summaryrefslogtreecommitdiff
path: root/cmd/podman/spec.go
Commit message (Collapse)AuthorAge
* Make container env variable conditionalMatthew Heon2018-03-23
| | | | | | | | | | | | Add only when it's not already present. Add a more specific version in podman spec generation so we get 'container=podman' not 'container=libpod' Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #540 Approved by: baude
* Address review commentsbaude2018-02-24
| | | | | | | | | Review comments to delete WithNoNew function and its append. Signed-off-by: baude <bbaude@redhat.com> Closes: #369 Approved by: rhatdan
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Run podman inside a podman containerbaude2018-02-16
| | | | | | | | | | | | | | | | | We should be able to run nested podman containers in particular for our testing environment. i.e. eat our own dog food. Some privileges had to be corrected in order for this to work correctly. Added a third papr target that runs podman tests inside podman. I marked the test as not required right now as we get more confident in the results Signed-off-by: baude <bbaude@redhat.com> Closes: #340 Approved by: rhatdan
* Privileged containers should inherit host devicesbaude2018-02-15
| | | | | | | | | | When running a privileged container, it should inherit the same devices the host has. Signed-off-by: baude <bbaude@redhat.com> Closes: #330 Approved by: mheon
* Disable default Seccomp profile with privileged containersMatthew Heon2018-02-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #326 Approved by: baude
* Rework port codebaude2018-02-09
| | | | | | | | | | | Rework port code for generalized clean up and to address issue #269 where additional portbindings between host and containers we being introduced by error. Signed-off-by: baude <bbaude@redhat.com> Closes: #308 Approved by: mheon
* sysfs should be mounted rw for privilegedbaude2018-02-06
| | | | | | | | | sysfs should be mounted rw for a privileged container. Signed-off-by: baude <bbaude@redhat.com> Closes: #279 Approved by: rhatdan
* Allow users to specify logpathDaniel J Walsh2018-02-03
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #135 Approved by: mheon
* Merge pull request #282 from randomvariable/fix/sandboxDaniel J Walsh2018-02-02
|\ | | | | Set default configuration container type annotation to sandbox
| * Set default configuration container type annotation to sandboxNaadir Jeewa2018-02-01
| | | | | | | | | | | | | | | | This allows podman to provide sufficient hints to start containers with Intel Clear Containers: https://github.com/clearcontainers/runtime/blob/master/docs/architecture/architecture.md#oci-annotations Signed-off-by: Naadir Jeewa <naadir@randomvariable.co.uk>
* | Implment network == nonebaude2018-01-31
|/ | | | | | | | | | When network == none, the container should only have a loopback interface and that's it. Signed-off-by: baude <bbaude@redhat.com> Closes: #176 Approved by: baude
* Save --privileged stateDaniel J Walsh2018-01-25
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #255 Approved by: mheon
* Enable port bindingsbaude2018-01-20
| | | | | | | | | | | | | Set up nbetworking ports for the following use cases: * bind the same port between host and container * bind a specific host port to a different container port * bind a random host port to a specific container port Signed-off-by: baude <bbaude@redhat.com> Closes: #214 Approved by: baude
* Add --dns-search, --dns-opt, --dns-server and --add-host.baude2018-01-19
| | | | | | | | | | | | | | | | | | Each of these options are destructive in nature, meaning if the user adds one of them, all current ones are removed from the produced resolv.conf. * dns-server allows the user to specify dns servers. * dns-opt allows the user to specify special resolv.conf options * dns-search allows the user to specify search domains The add-host option is not destructive and truly just adds the host to /etc/hosts. Signed-off-by: baude <bbaude@redhat.com> Closes: #231 Approved by: mheon
* Fix seccomp supportDaniel J Walsh2018-01-18
| | | | | | | | | | | | | If user does not specify seccomp file or seccomp file does not exist, then use the default seccomp settings. Still need to not hard code /etc/crio/seccomp.json, should move this to /usr/share/seccomp/seccomp.json Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #233 Approved by: baude
* Minor change to --net parsingMatthew Heon2018-01-16
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #220 Approved by: rhatdan
* Add API for sharing namespacesMatthew Heon2018-01-16
| | | | | | | | | | Remove existing code for sharing namespaces and replace with use of this API Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #220 Approved by: rhatdan
* Implement and test the following flags for podman run and createumohnani82018-01-15
| | | | | | | | | | | memory, memory-reservation, memory-swap, memory-swappiness, kernel-memory, cpu-period, cou-quota, cpu-shares, cpus, cpuset-cpus, cpuset-mems, blkio-weight, blkio-weight-device, sysctl, and ulimit Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #221 Approved by: mheon
* Add support for shm-size.Daniel J Walsh2018-01-11
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #206 Approved by: TomSweeneyRedHat
* Default to always copyup the underlying directory on top of tmpfs mountsDaniel J Walsh2018-01-10
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #204 Approved by: mheon
* podman create/run need to load information from the imageDaniel J Walsh2018-01-03
| | | | | | | | | | We should be pulling information out of the image to set the defaults to use when setting up the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #110 Approved by: mheon
* Host networkingbaude2017-12-30
| | | | | | | | | | | Allow for the user to specify network=host|bridge. If network is not specified, the default will be bridge. While "none" is now a valid option, it is not included in this. Signed-off-by: baude <bbaude@redhat.com> Closes: #164 Approved by: rhatdan
* Plumb through the --stop-timeout signal handlingDaniel J Walsh2017-12-20
| | | | | | | | | | | | | podman run/create have the ability to set the stop timeout flag. We need to stop it in the database. Also Allowing negative time for stop timeout makes no sense, so switching to timeout of uint, allows user to specify huge timeout values. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #158 Approved by: TomSweeneyRedHat
* Finish implementing stop signal parsingDaniel J Walsh2017-12-19
| | | | | | | | | | | Stop Signal from kpod create/run was not fully plumbed in, This will pass the stopsignal into the container database on create and run of containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #156 Approved by: mheon
* Add support for adding devices to containerDaniel J Walsh2017-12-19
| | | | | | | | | | Also add --quiet option to kpod create/run since this will help with writing tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #140 Approved by: TomSweeneyRedHat
* Vendor in latest storage, image and runtime-toolsDaniel J Walsh2017-12-18
| | | | | | | | | | | Need to pull in the latest containers/storage and containers/image to fix lots of issues. Also want to update runtime-tools to take advantage of newer generate code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #152 Approved by: rhatdan
* Rename all references to kpod to podmanDaniel J Walsh2017-12-18
The decision is in, kpod is going to be named podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #145 Approved by: umohnani8