| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way.
Signed-off-by: haircommander <pehunt@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1347
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this change if an error is raised when fetching the size of the
image, the error string will be printed as the size (instead of
panicing). In this particular case, the error string is "unable to
determine size".
This fixes bug #1405
Signed-off-by: Steve Baker <sbaker@redhat.com>
Closes: #1423
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We should be sharing cgroups namespace by default in pods
uts namespace sharing was broken in pods.
Create a new libpod/pkg/namespaces for handling of namespace fields
in containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1418
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to more closely mimic docker default behavior, the --layers
cli option is set to true by default for podman. the buildah
environment variable of BUILDAH_LAYERS is still honored and will
override the command line input.
this should be considered in place of PR #1383.
Many thanks for Scott McCarty for inspiring this welcome change.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1422
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
Figuring out the difference between a User and a USERNS
as well as Cgroup and CGROUPNS
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1417
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
| |
Remove podman --config option, since it does not do anything.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1410
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ ./bin/podman --foo
$ echo $?
125
$ ./bin/podman foo
Command "foo" not found.
See `podman --help`.
$ echo $?
1
After this change
$ ./bin/podman foo
Command "foo" not found.
See `podman --help`.
$ echo $?
125
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1398
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
Podman logs was not parsing CRI logs well, especially
the F and P logs. Now using the same parsing code as
in kube here.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1403
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
When running podman rm -a on a storage where no images exist,
the exit code should NOT be non-zero.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1402
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
move re-exec later on, so that we can check whether we need to join
the infra container user namespace or we need to create another one.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
be sure to be in an userns for a rootless process before initializing
the runtime. In case we are not running as uid==0, take advantage of
"podman info" that creates the runtime.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
| |
|
|
|
|
|
|
| |
Fixes: #1395
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1397
Approved by: mheon
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It is not necessary to hide podman-pod-create's help flag. Therefore,
partially revert commit 6751b2c35040 to restore the help flag.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a special handler to catch errors caused by specifying unknown
commands to Podman. This allows printing a more helpful error message.
```
$ podman
Command "123123" not found.
See `podman --help`.
$ podman pod 123123
Command "123123" not found.
See `podman pod --help`.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print potentially verbose help messages in case of usage errors,
but print only the usage error followed by a pointer to the command's
help. This aligns with Docker.
```
$ podman run -h
flag needs an argument: -h
See 'podman run --help'.
```
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1379
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The varlink usage help looks like:
--timeout value, -t value time until the varlink session expires in
milliseconds. default is 1 second; 0 means no timeout. (default:
1000)
Fix it to not repeat twice the default value.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1377
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Move the `-h` short flag from `--help` to `--hostname` for podman-run,
podman-create and podman-pod-create to be compatible with Docker.
Fixes: #1367
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1373
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
Closes: #1363
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
since we have a way for joining an existing userns use it instead of
nsenter.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1352
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
|
| |
In the API docs, we generally state the type of error that should be returned
if a container or image cannot be found. In several cases, the code did not
match the API doc, when the API doc was correct.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1353
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Docker expects multiple filters to be passed with multiple uses
of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d)
and not a single comma-separated list of filters as we expected.
Convert to the Docker format, and make some small cleanups to our
handling of filters along the way.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.
"unshare" is used to join the user namespace of the target container.
The current implementation assumes that the main process of the
container didn't create a new user namespace.
Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.
Closes: https://github.com/containers/libpod/issues/1329
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
CtrInfo now is formatted in the way originally intended. s/Number Of Containers/# Of Containers and s/Infra Container ID/Infra ID. Make json camel case.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1338
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
When in rootless mode it's not possible to load profiles or
check which profiles are loaded.
Added a few baseline tests to check all possible cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1250
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This results in some functionality changes:
If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats.
As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur.
GetContainerStats will return the ErrCtrStateInvalid as well.
Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1307
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Devices are supposed to be able to be passed in via the form of
--device /dev/foo
--device /dev/foo:/dev/bar
--device /dev/foo:rwm
--device /dev/foo:/dev/bar:rwm
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1299
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
|
|
| |
Update docs to reflect our changed default CGroup manager.
Fixes: #1292
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1293
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
| |
I think a created container which was never run will have no size struct
we should just return 0
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1288
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
| |
add the ability to monitor container statistics in a pod.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1265
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1275
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1275
Approved by: mheon
|
