| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Fix a bug in `podman-cp` to forbid copying directories to files.
Previously, the directory was copied to the parent directory of the file
which is wrong.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Much to my regret, there is a number of images in the wild with invalid
platforms breaking the platform checks in libimage that want to make
sure that a local image is matching the expected platform.
Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora
image. We really shouldn't use the local one in this case and pull down
the arm64 one.
The strict platform checks in libimage in combination with invalid
platforms in images surfaced in Podman being able to pull an image but
failing to look it up in subsequent presence checks. A `podman run`
would hence pull such an image but fail to create the container.
Support images with invalid platforms by vendoring the latest HEAD from
containers/common. Also remove the partially implemented pull-policy
logic from Podman and let libimage handle that entirely. However,
whenever --arch, --os or --platform are specified, the pull policy will
be forced to "newer". This way, we pessimistically assume that the
local image has an invalid platform and we reach out to the registry.
If there's a newer image (i.e., one with a different digest), we'll pull
it down.
Please note that most of the logic has either already been implemented
in libimage or been moved down which allows for removing some clutter
from Podman.
[NO TESTS NEEDED] since c/common has new tests. Podman can rely on the
existing tests.
Fixes: #10648
Fixes: #10682
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Image prune --filter is fully implemented in the api, http api
yet not connected with the cli execution. User trying to use
filters does not see the effect. This commit adds glue code to enable
possiblity of using --filter in prune in the cli execution.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- fix network filters
- add prune filters
- pod create --share support comma separated namespaces
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
image prune: remove unused images only with `--all`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Add support for cli network prune --filter flag
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Developers asked for a deterministic field to verify if podman is
running via API or linked directly to libpod library.
$ podman info --format '{{.Host.ServiceIsRemote}}'
false
$ podman-remote info --format '{{.Host.ServiceIsRemote}}'
true
$ podman --remote info --format '{{.Host.ServiceIsRemote}}'
true
* docs/conf.py formatted via black
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Add support for environment variable secrets
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
add restart-policy to container filters & --filter to podman start
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
Fixes docker-compose cannot set static ip when use ipam
|
| | | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |/ /
| |
| |
| |
| |
| | |
[NO TESTS NEEDED] This is just running codespell on podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add filepath glob support to --security-opt unmask
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman: set volatile storage flag for --rm containers
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
volatile containers are a storage optimization that disables *sync()
syscalls for the container rootfs.
If a container is created with --rm, then automatically set the
volatile storage flag as anyway the container won't persist after a
reboot or machine crash.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
add --mac-address to podman play kube
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
[NO TESTS NEEDED] Check if another VM is running on machine start
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Parse the slirp4netns network options when called via compat api. The
options must be extracted from the NetworkMode string.
Fixes #10110
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Add go template shell completion for --format
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The --format flags accepts go template strings. I use this often but I
consistently forget the field names. This commit adds a way to provide
shell completion for the --format flag. It works by automatically
receiving the field names with the reflect package from the given
struct. This requires almost no maintenance since this ensures that we
always use the correct field names. This also works for nested structs.
```
$ podman ps --format "{{.P"
{{.Pid}} {{.PIDNS}} {{.Pod}} {{.PodName}} {{.Ports}}
```
NOTE: This only works when you use quotes otherwise the shell does not
provide completions. Also this does not work for fish at the moment.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| |/
|/| |
Add '--group-add keep-groups': supplementary groups into container
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we have rootless users who want to leak their groups access
into containers, but this group access is only able to be pushed in by
a hard to find OCI Runtime annotation. This PR makes this option a lot
more visable and hides the complexity within the podman client.
This option is only really needed for local rootless users. It makes
no sense for remote clients, and probably makes little sense for
rootfull containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Add --noheading flag to all list commands
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we have only podman images list --noheading.
This PR Adds this option to volumes, containers, pods, networks,
machines, and secrets.
Fixes: https://github.com/containers/podman/issues/10065
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
| |
Currently podman-remote info does not show socket information.
Fixes: https://github.com/containers/podman/issues/10077
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add flag "--pidfile" for podman create/run
|
| | |
| |
| |
| | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| |\ \
| | |
| | | |
add --ip to podman play kube
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| |/
|/| |
Fix invalid expression in save command
|
| | |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If we're logging at trace level, use %+v instead of %v when printing an
error at exit. If the error included stack information, this will cause
the backtrace to be printed, which is very handy for debugging.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |/
|
|
|
|
|
| |
"trace" is a valid logrus debugging level, so we should be able to tell
the library to display messages logged at that level.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\
| |
| | |
Add support for play/generate kube PersistentVolumeClaims and Podman volumes
|
| | |
| |
| |
| | |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
