summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ | | | | Setup a reasonable default for pids-limit 4096
| * Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | | | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
|/ | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #3549 from marcov/evict-containerOpenShift Merge Robot2019-10-04
|\ | | | | Add ability to evict a container
| * rm: add containers eviction with `rm --force`Marco Vedovati2019-09-25
| | | | | | | | | | | | | | | | | | Add ability to evict a container when it becomes unusable. This may happen when the host setup changes after a container creation, making it impossible for that container to be used or removed. Evicting a container is done using the `rm --force` command. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | Merge pull request #4188 from Mrigank11/validate_network_nameOpenShift Merge Robot2019-10-04
|\ \ | | | | | | podman network create: validate user input
| * | podman network create: validate user inputMrigank Krishan2019-10-04
| | | | | | | | | | | | | | | | | | | | | Disallow invalid/confusing names such as '../bar' or 'foo ' Closes #4184 Signed-off-by: Mrigank Krishan <mrigankkrishan@gmail.com>
* | | Allow setting default parameters with env varsAnders F Björklund2019-10-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Allow changing IdentityFile and to IgnoreHostsAnders F Björklund2019-10-01
|/ / | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #4001 from kunalkushwaha/podman-import-fixOpenShift Merge Robot2019-09-30
|\ \ | | | | | | podman import syntax fix
| * | syntax updated for podman import --changeKunal Kushwaha2019-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | currently, podman import change do not support syntax like - KEY val - KEY ["val"] This adds support for both of these syntax along with KEY=val Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | | Merge pull request #4127 from nalind/reexec-useOpenShift Merge Robot2019-09-27
|\ \ \ | | | | | | | | Correct use of reexec.Init()
| * | | Correct use of reexec.Init()Nalin Dahyabhai2019-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A true result from reexec.Init() isn't an error, but it indicates that main() should exit with a success exit status. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #4124 from mheon/set_log_level_earlyOpenShift Merge Robot2019-09-27
|\ \ \ \ | |/ / / |/| | | Set log-level immediately, before rootless setup
| * | | Set log-level immediately, before rootless setupMatthew Heon2019-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we don't do this, we print WARN level messages that we should not be printing by default. Up one WARN message to ERROR so it still shows up by default. Fixes: #4115 Fixes: #4012 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | fix cp none exists dest path ends with '/'Qi Wang2019-09-25
|/ / / | | | | | | | | | | | | | | | | | | close #3894 This patch let podman cp return 'no such file or directory' error if DEST_PATH does not exist and ends with / when copying file. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #4088 from baude/varlinkbuildoutputOpenShift Merge Robot2019-09-25
|\ \ \ | |_|/ |/| | Document the required varlink build args
| * | Document the required varlink build argsbaude2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | The API document incorrectly documented the wrong varlink build arguments. The output attribute is required. Fixes: #3204 Signed-off-by: baude <bbaude@redhat.com>
* | | runtime: fix logic to disable SDNotifyValentin Rothberg2019-09-24
|/ / | | | | | | | | | | | | | | Fix the logic when getting the runtime for varlink to actually disable SDNotify support. Fixes: #4005 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | support non-standard ssh port for remote-clientbaude2019-09-17
| | | | | | | | | | | | | | | | | | | | when using the remote client, users may need to specify a non-standard port for ssh connections. we can do so on the command line and within the remote-client configuration file. Fixes: #3987 Signed-off-by: baude <bbaude@redhat.com>
* | Fix default to pause in podman cpDaniel J Walsh2019-09-13
| | | | | | | | | | | | | | | | We want to default to secure when running containers as root, in rootless, we need to change the default if the system does not support cgroup v1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4022 from baude/remotepushgetrtOpenShift Merge Robot2019-09-13
|\ \ | | | | | | get runtime for podman-remote push earlier
| * | get runtime for podman-remote push earlierbaude2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent client side panics, we should get the runtime earlier in the process of push. Fixes: #4013 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4018 from giuseppe/fix-error-message-rootlessOpenShift Merge Robot2019-09-13
|\ \ \ | | | | | | | | rootless: report the correct error
| * | | rootless: report the correct errorGiuseppe Scrivano2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not shadow the err variable so that the correct error message can be reported when utils.RunUnderSystemdScope fails. Closes: https://github.com/containers/libpod/issues/4012 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3934 from rhatdan/waitOpenShift Merge Robot2019-09-13
|\ \ \ \ | | | | | | | | | | Podman-remote run should wait for exit code
| * | | | Use exit code constantsDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have leaked the exit number codess all over the code, this patch removes the numbers to constants. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3942 from jwhonce/issue/3829OpenShift Merge Robot2019-09-13
|\ \ \ \ \ | |_|/ / / |/| | | | Stop glob'ing on podman cp
| * | | | Do not support wildcards on cpJhon Honce2019-09-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | * symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #3978 from baude/networkremoveOpenShift Merge Robot2019-09-12
|\ \ \ \ | |/ / / |/| | | enhance podman network rm
| * | | enhance podman network rmbaude2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | when removing a podman network, we need to make sure we delete the network interface if one was ever created (by running a container). also, when removing networks, we check if any containers are using the network. if they are, we error out unless the user provides a 'force' option which will remove the containers in question. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3997 from QiWang19/sigpathOpenShift Merge Robot2019-09-12
|\ \ \ | |/ / |/| | fix podman sign signature store for rootless
| * | fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | | | | | | | | | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #3959 from giuseppe/rootless-use-systemd-scopeOpenShift Merge Robot2019-09-12
|\ \ \ | |_|/ |/| | rootless: automatically create a systemd scope
| * | rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / podman-remote image trust is brokenDaniel J Walsh2019-09-11
|/ | | | | | We should not be making it available, it does nothing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ | | | | | | Add explanation mounting named volumes for `podman run`
| * | Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
* | | Merge pull request #3896 from mheon/volume_lookupOpenShift Merge Robot2019-09-09
|\ \ \ | | | | | | | | Add ability to look up volumes by unambiguous partial name
| * | | Add function for looking up volumes by partial nameMatthew Heon2019-09-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | This isn't included in Docker, but seems handy enough. Use the new API for 'volume rm' and 'volume inspect'. Fixes #3891 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3862 from baude/networkcreateOpenShift Merge Robot2019-09-09
|\ \ \ | |/ / |/| | podman network create
| * | podman network createbaude2019-09-09
| |/ | | | | | | | | | | | | initial implementation of network create. we only support bridging networks with this first pass. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3914 from marcov/units-optsOpenShift Merge Robot2019-09-09
|\ \ | | | | | | cli-flags: use a consistent format for <size><unit>
| * | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | | build: pass down the cgroup manager to buildahGiuseppe Scrivano2019-09-06
| |/ |/| | | | | | | | | | | | | Pass down the cgroup manager to use to buildah. Closes: https://github.com/containers/libpod/issues/3938 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Set TMPDIR to /var/tmp by defaultDaniel J Walsh2019-09-05
|/ | | | | | | | | | | | | We have had some issues with users squashing large images or pulling large content from github, that could trigger crashes based on the size of /tmp. Docker had an issue with this back in 2016. https://github.com/golang/go/issues/14021 The discussion there was to change the default to /var/tmp. This change will only effect systems that do not set the TMPDIR environment variable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>