summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* validate fds --preserve-fdsQi Wang2020-08-04
| | | | | | validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #7209 from giuseppe/support-mount-devptsOpenShift Merge Robot2020-08-04
|\ | | | | podman: support --mount type=devpts
| * podman: support --mount type=devptsGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to create a devpts mount. This is useful for containers that bind mount /dev/ from the host but at the same time want to create a terminal. It can be used as: podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ... Closes: https://github.com/containers/podman/issues/6804 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-03
|/ | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7182 from zhangguanzhang/fix-exitCode-for-startOpenShift Merge Robot2020-08-03
|\ | | | | implement the exitcode when start a container with attach
| * implement the exitcode when start a container with attachzhangguanzhang2020-08-03
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7171 from jwhonce/wip/varlink_timeoutOpenShift Merge Robot2020-08-01
|\ \ | | | | | | Fix podman service --valink timeout
| * | Fix podman service --valink timeoutJhon Honce2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | | Documentation and unit files call for a millisecond timeout while the code was using a second resolution. Code change is smaller given varlink has been deprecated. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | fix pod creation with "new:" syntaxPaul Holzinger2020-07-31
|/ / | | | | | | | | | | | | | | | | | | | | When you execute podman create/run with the --pod new:<name> syntax the pod was created but the namespaces where not shared and therefore containers could not communicate over localhost. Add the default namespaces and pass the network options to the pod create options. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7159 from ashley-cui/runningforOpenShift Merge Robot2020-07-31
|\ \ | | | | | | add {{.RunningFor}} placeholder in ps --format
| * | add {{.RunningFor}} placeholder in ps --formatAshley Cui2020-07-30
| |/ | | | | | | | | | | For docker compatibility Signed-off-by: Ashley Cui <acui@redhat.com>
* / fix swapped mem_usage/percent fieldsPaul Holzinger2020-07-30
|/ | | | | | Correct the wrong field assignment in `podman stats --format=json`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* fix podman system df format errorzhangguanzhang2020-07-31
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Don't crash when giving bogus format commandsDaniel J Walsh2020-07-29
| | | | | | | | | | | | | | | | Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ | | | | Fix building from http or '-' options
| * Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6851 from rhatdan/mountOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Add podman image mount
| * | Add podman image mountDaniel J Walsh2020-07-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-28
|/ | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ | | | | Switch all references to github.com/containers/libpod -> podman
| * Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7098 from asottile/newline_on_errorOpenShift Merge Robot2020-07-28
|\ \ | |/ |/| add newline to output in error message
| * add newline to output in error messageAnthony Sottile2020-07-27
| | | | | | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* | Cleanup handling of podman mount/unmountDaniel J Walsh2020-07-27
|/ | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* replace the html/template package with text/templatePaul Holzinger2020-07-25
| | | | | | | | | Currently some commands use the html/template package. This can lead to invalid output. e.g. `system df --verbose` will print `&lt;none&gt;` instead of `<none>` with an untaged image. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7068 from mheon/start_attach_no_ctridOpenShift Merge Robot2020-07-24
|\ | | | | The `podman start --attach` command should not print ID
| * The `podman start --attach` command should not print IDMatthew Heon2020-07-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Somewhere in the Podman v2 rewrite, we allowed `podman start --attach` to print the container ID of the started container after exiting from the attach session (via detach key or the container exiting naturally). We should never print the ID when `--attach` is given, which makes the fix simple - make the print statement conditional on `--attach` not being present. Wierdly, this only happened with `--interactive` was given to `podman start`. I don't know why that is, but this resolves the issue without having to dig any deeper, so I'm content. Fixes #7055 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | [WIP] Refactor podman system connectionJhon Honce2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | * Add support to manage multiple connections * Add connection * Remove connection * Rename connection * Set connection as default * Add markdown/man pages * Fix recursion in hack/xref-helpmsgs-manpages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7042 from rhatdan/remoteOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Enable --remote flag
| * Enable --remote flagDaniel J Walsh2020-07-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Add --umask flag for create, run
| * Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
* | Add noop function disable-content-trustDaniel J Walsh2020-07-21
|/ | | | | | | | People who use docker scripts with Podman see failures if they use disable-content-trust flag. This flag already existed for podman build, adding it to pull/push/create/run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-20
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #6934 from ParkerVR/tags-referenceOpenShift Merge Robot2020-07-18
|\ | | | | using reference package to parse
| * Used reference package with errors for parsing tagParker Van Roy2020-07-17
| | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | abi: set default umask and rlimitsGiuseppe Scrivano2020-07-17
|/ | | | | | | | the code got lost in the migration to podman 2.0, reintroduce it. Closes: https://github.com/containers/podman/issues/6989 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6965 from giuseppe/followup-pr6324OpenShift Merge Robot2020-07-17
|\ | | | | allow switching of port-forward approaches in rootless/using slirp4netns
| * libpod: pass down network optionsGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | do not pass network specific options through the network namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix `podman system connection` panicJhon Honce2020-07-15
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6939 from rhatdan/entrypointOpenShift Merge Robot2020-07-14
|\ | | | | Fix handling of entrypoint
| * Fix handling of entrypointDaniel J Walsh2020-07-14
| | | | | | | | | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6931 from mheon/apply_sigproxyOpenShift Merge Robot2020-07-14
|\ \ | |/ |/| Ensure sig-proxy default is propagated in start
| * Ensure sig-proxy default is propagated in startMatthew Heon2020-07-10
| | | | | | | | | | | | | | | | | | | | | | We properly determined what sig-proxy should be set to, but we never passed that along to the backend. As such, cases where the default swapped (mostly when `--attach` was specified but the `--sig-proxy` flag was not) were not handled correctly Fixes #6928 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6842 from rhatdan/pids-limitOpenShift Merge Robot2020-07-13
|\ \ | | | | | | Pids-limit should only be set if the user set it
| * | Pids-limit should only be set if the user set itDaniel J Walsh2020-07-10
| |/ | | | | | | | | | | | | | | | | | | Currently we are sending over pids-limits from the user even if they never modified the defaults. The pids limit should be set at the server side unless modified by the user. This issue has led to failures on systems that were running with cgroups V1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6896 from mheon/fix_remote_createcommandOpenShift Merge Robot2020-07-13
|\ \ | | | | | | Fix container and pod create commands for remote create
| * | Fix container and pod create commands for remote createMatthew Heon2020-07-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In `podman inspect` output for containers and pods, we include the command that was used to create the container. This is also used by `podman generate systemd --new` to generate unit files. With remote podman, the generated create commands were incorrect since we sourced directly from os.Args on the server side, which was guaranteed to be `podman system service` (or some variant thereof). The solution is to pass the command along in the Specgen or PodSpecgen, where we can source it from the client's os.Args. This will still be VERY iffy for mixed local/remote use (doing a `podman --remote run ...` on a remote client then a `podman generate systemd --new` on the server on the same container will not work, because the `--remote` flag will slip in) but at the very least the output of `podman inspect` will be correct. We can look into properly handling `--remote` (parsing it out would be a little iffy) in a future PR. Signed-off-by: Matthew Heon <matthew.heon@pm.me>