| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
move the logic for joining existing namespaces down to the rootless
package. In main_local we still retrieve the list of conmon pid files
and use it from the rootless package.
In addition, create a temporary user namespace for reading these
files, as the unprivileged user might not have enough privileges for
reading the conmon pid file, for example when running with a different
uidmap and root in the container is different than the rootless user.
Closes: https://github.com/containers/libpod/issues/3187
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
define two environment variables, that simplify the task of cleaning
up the storage, as we can do something like:
podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT'
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
fix bug dest path of copying tar
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Apparmor fixes
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Log a warning when --security-opt and --privileged are used together to
indicate that it has no effect since --privileged will set everything.
To avoid regressions, only warn, do not error out and do not print on
error level.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Fixup Flags
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix a 'generate kube' bug on ctrs with named volumes
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
We need to pass the Pod ID in as part of the CreateConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
rootless: use a pause process to keep namespaces alive
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update vendor of buildah and containers/images
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Minor fix filtering images by label
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added test to avoid future regressions
Fix #3163
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add connection information to podman-remote info
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor client code to break out building connection string from
making the connection.
Example:
client:
Connection: unix:/run/podman/io.podman
Connection Type: DirectConnection
.
:
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/ /
|/| |
| | |
| | | |
Signed-off-by: Nathaniel Kofalt <nathaniel@kofalt.com>
|
|\ \ \
| | | |
| | | | |
rootless: allow resource isolation with cgroup v2
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
skip resources validation when cgroup v2 is detected, as we don't
support it yet.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Fix a nil dereference by passing the PodmanCommand to GetRuntime().
Fixes: #3145
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes #1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \
| | |
| | | |
varlink: fix usage message, URI is now optional
|
| |/
| |
| |
| |
| |
| |
| | |
38199f4c made the URI argument to podman-varlink optional.
Fix the usage message to indicate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
|
|
| |
make it uppercase as all the other ones.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
implement cp reads tar file from stdin/to stdout
|
| |
| |
| |
| |
| |
| | |
enables podman cp uses - to stream a tar archive from STDIN or to STDOUT.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Add information when running `podman version` on client
|
| |/
| |
| |
| |
| |
| | |
* Include service version information and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
| |
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
enable integration tests for remote-client
|
| |
| |
| |
| |
| |
| |
| | |
first pass at enabling a swath of integration tests for the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
the namespace for the remote client was being incorrectly derived from
the "remote" client.
fixes: #2938
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
the remote-podman checkpoint and restore commands were done some time
ago but for some reason not added to the container subcommand
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add restart policy for containers
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
This initial version does not support restart count, but it works
as advertised otherwise.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
fix logout message if login only with docker
|
| |
| |
| |
| |
| |
| | |
if checkAuth() success but not logged in with podman, assume it's logged in with docker and retrun the message.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
top: fallback to execing ps(1)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fallback to executing ps(1) in case we hit an unknown psgo descriptor.
This ensures backwards compatibility with docker-top, which was purely
ps(1) driven.
Also support comma-separated descriptors as input.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add variable for global flags to runlabel
|