summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* Fixed formatting and lowered verbosity of pod pshaircommander2018-08-24
| | | | | | | | | CtrInfo now is formatted in the way originally intended. s/Number Of Containers/# Of Containers and s/Infra Container ID/Infra ID. Make json camel case. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1338 Approved by: mheon
* Do not try to enable AppArmor in rootless modeMarco Vedovati2018-08-24
| | | | | | | | | | | When in rootless mode it's not possible to load profiles or check which profiles are loaded. Added a few baseline tests to check all possible cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1250 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Support pause containers in varlinkhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Changed GetContainerStats to return ErrCtrStateInvalidhaircommander2018-08-23
| | | | | | | | | | | | | | This results in some functionality changes: If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats. As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur. GetContainerStats will return the ErrCtrStateInvalid as well. Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1319 Approved by: baude
* Add GetPodStats to varlinkhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1319 Approved by: baude
* Add podman pod tophaircommander2018-08-23
| | | | | | | | | Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1298 Approved by: mheon
* Enable pod stats with short ID and namehaircommander2018-08-21
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1307 Approved by: rhatdan
* Fix handling of devicesDaniel J Walsh2018-08-20
| | | | | | | | | | | | | | Devices are supposed to be able to be passed in via the form of --device /dev/foo --device /dev/foo:/dev/bar --device /dev/foo:rwm --device /dev/foo:/dev/bar:rwm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1299 Approved by: umohnani8
* Mention that systemd is the default cgroup managerMatthew Heon2018-08-17
| | | | | | | | | | | Update docs to reflect our changed default CGroup manager. Fixes: #1292 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1293 Approved by: baude
* Don't fail on size.Daniel J Walsh2018-08-17
| | | | | | | | | | I think a created container which was never run will have no size struct we should just return 0 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1288 Approved by: TomSweeneyRedHat
* podman pod statsbaude2018-08-17
| | | | | | | | | add the ability to monitor container statistics in a pod. Signed-off-by: baude <bbaude@redhat.com> Closes: #1265 Approved by: rhatdan
* Added helper function for libpod pod api callshaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* CreatePod args now PodCreate structurehaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Added reason to PodContainerErrorhaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Change batchcontainer to sharedhaircommander2018-08-16
| | | | | | | | | To better reflect it's usage: to share functions between podman and varlink. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Add Pod API to varlink.haircommander2018-08-16
| | | | | | | | | Including: GetPod, StartPod, StopPod, RestartPod, KillPod, PausePod, UnpausePod, CreatePod, RemovePod, and InspectPod Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Change pod varlink API.haircommander2018-08-16
| | | | | | | | | | | Change way to PodContainerErrors are handled Remove PodNoContainers and PodHasContainers, because there is no way to differentiatefrom a standard error Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Moved getPodStatus to pod API to be used in varlinkhaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Suport format param for varlink CommitQi Wang2018-08-16
| | | | | | | | | We need to pass the image format OCI or docker in the varlink commit command. Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1281 Approved by: mheon
* Fix segfault in top when -l and no args are passedhaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1284 Approved by: mheon
* build, rootless: specify IsolationOCIRootlessGiuseppe Scrivano2018-08-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1269 Approved by: rhatdan
* rootless: not require userns for help/versionGiuseppe Scrivano2018-08-14
| | | | | | | | | | | these commands do not require to be root in an userns Closes: https://github.com/containers/libpod/issues/1263 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1268 Approved by: vrothberg
* podman in rootless mode will only work with cgroupfs at this point.Daniel J Walsh2018-08-14
| | | | | | | | | | | If user does not pass in cgroup manager and running in rootless mode, then we need to force the cgroupfs support until/unless we get support for rootless systemd support. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1261 Approved by: mheon
* search name should include registrybaude2018-08-10
| | | | | | | | | | | | | | | | | | | | | | When doing a podman search, the so-called NAME should be the image's fully qualified name (not index plus shortname). ``` $ sudo podman search rhel7 INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED redhat.com registry.access.redhat.com/rhel7/rhel This platform image provides a minimal runti... 0 redhat.com registry.access.redhat.com/rhel7.0 This platform image provides a minimal runti... 0 redhat.com registry.access.redhat.com/rhel7 This platform image provides a minimal runti... 0 .... ``` Resolves: #1208 Resolves: Bugz #1614710 Signed-off-by: baude <bbaude@redhat.com> Closes: #1253 Approved by: rhatdan
* apparmor: respect "unconfined" settingValentin Rothberg2018-08-09
| | | | | | | | | | The "unconfined" profile must be treated specially to turn off apparmor confinement and to avoid applying any other profile. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1241 Approved by: mheon
* add podman pod inspectbaude2018-08-09
| | | | | | | | | first pass of podman pod inspect Signed-off-by: baude <bbaude@redhat.com> Closes: #1236 Approved by: rhatdan
* Fix ambiguity in adding localhost to podman savehaircommander2018-08-08
| | | | | | | | | | | ...and some naming decisions. This change ensures podman save doesn't incorrectly prepend localhost when saving an image. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1140 Approved by: rhatdan
* Improve ps handling of container start/stop timeMatthew Heon2018-08-08
| | | | | | | | | | | | | | Previously all calculations were done based off the container's start time. Retrieve end time and use it to calculate time stopped for containers. Also, convert ps JSON output to report timestamps for create, start, and stop times. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1228 Approved by: rhatdan
* Stub varlink pod methods.haircommander2018-08-06
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1196 Approved by: baude
* Rename varlink socket and interfacebaude2018-08-06
| | | | | | | | | io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
* Make one runtime for the varlink servicebaude2018-08-05
| | | | | | | | | | | | | Rather than making a runtime each time a client hits a varlink endpoint, we now make a single runtime when the varlink service starts up. This fixes a problem where we hit a max inotify limit from CNI. Resolves: #1211 Signed-off-by: baude <bbaude@redhat.com> Closes: #1215 Approved by: rhatdan
* Vendor in latest github.com/projectatomic/buildahDaniel J Walsh2018-08-03
| | | | | | | | | | | | | | This adds support for Dockerfile.in and fixes some limits issues on docker build Also adds support for podman build to read Dockerfile from stdin. cat Dockerfile | podman build -f - . Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1209 Approved by: mheon
* Added ps --pod optionhaircommander2018-08-02
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1205 Approved by: rhatdan
* RFC: Remove unused transport name constants from libpodMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | | | They are not used anywhere in the packagee. Two of the values still have users in the CLI, but used only once. So, use the .Transport.Name() calls in there directly, that is likely to be cheaper (and makes the files depend directly on the transports instead of referring to them indirectly through libpod). RFC: Should not change behavior in _this_ repo, but it is an externally-observable API change. Is there any user that could notice? Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Replace Runtime.LoadFromArchive with Runtime.LoadFromArchiveReferenceMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | | | | | | | | | All callers of LoadFromArchive expect the input to be in the transport:name format, or create it that way. So, pass a types.ImageReference instead of a string. That requires us to add an explicit parse step in (podman pull); in (podman load) we can, instead of pasting strings, create native objects directly. Changes the error behavior of (podman pull), we no longer try heuristically parsing docker-archive:... inputs as Docker references. Also changes the string reported by (podman load) if all parsing attempts fail, to be only the path instead of dir:path. The error message itself is likely to be the same (from directory.Transport). (While at it, update a mismatched comment.) Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Rename the "image" variable to "imageName"Miloslav Trmač2018-08-01
| | | | | | | | | | | ... so that it does not shadow the libpod/image module. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Fix the heuristic for docker-archive: sources in (podman pull)Miloslav Trmač2018-08-01
| | | | | | | | | | Instead of searching for "docker-archive" anywhere in the input, only accept it at the start, and require the colon separator as well. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* RFC: Rename Image.PushImage to Image.PushImageToHeuristicDestinationMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | | | | | | The goal is to be very explicit about which functions try to heuristically guess what is the expected format of the string. Not quite "shaming" the users, but making sure they stand out. RFC: - Is this at all acceptable? Desirable? - varlink ExportImage says "destination must have transport type"; should it be using alltransports.ParseImageReference + PushImageToReference, then? (While touching the call in cmd/podman, also remove a commented-out older version of the call.) Should not change behavior (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* RFC? Hard-code "format" string values instead of using libpod.* transport namesMiloslav Trmač2018-08-01
| | | | | | | | | | | | | We don't really want to change the names of the CLI options just because the transport names change (with oci-dir/docker-dir there is no direct correspondence wanyway), and this removes a dependency. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Use PushImageToReference for (podman save)Miloslav Trmač2018-08-01
| | | | | | | | | | | | To do that, create the relevant ImageReference values directly by calling ParseReference/NewReference from the relevant transport subpackages instead of formatting strings to be parsed (and heuristically re-parsed) by PushImage. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Call imageNameForSaveDestination while creating the referencesMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | | | Instead of creating a reference string and then checking it again to see which kind of archive it is, just call imageNameForSaveDestination at the place where we already know what kind of archive it is because we are making that decision. This also notably fixes the use of strings.CONTAINS to see whether the just constructed strings start with one of the transport names; that would match anywhere in the path. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Exit early in the simple case in imageNameForSaveDestinationMiloslav Trmač2018-08-01
| | | | | | | | | | | ... to make it a tiny bit easier to read. Should not change behavior (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Rename parameters of imageNameForSaveDestinationMiloslav Trmač2018-08-01
| | | | | | | | | | | ... to make their relationship clear, at the very least. Should not change behavior (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Split imageNameForSaveDestination from saveCmdMiloslav Trmač2018-08-01
| | | | | | | | | | | | | We will need to call it from two places in the future. Should not change behavior, the code is pretty unchanged (down to using confusing parameter names, which we will change immediately) (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Split a single if statement into two.Miloslav Trmač2018-08-01
| | | | | | | | | | | This should not change behavior; it will only make it easier to show that future code move does not change it (but does not add unit tets.) Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan