| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
Before we ignored an entrypoint specified in an image, which lead to crashes when a user assumed the entrypoint would be used
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
|
|
|
| |
add the ability for the podman-remote client to be able to print an
image tree.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
rootless: single user namespace
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
simplify the rootless implementation to use a single user namespace
for all the running containers.
This makes the rootless implementation behave more like root Podman,
where each container is created in the host environment.
There are multiple advantages to it: 1) much simpler implementation as
there is only one namespace to join. 2) we can join namespaces owned
by different containers. 3) commands like ps won't be limited to what
container they can access as previously we either had access to the
storage from a new namespace or access to /proc when running from the
host. 4) rootless varlink works. 5) there are only two ways to enter
in a namespace, either by creating a new one if no containers are
running or joining the existing one from any container.
Containers created by older Podman versions must be restarted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
in the few places where we care about skipping the storage
initialization, we can simply use the process effective UID, instead
of relying on a global boolean flag.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
--size does not work with rootless at present
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We'd need to join multiple container's user namespaces, which is
not possible for now. The rootless single userns patches under
development by Giuseppe will fix this, but won't land in 1.2.x.
For now, disable --size as rootless.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fix a potential segfault in podman search
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When generating headers for search, we unconditionally
access element 0 of an array, and I saw this segfault in our CI.
There's no reason we have to do this, we're just going through it
to get field names with reflect, so just make a new copy of the
struct in question.
Also, move this code, which is only for CLI display, into
cmd/podman from libpod/image.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
|
|
|
| |
the remote client now can run the diff command to report changes,
modifications, and deletions in an image or container.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
--trace, --help and --version were not capatilized like the rest of the
global options. This patch fixes this problem.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Add watch mode to podman ps
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
allows users to "watch" the output of podman ps on a set interval in
seconds. in watch mode, the screen is cleared between intervals as well.
podman -ps -w1 watches on 1 second intervals
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Set blob cache directory based on GraphDriver
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove references to image2 in source code. Makes the code
slightly more readable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently in rootless containers, we end up not using the blob cache.
We also don't store the blob cache based on the users specified graph
storage. This change will cause the cache directory to be stored with
the rest of the containe images.
While doing this patch, I found that we had duplicated GetSystemContext in
two places in libpod. I cleaned this up.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Default to SELinux private label for play kube mounts
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before, there were SELinux denials when a volume was bind-mounted by podman play kube.
Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate)
For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point
also remove left over debugging print statement
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \
| | |
| | | |
fix bug remote-podman images --digests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add `digest` field to Image struct and update API.md
Show image digests when using --digests in podman-remote.
```
$ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB
docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB
```
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix bug `system df` add a space to the output
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
fix typo in Containers space usage: of podman system df -v, add a space for created time Change format string to const
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Remove ulele/deepcopier in favor of JSON deep copy
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The jsoniterator library believes that panic() is a reasonable
response to being told to indent JSON with a tab. So use spaces
instead.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a very high performance JSON library that doesn't need to
perform code generation. Let's use it instead of our questionably
performant, reflection-dependent deep copy library.
Most changes because some functions can now return errors.
Also converts cmd/podman to use jsoniter, instead of pkg/json,
for increased performance.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
system df: reject invalid arguments
|
| |
| |
| |
| | |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| | |
| | | |
Add --dns=none
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
|
|
| |
fallback to the previous behavior of joining only the user namespace,
when we cannot join the conmon userns+mount namespaces.
Closes: https://github.com/containers/libpod/issues/2673
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
on the remote client, if a user wants to know the rootfs size of a
container, a -s should be passed. this corrects a behavior where size
was shown by default.
Fixes #2765
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add "died" event
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a new event for container 'Exited' which has been renamed to
'died'.
also removed the stream bool from the varlink endpoint for events
because it can be determined by the varlink more value.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
podman system df- show podman disk usage
|
| |
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman will not start a transient service and timer for healthchecks.
this handles the tracking of the timing for health checks.
added the 'started' status which represents the time that a container is
in its start-period.
the systemd timing can be disabled with an env variable of
DISABLE_HC_SYSTEMD="true".
added filter for ps where --filter health=[starting, healthy, unhealthy]
can now be used.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
| |
Fixes #2526
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
if --env "a=b,c" is used, do not split into a=b and c=.
Closes: https://github.com/containers/libpod/issues/2712
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
we don't need to access the storage
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
support GO template {{ json . }}
|
| |
| |
| |
| |
| |
| |
| |
| | |
for podman version, we now support a GO template for json output.
fixes #2671
Signed-off-by: baude <bbaude@redhat.com>
|