| Commit message (Collapse) | Author | Age |
|\
| |
| | |
policy for seccomp-profile selection
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
clarify cont
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the --force parameter should only be used for the CLI and should only
dictate whether to prompt the user for confirmation.
Fixes: #4844
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add codespell to validate spelling mistakes in code.
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fix all errors found by codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add history names to image inspect data
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
During writing the tests I found it would be probably useful to have the
tag history part of the inspect data.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \
| | | | |
| | | | | |
docs: --privileged docs completeness, consistency
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
As discussed in https://github.com/containers/libpod/issues/4840
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
|\ \ \ \
| |/ / /
|/| | | |
podman-generate-systemd --new
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a --new flag to podman-generate-systemd to create a new container
via podman-run instead of starting an existing container.
Creating a new container presents the challenge to find a reverse
mapping from a container to the CLI flags it can be created with. We
are doing this via `(Container).Config.CreateCommand` field, which
includes a copy of the process' command from procFS at creating time.
This field may not be useful when the container was not created via the
Podman CLI (e.g., via a Python script). Hence, we do not guarantee the
correctness of the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
support a custom tag to add to each log for the container.
It is currently supported only by the journald backend.
Closes: https://github.com/containers/libpod/issues/3653
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Podman now supports untagging images via the `untag` sub-command for the
root and `image` commands. Testing and documentation has been added as
well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
play kube: make seccomp handling better conform to k8s
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add flag --seccomp-profile-root in play kube to allow users to specify where to look for seccomp profiles
update tests
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Two man pages had incorrect references to a nonexistent
policy.conf(5) or policy-conf(5) [dot vs dash]. Fix them.
Also checked for other broken references via:
$ for i in registries.conf storage.conf policy.json ; do grep -R $i.5 docs/source | grep -v containers-$i;done
(No further results found. That's not a guarantee that there
aren't other broken links though).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the use of "*" in tables is causing go-md2man
to screw up the format of the man page.
This PR removes the "*" since it is not really necessary.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
docs: add workaround for --device with rootless containers
|
| |/
| |
| |
| |
| |
| | |
Fixes #4477
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\ \
| |/
|/| |
podman: mirror information
|
| |
| |
| |
| |
| |
| |
| | |
Updates the command output example to show information about registries
and their mirrors
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|
|\ \
| | |
| | | |
allow exec to read files of environment variables
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
we want the ability to define environment variables in files for the
exec command.
Fixes: #1782408
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
c/psgo added a new `stime` descriptor. Mention that in the man page and
refer to podman-top(1) in podman-pod-top(1) to avoid redundancy.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
macvlan networks
|
| |
| |
| |
| |
| |
| | |
add the ability to a macvlan network with podman network create.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
container prune command fixed as per docker prune command
|
| | |
| | |
| | |
| | |
| | |
| | | |
examples with filter added
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the user specifies .Server.* on a non podman-remote,
substitute .Client for .Server and return the value.
This is for compatability with Docker.
Since prior versions documented --format {{ .Version }}, we
have to continue to support that.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
This command will destroy all data created via podman.
It will remove containers, images, volumes, pods.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add support for image name history
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We leverage the containers/storage image history tracking feature to
show the previously used image names when running:
`podman images --history`
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \
| | | |
| | | | |
Remove containers when pod prune & pod rm.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This path allows pod prune & pod rm to remove stopped containers in the pod before deleting the pod.
PrunePods and RemovePod should be able to remove containers without force removal of stopped pods.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Add missing information to podman.1 man page
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add missing options.
Define the use of the TMPDIR environment variable for the storing of container images
when they are being pulled to the system.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
|/| |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add an --ignore flag to podman rm and stop. When specified, Podman will
ignore "no such {container,pod}" errors that occur when a specified
container/pod is not present in the store (anymore). The motivation
behind adding this flag is to write more robust systemd services using
Podman. A user might have manually decided to remove a container/pod
which would lead to a failure during the `ExecStop` directive of a
systemd service referencing that container/pod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
image prune command fixed as per docker image prune.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
examples of image prune with filter and
until options added
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a --cidfile flag to podman rm/stop to pass a container ID via a
file. Podman run already provides the functionaly to store the ID
in a specified file which we now complete with rm/stop. This allows
for a better life-cycle management in systemd services. Note that
--cdifile can be specified multiple times to rm/stop.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Bump to Buildah v1.11.5
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bump to Buildah v1.11.5. Most notably changes to the
podman build `--pull` functionality. `--pull=true` and `--pull=false` now
work as Docker does, `--pull-never` added to supply the functionality
of the old `--pull=false`.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
|
|\ \
| |/
|/| |
docs: Update "podman container rm -v" description
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In commit 52df1fa (Fix volume handling in podman) was implemented the
--volume option for podman remove. However, its behaviour changed after
83db80c (Only remove image volumes when removing containers).
This commit updates the description of this option to reflect the new
behaviour.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
|
|\ \
| | |
| | | |
mount: add new options nocopyup|copyup for tmpfs
|
| | |
| | |
| | |
| | |
| | |
| | | |
add a way to disable tmpcopyup for tmpfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman: add support for specifying MAC
|