| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Vendor in latest opencontainers/selinux
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will now verify labels passed in by the user.
Will also prevent users from accidently relabeling their homedir.
podman run -ti -v ~/home/user:Z fedora sh
Is not a good idea.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Mask unimplemeted commands for remote client
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Masking main level, image, and container commands that are not yet
implemented for the remote client. As each command is completed, be
sure to unmask it.
Also, masking podman command line switches that are not applicable
to the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|/|
| |
| |
| |
| | |
base enablement of the inspect command.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Return errors when executing the --format templates. Otherwise,
Podman will just silently ignore them and not print any output
that could guide user into solving the issue.
Fixes: #2159
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
| |
I find these useful for playing around with containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
We clean up the code by eliminating stuttering references when we embed
the runtime struct into localRuntime. Makes for less change in the future
as well.
++ jhonce
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
Began frameout of container super structs for adapted methods. This allows for the use
of container exists.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
add support for podman-remote history
|
| |
| |
| |
| |
| |
| |
| | |
this adds support to get the history for an image and its
layers using podman-remote.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
add exists and rmi tests back in ...
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
allow the podman remote client to delete images
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to run the integration (ginkgo) suite using
the remote client.
Only the images_test.go file is run right now; all the rest are
isolated with a // +build !remotelinux. As more content is
developed for the remote client, we can unblock the files and
just block single tests as needed.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add darwin support for remote-client
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add the ability to cross-compile podman remote for OSX.
Also, add image exists and tag to remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Set default storage options from mounts.conf file.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We were never loading the storage.conf file to grab mountOptions.
This is causing us to not use metacopyup option when running with
overlay.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
podman play kube: add containers to pod
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
when defining containers, we missed the conditional logic to allow
the container to be defined with "WithPod" and so forth. I had to
slightly modify the createcontainer process to pass a libpod.Pod
that could override things; use nil as no pod.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
rootless: fix usage of create --pod=new:FOO
|
| |
| |
| |
| |
| |
| | |
Closes: https://github.com/containers/libpod/issues/2124
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
When --pod is specified then join both the user and mount namespace
for the pod so we can initialize the storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Add varlink support for prune
|
| |/
| |
| |
| |
| |
| |
| | |
Add the ability to prune unused images using the varlink
API.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
remote-client support for images
|
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Fix handling of nil volumes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently if a user passes in a -v with
-v $bogus:/foobar
We crash. This will throw a proper error.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix 'image trust' from PR1899
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix up sigstore path
|
| | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
podman: bump RLIMIT_NOFILE also without CAP_SYS_RESOURCE
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we are not able to make arbitrary changes to the RLIMIT_NOFILE when
lacking CAP_SYS_RESOURCE, don't fail but bump the limit to the maximum
allowed. In this way the same code path works with rootless mode.
Closes: https://github.com/containers/libpod/issues/2123
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |_|/
|/| |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
apparmor: apply default profile at container initialization
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apply the default AppArmor profile at container initialization to cover
all possible code paths (i.e., podman-{start,run}) before executing the
runtime. This allows moving most of the logic into pkg/apparmor.
Also make the loading and application of the default AppArmor profile
versio-indepenent by checking for the `libpod-default-` prefix and
over-writing the profile in the run-time spec if needed.
The intitial run-time spec of the container differs a bit from the
applied one when having started the container, which results in
displaying a potentially outdated AppArmor profile when inspecting
a container. To fix that, load the container config from the file
system if present and use it to display the data.
Fixes: #2107
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid generating
quay.io/openshift-release-dev/ocp-release@sha256@sha256:239... and
similar when the image name is already digest-based [1]. It's not
clear exactly how we get into this state, but as shown by the unit
tests, the new code handles this case correctly (while the previous
code does not).
[1]: https://github.com/containers/libpod/issues/2086
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #2106
Approved by: rhatdan
|
|\
| |
| | |
Support podman image sign
|
| |
| |
| |
| |
| |
| | |
Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/).
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Add a --workdir option to 'podman exec'
|
| | |
| | |
| | |
| | | |
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The --sig-proxy option in both 'podman attach' and 'podman run' default
to true, and there's no reason for 'podman start --attach' to be any
different. However, since it only makes sense to proxy signals when
the container is attached, 'podman start --sig-proxy' will continue to
error if --attach isn't used.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|\ \
| |/
|/| |
Rename libpod.Config back to ContainerConfig
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
During an earlier bugfix, we swapped all instances of
ContainerConfig to Config, which was meant to fix some data we
were returning from Inspect. This unfortunately also renamed a
libpod internal struct for container configs. Undo the rename
here.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Was reading the "env" argument twice instead of image.
Closes #2063
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \
| |/
|/| |
Add ability to build golang remote client
|