summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* podman image prune -- implement all flagbaude2019-01-29
| | | | | | | | | | | we now, by default, only prune dangling images. if --all is passed, we prune dangling images AND images that do not have an associated containers. also went ahead and enabled the podman-remote image prune side of things. Fixes: #2192 Signed-off-by: baude <bbaude@redhat.com>
* enable podman-remote versionbaude2019-01-21
| | | | | | | | | | initial enablement of podman-remote version. includes add a APIVersion const that will allow us to check compatibility between host/client when connections are made. also added client related information to podman info. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2187 from rhatdan/selinuxOpenShift Merge Robot2019-01-21
|\ | | | | Vendor in latest opencontainers/selinux
| * Vendor in latest opencontainers/selinuxDaniel J Walsh2019-01-18
| | | | | | | | | | | | | | | | | | | | | | This will now verify labels passed in by the user. Will also prevent users from accidently relabeling their homedir. podman run -ti -v ~/home/user:Z fedora sh Is not a good idea. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2184 from baude/remotemaskcommandsOpenShift Merge Robot2019-01-20
|\ \ | | | | | | Mask unimplemeted commands for remote client
| * | Mask unimplemeted commands for remote clientbaude2019-01-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Masking main level, image, and container commands that are not yet implemented for the remote client. As each command is completed, be sure to unmask it. Also, masking podman command line switches that are not applicable to the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | | podman-remote inspectbaude2019-01-18
| |/ |/| | | | | | | | | base enablement of the inspect command. Signed-off-by: baude <bbaude@redhat.com>
* | podman-inspect: don't ignore errorsValentin Rothberg2019-01-18
|/ | | | | | | | | Return errors when executing the --format templates. Otherwise, Podman will just silently ignore them and not print any output that could guide user into solving the issue. Fixes: #2159 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Embed runtime struct in super localRuntimebaude2019-01-15
| | | | | | | | | | We clean up the code by eliminating stuttering references when we embed the runtime struct into localRuntime. Makes for less change in the future as well. ++ jhonce Signed-off-by: baude <bbaude@redhat.com>
* Collaberative podman-remote container existsbaude2019-01-15
| | | | | | | Began frameout of container super structs for adapted methods. This allows for the use of container exists. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2161 from baude/remotehistoryOpenShift Merge Robot2019-01-15
|\ | | | | add support for podman-remote history
| * add support for podman-remote historybaude2019-01-15
| | | | | | | | | | | | | | this adds support to get the history for an image and its layers using podman-remote. Signed-off-by: baude <bbaude@redhat.com>
* | Rename localRuntime to runtime in cmd/podmanbaude2019-01-15
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* podman remote integrations testsbaude2019-01-15
| | | | | | add exists and rmi tests back in ... Signed-off-by: baude <bbaude@redhat.com>
* podman remote client -- add rmibaude2019-01-14
| | | | | | allow the podman remote client to delete images Signed-off-by: baude <bbaude@redhat.com>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2141 from baude/remotetagOpenShift Merge Robot2019-01-13
|\ | | | | Add darwin support for remote-client
| * Add darwin support for remote-clientbaude2019-01-11
| | | | | | | | | | | | | | | | Add the ability to cross-compile podman remote for OSX. Also, add image exists and tag to remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2148 from rhatdan/storage-optOpenShift Merge Robot2019-01-12
|\ \ | | | | | | Set default storage options from mounts.conf file.
| * | Set default storage options from mounts.conf file.Daniel J Walsh2019-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | We were never loading the storage.conf file to grab mountOptions. This is causing us to not use metacopyup option when running with overlay. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2145 from baude/playcontainerintopodOpenShift Merge Robot2019-01-12
|\ \ \ | |/ / |/| | podman play kube: add containers to pod
| * | podman play kube: add containers to podbaude2019-01-11
| |/ | | | | | | | | | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2138 from giuseppe/rootless-pod-fixOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| rootless: fix usage of create --pod=new:FOO
| * rootless: create the userns immediately when creating a new podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2124 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: join both userns and mount namespace with --podGiuseppe Scrivano2019-01-11
| | | | | | | | | | | | | | When --pod is specified then join both the user and mount namespace for the pod so we can initialize the storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ \ | | | | | | Add varlink support for prune
| * | Add varlink support for prunebaude2019-01-10
| |/ | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| remote-client support for images
| * remote-client support for imagesbaude2019-01-10
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2120 from rhatdan/volumeOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Fix handling of nil volumes
| * | Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ | | | | | | | | Fix 'image trust' from PR1899
| * | | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2127 from QiWang19/fixsigstoreOpenShift Merge Robot2019-01-10
|\ \ \ \ | | | | | | | | | | fix up sigstore path
| * | | | fix up sigstore pathQi Wang2019-01-10
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2126 from giuseppe/set-prlimitOpenShift Merge Robot2019-01-10
|\ \ \ \ | |/ / / |/| | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
| * | | podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCEGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not able to make arbitrary changes to the RLIMIT_NOFILE when lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum allowed. In this way the same code path works with rootless mode. Closes: https://github.com/containers/libpod/issues/2123 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: make all error messages lowercaseGiuseppe Scrivano2019-01-10
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | sign: use filepath.Join instead of fmt.SprintfGiuseppe Scrivano2019-01-10
| |_|/ |/| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ \ | |/ / |/| | apparmor: apply default profile at container initialization
| * | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / libpod/image: Use ParseNormalizedNamed in RepoDigestsW. Trevor King2019-01-09
|/ | | | | | | | | | | | | | | | Avoid generating quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and similar when the image name is already digest-based [1]. It's not clear exactly how we get into this state, but as shown by the unit tests, the new code handles this case correctly (while the previous code does not). [1]: https://github.com/containers/libpod/issues/2086 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #2106 Approved by: rhatdan
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | | | | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ / | | | | | | | | | | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | Merge pull request #2099 from mheon/config_to_containerconfigOpenShift Merge Robot2019-01-08
|\ \ | |/ |/| Rename libpod.Config back to ContainerConfig
| * Rename libpod.Config back to ContainerConfigMatthew Heon2019-01-07
| | | | | | | | | | | | | | | | | | | | During an earlier bugfix, we swapped all instances of ContainerConfig to Config, which was meant to fix some data we were returning from Inspect. This unfortunately also renamed a libpod internal struct for container configs. Undo the rename here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>