summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Capitalize global options help informationDaniel J Walsh2019-03-30
| | | | | | | --trace, --help and --version were not capatilized like the rest of the global options. This patch fixes this problem. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2691 from baude/psdynamicOpenShift Merge Robot2019-03-29
|\ | | | | Add watch mode to podman ps
| * Add watch mode to podman psbaude2019-03-28
| | | | | | | | | | | | | | | | | | allows users to "watch" the output of podman ps on a set interval in seconds. in watch mode, the screen is cleared between intervals as well. podman -ps -w1 watches on 1 second intervals Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2635 from rhatdan/cacheOpenShift Merge Robot2019-03-29
|\ \ | | | | | | Set blob cache directory based on GraphDriver
| * | Cleanup image2 -> image for importsDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | Remove references to image2 in source code. Makes the code slightly more readable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Set blob cache directory based on GraphDriverDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in rootless containers, we end up not using the blob cache. We also don't store the blob cache based on the users specified graph storage. This change will cause the cache directory to be stored with the rest of the containe images. While doing this patch, I found that we had duplicated GetSystemContext in two places in libpod. I cleaned this up. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2575 from haircommander/hotfix_play_kubeOpenShift Merge Robot2019-03-29
|\ \ \ | |/ / |/| | Default to SELinux private label for play kube mounts
| * | Default to SELinux private label for play kube mountsPeter Hunt2019-03-28
| |/ | | | | | | | | | | | | | | | | | | Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #2784 from QiWang19/digestOpenShift Merge Robot2019-03-28
|\ \ | | | | | | fix bug remote-podman images --digests
| * | fix bug remote-podman images --digestsQi Wang2019-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add `digest` field to Image struct and update API.md Show image digests when using --digests in podman-remote. ``` $ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB ``` Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #2773 from QiWang19/bugOpenShift Merge Robot2019-03-28
|\ \ \ | | | | | | | | fix bug `system df` add a space to the output
| * | | fix bug `system df` add blank space to the outputQi Wang2019-03-28
| |/ / | | | | | | | | | | | | | | | fix typo in Containers space usage: of podman system df -v, add a space for created time Change format string to const Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2760 from mheon/misc_small_changesOpenShift Merge Robot2019-03-28
|\ \ \ | |_|/ |/| | Remove ulele/deepcopier in favor of JSON deep copy
| * | Use spaces instead of tab for JSON marshal indentMatthew Heon2019-03-27
| | | | | | | | | | | | | | | | | | | | | | | | The jsoniterator library believes that panic() is a reasonable response to being told to indent JSON with a tab. So use spaces instead. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Fix gofmtMatthew Heon2019-03-27
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2777 from edsantiago/system_df_invalid_argOpenShift Merge Robot2019-03-27
|\ \ | |/ |/| system df: reject invalid arguments
| * system df: reject invalid argumentsEd Santiago2019-03-27
| | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #2747 from mheon/dns_noneOpenShift Merge Robot2019-03-27
|\ \ | | | | | | Add --dns=none
| * | Resolve review commentsMatthew Heon2019-03-27
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| |/ | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / rootless: fix regression when using exec on old containersGiuseppe Scrivano2019-03-27
|/ | | | | | | | | fallback to the previous behavior of joining only the user namespace, when we cannot join the conmon userns+mount namespaces. Closes: https://github.com/containers/libpod/issues/2673 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* size is optional for container inspectionbaude2019-03-26
| | | | | | | | | | on the remote client, if a user wants to know the rootfs size of a container, a -s should be passed. this corrects a behavior where size was shown by default. Fixes #2765 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2758 from baude/eventsDiedOpenShift Merge Robot2019-03-26
|\ | | | | Add "died" event
| * Add "died" eventbaude2019-03-25
| | | | | | | | | | | | | | | | | | | | We have a new event for container 'Exited' which has been renamed to 'died'. also removed the stream bool from the varlink endpoint for events because it can be determined by the varlink more value. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2498 from QiWang19/sysdfOpenShift Merge Robot2019-03-26
|\ \ | |/ |/| podman system df- show podman disk usage
| * system df to show podman disk usageQi Wang2019-03-25
| | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | podman health check phase3baude2019-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman will not start a transient service and timer for healthchecks. this handles the tracking of the timing for health checks. added the 'started' status which represents the time that a container is in its start-period. the systemd timing can be disabled with an env variable of DISABLE_HC_SYSTEMD="true". added filter for ps where --filter health=[starting, healthy, unhealthy] can now be used. Signed-off-by: baude <bbaude@redhat.com>
* | utils: drop dead functionGiuseppe Scrivano2019-03-21
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Make "stopped" a valid state that maps to "exited"Matthew Heon2019-03-21
|/ | | | | | Fixes #2526 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: implement pod restartGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: reimplement restart with rootless.Argument()Giuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless, rm: fix retcode when the container is not foundGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix ps commandGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix pod killGiuseppe Scrivano2019-03-19
| | | | | | we don't need to access the storage Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2688 from baude/issue2671OpenShift Merge Robot2019-03-18
|\ | | | | support GO template {{ json . }}
| * support GO template {{ json . }}baude2019-03-18
| | | | | | | | | | | | | | | | for podman version, we now support a GO template for json output. fixes #2671 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2696 from haircommander/play-kube-dash-uOpenShift Merge Robot2019-03-18
|\ \ | | | | | | Incorporate image inspect data in play kube
| * | Incorporate user from image inspect data in play kubePeter Hunt2019-03-18
| | | | | | | | | | | | | | | | | | before, when an image signified a user, play kube ignored it. Incorporate that information. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #2700 from edsantiago/podman_umount_argsOpenShift Merge Robot2019-03-18
|\ \ \ | | | | | | | | podman umount: error out if called with no args
| * | | podman umount: error out if called with no argsEd Santiago2019-03-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inspired by #2684, I wrote a CI test to look for other such instances in which a command is invoked without a required argument. 'podman umount' seems to be the only one, and solution is simple: checkAllAndLatest() already does the check for us. Resolve a few other problems uncovered by testing: podman mount: indicate that CONTAINER arg is optional podman pod stats: ditto podman generate kube: remove check for -l (latest) flag, it isn't actually implemented. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #2632 from ↵OpenShift Merge Robot2019-03-18
|\ \ \ \ | |/ / / |/| | | | | | | | | | | debarshiray/wip/rishi/podman-rm-exit-with-125-for-bogus-and-running Make 'podman rm' exit with 125 if it had a bogus & a running container
| * | | Make 'podman rm' exit with 125 if it had a bogus & a running containerDebarshi Ray2019-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Getting a list of containers, and then deleting them are two separate fallible steps that can run into different sets of errors. eg., in the case of a bogus missing container and a container that's running or paused, the first step will only trigger libpod.ErrNoSuchCtr. At this point it might appear that the exit code ought to be 1. However, when attempting the deletion, it will fail once more due to the status of the running or paused container. Since libpod.ErrNoSuchCtr is no longer the only error encountered, the exit code should be reset to 125. This problem is currently masked for rootless usage due to commit 35432ecaae4a8372 ("rootless: fix rm when uid in the container != 0"). Fixes: 85db895012bead6b ("rm: set exit code to 1 if a specified ...") e41279b902a334e5 ("Change exit code to 1 on podman rm ...") Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | | Merge pull request #2674 from rhatdan/loadOpenShift Merge Robot2019-03-18
|\ \ \ \ | | | | | | | | | | Cleanup messages on podman load
| * | | | Cleanup messages on podman loadDaniel J Walsh2019-03-18
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | If user does not specify file or redirect for stdin, then throw an error Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #2687 from rhatdan/inspectOpenShift Merge Robot2019-03-18
|\ \ \ \ | |/ / / |/| | | Fix cut and paste errors in podman-pod-inspect