summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Set default storage options from mounts.conf file.Daniel J Walsh2019-01-12
| | | | | | | | | We were never loading the storage.conf file to grab mountOptions. This is causing us to not use metacopyup option when running with overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2138 from giuseppe/rootless-pod-fixOpenShift Merge Robot2019-01-11
|\ | | | | rootless: fix usage of create --pod=new:FOO
| * rootless: create the userns immediately when creating a new podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2124 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: join both userns and mount namespace with --podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | When --pod is specified then join both the user and mount namespace for the pod so we can initialize the storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ \ | | | | | | Add varlink support for prune
| * | Add varlink support for prunebaude2019-01-10
| |/ | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| remote-client support for images
| * remote-client support for imagesbaude2019-01-10
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Fix handling of nil volumes
| * | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Fix 'image trust' from PR1899
| * | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | fix up sigstore path
| * | | | fix up sigstore pathQi Wang2019-01-10
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ | |/ / / |/| | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
| * | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCEGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: make all error messages lowercaseGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: use filepath.Join instead of fmt.SprintfGiuseppe Scrivano2019-01-10
| |_|/ |/| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ \ | |/ / |/| | apparmor: apply default profile at container initialization
| * | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / libpod/image: Use ParseNormalizedNamed in RepoDigestsW. Trevor King2019-01-09
|/ | | | | | | | | | | | | | | | Avoid generating quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and similar when the image name is already digest-based [1]. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not). [1]: https://github.com/containers/libpod/issues/2086 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #2106 Approved by: rhatdan
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | | | | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ / | | | | | | | | | | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | Merge pull request #2099 from mheon/config_to_containerconfigOpenShift Merge Robot2019-01-08
|\ \ | |/ |/| Rename libpod.Config back to ContainerConfig
| * Rename libpod.Config back to ContainerConfigMatthew Heon2019-01-07
| | | | | | | | | | | | | | | | | | | | During an earlier bugfix, we swapped all instances of ContainerConfig to Config, which was meant to fix some data we were returning from Inspect. This unfortunately also renamed a libpod internal struct for container configs. Undo the rename here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Honor image environment variables with execAnders F Björklund2019-01-07
| | | | | | | | | | | | | | | | Was reading the "env" argument twice instead of image. Closes #2063 Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #2098 from baude/remoteOpenShift Merge Robot2019-01-07
|\ \ | |/ |/| Add ability to build golang remote client
| * Add ability to build golang remote clientbaude2019-01-07
| | | | | | | | | | | | | | | | | | | | | | Add the ability to build a remote client in golang that uses all the same front-end cli code and output code. The initial limitations here are that it can only be a local client while the bridge and resolver code is being written for the golang varlink client. Tests and docs will be added in subsequent PRs. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2075 from baude/runlabelnameOpenShift Merge Robot2019-01-07
|\ \ | | | | | | container runlabel NAME implementation
| * | container runlabel NAME implementationbaude2019-01-04
| |/ | | | | | | | | | | | | | | | | | | | | when using container runlabel, if a --name is not provided, we must deduce the container name from the base name of the image to maintain parity with the atomic cli. fixed small bug where we split the cmd on " " rather than using fields could lead to extra spaces in command output. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2093 from vrothberg/issue-2092OpenShift Merge Robot2019-01-07
|\ \ | | | | | | podman-login: adhere to user input
| * | podman-login: adhere to user inputValentin Rothberg2019-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Do not try to login with existing credentials when the user specifies a username or password on the CLI. * Improve error messages. * Use specified tls-verify switch and cert-dir for all requests. Fixes: #2092 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2088 from giuseppe/umask-to-0OpenShift Merge Robot2019-01-07
|\ \ \ | |/ / |/| | podman: set umask to 022
| * | podman: set umask to 022Giuseppe Scrivano2019-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | be sure there are no bits in the umask that prevent us for creating directories with mode 0755. Set the umask very early in the program startup. Closes: https://github.com/containers/libpod/issues/2074 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2082 from rhatdan/runcOpenShift Merge Robot2019-01-06
|\ \ \ | |/ / |/| | Update vendor of runc
| * | Update vendor of runcDaniel J Walsh2019-01-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Updating the vendor or runc to pull in some fixes that we need. In order to get this vendor to work, we needed to update the vendor of docker/docker, which causes all sorts of issues, just to fix the docker/pkg/sysinfo. Rather then doing this, I pulled in pkg/sysinfo into libpod and fixed the code locally. I then switched the use of docker/pkg/sysinfo to libpod/pkg/sysinfo. I also switched out the docker/pkg/mount to containers/storage/pkg/mount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / add container-init supportValentin Rothberg2019-01-04
|/ | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman build is not using the default oci-runtimeDaniel J Walsh2018-12-28
| | | | | | | | | | Currently if the user installs runc in an alternative path podman run uses it but podman build does not. This patch will pass the default oci runtime to be used by podman down to the image builder. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow alias for list, ls, ps to workDaniel J Walsh2018-12-23
| | | | | | | | Allow multiple alias for listing containers and images. Also fix documentation for umount and unmount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change all 'can not' to 'cannot' for proper usageDaniel J Walsh2018-12-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* export: fix usage with rootless containersGiuseppe Scrivano2018-12-21
| | | | | | | | | | | | | | Fix usage of export when rootless containers are used without vfs. We join the conmon process namespaces as the container is running in a different one. There can be a problem if the user specify a different path for the conmon process, and then the file is deleted. In this case podman won't be able to find the conmon process to join. Closes: https://github.com/containers/libpod/issues/2027 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* skip test for blkio.weight when kernel does not support itbaude2018-12-20
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1967 from baude/kubereplayOpenShift Merge Robot2018-12-20
|\ | | | | Add Play
| * Add Playbaude2018-12-19
| | | | | | | | | | | | | | podman play kube adds the ability for the user to recreate pods and containers from a Kubernetes YAML file in libpod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1899 from QiWang19/trustimgOpenShift Merge Robot2018-12-19
|\ \ | |/ |/| Support podman image trust command
| * Support podman image trust commandQi Wang2018-12-19
| | | | | | | | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>