summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* runtime: fix logic to disable SDNotifyValentin Rothberg2019-09-24
| | | | | | | | Fix the logic when getting the runtime for varlink to actually disable SDNotify support. Fixes: #4005 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* support non-standard ssh port for remote-clientbaude2019-09-17
| | | | | | | | | | when using the remote client, users may need to specify a non-standard port for ssh connections. we can do so on the command line and within the remote-client configuration file. Fixes: #3987 Signed-off-by: baude <bbaude@redhat.com>
* Fix default to pause in podman cpDaniel J Walsh2019-09-13
| | | | | | | | We want to default to secure when running containers as root, in rootless, we need to change the default if the system does not support cgroup v1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4022 from baude/remotepushgetrtOpenShift Merge Robot2019-09-13
|\ | | | | get runtime for podman-remote push earlier
| * get runtime for podman-remote push earlierbaude2019-09-13
| | | | | | | | | | | | | | | | | | to prevent client side panics, we should get the runtime earlier in the process of push. Fixes: #4013 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4018 from giuseppe/fix-error-message-rootlessOpenShift Merge Robot2019-09-13
|\ \ | | | | | | rootless: report the correct error
| * | rootless: report the correct errorGiuseppe Scrivano2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | do not shadow the err variable so that the correct error message can be reported when utils.RunUnderSystemdScope fails. Closes: https://github.com/containers/libpod/issues/4012 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3934 from rhatdan/waitOpenShift Merge Robot2019-09-13
|\ \ \ | | | | | | | | Podman-remote run should wait for exit code
| * | | Use exit code constantsDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We have leaked the exit number codess all over the code, this patch removes the numbers to constants. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #3942 from jwhonce/issue/3829OpenShift Merge Robot2019-09-13
|\ \ \ \ | |_|/ / |/| | | Stop glob'ing on podman cp
| * | | Do not support wildcards on cpJhon Honce2019-09-12
| | |/ | |/| | | | | | | | | | | | | | | | * symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #3978 from baude/networkremoveOpenShift Merge Robot2019-09-12
|\ \ \ | |/ / |/| | enhance podman network rm
| * | enhance podman network rmbaude2019-09-12
| |/ | | | | | | | | | | | | | | | | | | when removing a podman network, we need to make sure we delete the network interface if one was ever created (by running a container). also, when removing networks, we check if any containers are using the network. if they are, we error out unless the user provides a 'force' option which will remove the containers in question. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3997 from QiWang19/sigpathOpenShift Merge Robot2019-09-12
|\ \ | |/ |/| fix podman sign signature store for rootless
| * fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | | | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #3959 from giuseppe/rootless-use-systemd-scopeOpenShift Merge Robot2019-09-12
|\ \ | | | | | | rootless: automatically create a systemd scope
| * | rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / podman-remote image trust is brokenDaniel J Walsh2019-09-11
|/ | | | | | We should not be making it available, it does nothing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ | | | | | | Add explanation mounting named volumes for `podman run`
| * | Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
* | | Merge pull request #3896 from mheon/volume_lookupOpenShift Merge Robot2019-09-09
|\ \ \ | | | | | | | | Add ability to look up volumes by unambiguous partial name
| * | | Add function for looking up volumes by partial nameMatthew Heon2019-09-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | This isn't included in Docker, but seems handy enough. Use the new API for 'volume rm' and 'volume inspect'. Fixes #3891 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3862 from baude/networkcreateOpenShift Merge Robot2019-09-09
|\ \ \ | |/ / |/| | podman network create
| * | podman network createbaude2019-09-09
| |/ | | | | | | | | | | | | initial implementation of network create. we only support bridging networks with this first pass. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3914 from marcov/units-optsOpenShift Merge Robot2019-09-09
|\ \ | | | | | | cli-flags: use a consistent format for <size><unit>
| * | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | | build: pass down the cgroup manager to buildahGiuseppe Scrivano2019-09-06
| |/ |/| | | | | | | | | | | | | Pass down the cgroup manager to use to buildah. Closes: https://github.com/containers/libpod/issues/3938 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Set TMPDIR to /var/tmp by defaultDaniel J Walsh2019-09-05
|/ | | | | | | | | | | | | We have had some issues with users squashing large images or pulling large content from github, that could trigger crashes based on the size of /tmp. Docker had an issue with this back in 2016. https://github.com/golang/go/issues/14021 The discussion there was to change the default to /var/tmp. This change will only effect systems that do not set the TMPDIR environment variable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3833 from QiWang19/cert-dirOpenShift Merge Robot2019-08-28
|\ | | | | add --cert-dir image sign
| * add --cert-dir image signQi Wang2019-08-17
| | | | | | | | | | | | | | Requirement from #2726 Add --cert-dir for `podman image sign`. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Update varlink doc and codeJhon Honce2019-08-26
| | | | | | | | | | | | | | | | * Improved error message * Added documentation * Updated messages to include missing data Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #3800 from vrothberg/generate-podOpenShift Merge Robot2019-08-22
|\ \ | | | | | | generate systemd pod
| * | generate systemd: support pods and geneartig filesValentin Rothberg2019-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support generating systemd unit files for a pod. Podman generates one unit file for the pod including the PID file for the infra container's conmon process and one unit file for each container (excluding the infra container). Note that this change implies refactorings in the `pkg/systemdgen` API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | generate systemd: drop support for remote clientsValentin Rothberg2019-08-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the support for remote clients to generate systemd-service files. The generated files are machine-dependent and hence relate only to the a local machine. Furthermore, a proper service management when using a remote-client is not possible as systemd has no access to a process. Dropping the support will also reduce the risk of making users believe that the generated services are usable in a remote scenario. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #3873 from rhatdan/migrateOpenShift Merge Robot2019-08-22
|\ \ \ | | | | | | | | Need to include command name in error message
| * | | Need to include command name in error messageDaniel J Walsh2019-08-21
| |/ / | | | | | | | | | | | | | | | | | | I hit this error and it told be to system migrate` as opposed to `podman system migrate` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3872 from baude/3861OpenShift Merge Robot2019-08-22
|\ \ \ | | | | | | | | podman-remote: cp crashes
| * | | podman-remote: cp crashesbaude2019-08-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | prune unwanted messages when running a container remotely. also, cp is not remote-enabled yet and as such should not be available on the remote client. Fixes: #3861 Signed-off-by: baude <bbaude@redhat.com>
* / / Add --digestfile option to pushTomSweeneyRedHat2019-08-21
|/ / | | | | | | | | | | | | | | | | | | Add the digestfile option to the push command so the digest can be stored away in a file when requested by the user. Also have added a debug statement to show the completion of the push. Emulates Buildah's https://github.com/containers/buildah/pull/1799/files Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #3569 from rhatdan/cgroupsv1OpenShift Merge Robot2019-08-20
|\ \ | | | | | | Fix error message on podman stats on cgroups v1 rootless environments
| * | Fix error message on podman stats on cgroups v1 rootless environmentsDaniel J Walsh2019-08-19
| | | | | | | | | | | | | | | | | | | | | podman stats does not work in rootless environments with cgroups V1. Fix error message and document this fact. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3760 from rhatdan/authOpenShift Merge Robot2019-08-19
|\ \ \ | | | | | | | | Use GetRuntimeDir to setup auth.json for login
| * | | Use GetRuntimeDir to setup auth.json for loginDaniel J Walsh2019-08-12
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Implement healthcheck for remote clientAshley Cui2019-08-19
| | | | | | | | | | | | | | | | | | | | | | | | Previously unimplemented. Works the same way the local one does, except its remote. Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | | | Merge pull request #3709 from mheon/volume_inspectOpenShift Merge Robot2019-08-19
|\ \ \ \ | |_|/ / |/| | | Change backend code for 'volume inspect'
| * | | Swap 'volume inspect' frontend to use the new backendMatthew Heon2019-08-02
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>