| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Was reading the "env" argument twice instead of image.
Closes #2063
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\
| |
| | |
Add ability to build golang remote client
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the ability to build a remote client in golang that uses all
the same front-end cli code and output code. The initial limitations
here are that it can only be a local client while the bridge and
resolver code is being written for the golang varlink client.
Tests and docs will be added in subsequent PRs.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
container runlabel NAME implementation
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when using container runlabel, if a --name is not provided, we must
deduce the container name from the base name of the image to maintain
parity with the atomic cli.
fixed small bug where we split the cmd on " " rather than using fields could
lead to extra spaces in command output.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
podman-login: adhere to user input
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Do not try to login with existing credentials when the user specifies a
username or password on the CLI.
* Improve error messages.
* Use specified tls-verify switch and cert-dir for all requests.
Fixes: #2092
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
podman: set umask to 022
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
be sure there are no bits in the umask that prevent us for creating
directories with mode 0755. Set the umask very early in the program
startup.
Closes: https://github.com/containers/libpod/issues/2074
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Update vendor of runc
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Updating the vendor or runc to pull in some fixes that we need.
In order to get this vendor to work, we needed to update the vendor
of docker/docker, which causes all sorts of issues, just to fix
the docker/pkg/sysinfo. Rather then doing this, I pulled in pkg/sysinfo
into libpod and fixed the code locally.
I then switched the use of docker/pkg/sysinfo to libpod/pkg/sysinfo.
I also switched out the docker/pkg/mount to containers/storage/pkg/mount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonit
Fixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently if the user installs runc in an alternative path
podman run uses it but podman build does not.
This patch will pass the default oci runtime to be used by podman
down to the image builder.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Allow multiple alias for listing containers and images.
Also fix documentation for umount and unmount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
This will more closely match what Docker is doing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix usage of export when rootless containers are used without vfs. We
join the conmon process namespaces as the container is running in a
different one.
There can be a problem if the user specify a different path for the
conmon process, and then the file is deleted. In this case podman
won't be able to find the conmon process to join.
Closes: https://github.com/containers/libpod/issues/2027
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Add Play
|
| | |
| |
| |
| |
| |
| |
| | |
podman play kube adds the ability for the user to recreate pods and containers
from a Kubernetes YAML file in libpod.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| |/
|/| |
Support podman image trust command
|
| | |
| |
| |
| |
| |
| | |
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \
| | |
| | | |
Add information on --restart
|
| | |/
| |
| |
| |
| |
| |
| | |
We need to recommend that users use Systemd unit files if they want
the container to restart automatically.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
add getlogin command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Returns user if user is logged-in to the registry. Returns error
if not logged in with non-zero status code.
Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
|
| |\ \ \
| |_|/
|/| | |
generate service object inline
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
no longer require the service object be output to a different file; we should be
doing this inline with the pods for user convenience.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
display proper error when rmi -fa with infra containers
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
when deleting infra containers, we were not checking the error of the
image deletion and therefore resulting in not reporting the error.
Fixes #1991
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \
| |/
|/| |
Clean up some existing varlink endpoints
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Going through and adding options (like tls-verify, signature option, etc)
to some varlink endpoints (like push/pull) many of which had not been
updated since their original authoring.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
mount: allow mount only when using vfs
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when using a driver different than vfs, the mount is probably in a
different mount namespace thus not accessible from the host. Avoid
the confusion by not allowing mount when a different driver is used.
Closes: https://github.com/containers/libpod/issues/1964
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Many RH images use a fully-qualified path to docker in their RUN
labels. While initially we wanted an exact match for substituting
commands, docker is a good exception.
Bug #1623282
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
failed containers with --rm should remove themselves
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when starting or running a container that has --rm, if the starting
container fails (like due to an invalid command), the container should
get removed.
Resolves: #1985
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
With rootless containers we cannot really restart an existing container
as we would need to join the mount namespace as well to be able to reuse
the storage, so ensure the container is stopped first.
Closes: https://github.com/containers/libpod/issues/1965
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
add timeout to pod stop
|
| | |
| |
| |
| |
| |
| |
| |
| | |
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| |/
|/| |
generate kube
|
| | |
| |
| |
| |
| |
| |
| | |
add the ability to generate kubernetes pod and service yaml representations
of libpod containers and pods.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |\ \
| | |
| | | |
Pick registry to login from full image name as well
|
