| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
We can't pause them, so if that's requested, throw an error.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
| |
Rootless containers can't be paused (no CGroups, so no freezer).
We could try and emulate this with a SIGSTOP to all PIDs in the
container, but that's inherently racy, so let's avoid it for now.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
| |
Should fix CVE-2018-15664 for Podman.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
| |
Securejoin ensures that paths are resolved in the container, not
on the host.
Fixes #3211
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Add missing 'container cp' alias and document missing 'container update' command
|
| |
| |
| |
| |
| |
| | |
'docker cp' is an alias for 'docker container cp', and podman should have the equivalent alias.
Signed-off-by: Jose Diaz-Gonzalez <email@josediazgonzalez.com>
|
|\ \
| | |
| | | |
Add libpod journald logging
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a journald reader that translates the journald entry to a k8s-file formatted line, to be added as a log line
Note: --follow with journald hasn't been implemented. It's going to be a larger undertaking that can wait.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| |_|/
|/| | |
rootless: new function to join existing conmon processes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
move the logic for joining existing namespaces down to the rootless
package. In main_local we still retrieve the list of conmon pid files
and use it from the rootless package.
In addition, create a temporary user namespace for reading these
files, as the unprivileged user might not have enough privileges for
reading the conmon pid file, for example when running with a different
uidmap and root in the container is different than the rootless user.
Closes: https://github.com/containers/libpod/issues/3187
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
define two environment variables, that simplify the task of cleaning
up the storage, as we can do something like:
podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT'
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
fix bug dest path of copying tar
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Apparmor fixes
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Log a warning when --security-opt and --privileged are used together to
indicate that it has no effect since --privileged will set everything.
To avoid regressions, only warn, do not error out and do not print on
error level.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Fixup Flags
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix a 'generate kube' bug on ctrs with named volumes
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
We need to pass the Pod ID in as part of the CreateConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
rootless: use a pause process to keep namespaces alive
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Update vendor of buildah and containers/images
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Minor fix filtering images by label
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added test to avoid future regressions
Fix #3163
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add connection information to podman-remote info
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor client code to break out building connection string from
making the connection.
Example:
client:
Connection: unix:/run/podman/io.podman
Connection Type: DirectConnection
.
:
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/ /
|/| |
| | |
| | | |
Signed-off-by: Nathaniel Kofalt <nathaniel@kofalt.com>
|
|\ \ \
| | | |
| | | | |
rootless: allow resource isolation with cgroup v2
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
skip resources validation when cgroup v2 is detected, as we don't
support it yet.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Fix a nil dereference by passing the PodmanCommand to GetRuntime().
Fixes: #3145
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes #1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
|
|\ \
| | |
| | | |
varlink: fix usage message, URI is now optional
|
| |/
| |
| |
| |
| |
| |
| | |
38199f4c made the URI argument to podman-varlink optional.
Fix the usage message to indicate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
|
|
| |
make it uppercase as all the other ones.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
implement cp reads tar file from stdin/to stdout
|
| |
| |
| |
| |
| |
| | |
enables podman cp uses - to stream a tar archive from STDIN or to STDOUT.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Add information when running `podman version` on client
|
| |/
| |
| |
| |
| |
| | |
* Include service version information and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
| |
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
enable integration tests for remote-client
|
| |
| |
| |
| |
| |
| |
| | |
first pass at enabling a swath of integration tests for the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|