| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
so that the OCI runtime creates the network namespace from the correct
userNS.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
We want to make sure we don't add anything but the host volume,
and the volumes can include options and container locations.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
We need these for commit, and they cannot be properly deduced
from just the OCI spec, so save them in the database so we can
retrieve them for commit.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
This allows us to accurately trigger OCI hooks that trigger on
the presence of volume mounts.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #155
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add only when it's not already present.
Add a more specific version in podman spec generation
so we get 'container=podman' not 'container=libpod'
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #540
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
Review comments to delete WithNoNew function and its append.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #369
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #369
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should be able to run nested podman containers in particular
for our testing environment. i.e. eat our own dog food.
Some privileges had to be corrected in order for this to work
correctly.
Added a third papr target that runs podman tests inside podman. I
marked the test as not required right now as we get more confident
in the results
Signed-off-by: baude <bbaude@redhat.com>
Closes: #340
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
When running a privileged container, it should inherit the same
devices the host has.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #330
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #326
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
| |
Rework port code for generalized clean up and to address
issue #269 where additional portbindings between host
and containers we being introduced by error.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #308
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
sysfs should be mounted rw for a privileged container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #279
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #135
Approved by: mheon
|
| |\
| |
| | |
Set default configuration container type annotation to sandbox
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows podman to provide sufficient hints to
start containers with Intel Clear Containers:
https://github.com/clearcontainers/runtime/blob/master/docs/architecture/architecture.md#oci-annotations
Signed-off-by: Naadir Jeewa <naadir@randomvariable.co.uk>
|
| |/
|
|
|
|
|
|
|
|
| |
When network == none, the container should only have a
loopback interface and that's it.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #176
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #255
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set up nbetworking ports for the following use cases:
* bind the same port between host and container
* bind a specific host port to a different container port
* bind a random host port to a specific container port
Signed-off-by: baude <bbaude@redhat.com>
Closes: #214
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each of these options are destructive in nature, meaning if the user
adds one of them, all current ones are removed from the produced
resolv.conf.
* dns-server allows the user to specify dns servers.
* dns-opt allows the user to specify special resolv.conf options
* dns-search allows the user to specify search domains
The add-host option is not destructive and truly just adds the host
to /etc/hosts.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #231
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If user does not specify seccomp file or seccomp file does not exist,
then use the default seccomp settings.
Still need to not hard code /etc/crio/seccomp.json, should move this to
/usr/share/seccomp/seccomp.json
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #233
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #220
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
Remove existing code for sharing namespaces and replace with use
of this API
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #220
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
memory, memory-reservation, memory-swap, memory-swappiness, kernel-memory,
cpu-period, cou-quota, cpu-shares, cpus, cpuset-cpus, cpuset-mems,
blkio-weight, blkio-weight-device, sysctl, and ulimit
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #221
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #206
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #204
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
We should be pulling information out of the image to set the
defaults to use when setting up the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #110
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Allow for the user to specify network=host|bridge. If network
is not specified, the default will be bridge. While "none" is now
a valid option, it is not included in this.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #164
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
podman run/create have the ability to set the stop timeout flag.
We need to stop it in the database.
Also Allowing negative time for stop timeout makes no sense, so switching
to timeout of uint, allows user to specify huge timeout values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #158
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
Stop Signal from kpod create/run was not fully plumbed in,
This will pass the stopsignal into the container database on
create and run of containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #156
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
Also add --quiet option to kpod create/run since
this will help with writing tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #140
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
| |
Need to pull in the latest containers/storage and containers/image to fix lots of
issues. Also want to update runtime-tools to take advantage of newer generate
code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #152
Approved by: rhatdan
|
|
|
The decision is in, kpod is going to be named podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #145
Approved by: umohnani8
|
