| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
We want to default to secure when running containers as root,
in rootless, we need to change the default if the system does not
support cgroup v1.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
get runtime for podman-remote push earlier
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to prevent client side panics, we should get the runtime earlier in the
process of push.
Fixes: #4013
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
rootless: report the correct error
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
do not shadow the err variable so that the correct error message can
be reported when utils.RunUnderSystemdScope fails.
Closes: https://github.com/containers/libpod/issues/4012
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Podman-remote run should wait for exit code
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have leaked the exit number codess all over the code, this patch
removes the numbers to constants.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Stop glob'ing on podman cp
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* symlink processing and wildcarding led to unexpected files
being copied
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |/ /
|/| | |
enhance podman network rm
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when removing a podman network, we need to make sure we delete the
network interface if one was ever created (by running a container).
also, when removing networks, we check if any containers are using the
network. if they are, we error out unless the user provides a 'force'
option which will remove the containers in question.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
fix podman sign signature store for rootless
|
| |
| |
| |
| |
| |
| | |
Store the the signature under graphroot when using rootless podman image sign.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
rootless: automatically create a systemd scope
|
| | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.
This solves a couple of issues:
on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user. This is not always true, e.g. when creating a session with su
-l.
Closes: https://github.com/containers/libpod/issues/3937
Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
| |
We should not be making it available, it does nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Support running containers without CGroups
|
| |
| |
| |
| |
| |
| |
| | |
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add explanation mounting named volumes for `podman run`
|
| | |
| | |
| | |
| | | |
Signed-off-by: xcffl <xcffl@outlook.com>
|
|\ \ \
| | | |
| | | | |
Add ability to look up volumes by unambiguous partial name
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This isn't included in Docker, but seems handy enough.
Use the new API for 'volume rm' and 'volume inspect'.
Fixes #3891
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |/ /
|/| | |
podman network create
|
| |/
| |
| |
| |
| |
| |
| | |
initial implementation of network create. we only support bridging
networks with this first pass.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
cli-flags: use a consistent format for <size><unit>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use a consistent format for description of the <size><unit> flags.
Also, avoid backticks for /dev/shm, as that's interpreted as the format
by the flag parsing lib.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
Pass down the cgroup manager to use to buildah.
Closes: https://github.com/containers/libpod/issues/3938
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
We have had some issues with users squashing large images or pulling large
content from github, that could trigger crashes based on the size of /tmp.
Docker had an issue with this back in 2016. https://github.com/golang/go/issues/14021
The discussion there was to change the default to /var/tmp.
This change will only effect systems that do not set the TMPDIR environment variable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
detect if the current user namespace doesn't match the configuration
in the /etc/subuid and /etc/subgid files.
If there is a mismatch, raise a warning and suggest the user to
recreate the user namespace with "system migrate", that also restarts
the containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
add --cert-dir image sign
|
| |
| |
| |
| |
| |
| |
| | |
Requirement from #2726
Add --cert-dir for `podman image sign`.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Improved error message
* Added documentation
* Updated messages to include missing data
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
generate systemd pod
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Support generating systemd unit files for a pod. Podman generates one
unit file for the pod including the PID file for the infra container's
conmon process and one unit file for each container (excluding the infra
container).
Note that this change implies refactorings in the `pkg/systemdgen` API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Drop the support for remote clients to generate systemd-service files.
The generated files are machine-dependent and hence relate only to the
a local machine. Furthermore, a proper service management when using
a remote-client is not possible as systemd has no access to a process.
Dropping the support will also reduce the risk of making users believe
that the generated services are usable in a remote scenario.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Need to include command name in error message
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
I hit this error and it told be to system migrate`
as opposed to `podman system migrate`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman-remote: cp crashes
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
prune unwanted messages when running a container remotely. also, cp is
not remote-enabled yet and as such should not be available on the remote
client.
Fixes: #3861
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the digestfile option to the push command so the digest can
be stored away in a file when requested by the user. Also have added
a debug statement to show the completion of the push.
Emulates Buildah's https://github.com/containers/buildah/pull/1799/files
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| | |
| | | |
Fix error message on podman stats on cgroups v1 rootless environments
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman stats does not work in rootless environments with cgroups V1.
Fix error message and document this fact.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Use GetRuntimeDir to setup auth.json for login
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously unimplemented. Works the same way the local one does, except its remote.
Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Change backend code for 'volume inspect'
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Begin to separate the internal structures and frontend for
inspect on volumes. We can't rely on keeping internal data
structures for external presentation - separating presentation
and internal data format is good practice.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Allow customizing pod hostname
|