When running in a new cgroup namespace, the current cgroup appears to be the root, so that there is no way for the container to access cgroups outside of its own subtree. By default it uses --cgroup=host to keep the previous behavior. To create a new namespace, --cgroup=private must be provided. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Move the HostConfig portion of Inspect inside libpodMatthew Heon2019-07-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we first began writing Podman, we ran into a major issue when implementing Inspect. Libpod deliberately does not tie its internal data structures to Docker, and stores most information about containers encoded within the OCI spec. However, Podman must present a CLI compatible with Docker, which means it must expose all the information in 'docker inspect' - most of which is not contained in the OCI spec or libpod's Config struct. Our solution at the time was the create artifact. We JSON'd the complete CreateConfig (a parsed form of the CLI arguments to 'podman run') and stored it with the container, restoring it when we needed to run commands that required the extra info. Over the past month, I've been looking more at Inspect, and refactored large portions of it into Libpod - generating them from what we know about the OCI config and libpod's (now much expanded, versus previously) container configuration. This path comes close to completing the process, moving the last part of inspect into libpod and removing the need for the create artifact. This improves libpod's compatability with non-Podman containers. We no longer require an arbitrarily-formatted JSON blob to be present to run inspect. Fixes: #3500 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3508 from csomh/healthcheck-flag-compatOpenShift Merge Robot2019-07-16
|\ | | | | Make the healthcheck flags compatible with Docker CLI
| * Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | | | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>