summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* Add format descriptors infor to podman topDaniel J Walsh2018-07-23
| | | | | | | | | | Trying to play with podman top, I had a hard time finding info on format options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1134 Approved by: umohnani8
* Fix error handling in pod start/stop.haircommander2018-07-23
| | | | | | | | | Before, errors in containers would never be printed, and a generic error would only be shown. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1132 Approved by: mheon
* Merge pull request #1117 from haircommander/pod-start-stop1Matthew Heon2018-07-20
|\ | | | | Add pod start and stop
| * Added pod start and stophaircommander2018-07-20
| | | | | | | | | | | | | | As well as added tests, man pages, and completions. Also reformatted and refactored a couple of other small things in the other pod commands. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1120 from haircommander/pod-ps-status-hotfixMatthew Heon2018-07-20
|\ \ | | | | | | Pod ps now uses pod.Status()
| * | Pod ps now uses pod.Status()haircommander2018-07-20
| |/ | | | | | | | | | | It used to call ctr.State() to figure out what the pod status was, which certainly locked/unlocked excessively. Status now uses the libpod/pod function that bypasses this. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1103 from haircommander/load_dockerlessMatthew Heon2018-07-20
|\ \ | | | | | | Podman load/tag/save prepends localhost when no registry is present
| * | Podman load/tag/save prepend localhost when no repository is presenthaircommander2018-07-20
| |/ | | | | | | | | | | Instead of having docker.io/library as its repository. Test included. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1104 from rhatdan/mountingMatthew Heon2018-07-20
|\ \ | | | | | | Let containers/storage keep track of mounts
| * | Let containers/storage keep track of mountsDaniel J Walsh2018-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we unmount storage that is still in use. We should not be unmounting storeage that we mounted via a different command or by podman mount. This change relies on containers/storage to umount keep track of how many times the storage was mounted before really unmounting it from the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | rootless: allow a per-user storage.conf fileGiuseppe Scrivano2018-07-20
| |/ |/| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-top: use containers/psgoValentin Rothberg2018-07-19
|/ | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Fix ps filter with key=value labelsJoshua Roys2018-07-16
| | | | | Closes: #1101 Approved by: rhatdan
* Change logic for detecting conflicting flags in psMatthew Heon2018-07-13
| | | | | | | | | | | | There's no reason --size cannot be used together with a Go template - in fact, using a Go template for {{.Size}} without --size being passed will not work. Allow use of --namespace and --size with Go templates, but not with --quiet. Do not allow --namespace and --size at the same time. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Only print container size JSON if --size was requestedMatthew Heon2018-07-13
| | | | | | | To do this, move it into a separate struct, and embed that in the JSON we return. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Don't print rootfs and rw sizes if they're emptyMatthew Heon2018-07-13
| | | | | | | | | | | | We're printing them unconditionally now, even if --size is not passed, which is confusing (you see a pair of 0s for container size, when it is clearly not 0). This may introduce bugs related to containers with an rwsize of 0 (freshly created from an image) and --size specified, but is definitely better than what we have now. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Major fixes to podman ps --format=json outputMatthew Heon2018-07-13
| | | | | | | | | | | | | A number of fields were never being populated. Populate them as best we can. Add a new field, exited, to indicate whether the exit code has meaning (IE, the container has exited). Fix handling of running time - it stops ticking when the container stops. There is further work needed here, I suspect. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Ignore running containers in ps exit-code filtersMatthew Heon2018-07-13
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * rootless: correctly propagate the exit status from the containerGiuseppe Scrivano2018-07-13
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: resolve the user home directoryGiuseppe Scrivano2018-07-11
| | | | | | | | | | | | Closes: https://github.com/projectatomic/libpod/issues/1073 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
| * | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| | | | | | | | | | | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>
* | | Need to wait for container to exit before completing run/start completesDaniel J Walsh2018-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a race condition where conmon is still writing the exit file and the container is exiting. Also we should not be ignoring the -a stdin flag if the user specifies --interactive mode. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | | If proxy fails then then signal should be sent to the main processDaniel J Walsh2018-07-13
|/ / | | | | | | | | | | | | | | | | | | This way ^c will actually kill the host process if the container is not actually running. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1086 Approved by: baude
* | Log all output of logrus to syslog as well as stdout/stderrDaniel J Walsh2018-07-12
| | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1084 Approved by: baude
* | podman rmi should only untag image if parent of anotherumohnani82018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | podman rmi was deleting an image even if it was a parent of another image. This fix just untags the image instead. This also fixes podman rmi to remove intermediate images of an image when the image is removed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1055 Approved by: mheon
* | Changed container status of Unknown from being printed as Dead to Error in Pshaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1083 Approved by: rhatdan
* | podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
|/ | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Podman stats with no containers listed is the same as podman stats --allhaircommander2018-07-07
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1031 Approved by: rhatdan
* remove buildah requirement for the libpod image librarybaude2018-07-06
| | | | | | | | | | | if we snip the requirement to use a buildah const in the libpod image library, we can save something on the order of 85 vendored files in consumers of the the library. Signed-off-by: baude <bbaude@redhat.com> Closes: #1054 Approved by: mheon
* Refactor podman/utils with a single container start and attach functionMarco Vedovati2018-07-06
| | | | | | | | | | | Use a single function startAttachCtr() to handle both container start with attach and attach to running containers, as the code handling the attach is common for the 2 use cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1025 Approved by: rhatdan
* Allow multiple mountsTomSweeneyRedHat2018-07-03
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1030 Approved by: rhatdan
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Allow multiple containers and all for umountTomSweeneyRedHat2018-06-29
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1012 Approved by: rhatdan
* Merge pull request #1020 from giuseppe/resize-fix-loopDaniel J Walsh2018-06-28
|\ | | | | utils: fix endless write of resize event
| * utils: fix endless write of resize eventGiuseppe Scrivano2018-06-28
| | | | | | | | | | | | issue introduced with c82166afabd63f6271990be89ffa6609d3dc6712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Remove the --registry flag from podman searchumohnani82018-06-28
| | | | | | | | | | | | | | | | | | | | | | | | Instead of setting the --registry flag to search a single registry, prefix the registry before the image name in the input, an example is `podman search registry.fedoraproject.org/fedora` and this will search for the fedora image in only registry.fedoraproject.org. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1011 Approved by: rhatdan
* | Start prints UUID or container name that user inputs on successhaircommander2018-06-28
|/ | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1019 Approved by: rhatdan
* cmd/podman/utils.go: Cancel-able resize writesW. Trevor King2018-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]: > The root cause is a deadlock between two channel writes made by two > different goroutines: > > 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize > message thru `resize` right at the beginning, but the channel is > never read if some startup error occurs. > > 2. Upon program termination, `startAttachCtr() : defer func(){} ` is > telling the goroutine in "1." to stop via the `resizeTerminate` > channel. But that guy is still waiting for the write to `resize` > to complete so the the termination message is never read. > > I think the go deadlock detection does not kick in because not all > goroutines are seen as asleep. E.g. `os/signal Notify()` is enough > to have the deadlock not detected. 333ab8c2 (Fix podman hangs when detecting startup error in container attached mode, 2018-06-27, #1010) addressed this with a deferred drain. This commit adjusts that approach to use a single select to cover "have we been canceled?", "has there been a resize signal?", and (when we have one) "can we write the most recent resize event to the resize channel?". A side benefit to this approach is that if we have a slow resize consumer and several resize signals, the resizeTty function will keep updating its local resizeEvent. Once the resize channel is able to accept, only the most-recent event will be written. Previously we'd have written one resize event for every received signal, even if the resize consumer was falling behind. [1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1018 Approved by: rhatdan
* Fix podman hangs when detecting startup error in container attached modeMarco Vedovati2018-06-28
| | | | | | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> The initial resize command sent to the terminal window over the resize channel may never be delivered in case of error. Hence it is necessary to consume all data from the resize channel to avoid a deadlock on startup. Fixes: #1009 Closes: #1010 Approved by: giuseppe
* podman-build --help: update descriptionValentin Rothberg2018-06-28
| | | | | | | | | | | Update the description of podman-build which was mentioning the initial requirement of Buildah which doesn't apply anymore since Podman is vendoring Buildah code. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1005 Approved by: rhatdan
* runtime: change rootless data storage default pathGiuseppe Scrivano2018-06-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
| | | | | | | | | | When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* Add --authfile to podman searchumohnani82018-06-27
| | | | | | | | | | | Since podman search requires credentials to search private registries, add the --authfile flag to allow users to pass in credentials from a different authfile than the default one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #998 Approved by: rhatdan