summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Add username to /etc/passwd inside of container if --userns keep-idDaniel J Walsh2020-07-07
| | | | | | | | | | If I enter a continer with --userns keep-id, my UID will be present inside of the container, but most likely my user will not be defined. This patch will take information about the user and stick it into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6693 from goochjj/libpod-sd-notify-cmdlineOpenShift Merge Robot2020-07-06
|\ | | | | Implement --sdnotify cmdline option to control sd-notify behavior
| * Implement --sdnotify cmdline option to control sd-notify behaviorJoseph Gooch2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* | Merge pull request #6868 from mheon/fix_mount_rootlessOpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Fix bug where `podman mount` didn't error as rootless
| * Fix bug where `podman mount` didn't error as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We require that rootless `podman mount` be run inside a shell spawned by `podman unshare` (which gives us a mount namespace which actually lets other commands use the mounted filesystem). The fix is simple - we need to mark the command as requiring the rootless user namespace not be configured, so we can test for it later as part of the mount code and error if we needed to make one. Fixes #6856 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6836 from ashley-cui/tzlibpodOpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Add --tz flag to create, run
| * Add --tz flag to create, runAshley Cui2020-07-02
| | | | | | | | | | | | | | --tz flag sets timezone inside container Can be set to IANA timezone as well as `local` to match host machine Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #6864 from vrothberg/v2-moduleOpenShift Merge Robot2020-07-06
|\ \ | | | | | | move go module to v2
| * | move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6790 from QiWang19/set_engine_envOpenShift Merge Robot2020-07-06
|\ \ \ | | | | | | | | Set engine env from common config
| * | | Set engine env from common configQi Wang2020-07-03
| | |/ | |/| | | | | | | | | | | | | | | | Set the env that is used by Podman. related issue containers/common#31 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #6855 from Luap99/ps-command-truncOpenShift Merge Robot2020-07-06
|\ \ \ | |_|/ |/| | podman ps truncate the command
| * | podman ps truncate the commandPaul Holzinger2020-07-05
| |/ | | | | | | | | | | | | | | | | With a long create command the output from ps is basically unreadable. This is a regression that was introduced with Podman 2.0. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / auto-update: clarify systemd-unit requirementsValentin Rothberg2020-07-06
|/ | | | | | | | | | Clarify in the help message and the man page that auto updates only work with systemd units that are similar to the ones from `generate systemd --new`. Units that merely start/stop a container do not work as they will use the same image. Fixes: #6793 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Created timestamp returned by imagelist should be in unix formatDaniel J Walsh2020-06-30
| | | | | | | | In the API, we are currently returning the image time of creation as a string, in time.Time format. The API is for a 64 bit integer representing Unix time. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6773 from markstos/issue-6756-improve-inspect-docsOpenShift Merge Robot2020-06-30
|\ | | | | docs: recommend alternatives to podman inspect
| * docs: recommend alternatives to podman inspectMark Stosberg2020-06-30
| | | | | | | | | | | | | | | | | | | | | | | | podman inspect is problematic because there can be naming clashes. Also, it only inspects a couple of types of objects and the docs for it didn't help discover that several more types could be inspected as well. To address both concerns, we deprecate `podman inspect` and update the docs to point to to the recommend alternatives. Issue: #6756 Signed-off-by: Mark Stosberg <mark@rideamigos.com>
* | Set TMPDIR to /var/tmp by default if not setDaniel J Walsh2020-06-30
|/ | | | | | | | | Containers/image will use TMPDIR for the location of pulled layer blobs. If TMPDIR is not set, it will use /tmp. Since this is known to be of limited space on most systems, we change the default to /var/tmp if the user has not told the tools where to store temporary files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ | | | | Allow empty host port in --publish flag
| * Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6794 from baude/v2remotewindowsterminalOpenShift Merge Robot2020-06-29
|\ \ | | | | | | Set console mode for windows
| * | Set console mode for windowsBrent Baude2020-06-29
| |/ | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6716 from jwhonce/issues/6598OpenShift Merge Robot2020-06-29
|\ \ | | | | | | Fixes --remote flag issues
| * | Fixes --remote flag issuesJhon Honce2020-06-26
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --remote, --url and --identity are now anchored to podman command. Subcommands should no longer have issues * TraverseChildren now set to V1 expectations * Latest flag now has helper function. Now has consistent usage. * IsRemote() uses cobra parser to determin if --remote is given * Moved validation functions from parser pkg to validate pkg * Fixes #6598 Fixes #6704 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6666 from giuseppe/conmon-delegateOpenShift Merge Robot2020-06-29
|\ \ | |/ |/| podman: add new cgroup mode split
| * podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Revert sending --remote flag to containersJhon Honce2020-06-25
| | | | | | | | | | | | * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6754 from edsantiago/man_page_xrefOpenShift Merge Robot2020-06-25
|\ \ | | | | | | Docs: consistency between man / --help
| * | Docs: consistency between man / --helpEd Santiago2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New functionality in hack/man-page-checker: start cross- referencing the man page 'Synopsis' line against the output of 'podman foo --help'. This is part 1, flag/option consistency. Part 2 (arg consistency) is too big and will have to wait for later. flag/option consistency means: if 'podman foo --help' includes the string '[flags]' in the Usage message, make sure the man page includes '[*options*]' in its Synopsis line, and vice-versa. This found several inconsistencies, which I've fixed. While doing this I realized that Cobra automatically includes a 'Flags:' subsection in its --help output for all subcommands that have defined flags. This is great - it lets us cross-check against the usage synopsis, and make sure that '[flags]' is present or absent as needed, without fear of human screwups. If a flag-less subcommand ever gets extended with flags, but the developer forgets to add '[flags]' and remove DisableFlagsInUseLine, we now have a test that will catch that. (This, too, caught two instances which I fixed). I don't actually know if the new man-page-checker functionality will work in CI: I vaguely recall that it might run before 'make podman' does; and also vaguely recall that some steps were taken to remedy that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6751 from vrothberg/fix-6744OpenShift Merge Robot2020-06-25
|\ \ \ | |_|/ |/| | podman run/create: support all transports
| * | podman run/create: support all transportsValentin Rothberg2020-06-24
| |/ | | | | | | | | | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6752 from rhatdan/inspectOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Fix inspect to display multiple label: changes
| * | Fix inspect to display multiple label: changesDaniel J Walsh2020-06-24
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6732 from mheon/fix_stopsignal_setOpenShift Merge Robot2020-06-24
|\ \ | |/ |/| Set stop signal to 15 when not explicitly set
| * Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6733 from edsantiago/bats_help_extra_argsOpenShift Merge Robot2020-06-24
|\ \ | | | | | | BATS tests: new too-many-arguments test
| * | BATS tests: new too-many-arguments testEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...plus a few others. And fixes to actual parsing. If a command's usage message includes '...' in the argument list, assume it can take unlimited arguments. Nothing we can check. For all others, though, the ALL-CAPS part on the right-hand side of the usage message will define an upper bound on the number of arguments accepted by the command. So in our 'podman --help' test, generate N+1 args and run that command. We expect a 125 exit status and a suitably helpful error message. Not all podman commands or subcommands were checking, so I fixed that. And, fixed some broken usage messages (all-caps FLAGS, and '[flags]' at the end of 'ARGS'). Add new checks to the help test to prevent those in the future. Plus a little refactoring/cleanup where necessary. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Fix ssh-agent supportJhon Honce2020-06-23
|/ / | | | | | | | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6731 from baude/toolboxjsonOpenShift Merge Robot2020-06-23
|\ \ | | | | | | Add JSON output field for ps
| * | Add JSON output field for psBrent Baude2020-06-23
| |/ | | | | | | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | V2 podman system connectionJhon Honce2020-06-23
| | | | | | | | | | | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | wipBrent Baude2020-06-23
|/ | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6722 from vrothberg/fix-6718OpenShift Merge Robot2020-06-23
|\ | | | | image load: no args required
| * image load: no args requiredValentin Rothberg2020-06-23
| | | | | | | | | | | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6712 from mheon/readd_userns_envvarOpenShift Merge Robot2020-06-23
|\ \ | |/ |/| Re-add PODMAN_USERNS environment variable
| * Re-add PODMAN_USERNS environment variableMatthew Heon2020-06-22
| | | | | | | | | | | | | | | | | | | | This was lost during the Podman 2.0 migration. Turns out to be a very easy fix, fortunately - we want to use the environment var if not explicitly overridden. Fixes #6705 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ \ | | | | | | Add --preservefds to podman run
| * | Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Fix conflicts between privileged and other flagsMatthew Heon2020-06-22
| |/ |/| | | | | | | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6671 from rhatdan/buildOpenShift Merge Robot2020-06-21
|\ \ | | | | | | Fix podman build handling of --http-proxy flag