| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Setup a reasonable default for pids-limit 4096
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CRI-O defaults to 1024 for the maximum pids in a container. Podman
should have a similar limit. Once we have a containers.conf, we can
set the limit in this file, and have it easily customizable.
Currently the documentation says that -1 sets pids-limit=max, but -1 fails.
This patch allows -1, but also indicates that 0 also sets the max pids limit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
This requires updating all import paths throughout, and a matching
buildah update to interoperate.
I can't figure out the reason for go.mod tracking
github.com/containers/image v3.0.2+incompatible // indirect
((go mod graph) lists it as a direct dependency of libpod, but
(go list -json -m all) lists it as an indirect dependency),
but at least looking at the vendor subdirectory, it doesn't seem
to be actually used in the built binaries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\
| |
| | |
Add ability to evict a container
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ability to evict a container when it becomes unusable. This may
happen when the host setup changes after a container creation, making it
impossible for that container to be used or removed.
Evicting a container is done using the `rm --force` command.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
|\ \
| | |
| | | |
podman network create: validate user input
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Disallow invalid/confusing names such as '../bar' or 'foo '
Closes #4184
Signed-off-by: Mrigank Krishan <mrigankkrishan@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \
| | |
| | | |
podman import syntax fix
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
currently, podman import change do not support syntax like
- KEY val
- KEY ["val"]
This adds support for both of these syntax along with KEY=val
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
|\ \ \
| | | |
| | | | |
Correct use of reexec.Init()
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A true result from reexec.Init() isn't an error, but it indicates that
main() should exit with a success exit status.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Set log-level immediately, before rootless setup
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we don't do this, we print WARN level messages that we should
not be printing by default.
Up one WARN message to ERROR so it still shows up by default.
Fixes: #4115
Fixes: #4012
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
close #3894
This patch let podman cp return 'no such file or directory' error if DEST_PATH does not exist and ends with / when copying file.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Document the required varlink build args
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The API document incorrectly documented the wrong varlink build
arguments. The output attribute is required.
Fixes: #3204
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Fix the logic when getting the runtime for varlink to actually disable
SDNotify support.
Fixes: #4005
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when using the remote client, users may need to specify a non-standard
port for ssh connections. we can do so on the command line and within
the remote-client configuration file.
Fixes: #3987
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
We want to default to secure when running containers as root,
in rootless, we need to change the default if the system does not
support cgroup v1.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
get runtime for podman-remote push earlier
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
to prevent client side panics, we should get the runtime earlier in the
process of push.
Fixes: #4013
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
rootless: report the correct error
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
do not shadow the err variable so that the correct error message can
be reported when utils.RunUnderSystemdScope fails.
Closes: https://github.com/containers/libpod/issues/4012
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Podman-remote run should wait for exit code
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We have leaked the exit number codess all over the code, this patch
removes the numbers to constants.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Stop glob'ing on podman cp
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
* symlink processing and wildcarding led to unexpected files
being copied
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
enhance podman network rm
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when removing a podman network, we need to make sure we delete the
network interface if one was ever created (by running a container).
also, when removing networks, we check if any containers are using the
network. if they are, we error out unless the user provides a 'force'
option which will remove the containers in question.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
fix podman sign signature store for rootless
|
| | |
| | |
| | |
| | |
| | |
| | | |
Store the the signature under graphroot when using rootless podman image sign.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
rootless: automatically create a systemd scope
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
| |
We should not be making it available, it does nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Support running containers without CGroups
|
| |
| |
| |
| |
| |
| |
| | |
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add explanation mounting named volumes for `podman run`
|
| | |
| | |
| | |
| | | |
Signed-off-by: xcffl <xcffl@outlook.com>
|
|\ \ \
| | | |
| | | | |
Add ability to look up volumes by unambiguous partial name
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This isn't included in Docker, but seems handy enough.
Use the new API for 'volume rm' and 'volume inspect'.
Fixes #3891
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |/ /
|/| | |
podman network create
|
| |/
| |
| |
| |
| |
| |
| | |
initial implementation of network create. we only support bridging
networks with this first pass.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
cli-flags: use a consistent format for <size><unit>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use a consistent format for description of the <size><unit> flags.
Also, avoid backticks for /dev/shm, as that's interpreted as the format
by the flag parsing lib.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
Pass down the cgroup manager to use to buildah.
Closes: https://github.com/containers/libpod/issues/3938
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
We have had some issues with users squashing large images or pulling large
content from github, that could trigger crashes based on the size of /tmp.
Docker had an issue with this back in 2016. https://github.com/golang/go/issues/14021
The discussion there was to change the default to /var/tmp.
This change will only effect systems that do not set the TMPDIR environment variable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
detect if the current user namespace doesn't match the configuration
in the /etc/subuid and /etc/subgid files.
If there is a mismatch, raise a warning and suggest the user to
recreate the user namespace with "system migrate", that also restarts
the containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|