summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* help message: don't parse the config for cgroup-manager defaultValentin Rothberg2019-11-06
| | | | | | | | | | | | | Do not generate an entire `config.Config` for displaying the default value for the --cgroup-manager flag and just default to systemd. Not using the `config.Config` is okay as 1) the value may change at runtime in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly parse the system config files and to generate the hard-coded default config, and 3) the log-level and other attributes are not yet set during init() causing undesirable side effects. Fixes: #4456 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* namespaces: by default create cgroupns on cgroups v2Giuseppe Scrivano2019-11-05
| | | | | | | | | | | | | | | | change the default on cgroups v2 and create a new cgroup namespace. When a cgroup namespace is used, processes inside the namespace are only able to see cgroup paths relative to the cgroup namespace root and not have full visibility on all the cgroups present on the system. The previous behaviour is maintained on a cgroups v1 host, where a cgroup namespace is not created by default. Closes: https://github.com/containers/libpod/issues/4363 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Validate contextdir on buildTomSweeneyRedHat2019-11-01
| | | | | | | | | | | We never verified that the context directory passed into the build command was a valid directory. When we then slapped a default Containerfile name onto it, things went south fast if the user had passed us a file and not a directory. Fixes: #4383 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #4404 from jwhonce/wip/panicOpenShift Merge Robot2019-11-01
|\ | | | | Refactor test to prevent panic
| * Refactor test to prevent panicJhon Honce2019-10-31
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | logs: support --tail 0Giuseppe Scrivano2019-10-31
| | | | | | | | | | | | | | | | | | change the default to -1, so that we can change the semantic of "--tail 0" to not print any existing log line. Closes: https://github.com/containers/libpod/issues/4396 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4352 from vrothberg/config-packageOpenShift Merge Robot2019-10-31
|\ \ | | | | | | refactor libpod config into libpod/config
| * | add libpod/configValentin Rothberg2019-10-31
| |/ | | | | | | | | | | | | | | | | | | | | | | Refactor the `RuntimeConfig` along with related code from libpod into libpod/config. Note that this is a first step of consolidating code into more coherent packages to make the code more maintainable and less prone to regressions on the long runs. Some libpod definitions were moved to `libpod/define` to resolve circular dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Fix cp from pipeAleksey Chudov2019-10-30
| | | | | | | | Signed-off-by: Aleksey Chudov <aleksey.chudov@gmail.com>
* | Merge pull request #4369 from baude/golandautocodecorrectionsOpenShift Merge Robot2019-10-30
|\ \ | |/ |/| goland autocorrections
| * goland autocorrectionsbaude2019-10-29
| | | | | | | | | | | | | | just ran the autocorrect code corrections from goland and it found a few nits. Signed-off-by: baude <bbaude@redhat.com>
* | Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | images: distinguish between tags and digestsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | API: report multiple digests for imagesNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
|/ | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* enable dnsplugin for network createbaude2019-10-28
| | | | | | | | | | | when users create a new network and the dnsname plugin can be found by podman, we will enable container name resolution on the new network. there is an option to opt *out* as well. tests cannot be added until we solve the packaging portion of the dnsname plugin. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #4228 from giuseppe/detect-no-systemd-sessionOpenShift Merge Robot2019-10-24
|\ | | | | rootless: detect no system session with --cgroup-manager=systemd
| * rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| | | | | | | | | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4298 from mheon/uid_gid_optionsOpenShift Merge Robot2019-10-24
|\ \ | | | | | | Add parsing for UID, GID in volume "o" option
| * | Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | stats: list all running containers unless specified otherwiseValentin Rothberg2019-10-23
|/ / | | | | | | | | | | | | | | | | | | Unless specified otherwise by --all, --latest or via arguments, list all running containers. This matches the behaviour of Docker and is also illustrated in the man pages where containers and options are marked to be optional. Fixes: #4274 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4284 from mheon/fix_vol_inspectOpenShift Merge Robot2019-10-21
|\ \ | |/ |/| Show volume options in 'volume inspect'
| * Rewrite backend for remote 'volume inspect'Matthew Heon2019-10-21
| | | | | | | | | | | | | | | | | | | | We need to use the new Inspect() endpoint instead of trying to JSON the actual volume structs. Currently, the output seems completely nonsensical; it seems like we're JSONing the struct for the Varlink connection itself? This should restore sanity and match the format of remote and local inspect on volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4125 from baude/remotestdinOpenShift Merge Robot2019-10-20
|\ \ | |/ |/| Add ability to redirect bash for run -i
| * Add ability to redirect bash for run -ibaude2019-10-15
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4195 from vrothberg/fix-4193OpenShift Merge Robot2019-10-15
|\ \ | |/ |/| inspect: rename ImageID go field to Image
| * inspect: rename ImageID go field to ImageValentin Rothberg2019-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The json field is called `Image` while the go field is called `ImageID`, tricking users into filtering for `Image` which ultimately results in an error. Hence, rename the field to `Image` to align json and go. To prevent podman users from regressing, rename `Image` to `ImageID` in the specified filters. Add tests to prevent us from regressing. Note that consumers of the go API that are using `ImageID` are regressing; ultimately we consider it to be a bug fix. Fixes: #4193 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4267 from giuseppe/accept-sbin-initOpenShift Merge Robot2019-10-15
|\ \ | | | | | | systemd: accept also /sbin/init
| * | systemd: accept also /sbin/initGiuseppe Scrivano2019-10-15
| |/ | | | | | | | | | | | | | | | | it is a regression caused by 3ba3e1c7510d1780b6527a4aa52e40ac2c5b576a. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1761514 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4215 from TomSweeneyRedHat/dev/tsweeney/fixsquashOpenShift Merge Robot2019-10-15
|\ \ | |/ |/| Add squash-all, fix squash option in build
| * Add squash-all, fix squash option in buildTomSweeneyRedHat2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | Translate the podman build --squash command to podman build --layers=false which has the same functionality as docker build --squash. Add a new option --squash-all which will squash all layers into one. This will be translated to buildah bud --squash for the buildah bud api. Also allow only one option, squash, layers or squash--all to be used per build command. Fixes: https://github.com/containers/buildah/issues/1234 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | images: empty list is valid json with --format=jsonGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | similar change to f7d55d64e7040cdad149684234ea150b0a90cf0e with images --format=json, be sure the output is valid json also when it is an empty list. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4221 from mheon/reset_runtimeOpenShift Merge Robot2019-10-11
|\ \ | |/ |/| Migrate can move containers to a user-defined runtime
| * Migrate can move containers to a new runtimeMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | This is a horrible hack to work around issues with Fedora 31, but other distros might need it to, so we'll move it upstream. I do not recommend this functionality for general use, and the manpages and other documentation will reflect this. But for some upgrade cases, it will be the only thing that allows for a working system. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4237 from giuseppe/ps-not-nullOpenShift Merge Robot2019-10-11
|\ \ | | | | | | container: initialize results list
| * | container: initialize results listGiuseppe Scrivano2019-10-11
| |/ | | | | | | | | | | | | | | | | it solves: $ podman ps --format=json null Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4201 from TomSweeneyRedHat/dev/tsweeney/updatebuildmdOpenShift Merge Robot2019-10-11
|\ \ | | | | | | Update build man page with latest Buildah changes
| * | Update build man page with latest Buildah changesTomSweeneyRedHat2019-10-10
| | | | | | | | | | | | | | | | | | | | | Changes include: Containerfile by default, add --device flags to bud, allow buildah bud to be called without arguments, and a couple of small typo corrections. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4232 from csomh/auth-file-pathOpenShift Merge Robot2019-10-11
|\ \ \ | |/ / |/| | Fix default path for auth.json
| * | Fix default path for auth.jsonHunor Csomortáni2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Default path should be ${XDG_RUNTIME_DIR}/containers/auth.json according to the docs. This regressed to ${XDG_RUNTIME_DIR}/auth.json in #3760. Fixes: #4227 Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* | | Merge pull request #4206 from giuseppe/systemd-mode-look-full-pathOpenShift Merge Robot2019-10-10
|\ \ \ | |/ / |/| | systemd: expect full path /usr/sbin/init
| * | cli: support --systemd=alwaysGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | it enforces the systemd mode also when the command name doesn't match /usr/sbin/init or systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4225 from giuseppe/rootless-create-pause-automaticallyOpenShift Merge Robot2019-10-09
|\ \ \ | |/ / |/| | rootless: automatically recreate the pause.pid file
| * | rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| |/ | | | | | | | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Respect --sig-proxy flag with podman start --attachMatthew Heon2019-10-09
|/ | | | | | | If it's explicitly set, use it, instead of trying to set a sane default. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ | | | | Setup a reasonable default for pids-limit 4096
| * Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | | | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
|/ | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>