| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
Apparmor fixes
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Log a warning when --security-opt and --privileged are used together to
indicate that it has no effect since --privileged will set everything.
To avoid regressions, only warn, do not error out and do not print on
error level.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
| |
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fixup Flags
|
| |
| |
| |
| |
| |
| |
| |
| | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Fix a 'generate kube' bug on ctrs with named volumes
|
| |/
| |
| |
| |
| |
| | |
We need to pass the Pod ID in as part of the CreateConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
rootless: use a pause process to keep namespaces alive
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Update vendor of buildah and containers/images
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Minor fix filtering images by label
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added test to avoid future regressions
Fix #3163
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \ \
| |/ /
|/| | |
Add connection information to podman-remote info
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refactor client code to break out building connection string from
making the connection.
Example:
client:
Connection: unix:/run/podman/io.podman
Connection Type: DirectConnection
.
:
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Nathaniel Kofalt <nathaniel@kofalt.com>
|
|\ \
| | |
| | | |
rootless: allow resource isolation with cgroup v2
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
skip resources validation when cgroup v2 is detected, as we don't
support it yet.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix a nil dereference by passing the PodmanCommand to GetRuntime().
Fixes: #3145
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes #1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \
| | |
| | | |
varlink: fix usage message, URI is now optional
|
| |/
| |
| |
| |
| |
| |
| | |
38199f4c made the URI argument to podman-varlink optional.
Fix the usage message to indicate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
|
|
| |
make it uppercase as all the other ones.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
implement cp reads tar file from stdin/to stdout
|
| |
| |
| |
| |
| |
| | |
enables podman cp uses - to stream a tar archive from STDIN or to STDOUT.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Add information when running `podman version` on client
|
| |/
| |
| |
| |
| |
| | |
* Include service version information and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
| |
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
enable integration tests for remote-client
|
| |
| |
| |
| |
| |
| |
| | |
first pass at enabling a swath of integration tests for the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
the namespace for the remote client was being incorrectly derived from
the "remote" client.
fixes: #2938
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
the remote-podman checkpoint and restore commands were done some time
ago but for some reason not added to the container subcommand
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add restart policy for containers
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
This initial version does not support restart count, but it works
as advertised otherwise.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
fix logout message if login only with docker
|
| |
| |
| |
| |
| |
| | |
if checkAuth() success but not logged in with podman, assume it's logged in with docker and retrun the message.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
top: fallback to execing ps(1)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fallback to executing ps(1) in case we hit an unknown psgo descriptor.
This ensures backwards compatibility with docker-top, which was purely
ps(1) driven.
Also support comma-separated descriptors as input.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add variable for global flags to runlabel
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use $GLOBAL_OPTS to pass global flags to the runlabel command.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
clean up shared/parse/parse.go
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
prune unused functions and add unit tests for a number of the remaining
ones.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Merge volume flags implementation
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Several changes made in the interface of pkg/spec make
interacting with it without a runtime difficult to impossible,
so move the existing limited testing from cmd/podman (which
mostly tested pkg/spec) into pkg/spec itself where we can call
individual functions that don't break things.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|