summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Vendor in latest opencontainers/selinuxDaniel J Walsh2019-01-18
| | | | | | | | | | | This will now verify labels passed in by the user. Will also prevent users from accidently relabeling their homedir. podman run -ti -v ~/home/user:Z fedora sh Is not a good idea. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman-inspect: don't ignore errorsValentin Rothberg2019-01-18
| | | | | | | | | Return errors when executing the --format templates. Otherwise, Podman will just silently ignore them and not print any output that could guide user into solving the issue. Fixes: #2159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Embed runtime struct in super localRuntimebaude2019-01-15
| | | | | | | | | | We clean up the code by eliminating stuttering references when we embed the runtime struct into localRuntime. Makes for less change in the future as well. ++ jhonce Signed-off-by: baude <bbaude@redhat.com>
* Collaberative podman-remote container existsbaude2019-01-15
| | | | | | | Began frameout of container super structs for adapted methods. This allows for the use of container exists. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2161 from baude/remotehistoryOpenShift Merge Robot2019-01-15
|\ | | | | add support for podman-remote history
| * add support for podman-remote historybaude2019-01-15
| | | | | | | | | | | | | | this adds support to get the history for an image and its layers using podman-remote. Signed-off-by: baude <bbaude@redhat.com>
* | Rename localRuntime to runtime in cmd/podmanbaude2019-01-15
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* podman remote integrations testsbaude2019-01-15
| | | | | | add exists and rmi tests back in ... Signed-off-by: baude <bbaude@redhat.com>
* podman remote client -- add rmibaude2019-01-14
| | | | | | allow the podman remote client to delete images Signed-off-by: baude <bbaude@redhat.com>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2141 from baude/remotetagOpenShift Merge Robot2019-01-13
|\ | | | | Add darwin support for remote-client
| * Add darwin support for remote-clientbaude2019-01-11
| | | | | | | | | | | | | | | | Add the ability to cross-compile podman remote for OSX. Also, add image exists and tag to remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2148 from rhatdan/storage-optOpenShift Merge Robot2019-01-12
|\ \ | | | | | | Set default storage options from mounts.conf file.
| * | Set default storage options from mounts.conf file.Daniel J Walsh2019-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | We were never loading the storage.conf file to grab mountOptions. This is causing us to not use metacopyup option when running with overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2145 from baude/playcontainerintopodOpenShift Merge Robot2019-01-12
|\ \ \ | |/ / |/| | podman play kube: add containers to pod
| * | podman play kube: add containers to podbaude2019-01-11
| |/ | | | | | | | | | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2138 from giuseppe/rootless-pod-fixOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| rootless: fix usage of create --pod=new:FOO
| * rootless: create the userns immediately when creating a new podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2124 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: join both userns and mount namespace with --podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | When --pod is specified then join both the user and mount namespace for the pod so we can initialize the storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ \ | | | | | | Add varlink support for prune
| * | Add varlink support for prunebaude2019-01-10
| |/ | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| remote-client support for images
| * remote-client support for imagesbaude2019-01-10
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Fix handling of nil volumes
| * | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Fix 'image trust' from PR1899
| * | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | fix up sigstore path
| * | | | fix up sigstore pathQi Wang2019-01-10
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ | |/ / / |/| | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
| * | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCEGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: make all error messages lowercaseGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: use filepath.Join instead of fmt.SprintfGiuseppe Scrivano2019-01-10
| |_|/ |/| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ \ | |/ / |/| | apparmor: apply default profile at container initialization
| * | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / libpod/image: Use ParseNormalizedNamed in RepoDigestsW. Trevor King2019-01-09
|/ | | | | | | | | | | | | | | | Avoid generating quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and similar when the image name is already digest-based [1]. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not). [1]: https://github.com/containers/libpod/issues/2086 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #2106 Approved by: rhatdan
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | | | | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ / | | | | | | | | | | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | Merge pull request #2099 from mheon/config_to_containerconfigOpenShift Merge Robot2019-01-08
|\ \ | |/ |/| Rename libpod.Config back to ContainerConfig
| * Rename libpod.Config back to ContainerConfigMatthew Heon2019-01-07
| | | | | | | | | | | | | | | | | | | | During an earlier bugfix, we swapped all instances of ContainerConfig to Config, which was meant to fix some data we were returning from Inspect. This unfortunately also renamed a libpod internal struct for container configs. Undo the rename here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Honor image environment variables with execAnders F Björklund2019-01-07
| | | | | | | | | | | | | | | | Was reading the "env" argument twice instead of image. Closes #2063 Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #2098 from baude/remoteOpenShift Merge Robot2019-01-07
|\ \ | |/ |/| Add ability to build golang remote client
| * Add ability to build golang remote clientbaude2019-01-07
| | | | | | | | | | | | | | | | | | | | | | Add the ability to build a remote client in golang that uses all the same front-end cli code and output code. The initial limitations here are that it can only be a local client while the bridge and resolver code is being written for the golang varlink client. Tests and docs will be added in subsequent PRs. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2075 from baude/runlabelnameOpenShift Merge Robot2019-01-07
|\ \ | | | | | | container runlabel NAME implementation
| * | container runlabel NAME implementationbaude2019-01-04
| |/ | | | | | | | | | | | | | | | | | | | | when using container runlabel, if a --name is not provided, we must deduce the container name from the base name of the image to maintain parity with the atomic cli. fixed small bug where we split the cmd on " " rather than using fields could lead to extra spaces in command output. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2093 from vrothberg/issue-2092OpenShift Merge Robot2019-01-07
|\ \ | | | | | | podman-login: adhere to user input