summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Add --force to podman umount to force the unmounting of the rootfsDaniel J Walsh2018-08-01
| | | | | | | | | | | | podman umount will currently only unmount file system if not other process is using it, otherwise the umount decrements the container storage to indicate that the caller is no longer using the mount point, once the count gets to 0, the file system is actually unmounted. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1184 Approved by: TomSweeneyRedHat
* Add pod pause/unpausehaircommander2018-07-27
| | | | | | | | | | | Added Pause() and Unpause() to libpod/pod.go Added man pages, tests and completions Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1126 Approved by: rhatdan
* Refactored method of getting podshaircommander2018-07-27
| | | | | | | | | Now, for commands that have --latest and --all, the context flags are checked, and pods are grabbed in a single function Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1161 Approved by: rhatdan
* Cleanup descriptions and help informationDaniel J Walsh2018-07-27
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1167 Approved by: baude
* Skip seccomp-dependent tests on non-LinuxMiloslav Trmač2018-07-26
| | | | | | | | | | | | | | | | | Currently, getRuntimeSpec always fails on non-Linux because spec.CreateConfigToOCISpec always fails, because the podman CLI sets up a seccomp path, and processing that on non-Linux is not supported. This breaks testing of entirely unrelated options. We can either skip the tests on non-Linux, or explicitly disable seccomp inside the tests. Linux testing matters much more than other platforms, and the tests are more reliable when they don't change supposedly unrelated options; so, skip the tests on non-Linux. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Remove cmd/podman/user.goMiloslav Trmač2018-07-26
| | | | | | | | | | | | None of the functions are used within the package, and it does not build on non-Linux systems. (Similar code continues to exist in pkg/chrootuser, and is unaffected.) Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1115 Approved by: rhatdan
* Add pod killhaircommander2018-07-25
| | | | | | | | | With tests, man page, and completions. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1125 Approved by: rhatdan
* Added pod restarthaircommander2018-07-25
| | | | | | | | | With tests, man page and completions. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* Merge pull request #1116 from mheon/namespacesDaniel J Walsh2018-07-25
|\ | | | | Add Pod and Container namespaces
| * Address first round of review commentsMatthew Heon2018-07-24
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
| * Add --namespace flag to PodmanMatthew Heon2018-07-24
| | | | | | | | | | | | | | Allows joining libpod to a specific namespace when running a Podman command. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | podman: allow to specify the IPC namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the UTS namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the PID namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the userns to joinGiuseppe Scrivano2018-07-24
|/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* We don't currently support --mac-addressDaniel J Walsh2018-07-24
| | | | | | | | | Make this clear in the docs and Command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1138 Approved by: mheon
* Update container Mounted() and Mountpoint() functionsMatthew Heon2018-07-24
| | | | | | | | | | | | | | | | Addresses a regression in `podman mount` due to our mount changes to allow concurrency by letting c/storage handle mounting and unmounting. Combine Mounted() and Mountpoint() into one function and query c/storage directly to ensure we get accurate information. Fixes: #1143 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1144 Approved by: baude
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* Add format descriptors infor to podman topDaniel J Walsh2018-07-23
| | | | | | | | | | Trying to play with podman top, I had a hard time finding info on format options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1134 Approved by: umohnani8
* Fix error handling in pod start/stop.haircommander2018-07-23
| | | | | | | | | Before, errors in containers would never be printed, and a generic error would only be shown. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1132 Approved by: mheon
* Merge pull request #1117 from haircommander/pod-start-stop1Matthew Heon2018-07-20
|\ | | | | Add pod start and stop
| * Added pod start and stophaircommander2018-07-20
| | | | | | | | | | | | | | As well as added tests, man pages, and completions. Also reformatted and refactored a couple of other small things in the other pod commands. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1120 from haircommander/pod-ps-status-hotfixMatthew Heon2018-07-20
|\ \ | | | | | | Pod ps now uses pod.Status()
| * | Pod ps now uses pod.Status()haircommander2018-07-20
| |/ | | | | | | | | | | It used to call ctr.State() to figure out what the pod status was, which certainly locked/unlocked excessively. Status now uses the libpod/pod function that bypasses this. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1103 from haircommander/load_dockerlessMatthew Heon2018-07-20
|\ \ | | | | | | Podman load/tag/save prepends localhost when no registry is present
| * | Podman load/tag/save prepend localhost when no repository is presenthaircommander2018-07-20
| |/ | | | | | | | | | | Instead of having docker.io/library as its repository. Test included. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1104 from rhatdan/mountingMatthew Heon2018-07-20
|\ \ | | | | | | Let containers/storage keep track of mounts
| * | Let containers/storage keep track of mountsDaniel J Walsh2018-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we unmount storage that is still in use. We should not be unmounting storeage that we mounted via a different command or by podman mount. This change relies on containers/storage to umount keep track of how many times the storage was mounted before really unmounting it from the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | rootless: allow a per-user storage.conf fileGiuseppe Scrivano2018-07-20
| |/ |/| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-top: use containers/psgoValentin Rothberg2018-07-19
|/ | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Fix ps filter with key=value labelsJoshua Roys2018-07-16
| | | | | Closes: #1101 Approved by: rhatdan
* Change logic for detecting conflicting flags in psMatthew Heon2018-07-13
| | | | | | | | | | | | There's no reason --size cannot be used together with a Go template - in fact, using a Go template for {{.Size}} without --size being passed will not work. Allow use of --namespace and --size with Go templates, but not with --quiet. Do not allow --namespace and --size at the same time. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Only print container size JSON if --size was requestedMatthew Heon2018-07-13
| | | | | | | To do this, move it into a separate struct, and embed that in the JSON we return. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Don't print rootfs and rw sizes if they're emptyMatthew Heon2018-07-13
| | | | | | | | | | | | We're printing them unconditionally now, even if --size is not passed, which is confusing (you see a pair of 0s for container size, when it is clearly not 0). This may introduce bugs related to containers with an rwsize of 0 (freshly created from an image) and --size specified, but is definitely better than what we have now. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Major fixes to podman ps --format=json outputMatthew Heon2018-07-13
| | | | | | | | | | | | | A number of fields were never being populated. Populate them as best we can. Add a new field, exited, to indicate whether the exit code has meaning (IE, the container has exited). Fix handling of running time - it stops ticking when the container stops. There is further work needed here, I suspect. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Ignore running containers in ps exit-code filtersMatthew Heon2018-07-13
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * rootless: correctly propagate the exit status from the containerGiuseppe Scrivano2018-07-13
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: resolve the user home directoryGiuseppe Scrivano2018-07-11
| | | | | | | | | | | | Closes: https://github.com/projectatomic/libpod/issues/1073 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
| * | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| | | | | | | | | | | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>
* | | Need to wait for container to exit before completing run/start completesDaniel J Walsh2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a race condition where conmon is still writing the exit file and the container is exiting. Also we should not be ignoring the -a stdin flag if the user specifies --interactive mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | | If proxy fails then then signal should be sent to the main processDaniel J Walsh2018-07-13
|/ / | | | | | | | | | | | | | | | | | | This way ^c will actually kill the host process if the container is not actually running. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | Log all output of logrus to syslog as well as stdout/stderrDaniel J Walsh2018-07-12
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1084 Approved by: baude
* | podman rmi should only untag image if parent of anotherumohnani82018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | podman rmi was deleting an image even if it was a parent of another image. This fix just untags the image instead. This also fixes podman rmi to remove intermediate images of an image when the image is removed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1055 Approved by: mheon
* | Changed container status of Unknown from being printed as Dead to Error in Pshaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1083 Approved by: rhatdan
* | podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
|/ | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan