summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* Don't limit the size on /run for systemd based containersDaniel J Walsh2020-08-18
| | | | | | | | | | | | | | We had a customer incident where they ran out of space on /run. If you don't specify size, it will be still limited to 50% or memory available in the cgroup the container is running in. If the cgroup is unlimited then the /run will be limited to 50% of the total memory on the system. Also /run is mounted on the host as exec, so no reason for us to mount it noexec. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* run, create: add new security-opt proc-optsGiuseppe Scrivano2020-08-12
| | | | | | | it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #7073 from QiWang19/save-stdoutOpenShift Merge Robot2020-08-12
|\ | | | | podman save use named pipe
| * podman save use named pipeQi Wang2020-08-12
| | | | | | | | | | | | | | podman save uses named pipe as output path, not directly using /dev/stdout. fix #7017 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | podman-remote fixes for msi and clientBrent Baude2020-08-12
|/ | | | | | | | correct small typo that sets the path on windows via the msi xml. in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add the Status field in the ps --format=jsonzhangguanzhang2020-08-11
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7256 from mheon/fix_cmd_with_entrypointOpenShift Merge Robot2020-08-10
|\ | | | | Do not use image CMD if user gave ENTRYPOINT
| * Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #7240 from jwhonce/issues/7123OpenShift Merge Robot2020-08-10
|\ \ | | | | | | Default .Repository and .Tag values to <none>
| * | Default .Repository and .Tag values to <none>Jhon Honce2020-08-10
| |/ | | | | | | | | | | | | | | | | | | Refactor the processing of Repository and Tag fields to default to <none> when printing via --format flag. Previously, the default format would print <none> but --format {{.Tag}} would not in some cases. Fixes #7123 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / remove --latest for all remote commandsBrent Baude2020-08-10
|/ | | | | | | | instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option. Fixes: #7127 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Refactor parsing to not require --remote to be firstJhon Honce2020-08-05
| | | | | | | Use cobra.Command.FParseErrWhitelist to no longer require --remote to be the first argument in flags when using CLI Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #7125 from QiWang19/fd-validateOpenShift Merge Robot2020-08-05
|\ | | | | validate fds --preserve-fds
| * validate fds --preserve-fdsQi Wang2020-08-04
| | | | | | | | | | | | validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Remove duplicated codeDaniel J Walsh2020-08-04
|/ | | | | | We have duplicated alias handling, removing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7209 from giuseppe/support-mount-devptsOpenShift Merge Robot2020-08-04
|\ | | | | podman: support --mount type=devpts
| * podman: support --mount type=devptsGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to create a devpts mount. This is useful for containers that bind mount /dev/ from the host but at the same time want to create a terminal. It can be used as: podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ... Closes: https://github.com/containers/podman/issues/6804 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-03
|/ | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7182 from zhangguanzhang/fix-exitCode-for-startOpenShift Merge Robot2020-08-03
|\ | | | | implement the exitcode when start a container with attach
| * implement the exitcode when start a container with attachzhangguanzhang2020-08-03
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7171 from jwhonce/wip/varlink_timeoutOpenShift Merge Robot2020-08-01
|\ \ | | | | | | Fix podman service --valink timeout
| * | Fix podman service --valink timeoutJhon Honce2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | | Documentation and unit files call for a millisecond timeout while the code was using a second resolution. Code change is smaller given varlink has been deprecated. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | fix pod creation with "new:" syntaxPaul Holzinger2020-07-31
|/ / | | | | | | | | | | | | | | | | | | | | When you execute podman create/run with the --pod new:<name> syntax the pod was created but the namespaces where not shared and therefore containers could not communicate over localhost. Add the default namespaces and pass the network options to the pod create options. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7159 from ashley-cui/runningforOpenShift Merge Robot2020-07-31
|\ \ | | | | | | add {{.RunningFor}} placeholder in ps --format
| * | add {{.RunningFor}} placeholder in ps --formatAshley Cui2020-07-30
| |/ | | | | | | | | | | For docker compatibility Signed-off-by: Ashley Cui <acui@redhat.com>
* / fix swapped mem_usage/percent fieldsPaul Holzinger2020-07-30
|/ | | | | | Correct the wrong field assignment in `podman stats --format=json`. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* fix podman system df format errorzhangguanzhang2020-07-31
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Don't crash when giving bogus format commandsDaniel J Walsh2020-07-29
| | | | | | | | | | | | | | | | Currently if you give a bogus flag to --format it will crash the formatter. With this change we will get a nice error. podman images --format '{{ bogus }}' Error: template: list:1: function "bogus" not defined versus /bin/podman.old images --format '{{ bogus }}' panic: template: list:1: function "bogus" not defined goroutine 1 [running]: Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ | | | | Fix building from http or '-' options
| * Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6851 from rhatdan/mountOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Add podman image mount
| * | Add podman image mountDaniel J Walsh2020-07-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-28
|/ | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ | | | | Switch all references to github.com/containers/libpod -> podman
| * Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7098 from asottile/newline_on_errorOpenShift Merge Robot2020-07-28
|\ \ | |/ |/| add newline to output in error message
| * add newline to output in error messageAnthony Sottile2020-07-27
| | | | | | | | Signed-off-by: Anthony Sottile <asottile@umich.edu>
* | Cleanup handling of podman mount/unmountDaniel J Walsh2020-07-27
|/ | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* replace the html/template package with text/templatePaul Holzinger2020-07-25
| | | | | | | | | Currently some commands use the html/template package. This can lead to invalid output. e.g. `system df --verbose` will print `&lt;none&gt;` instead of `<none>` with an untaged image. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7068 from mheon/start_attach_no_ctridOpenShift Merge Robot2020-07-24
|\ | | | | The `podman start --attach` command should not print ID
| * The `podman start --attach` command should not print IDMatthew Heon2020-07-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Somewhere in the Podman v2 rewrite, we allowed `podman start --attach` to print the container ID of the started container after exiting from the attach session (via detach key or the container exiting naturally). We should never print the ID when `--attach` is given, which makes the fix simple - make the print statement conditional on `--attach` not being present. Wierdly, this only happened with `--interactive` was given to `podman start`. I don't know why that is, but this resolves the issue without having to dig any deeper, so I'm content. Fixes #7055 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | [WIP] Refactor podman system connectionJhon Honce2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | * Add support to manage multiple connections * Add connection * Remove connection * Rename connection * Set connection as default * Add markdown/man pages * Fix recursion in hack/xref-helpmsgs-manpages Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7042 from rhatdan/remoteOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Enable --remote flag
| * Enable --remote flagDaniel J Walsh2020-07-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Add --umask flag for create, run
| * Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
* | Add noop function disable-content-trustDaniel J Walsh2020-07-21
|/ | | | | | | | People who use docker scripts with Podman see failures if they use disable-content-trust flag. This flag already existed for podman build, adding it to pull/push/create/run. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch references from libpod.conf to containers.confDaniel J Walsh2020-07-20
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>