| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We attempted to share all logic for parsing labels and
environment variables, which on the surface makes lots of sense
(both are formatted key=value so parsing logic should be
identical) but has begun to fall apart now that we have added
additional logic to environment variable handling. Environment
variables that are unset, for example, are looked up against
environment variables set for the process. We don't want this for
labels, so we have to split parsing logic.
Fixes #3854
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Only set --all when a status filter is given to ps
|
| |
| |
| |
| |
| |
| |
| |
| | |
The changes in #5075 turn out to be too aggressive; we should
only be setting --all if a status= filter is given. Otherwise
only running containers are filtered.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
images --format compatible with docker
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince.
Keep CreatedTime and Created are valid as hidden options.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| |_|/
|/| | |
support device-cgroup-rule
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fix #4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add pkg/seccomp to consolidate all seccomp-policy related code which is
currently scattered across multiple packages and complicating the
creatconfig refactoring.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Refactor and simplify the code in cmd/podman/pull.go to address a couple
of issues w.r.t. how the arguments were passed. Also make sure to
always use the c/image API for parsing instead of working around it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
v2 api: /libpod/images/{import,load,pull}
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement the /libpod/images/pull endpoint and correct the swagger docs.
The reference parameter is mandatory and must either be a
c/image/docker/reference or a reference to the "docker://" transport as
the pull endpoint is meant to only support pulling images from a
registry.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Rewire ListContainers for APIv2 libpod
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
consumers of the api remarked how they would prefer a more strongly typed data structure from list containers oon the libpod side of things. for example, events should be consumable and consistent timestamps. also, for the sake of compatibility, it is helpful to have the json named atttributes for Id to not be ID.
listcontainers on the libpod side no longer strongly uses the the ps cli to obtain information but we do benefit from turning on the ability to list the last X containers, something CLI does not have yet. we also flipped the bit on defaulting to truncated output in the return.
thanks to the efforts of the cockpit team to help us here.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Relax the os/arch checks when creating a container and only info-log
mismatches instead of erroring out. There are too many images used
in the wild which do not set their arch correctly correctly. Erroring
out has hit users sufficiently enough to justify relaxing the errors
and only log to at least inform the users and image vendors.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
The validation logic was failing on properly-formatted changes.
There's already validation in Commit itself, so no need to
duplicate.
Fixes #5148
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
| |
This makes the code easier to read but should not change the overall
behavior.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
| |
Fixes #5108
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Special case memory-swap=-1
|
| |
| |
| |
| |
| |
| |
| | |
We document that memory-swap==-1 means unlimited, but currently we
won't allow the user to specify the -1 value.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Force --all when --filter is passed to podman ps
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we filter, it should be out of all containers, not just
running ones, by default - this is necessary to ensure Docker
compatability.
Fixes #5050
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman does select the wrong Containerfile if the current working
directory contains a Containerfile but we specify one from a different
location.
Reproducer:
```
> mkdir 1
> echo FROM scratch > Containerfile
> echo FROM golang > 1/Containerfile
> podman build -f 1/Containerfile -t test
STEP 1: FROM scratch
```
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this pr splits off some of the network container create options into a different flag set. the options in question are:
--add-host
--dns
--dns-opt
--dns-search
--ip
--mac-address
--network
--no-hosts
--publish
in the future, these options are going to be added to the pod create flags. this makes that transition easier and provides for less code duplication.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
the api needs to account for image input where the image is encoded as a fqd image name.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
to match docker compat, the image tag should be optional.
Fixes: #5027
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
We define the valid sort values, so we should throw an error
on invalid sort values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
expose --arch-override option for pull
|
| |
| |
| |
| |
| |
| |
| |
| | |
We no longer wish to hide the --arch-override from the cli on pulls. we now expose it. docs updated. tests already exist.
Fixes: #4849
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
| |
The pull command has several options that are hidden for the remote client. In that case, when checking to see if the flag has been flipped with .Changed, we get a nil pointer error. Using IsSet is tolerant of this.
Fixes: #4706
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
APIv2 review corrections #3
|
| |
| |
| |
| |
| |
| | |
The third pass of corrections for the APIv2.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
faith/camelcase has been archived and is no longer maintained.
The package is sufficiently small and self-contained enough to
maintain it in libpod.
Fixes: #4783
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
Move the seccomp profile from a manifest annotation to a config label.
This way, we can support it for Docker images as well and provide an
easy way to add that data via Dockerfiles.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
oci_conmon: do not create a cgroup under systemd
|
| |
| |
| |
| |
| |
| |
| |
| | |
it allows to disable cgroups creation only for the conmon process.
A new cgroup is created for the container payload.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add service endpoint for the new API. Also supports the varlink
implementation.
Signed-off-by: baude <bbaude@redhat.com>
Refactor to allow developer more control of API server
* Add api.NewServerWithSettings() to create an API server with custom
settings
* Add api.ListenUnix() to create a UDS net.Listener and setup UDS
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
More service completion
Add podman service command that allows users to run either a RESTful or
varlink protocol API service.
Addition of docs and RESTful listening.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
| |
The word `alias` is not very common when speaking about image names and
tags. So we just refer to image name as the overall identifier of an
image.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
|
| |
We have a lot of cludgy code trying to make --net and --network equivalent.
This will allow --net to still exists but will eliminate the help and confusion.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Add APIv2 CLI example POC
|
| |
| |
| |
| |
| |
| |
| | |
* Add ReadMe, CLI and unit files to support socket activation, both for
system and rootless
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| |/
|/| |
policy for seccomp-profile selection
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Rename `data` to `imageData` to make it more obvious which kind of data
the variable refers to.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Include the unit tests (i.e., _test.go files) for linting to make the
tests more robust and enforce the linters' coding styles etc.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
clarify cont
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the --force parameter should only be used for the CLI and should only
dictate whether to prompt the user for confirmation.
Fixes: #4844
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix linting
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add codespell to validate spelling mistakes in code.
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fix all errors found by codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|