summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* podman/libpod: add default AppArmor profileValentin Rothberg2018-07-11
| | | | | | | | | | | | | | | | | Make users of libpod more secure by adding the libpod/apparmor package to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor come from github.com/moby/moby. Also check if a specified AppArmor profile is actually loaded and throw an error if necessary. The default profile is loaded only on Linux builds with the `apparmor` buildtag enabled. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1063 Approved by: rhatdan
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Podman stats with no containers listed is the same as podman stats --allhaircommander2018-07-07
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1031 Approved by: rhatdan
* remove buildah requirement for the libpod image librarybaude2018-07-06
| | | | | | | | | | | if we snip the requirement to use a buildah const in the libpod image library, we can save something on the order of 85 vendored files in consumers of the the library. Signed-off-by: baude <bbaude@redhat.com> Closes: #1054 Approved by: mheon
* Refactor podman/utils with a single container start and attach functionMarco Vedovati2018-07-06
| | | | | | | | | | | Use a single function startAttachCtr() to handle both container start with attach and attach to running containers, as the code handling the attach is common for the 2 use cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1025 Approved by: rhatdan
* Allow multiple mountsTomSweeneyRedHat2018-07-03
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1030 Approved by: rhatdan
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Allow multiple containers and all for umountTomSweeneyRedHat2018-06-29
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1012 Approved by: rhatdan
* Merge pull request #1020 from giuseppe/resize-fix-loopDaniel J Walsh2018-06-28
|\ | | | | utils: fix endless write of resize event
| * utils: fix endless write of resize eventGiuseppe Scrivano2018-06-28
| | | | | | | | | | | | issue introduced with c82166afabd63f6271990be89ffa6609d3dc6712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Remove the --registry flag from podman searchumohnani82018-06-28
| | | | | | | | | | | | | | | | | | | | | | | | Instead of setting the --registry flag to search a single registry, prefix the registry before the image name in the input, an example is `podman search registry.fedoraproject.org/fedora` and this will search for the fedora image in only registry.fedoraproject.org. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1011 Approved by: rhatdan
* | Start prints UUID or container name that user inputs on successhaircommander2018-06-28
|/ | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1019 Approved by: rhatdan
* cmd/podman/utils.go: Cancel-able resize writesW. Trevor King2018-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]: > The root cause is a deadlock between two channel writes made by two > different goroutines: > > 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize > message thru `resize` right at the beginning, but the channel is > never read if some startup error occurs. > > 2. Upon program termination, `startAttachCtr() : defer func(){} ` is > telling the goroutine in "1." to stop via the `resizeTerminate` > channel. But that guy is still waiting for the write to `resize` > to complete so the the termination message is never read. > > I think the go deadlock detection does not kick in because not all > goroutines are seen as asleep. E.g. `os/signal Notify()` is enough > to have the deadlock not detected. 333ab8c2 (Fix podman hangs when detecting startup error in container attached mode, 2018-06-27, #1010) addressed this with a deferred drain. This commit adjusts that approach to use a single select to cover "have we been canceled?", "has there been a resize signal?", and (when we have one) "can we write the most recent resize event to the resize channel?". A side benefit to this approach is that if we have a slow resize consumer and several resize signals, the resizeTty function will keep updating its local resizeEvent. Once the resize channel is able to accept, only the most-recent event will be written. Previously we'd have written one resize event for every received signal, even if the resize consumer was falling behind. [1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1018 Approved by: rhatdan
* Fix podman hangs when detecting startup error in container attached modeMarco Vedovati2018-06-28
| | | | | | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> The initial resize command sent to the terminal window over the resize channel may never be delivered in case of error. Hence it is necessary to consume all data from the resize channel to avoid a deadlock on startup. Fixes: #1009 Closes: #1010 Approved by: giuseppe
* podman-build --help: update descriptionValentin Rothberg2018-06-28
| | | | | | | | | | | Update the description of podman-build which was mentioning the initial requirement of Buildah which doesn't apply anymore since Podman is vendoring Buildah code. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1005 Approved by: rhatdan
* runtime: change rootless data storage default pathGiuseppe Scrivano2018-06-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
| | | | | | | | | | When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* Add --authfile to podman searchumohnani82018-06-27
| | | | | | | | | | | Since podman search requires credentials to search private registries, add the --authfile flag to allow users to pass in credentials from a different authfile than the default one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #998 Approved by: rhatdan
* Containers can dissappearDaniel J Walsh2018-06-26
| | | | | | | | | | | | Between the time that ps command gets the list of containers and is able to ask for more data, the container could have exited. This patch logs Clibpod.ErrNoSuchCtr errors and just continues processing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #996 Approved by: mheon
* make varlink optional for podmanbaude2018-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some platforms and operating systems do not have varlink. in those cases, we need to be able to turn off enablement of varlink in podman. this can now be done with BUILDTAGS passed to the build though perhaps in the future will be better. the default is to build with varlink Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The API.md and cmd/podman/varlink/ioprojectatomicpodman.go targets will continue to work regardless of the presence (or not) of 'varlink' is in BUILDTAGS. However, cmd/podman/varlink/ioprojectatomicpodman.go is now only required by the podman target when BUILDTAGS contains 'varlink'. API.md had also been an podman dependency since 5b2627dd (Makefile: Drop find-godeps.sh for podman target, 2018-05-15, #776) when I expanded varlink_api_generate. It had been an indirect podman dependency (via varlink_api_generate) since 25263558 (Generate varlink API documentation automatically, 2018-05-07, #734). But the podman executable obviously doesn't depend on the Markdown file, so I'm removing that dependency here. Signed-off-by: baude <bbaude@redhat.com> squash! make varlink optional for podman The command-pointer approach will scale well if/when we add additional optional commands behind their own build tags, because those tags won't all be competing for the same getOptionalCommands namespace. Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #987 Approved by: rhatdan
* Move podman refresh under the container subcommandMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add podman refresh commandMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Podman history now prints out intermediate image IDsumohnani82018-06-22
| | | | | | | | | | If the intermediate image exists in the store, podman history will show the IDs of the intermediate image of each layer. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #982 Approved by: mheon
* Option handling has become large and should be a shared functionDaniel J Walsh2018-06-22
| | | | | | | | | | | Everytime we add a new option for create, we end up having to also add it to run, this makes it error prone. Moving these to the same function makes it easier to develop and prevents user mistakes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #975 Approved by: mheon
* Add carriage return to log message when using --tty flagMarco Vedovati2018-06-19
| | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> Add a raw text formatter for logrus to be used when terminal is in raw mode (i.e. when allocating a pseudo-TTY for the container). The raw text formatter terminates the log messages with the corret \r\n sequence. Closes: #967 Approved by: rhatdan
* Added --sort to pshaircommander2018-06-19
| | | | | | | | | Also podman ps now allows user to only output size of root FS, changed language of images and ps --sort to be by "created" as opposed to "time", and refactored the way templates are created (converted from psJSONParams type). Signed-off-by: haircommander <pehunt@redhat.com> Closes: #948 Approved by: rhatdan
* Fix podman build -qDaniel J Walsh2018-06-19
| | | | | | | | | Only thing that should be printed is the image id. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #964 Approved by: mheon
* TLS verify is skipped per registry.haircommander2018-06-18
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #952 Approved by: rhatdan
* Add missing functionality for podman build layersumohnani82018-06-18
| | | | | | | | | | Need to pick the values from the flags and send it to buildah for build. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #947 Approved by: rhatdan
* Add --all,-a flag to podman imagesumohnani82018-06-18
| | | | | | | | | | | podman images will not show intermediate images by default. To view all images, including intermediate images created during a build, use the --all flag. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #947 Approved by: rhatdan
* top: make output tabularValentin Rothberg2018-06-18
| | | | | | | | | | | | | | Make the output of top tabular to be compatible with Docker. Please note, that any user-input for `GetContainerPidInformation(...)` will be ignored until we have found a way to generically and reliably parse ps-1 output or until there is a go-lib to extract all the data from /proc in a ps-1 compatible fashion. Fixes: #458 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #939 Approved by: rhatdan
* Added --tls-verify functionality to podman search, with testshaircommander2018-06-15
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #932 Approved by: baude
* podman: use a different store for the rootless caseGiuseppe Scrivano2018-06-15
| | | | | | | | | so that the user has rw access to it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: allow to override TmpdirGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: accept option --rootfs to use exploded imagesGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* Implement --latest for psMatthew Heon2018-06-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #944 Approved by: rhatdan
* Correctly report errors retrieving containers in psMatthew Heon2018-06-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #944 Approved by: rhatdan
* Added --sort flag to podman imagehaircommander2018-06-14
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #937 Approved by: rhatdan
* add podman container and image commandDaniel J Walsh2018-06-13
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #941 Approved by: TomSweeneyRedHat
* rmi: remove image if all tags are specifiedValentin Rothberg2018-06-12
| | | | | | | | | | | | | Remove the image if all its tags are specified. This didn't work before as the images have been queried prior to changing them resulting in inconsistencies regarding repoTags. Now, the images for each specified tag is loaded one after another to guarantee loading the latest state. Fixes: #930 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #934 Approved by: rhatdan
* Aliases do not work with IsSetDaniel J Walsh2018-06-12
| | | | | | | | | Have to specify all names. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #933 Approved by: baude
* Propegate exit code on Exec calls and integrated testhaircommander2018-06-07
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #904 Approved by: rhatdan
* Vendor in latest buildah codeDaniel J Walsh2018-06-07
| | | | | | | | | | Use the parsing code to properly setup podman build namespaces Fixes support for network namespace and user namespace Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #917 Approved by: rhatdan
* Add --all flag even though it is a noop so scripts will workDaniel J Walsh2018-06-05
| | | | | | | | | | | | | Until podman build supports caching, their are no intermediary builds, but people might still use scripts that use the --all option. Adding this will not hurt anything and could fix scripts. Also fixed sorting issues in options handling of images Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #896 Approved by: mheon
* varlink build fixesbaude2018-06-05
| | | | | | | | | | | | the varlink build was not working as designed and required some touch-ups: * return a struct that includes logs and the new image ID * pass namespaceoption so that networking in buildah works Signed-off-by: baude <bbaude@redhat.com> Closes: #903 Approved by: rhatdan
* podman-varlink: log timeoutsValentin Rothberg2018-06-05
| | | | | | | | | | | | | | The default timeout of one second when using podman-varlink can confuse users as podman exits in silence after this timeout in case no connection to the endpoint is alive. Print a log (info level) that the varlink service has expired to guide the user. This change requires to vendor in the latest master of varlink/go. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #899 Approved by: rhatdan
* libpod: Execute poststop hooks locallyW. Trevor King2018-06-04
| | | | | | | | | | | | Instead of delegating to the runtime, since some runtimes do not seem to handle these reliably [1]. [1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #864 Approved by: rhatdan
* Add flag to add annotations to a containerMatthew Heon2018-06-04
| | | | | | | | | | Also add annotations from the image the container was created from. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #886 Approved by: rhatdan
* Merge pull request #839 from baude/varlinkcreatefixesDaniel J Walsh2018-06-01
|\ | | | | varlink build
| * varlink buildbaude2018-06-01
| | | | | | | | | | | | | | | | | | | | | | | | Add the endpoint and methods for build so users can build an image with varlink. build can also use the more method for streaming output back more regularily; however, it looks like a bug in buildah does not output all build output to the writer provided. Tidy up some create fixes and add endpoint for GetImage requested by jhonce. Signed-off-by: baude <bbaude@redhat.com>