summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
...
| * | rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3137 from giuseppe/unshare-fixesOpenShift Merge Robot2019-05-28
|\ \ \ | | | | | | | | unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
| * | | unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOTGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | define two environment variables, that simplify the task of cleaning up the storage, as we can do something like: podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT' Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | unshare: use rootless from libpodGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3194 from QiWang19/cptarOpenShift Merge Robot2019-05-28
|\ \ \ \ | |_|_|/ |/| | | fix bug dest path of copying tar
| * | | fix bug dest path of copying tarQi Wang2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #3189 from vrothberg/apparmor-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ | |_|_|/ |/| | | Apparmor fixes
| * | | warn when --security-opt and --privilegedValentin Rothberg2019-05-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Log a warning when --security-opt and --privileged are used together to indicate that it has no effect since --privileged will set everything. To avoid regressions, only warn, do not error out and do not print on error level. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
|/ / | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3108 from rhatdan/flagsOpenShift Merge Robot2019-05-22
|\ \ | | | | | | Fixup Flags
| * | Fixup FlagsDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | Mark hidden all references to signature-policy Default all uses of --authfile Add --authfile support to podman run and podman create. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3178 from mheon/fix_gen_kubeOpenShift Merge Robot2019-05-22
|\ \ \ | | | | | | | | Fix a 'generate kube' bug on ctrs with named volumes
| * | | Fix play kube when a pod is specifiedMatthew Heon2019-05-21
| |/ / | | | | | | | | | | | | | | | We need to pass the Pod ID in as part of the CreateConfig. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3084 from giuseppe/rootless-pause-processOpenShift Merge Robot2019-05-21
|\ \ \ | | | | | | | | rootless: use a pause process to keep namespaces alive
| * | | system: migrate stops the pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3168 from rhatdan/vendorMatthew Heon2019-05-21
|\ \ \ \ | | | | | | | | | | Update vendor of buildah and containers/images
| * | | | Update vendor of buildah and containers/imagesDaniel J Walsh2019-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mainly add support for podman build using --overlay mounts. Updates containers/image also adds better support for new registries.conf file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3167 from weirdwiz/filterOpenShift Merge Robot2019-05-21
|\ \ \ \ \ | |_|_|/ / |/| | | | Minor fix filtering images by label
| * | | | Minor fix filtering images by labelDivyansh Kamboj2019-05-20
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added test to avoid future regressions Fix #3163 Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
* | | | Merge pull request #3139 from jwhonce/wip/remote_infoOpenShift Merge Robot2019-05-20
|\ \ \ \ | |/ / / |/| | | Add connection information to podman-remote info
| * | | Add connection information to podman-remote infoJhon Honce2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor client code to break out building connection string from making the connection. Example: client: Connection: unix:/run/podman/io.podman Connection Type: DirectConnection . : Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Output name of process on runlabel commandNathaniel Kofalt2019-05-18
| |/ / |/| | | | | | | | Signed-off-by: Nathaniel Kofalt <nathaniel@kofalt.com>
* | | Merge pull request #3104 from giuseppe/initial-cgroup2OpenShift Merge Robot2019-05-17
|\ \ \ | | | | | | | | rootless: allow resource isolation with cgroup v2
| * | | rootless: default --cgroup-manager=systemd in unified modeGiuseppe Scrivano2019-05-13
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | create: skip resources validation with cgroup v2Giuseppe Scrivano2019-05-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | skip resources validation when cgroup v2 is detected, as we don't support it yet. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | remote: version: fix nil dereferenceValentin Rothberg2019-05-17
| |_|/ |/| | | | | | | | | | | | | | | | | Fix a nil dereference by passing the PodmanCommand to GetRuntime(). Fixes: #3145 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add unshare to podmanDivyansh Kamboj2019-05-16
| |/ |/| | | | | | | | | | | This command lets the user run a command in a new user namespace like `unshare -u`. It uses the implementation of unshare in buildah. ( fixes #1388 ) Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
* | Merge pull request #3096 from edsantiago/varlink_usageOpenShift Merge Robot2019-05-14
|\ \ | | | | | | varlink: fix usage message, URI is now optional
| * | varlink: fix usage message, URI is now optionalEd Santiago2019-05-13
| |/ | | | | | | | | | | | | 38199f4c made the URI argument to podman-varlink optional. Fix the usage message to indicate this. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / podman: fix events help stringGiuseppe Scrivano2019-05-13
|/ | | | | | make it uppercase as all the other ones. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3041 from QiWang19/cpdashOpenShift Merge Robot2019-05-09
|\ | | | | implement cp reads tar file from stdin/to stdout
| * implement cp reads tar file from stdin/stdoutQi Wang2019-05-09
| | | | | | | | | | | | enables podman cp uses - to stream a tar archive from STDIN or to STDOUT. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #3087 from jwhonce/wip/versionOpenShift Merge Robot2019-05-09
|\ \ | | | | | | Add information when running `podman version` on client
| * | Add information when running podman version on clientJhon Honce2019-05-08
| |/ | | | | | | | | | | * Include service version information and headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / add varlink bridgebaude2019-05-08
|/ | | | | | | | allow the user to define a remote host and remote username for their remote podman sessions. this is then feed to the varlink "bridge" as the ssh credentials and endpoint. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2977 from baude/makeitrainOpenShift Merge Robot2019-05-07
|\ | | | | enable integration tests for remote-client
| * enable integration tests for remote-clientbaude2019-05-07
| | | | | | | | | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | fix podman-remote ps --nsbaude2019-05-07
|/ | | | | | | | | the namespace for the remote client was being incorrectly derived from the "remote" client. fixes: #2938 Signed-off-by: baude <bbaude@redhat.com>
* remote-podman checkpoint and restore add to container submenubaude2019-05-06
| | | | | | | the remote-podman checkpoint and restore commands were done some time ago but for some reason not added to the container subcommand Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2826 from mheon/restart_policyOpenShift Merge Robot2019-05-03
|\ | | | | Add restart policy for containers
| * Address review comments on restart policyMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Restart policy conflicts with the --rm flagMatthew Heon2019-05-03
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add container restart policy to Libpod & PodmanMatthew Heon2019-05-03
| | | | | | | | | | | | | | This initial version does not support restart count, but it works as advertised otherwise. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2971 from QiWang19/logoutcheckOpenShift Merge Robot2019-05-03
|\ \ | |/ |/| fix logout message if login only with docker
| * fix logout message if login only with dockerQi Wang2019-05-03
| | | | | | | | | | | | if checkAuth() success but not logged in with podman, assume it's logged in with docker and retrun the message. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #3034 from vrothberg/top-fallbackOpenShift Merge Robot2019-05-03
|\ \ | | | | | | top: fallback to execing ps(1)
| * | top: fallback to execing ps(1)Valentin Rothberg2019-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fallback to executing ps(1) in case we hit an unknown psgo descriptor. This ensures backwards compatibility with docker-top, which was purely ps(1) driven. Also support comma-separated descriptors as input. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #2905 from QiWang19/globalvarOpenShift Merge Robot2019-05-03
|\ \ \ | | | | | | | | Add variable for global flags to runlabel