| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Currently we hard code TMPDIR environment variable to /var/tmp
if it is not set in the Environment. This causes TMPDIR environment
variable to be ignored if set in containers.conf.
This change now uses the host environment TMPDIR, followed by
containers.conf and then hard codes TMPDIR, if it was not set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
podman: drop checking valid rootless UID
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not check whether the specified ID is valid in the user namespace.
crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.
$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
10 0 1
[1] https://github.com/containers/crun/pull/556
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Add volume prune --filter support
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| |\ \
| | |
| | | |
shell completion for the network flag
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Complete all the options e.g. `container:`,`ns:`,`host`, etc...
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
Sign multi-arch images
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman image sign handles muti-arch images.
--all option to create signature for each manifest from the image manifest list.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Refine public key usage when remote
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Move all public key handling into one AuthMethod. Prioritize ssh-agent
keys over identity files.
* Cache server connection when tunneling, saves one RoundTrip on ssh
handshake
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
podman logs honor stderr correctly
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Make the ContainerLogsOptions support two io.Writers,
one for stdout and the other for stderr. The logline already
includes the information to which Writer it has to be written.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
| |
Also document the allowable filters in podman system prune, podman image prune
and podman container prune.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Honor the --layers flag
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS
environment variable being set is observed.
Fixes: https://github.com/containers/podman/issues/8643
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add system test for shell completion
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There exists a unit test to ensure that shell completion functions are
defined. However there was no check about the quality of the provided
shell completions. Lets change that.
The idea is to create a general test that makes sure we are suggesting
containers,pods,images... for the correct commands. This works by
reading the command use line and checking for each arg if we provide
the correct suggestions for this arg.
It includes the following tests:
- flag suggestions if [options] is set
- container, pod, image, network, volume, registry completion
- path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.)
- no completion if there are no args
- completion for more than one arg if it ends with `...]`
The test does not cover completion values for flags and not every arg KEYWORD
is supported. This is still a huge improvement and covers most use cases.
This test spotted several inconsistencies between the completion and the
command use line. All of them have been adjusted to make the test pass.
The biggest advantage is that the completions always match the latest
command changes. So if someone changes the arguments for a command this
ensures that the completions must be adjusted.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Restore json format for fields as well as whole structs
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add template func to inspect template processing
* Added test using repro from #8444
Fixes #8444
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
Pass full NetworkMode to ParseNetworkNamespace
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This should create the correct namespace for NetworkModes like container:containerid
Signed-off-by: Kevin Wiesmueller <kwiesmul@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add systempaths=unconfined option
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add the systempaths=unconfined option to --security-opt
to match the docker options for unmasking all the paths
that are masked by default.
Add the mask and unmask options to the podman create doc.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Implement pod-network-reload
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Add mask and unmask option to --security-opt
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
Fix `podman images...` missing headers in table templates
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
when formatting mount options into a string for the compat container create, the options need to be comma delimited.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Add support for network ids
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| |
| | |
The `ancestor` option was missing an equal sign. Therefore
the completion did not work as expected.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \
| | |
| | | |
Add support for --platform
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For docker compatibility we need to support --platform
flag.
podman create --platform
podman run --platform
podman pull --platform
Since we have --override-os and --override-arch already
this can be done just by modifying the client to split
the --platform call into os and arch and then pass those
options to the server side.
Fixes: https://github.com/containers/podman/issues/6244
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman network label support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config
https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| | | | |
| | | | | |
Revert the custom cobra vendor
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Vendor in the latest cobra release v1.1.1
This will hurt the completion experience but is required for
proper packaging, see: #8528.
The best solution is to keep the current scripts since they
work fine with cobra v1.1.1.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the volumes provided is seemingly useless representing what volumes
should be added to a container. instead, the host config bindings should
be used as they acurately describe the src/dest and options for
bindings.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Remove varlink support from podman
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Handle ps container created field as a time.Time
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In the current code we were translating the created time
from a time.Time to a unix epoch, this was leading to a loss
of precession, and some unexpected results where the sorting
order of containers was misordered because of the precession loss.
If we pass around created as time.Time, we do not loose the precission.
Fixes: https://github.com/containers/podman/issues/8414
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
