| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
Check at runtime if AppArmor is enabled on the host.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1128
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Trying to play with podman top, I had a hard time
finding info on format options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1134
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
| |
Before, errors in containers would never be printed, and a generic error would only be shown.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1132
Approved by: mheon
|
|\
| |
| | |
Add pod start and stop
|
| |
| |
| |
| |
| |
| |
| | |
As well as added tests, man pages, and completions.
Also reformatted and refactored a couple of other small things in the other pod commands.
Signed-off-by: haircommander <pehunt@redhat.com>
|
|\ \
| | |
| | | |
Pod ps now uses pod.Status()
|
| |/
| |
| |
| |
| |
| | |
It used to call ctr.State() to figure out what the pod status was, which certainly locked/unlocked excessively. Status now uses the libpod/pod function that bypasses this.
Signed-off-by: haircommander <pehunt@redhat.com>
|
|\ \
| | |
| | | |
Podman load/tag/save prepends localhost when no registry is present
|
| |/
| |
| |
| |
| |
| | |
Instead of having docker.io/library as its repository. Test included.
Signed-off-by: haircommander <pehunt@redhat.com>
|
|\ \
| | |
| | | |
Let containers/storage keep track of mounts
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we unmount storage that is still in use.
We should not be unmounting storeage that we mounted
via a different command or by podman mount. This
change relies on containers/storage to umount keep track of
how many times the storage was mounted before really unmounting
it from the system.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use github.com/containers/psgo instead of execing `ps (1)`. The psgo
library enables a much more flexible interface with respect to which
data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.)
while the output can be parsed reliably. The library does not use
ps (1) but parses /proc and /dev instead. To list the processes of a
given container, psgo will join the mount namespace of the given
container and extract all data from there.
Notice that this commit breaks compatibility with docker-top.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1113
Approved by: rhatdan
|
|
|
|
|
| |
Closes: #1101
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no reason --size cannot be used together with a Go
template - in fact, using a Go template for {{.Size}} without
--size being passed will not work.
Allow use of --namespace and --size with Go templates, but not
with --quiet. Do not allow --namespace and --size at the same
time.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
| |
To do this, move it into a separate struct, and embed that in
the JSON we return.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're printing them unconditionally now, even if --size is not
passed, which is confusing (you see a pair of 0s for container
size, when it is clearly not 0).
This may introduce bugs related to containers with an rwsize of 0
(freshly created from an image) and --size specified, but is
definitely better than what we have now.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of fields were never being populated. Populate them as
best we can.
Add a new field, exited, to indicate whether the exit code has
meaning (IE, the container has exited).
Fix handling of running time - it stops ticking when the
container stops. There is further work needed here, I suspect.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
| |
Use this to supplement exit codes returned from containers, to
make sure we know when exit codes are invalid (as the container
has not yet exited)
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
rootless: fix usage on Fedora Silverblue/CoreOS
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Closes: https://github.com/projectatomic/libpod/issues/1073
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Podman pod create/rm/ps commands with man pages and tests
|
| | |
| | |
| | |
| | | |
Signed-off-by: haircommander <pehunt@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Includes a very stripped down version of podman pod ps, just for testing
Signed-off-by: haircommander <pehunt@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes a race condition where conmon is still writing the exit
file and the container is exiting.
Also we should not be ignoring the -a stdin flag if the user specifies
--interactive mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This way ^c will actually kill the host process if the container is not
actually running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
|
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1084
Approved by: baude
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman rmi was deleting an image even if it was a parent of
another image. This fix just untags the image instead.
This also fixes podman rmi to remove intermediate images of
an image when the image is removed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1055
Approved by: mheon
|
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1083
Approved by: rhatdan
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
podman now supports --volumes-from flag, which allows users
to add all the volumes an existing container has to a new one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #931
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1031
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
if we snip the requirement to use a buildah const in the libpod image library,
we can save something on the order of 85 vendored files in consumers of the
the library.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1054
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Use a single function startAttachCtr() to handle both container start
with attach and attach to running containers, as the code handling the
attach is common for the 2 use cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1025
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1030
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1012
Approved by: rhatdan
|
|\
| |
| | |
utils: fix endless write of resize event
|
| |
| |
| |
| |
| |
| | |
issue introduced with c82166afabd63f6271990be89ffa6609d3dc6712
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of setting the --registry flag to search a single registry,
prefix the registry before the image name in the input, an example is
`podman search registry.fedoraproject.org/fedora` and this will search for
the fedora image in only registry.fedoraproject.org.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1011
Approved by: rhatdan
|
|/
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1019
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]:
> The root cause is a deadlock between two channel writes made by two
> different goroutines:
>
> 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize
> message thru `resize` right at the beginning, but the channel is
> never read if some startup error occurs.
>
> 2. Upon program termination, `startAttachCtr() : defer func(){} ` is
> telling the goroutine in "1." to stop via the `resizeTerminate`
> channel. But that guy is still waiting for the write to `resize`
> to complete so the the termination message is never read.
>
> I think the go deadlock detection does not kick in because not all
> goroutines are seen as asleep. E.g. `os/signal Notify()` is enough
> to have the deadlock not detected.
333ab8c2 (Fix podman hangs when detecting startup error in container
attached mode, 2018-06-27, #1010) addressed this with a deferred
drain. This commit adjusts that approach to use a single select to
cover "have we been canceled?", "has there been a resize signal?", and
(when we have one) "can we write the most recent resize event to the
resize channel?".
A side benefit to this approach is that if we have a slow resize
consumer and several resize signals, the resizeTty function will keep
updating its local resizeEvent. Once the resize channel is able to
accept, only the most-recent event will be written. Previously we'd
have written one resize event for every received signal, even if the
resize consumer was falling behind.
[1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1018
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The initial resize command sent to the terminal window over the resize
channel may never be delivered in case of error.
Hence it is necessary to consume all data from the resize channel to
avoid a deadlock on startup.
Fixes: #1009
Closes: #1010
Approved by: giuseppe
|
|
|
|
|
|
|
|
|
|
|
| |
Update the description of podman-build which was mentioning the initial
requirement of Buildah which doesn't apply anymore since Podman is
vendoring Buildah code.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1005
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
When running podman as non root user always create an userNS and let
the OCI runtime use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Since podman search requires credentials to search private registries,
add the --authfile flag to allow users to pass in credentials from a
different authfile than the default one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #998
Approved by: rhatdan
|