summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Merge pull request #2706 from giuseppe/rootless-single-usernamespaceOpenShift Merge Robot2019-04-04
|\ | | | | rootless: single user namespace
| * rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Update run tests to be skipped when not supportedSascha Grunert2019-04-04
| | | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #2832 from mheon/rootless_size_errorsOpenShift Merge Robot2019-04-03
|\ \ | | | | | | --size does not work with rootless at present
| * | --size does not work with rootless at presentMatthew Heon2019-04-03
| |/ | | | | | | | | | | | | | | | | | | We'd need to join multiple container's user namespaces, which is not possible for now. The rootless single userns patches under development by Giuseppe will fix this, but won't land in 1.2.x. For now, disable --size as rootless. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2651 from mheon/prevent_null_derefOpenShift Merge Robot2019-04-03
|\ \ | | | | | | Fix a potential segfault in podman search
| * | Fix a potential segfault in podman searchMatthew Heon2019-04-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | When generating headers for search, we unconditionally access element 0 of an array, and I saw this segfault in our CI. There's no reason we have to do this, we're just going through it to get field names with reflect, so just make a new copy of the struct in question. Also, move this code, which is only for CLI display, into cmd/podman from libpod/image. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / add remote-client diffbaude2019-04-03
|/ | | | | | | the remote client now can run the diff command to report changes, modifications, and deletions in an image or container. Signed-off-by: baude <bbaude@redhat.com>
* Capitalize global options help informationDaniel J Walsh2019-03-30
| | | | | | | --trace, --help and --version were not capatilized like the rest of the global options. This patch fixes this problem. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2691 from baude/psdynamicOpenShift Merge Robot2019-03-29
|\ | | | | Add watch mode to podman ps
| * Add watch mode to podman psbaude2019-03-28
| | | | | | | | | | | | | | | | | | allows users to "watch" the output of podman ps on a set interval in seconds. in watch mode, the screen is cleared between intervals as well. podman -ps -w1 watches on 1 second intervals Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2635 from rhatdan/cacheOpenShift Merge Robot2019-03-29
|\ \ | | | | | | Set blob cache directory based on GraphDriver
| * | Cleanup image2 -> image for importsDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | Remove references to image2 in source code. Makes the code slightly more readable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Set blob cache directory based on GraphDriverDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently in rootless containers, we end up not using the blob cache. We also don't store the blob cache based on the users specified graph storage. This change will cause the cache directory to be stored with the rest of the containe images. While doing this patch, I found that we had duplicated GetSystemContext in two places in libpod. I cleaned this up. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2575 from haircommander/hotfix_play_kubeOpenShift Merge Robot2019-03-29
|\ \ \ | |/ / |/| | Default to SELinux private label for play kube mounts
| * | Default to SELinux private label for play kube mountsPeter Hunt2019-03-28
| |/ | | | | | | | | | | | | | | | | | | Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #2784 from QiWang19/digestOpenShift Merge Robot2019-03-28
|\ \ | | | | | | fix bug remote-podman images --digests
| * | fix bug remote-podman images --digestsQi Wang2019-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add `digest` field to Image struct and update API.md Show image digests when using --digests in podman-remote. ``` $ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB ``` Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #2773 from QiWang19/bugOpenShift Merge Robot2019-03-28
|\ \ \ | | | | | | | | fix bug `system df` add a space to the output
| * | | fix bug `system df` add blank space to the outputQi Wang2019-03-28
| |/ / | | | | | | | | | | | | | | | fix typo in Containers space usage: of podman system df -v, add a space for created time Change format string to const Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2760 from mheon/misc_small_changesOpenShift Merge Robot2019-03-28
|\ \ \ | |_|/ |/| | Remove ulele/deepcopier in favor of JSON deep copy
| * | Use spaces instead of tab for JSON marshal indentMatthew Heon2019-03-27
| | | | | | | | | | | | | | | | | | | | | | | | The jsoniterator library believes that panic() is a reasonable response to being told to indent JSON with a tab. So use spaces instead. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Fix gofmtMatthew Heon2019-03-27
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2777 from edsantiago/system_df_invalid_argOpenShift Merge Robot2019-03-27
|\ \ | |/ |/| system df: reject invalid arguments
| * system df: reject invalid argumentsEd Santiago2019-03-27
| | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #2747 from mheon/dns_noneOpenShift Merge Robot2019-03-27
|\ \ | | | | | | Add --dns=none
| * | Resolve review commentsMatthew Heon2019-03-27
| | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| |/ | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / rootless: fix regression when using exec on old containersGiuseppe Scrivano2019-03-27
|/ | | | | | | | | fallback to the previous behavior of joining only the user namespace, when we cannot join the conmon userns+mount namespaces. Closes: https://github.com/containers/libpod/issues/2673 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* size is optional for container inspectionbaude2019-03-26
| | | | | | | | | | on the remote client, if a user wants to know the rootfs size of a container, a -s should be passed. this corrects a behavior where size was shown by default. Fixes #2765 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2758 from baude/eventsDiedOpenShift Merge Robot2019-03-26
|\ | | | | Add "died" event
| * Add "died" eventbaude2019-03-25
| | | | | | | | | | | | | | | | | | | | We have a new event for container 'Exited' which has been renamed to 'died'. also removed the stream bool from the varlink endpoint for events because it can be determined by the varlink more value. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2498 from QiWang19/sysdfOpenShift Merge Robot2019-03-26
|\ \ | |/ |/| podman system df- show podman disk usage
| * system df to show podman disk usageQi Wang2019-03-25
| | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | podman health check phase3baude2019-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman will not start a transient service and timer for healthchecks. this handles the tracking of the timing for health checks. added the 'started' status which represents the time that a container is in its start-period. the systemd timing can be disabled with an env variable of DISABLE_HC_SYSTEMD="true". added filter for ps where --filter health=[starting, healthy, unhealthy] can now be used. Signed-off-by: baude <bbaude@redhat.com>
* | utils: drop dead functionGiuseppe Scrivano2019-03-21
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Make "stopped" a valid state that maps to "exited"Matthew Heon2019-03-21
|/ | | | | | Fixes #2526 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: implement pod restartGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: reimplement restart with rootless.Argument()Giuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless, rm: fix retcode when the container is not foundGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix ps commandGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix pod killGiuseppe Scrivano2019-03-19
| | | | | | we don't need to access the storage Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2688 from baude/issue2671OpenShift Merge Robot2019-03-18
|\ | | | | support GO template {{ json . }}
| * support GO template {{ json . }}baude2019-03-18
| | | | | | | | | | | | | | | | for podman version, we now support a GO template for json output. fixes #2671 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2696 from haircommander/play-kube-dash-uOpenShift Merge Robot2019-03-18
|\ \ | | | | | | Incorporate image inspect data in play kube
| * | Incorporate user from image inspect data in play kubePeter Hunt2019-03-18
| | | | | | | | | | | | | | | | | | before, when an image signified a user, play kube ignored it. Incorporate that information. Signed-off-by: Peter Hunt <pehunt@redhat.com>