summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Respect --sig-proxy flag with podman start --attachMatthew Heon2019-10-09
| | | | | | | If it's explicitly set, use it, instead of trying to set a sane default. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ | | | | Setup a reasonable default for pids-limit 4096
| * Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | | | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
|/ | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #3549 from marcov/evict-containerOpenShift Merge Robot2019-10-04
|\ | | | | Add ability to evict a container
| * rm: add containers eviction with `rm --force`Marco Vedovati2019-09-25
| | | | | | | | | | | | | | | | | | Add ability to evict a container when it becomes unusable. This may happen when the host setup changes after a container creation, making it impossible for that container to be used or removed. Evicting a container is done using the `rm --force` command. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | Merge pull request #4188 from Mrigank11/validate_network_nameOpenShift Merge Robot2019-10-04
|\ \ | | | | | | podman network create: validate user input
| * | podman network create: validate user inputMrigank Krishan2019-10-04
| | | | | | | | | | | | | | | | | | | | | Disallow invalid/confusing names such as '../bar' or 'foo ' Closes #4184 Signed-off-by: Mrigank Krishan <mrigankkrishan@gmail.com>
* | | Allow setting default parameters with env varsAnders F Björklund2019-10-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Allow changing IdentityFile and to IgnoreHostsAnders F Björklund2019-10-01
|/ / | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #4001 from kunalkushwaha/podman-import-fixOpenShift Merge Robot2019-09-30
|\ \ | | | | | | podman import syntax fix
| * | syntax updated for podman import --changeKunal Kushwaha2019-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | currently, podman import change do not support syntax like - KEY val - KEY ["val"] This adds support for both of these syntax along with KEY=val Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | | Merge pull request #4127 from nalind/reexec-useOpenShift Merge Robot2019-09-27
|\ \ \ | | | | | | | | Correct use of reexec.Init()
| * | | Correct use of reexec.Init()Nalin Dahyabhai2019-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A true result from reexec.Init() isn't an error, but it indicates that main() should exit with a success exit status. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | Merge pull request #4124 from mheon/set_log_level_earlyOpenShift Merge Robot2019-09-27
|\ \ \ \ | |/ / / |/| | | Set log-level immediately, before rootless setup
| * | | Set log-level immediately, before rootless setupMatthew Heon2019-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we don't do this, we print WARN level messages that we should not be printing by default. Up one WARN message to ERROR so it still shows up by default. Fixes: #4115 Fixes: #4012 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | fix cp none exists dest path ends with '/'Qi Wang2019-09-25
|/ / / | | | | | | | | | | | | | | | | | | close #3894 This patch let podman cp return 'no such file or directory' error if DEST_PATH does not exist and ends with / when copying file. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #4088 from baude/varlinkbuildoutputOpenShift Merge Robot2019-09-25
|\ \ \ | |_|/ |/| | Document the required varlink build args
| * | Document the required varlink build argsbaude2019-09-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | The API document incorrectly documented the wrong varlink build arguments. The output attribute is required. Fixes: #3204 Signed-off-by: baude <bbaude@redhat.com>
* | | runtime: fix logic to disable SDNotifyValentin Rothberg2019-09-24
|/ / | | | | | | | | | | | | | | Fix the logic when getting the runtime for varlink to actually disable SDNotify support. Fixes: #4005 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | support non-standard ssh port for remote-clientbaude2019-09-17
| | | | | | | | | | | | | | | | | | | | when using the remote client, users may need to specify a non-standard port for ssh connections. we can do so on the command line and within the remote-client configuration file. Fixes: #3987 Signed-off-by: baude <bbaude@redhat.com>
* | Fix default to pause in podman cpDaniel J Walsh2019-09-13
| | | | | | | | | | | | | | | | We want to default to secure when running containers as root, in rootless, we need to change the default if the system does not support cgroup v1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #4022 from baude/remotepushgetrtOpenShift Merge Robot2019-09-13
|\ \ | | | | | | get runtime for podman-remote push earlier
| * | get runtime for podman-remote push earlierbaude2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent client side panics, we should get the runtime earlier in the process of push. Fixes: #4013 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4018 from giuseppe/fix-error-message-rootlessOpenShift Merge Robot2019-09-13
|\ \ \ | | | | | | | | rootless: report the correct error
| * | | rootless: report the correct errorGiuseppe Scrivano2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not shadow the err variable so that the correct error message can be reported when utils.RunUnderSystemdScope fails. Closes: https://github.com/containers/libpod/issues/4012 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3934 from rhatdan/waitOpenShift Merge Robot2019-09-13
|\ \ \ \ | | | | | | | | | | Podman-remote run should wait for exit code
| * | | | Use exit code constantsDaniel J Walsh2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have leaked the exit number codess all over the code, this patch removes the numbers to constants. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #3942 from jwhonce/issue/3829OpenShift Merge Robot2019-09-13
|\ \ \ \ \ | |_|/ / / |/| | | | Stop glob'ing on podman cp
| * | | | Do not support wildcards on cpJhon Honce2019-09-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | * symlink processing and wildcarding led to unexpected files being copied Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #3978 from baude/networkremoveOpenShift Merge Robot2019-09-12
|\ \ \ \ | |/ / / |/| | | enhance podman network rm
| * | | enhance podman network rmbaude2019-09-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | when removing a podman network, we need to make sure we delete the network interface if one was ever created (by running a container). also, when removing networks, we check if any containers are using the network. if they are, we error out unless the user provides a 'force' option which will remove the containers in question. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3997 from QiWang19/sigpathOpenShift Merge Robot2019-09-12
|\ \ \ | |/ / |/| | fix podman sign signature store for rootless
| * | fix podman sign signature store for rootlessQi Wang2019-09-11
| | | | | | | | | | | | | | | | | | Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #3959 from giuseppe/rootless-use-systemd-scopeOpenShift Merge Robot2019-09-12
|\ \ \ | |_|/ |/| | rootless: automatically create a systemd scope
| * | rootless: run pause process in its own scopeGiuseppe Scrivano2019-09-12
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: automatically create a systemd scopeGiuseppe Scrivano2019-09-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode and using systemd as cgroup manager create automatically a systemd scope when the user doesn't own the current cgroup. This solves a couple of issues: on cgroup v2 it is necessary that a process before it can moved to a different cgroup tree must be in a directory owned by the unprivileged user. This is not always true, e.g. when creating a session with su -l. Closes: https://github.com/containers/libpod/issues/3937 Also, for running systemd in a container it was before necessary to specify "systemd-run --scope --user podman ...", now this is done automatically as part of this PR. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / podman-remote image trust is brokenDaniel J Walsh2019-09-11
|/ | | | | | We should not be making it available, it does nothing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ | | | | Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3817 from xcffl/masterOpenShift Merge Robot2019-09-10
|\ \ | | | | | | Add explanation mounting named volumes for `podman run`
| * | Replace "podman" with "Podman"xcffl2019-09-07
| | | | | | | | | | | | Signed-off-by: xcffl <xcffl@outlook.com>
* | | Merge pull request #3896 from mheon/volume_lookupOpenShift Merge Robot2019-09-09
|\ \ \ | | | | | | | | Add ability to look up volumes by unambiguous partial name
| * | | Add function for looking up volumes by partial nameMatthew Heon2019-09-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | This isn't included in Docker, but seems handy enough. Use the new API for 'volume rm' and 'volume inspect'. Fixes #3891 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3862 from baude/networkcreateOpenShift Merge Robot2019-09-09
|\ \ \ | |/ / |/| | podman network create
| * | podman network createbaude2019-09-09
| |/ | | | | | | | | | | | | initial implementation of network create. we only support bridging networks with this first pass. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3914 from marcov/units-optsOpenShift Merge Robot2019-09-09
|\ \ | | | | | | cli-flags: use a consistent format for <size><unit>
| * | cli-flags: use a consistent format for <size><unit>Marco Vedovati2019-09-05
| | | | | | | | | | | | | | | | | | | | | | | | Use a consistent format for description of the <size><unit> flags. Also, avoid backticks for /dev/shm, as that's interpreted as the format by the flag parsing lib. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | | build: pass down the cgroup manager to buildahGiuseppe Scrivano2019-09-06
| |/ |/| | | | | | | | | | | | | Pass down the cgroup manager to use to buildah. Closes: https://github.com/containers/libpod/issues/3938 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>