summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ | | | | Fix building from http or '-' options
| * Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6851 from rhatdan/mountOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Add podman image mount
| * | Add podman image mountDaniel J Walsh2020-07-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-28
|/ | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ | | | | Switch all references to github.com/containers/libpod -> podman
| * Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7098 from asottile/newline_on_errorOpenShift Merge Robot2020-07-28
|\ \ | |/ |/| add newline to output in error message
| * add newline to output in error messageAnthony Sottile2020-07-27
| | | | | | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* | Cleanup handling of podman mount/unmountDaniel J Walsh2020-07-27
|/ | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* replace the html/template package with text/templatePaul Holzinger2020-07-25
| | | | | | | | | Currently some commands use the html/template package. This can lead to invalid output. e.g. `system df --verbose` will print `&lt;none&gt;` instead of `<none>` with an untaged image. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7068 from mheon/start_attach_no_ctridOpenShift Merge Robot2020-07-24
|\ | | | | The `podman start --attach` command should not print ID
| * The `podman start --attach` command should not print IDMatthew Heon2020-07-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Somewhere in the Podman v2 rewrite, we allowed `podman start --attach` to print the container ID of the started container after exiting from the attach session (via detach key or the container exiting naturally). We should never print the ID when `--attach` is given, which makes the fix simple - make the print statement conditional on `--attach` not being present. Wierdly, this only happened with `--interactive` was given to `podman start`. I don't know why that is, but this resolves the issue without having to dig any deeper, so I'm content. Fixes #7055 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | [WIP] Refactor podman system connectionJhon Honce2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | * Add support to manage multiple connections * Add connection * Remove connection * Rename connection * Set connection as default * Add markdown/man pages * Fix recursion in hack/xref-helpmsgs-manpages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7042 from rhatdan/remoteOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Enable --remote flag
| * Enable --remote flagDaniel J Walsh2020-07-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Add --umask flag for create, run
| * Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
* | Add noop function disable-content-trustDaniel J Walsh2020-07-21
|/ | | | | | | | People who use docker scripts with Podman see failures if they use disable-content-trust flag. This flag already existed for podman build, adding it to pull/push/create/run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-20
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #6934 from ParkerVR/tags-referenceOpenShift Merge Robot2020-07-18
|\ | | | | using reference package to parse
| * Used reference package with errors for parsing tagParker Van Roy2020-07-17
| | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | abi: set default umask and rlimitsGiuseppe Scrivano2020-07-17
|/ | | | | | | | the code got lost in the migration to podman 2.0, reintroduce it. Closes: https://github.com/containers/podman/issues/6989 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6965 from giuseppe/followup-pr6324OpenShift Merge Robot2020-07-17
|\ | | | | allow switching of port-forward approaches in rootless/using slirp4netns
| * libpod: pass down network optionsGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | do not pass network specific options through the network namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix `podman system connection` panicJhon Honce2020-07-15
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6939 from rhatdan/entrypointOpenShift Merge Robot2020-07-14
|\ | | | | Fix handling of entrypoint
| * Fix handling of entrypointDaniel J Walsh2020-07-14
| | | | | | | | | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6931 from mheon/apply_sigproxyOpenShift Merge Robot2020-07-14
|\ \ | |/ |/| Ensure sig-proxy default is propagated in start
| * Ensure sig-proxy default is propagated in startMatthew Heon2020-07-10
| | | | | | | | | | | | | | | | | | | | | | We properly determined what sig-proxy should be set to, but we never passed that along to the backend. As such, cases where the default swapped (mostly when `--attach` was specified but the `--sig-proxy` flag was not) were not handled correctly Fixes #6928 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6842 from rhatdan/pids-limitOpenShift Merge Robot2020-07-13
|\ \ | | | | | | Pids-limit should only be set if the user set it
| * | Pids-limit should only be set if the user set itDaniel J Walsh2020-07-10
| |/ | | | | | | | | | | | | | | | | | | Currently we are sending over pids-limits from the user even if they never modified the defaults. The pids limit should be set at the server side unless modified by the user. This issue has led to failures on systems that were running with cgroups V1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6896 from mheon/fix_remote_createcommandOpenShift Merge Robot2020-07-13
|\ \ | | | | | | Fix container and pod create commands for remote create
| * | Fix container and pod create commands for remote createMatthew Heon2020-07-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In `podman inspect` output for containers and pods, we include the command that was used to create the container. This is also used by `podman generate systemd --new` to generate unit files. With remote podman, the generated create commands were incorrect since we sourced directly from os.Args on the server side, which was guaranteed to be `podman system service` (or some variant thereof). The solution is to pass the command along in the Specgen or PodSpecgen, where we can source it from the client's os.Args. This will still be VERY iffy for mixed local/remote use (doing a `podman --remote run ...` on a remote client then a `podman generate systemd --new` on the server on the same container will not work, because the `--remote` flag will slip in) but at the very least the output of `podman inspect` will be correct. We can look into properly handling `--remote` (parsing it out would be a little iffy) in a future PR. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6932 from rhafer/aa_privOpenShift Merge Robot2020-07-11
|\ \ | | | | | | Don't setup AppArmor provile for privileged pods
| * | Don't setup AppArmor provile for privileged podsRalf Haferkamp2020-07-10
| |/ | | | | | | | | | | This is essentially db218e7162c2 forward-ported to specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* / version/info: format: allow more json variantsValentin Rothberg2020-07-10
|/ | | | | | | | | Allow more variants to yield json output for `podman version` and `podman info`. Instead of comparing strings, use a regex and add unit and e2e tests. Fixes: #6927 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* logs: enable e2e testsValentin Rothberg2020-07-09
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add username to /etc/passwd inside of container if --userns keep-idDaniel J Walsh2020-07-07
| | | | | | | | | | If I enter a continer with --userns keep-id, my UID will be present inside of the container, but most likely my user will not be defined. This patch will take information about the user and stick it into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6693 from goochjj/libpod-sd-notify-cmdlineOpenShift Merge Robot2020-07-06
|\ | | | | Implement --sdnotify cmdline option to control sd-notify behavior
| * Implement --sdnotify cmdline option to control sd-notify behaviorJoseph Gooch2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | --sdnotify container|conmon|ignore With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI runtime doesn't pass it into the container. We also advertise "ready" when the OCI runtime finishes to advertise the service as ready. With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI runtime passes it into the container for initialization, and let the container advertise further metadata. This is the default, which is closest to the behavior podman has done in the past. The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor any child processes will talk to systemd. This removes the need for hardcoded CID and PID files in the command line, and the PIDFile directive, as the pid is advertised directly through sd-notify. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* | Merge pull request #6868 from mheon/fix_mount_rootlessOpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Fix bug where `podman mount` didn't error as rootless
| * Fix bug where `podman mount` didn't error as rootlessMatthew Heon2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We require that rootless `podman mount` be run inside a shell spawned by `podman unshare` (which gives us a mount namespace which actually lets other commands use the mounted filesystem). The fix is simple - we need to mark the command as requiring the rootless user namespace not be configured, so we can test for it later as part of the mount code and error if we needed to make one. Fixes #6856 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6836 from ashley-cui/tzlibpodOpenShift Merge Robot2020-07-06
|\ \ | |/ |/| Add --tz flag to create, run
| * Add --tz flag to create, runAshley Cui2020-07-02
| | | | | | | | | | | | | | --tz flag sets timezone inside container Can be set to IANA timezone as well as `local` to match host machine Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #6864 from vrothberg/v2-moduleOpenShift Merge Robot2020-07-06
|\ \ | | | | | | move go module to v2
| * | move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6790 from QiWang19/set_engine_envOpenShift Merge Robot2020-07-06
|\ \ \ | | | | | | | | Set engine env from common config