summaryrefslogtreecommitdiff
path: root/docs/source/markdown
Commit message (Collapse)AuthorAge
* podman machine: make 9p security model configurable; adjust docsCorey Hickey2022-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This addresses: Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784 This change does NOT exactly fix the bug, but it does allow the user to work around it via 'podman init' option, e.g.: podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none" If the default security model were to be changed to 'none', then that would fix the bug, at the possible cost of breaking any use cases that depend on 'mapped-xattr'. The documentation of the purpose and behavior of the different security models seems to be rather light: https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly From testing, it appears that the mapped-xattr security model intends to manage symlinks such that the guest can see the symlinks but the host only sees regular files (with extended attributes). As far as I can tell, this behavior only makes sense when the guest is the only thing that ever needs to create and read symlinks. Otherwise, symlinks created on the host are unusable on the guest, and vice versa. As per the original commit: 8e7eeaa4dd14621bda15e396fcd7b9187bc500c5 [NO NEW TESTS NEEDED] Also document existing ro and rw options. Also remove misleading statement about /mnt. By my observation, this line is incorrect. If the intended meaning is different, then I don't understand. The default volume is mounted read/write and is not within /mnt. [core@localhost ~]$ mount | grep 9p vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio) Signed-off-by: Corey Hickey <chickey@tagged.com>
* Merge pull request #14788 from vrothberg/rename-templateopenshift-ci[bot]2022-07-01
|\ | | | | podman-play-kube template: rename to podman-kube
| * docs: mention the podman-kube templateValentin Rothberg2022-06-30
| | | | | | | | | | | | Mention the template in the docs for play-kube and generate-systemd. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14449 from cdoern/podVolumesopenshift-ci[bot]2022-07-01
|\ \ | |/ |/| podman volume create --opt=o=timeout...
| * podman volume create --opt=o=timeout...cdoern2022-06-09
| | | | | | | | | | | | | | add an option to configure the driver timeout when creating a volume. The default is 5 seconds but this value is too small for some custom drivers. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #14706 from ashley-cui/rootmachopenshift-ci[bot]2022-06-29
|\ \ | | | | | | Only allow Rootless runs of Podman Machine
| * | Only allow Rootless runs of Podman MachineAshley Cui2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #14734 from giuseppe/copyup-switch-orderopenshift-ci[bot]2022-06-28
|\ \ \ | | | | | | | | volume: add two new options copy and nocopy
| * | | volume: new options [no]copyGiuseppe Scrivano2022-06-27
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add two new options to the volume create command: copy and nocopy. When nocopy is specified, the files from the container image are not copied up to the volume. Closes: https://github.com/containers/podman/issues/14722 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / add podman volume reload to sync volume pluginsPaul Holzinger2022-06-23
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod requires that all volumes are stored in the libpod db. Because volume plugins can be created outside of podman, it will not show all available plugins. This podman volume reload command allows users to sync the libpod db with their external volume plugins. All new volumes from the plugin are also created in the libpod db and when a volume from the db no longer exists it will be removed if possible. There are some problems: - naming conflicts, in this case we only use the first volume we found. This is not deterministic. - race conditions, we have no control over the volume plugins. It is possible that the volumes changed while we run this command. Fixes #14207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | | | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | Merge pull request #14643 from clobrano/feature/network/list/dangling/devopenshift-ci[bot]2022-06-21
|\ \ | | | | | | allow filter networks by dangling status
| * | allow filter networks by dangling statusCarlo Lobrano2022-06-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to filter networks by their dangling status via: `network ls --filter dangling=true/false` Fixes: #14595 Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
* | | Merge pull request #14625 from cdoern/podShmopenshift-ci[bot]2022-06-21
|\ \ \ | | | | | | | | podman pod create --shm-size
| * | | podman pod create --shm-sizecdoern2022-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | expose the --shm-size flag to podman pod create and add proper handling and inheritance for the option. resolves #14609 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #14556 from sstosh/system-prune-networkopenshift-ci[bot]2022-06-20
|\ \ \ \ | | | | | | | | | | podman system prune support prune unused networks
| * | | | podman system prune support prune unused networksToshiki Sonoda2022-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement for the podman system prune feature. In this issue, it is mentioned that 'network prune' should be wired into 'podman system prune' https://github.com/containers/podman/issues/8673 Therefore, I add the function to remove unused networks. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | | [CI:DOCS] Rewrite --env docsErik Sjölund2022-06-19
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add docs about trailing * functionality in podman-exec.1.md * Rewrite --env description in podman-create.1.md and podman-run.1.md * Rewrite the --env examples in podman-create.1.md and podman-run.1.md Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #14299 from cdoern/podCloneopenshift-ci[bot]2022-06-16
|\ \ \ \ | | | | | | | | | | implement podman pod clone
| * | | | podman pod clonecdoern2022-06-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement podman pod clone, a command to create an exact copy of a pod while changing certain config elements current supported flags are: --name change the pod name --destroy remove the original pod --start run the new pod on creation and all infra-container related flags from podman pod create (namespaces etc) resolves #12843 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Make it clear the REST API could be a security issueMatthew Heon2022-06-16
| |_|/ |/| | | | | | | | | | | | | | | | | | | | The manpage for `podman system service` should mention that this is not safe for external consumption unless you are comfortable giving anyone who accesses it full root on the system. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #14560 from rhatdan/remoteOpenShift Merge Robot2022-06-13
|\ \ \ | |_|/ |/| | podman-remote push --remove-signatures support
| * | podman-remote push --remove-signatures supportDaniel J Walsh2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | I don't see a reason why we don't support --remove-signatures from remote push, so adding support. Fixes: https://github.com/containers/podman/issues/14558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | vendor buildah@mainValentin Rothberg2022-06-10
|/ / | | | | | | | | | | | | Note that the bud-logfile-with-split-logfile-by-platform test is skipped on the remote client (see #14544). Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14405 from rhatdan/docsOpenShift Merge Robot2022-06-09
|\ \ | |/ |/| [CI:DOCS] Mount propagation works with named volumes
| * Mount propagation works with named volumesDaniel J Walsh2022-05-28
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13939 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | --userns=keep-id,nomap are not allowed in rootful modeDaniel J Walsh2022-06-08
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #14453 from ↵OpenShift Merge Robot2022-06-06
|\ \ | | | | | | | | | | | | flouthoc/support-additional-build-context-on-remote remote: enable support for additional `--build-context` on macOS and remote
| * | tests: buildah-bud fix reason for skipAditya R2022-06-03
| | | | | | | | | | | | Signed-off-by: Aditya R <arajan@redhat.com>
| * | podman-remote: enable support for additional build-context on macOS, remoteAditya R2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | Feature of additional build context added here https://github.com/containers/buildah/pull/3978 already exists on `podman` following PR just enables this feature of `podman-remote` and `podman on macOS` setups. Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #14460 from cipherboy/align-docker-podman-load-outputOpenShift Merge Robot2022-06-02
|\ \ \ | | | | | | | | Align docker load and podman load output
| * | | Update test output expectationAlexander Scheel2022-06-02
| | | | | | | | | | | | | | | | Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* | | | changed megabyte to mebibyteKarthik Elango2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In podman run --help, the message said megabyte, gigabyte, etc. In reality podman takes mebibytes, gibibytes, etc. [CI:DOCS] Signed-off-by: Karthik Elango <kelango@redhat.com>
* | | | Merge pull request #14451 from PhrozenByte/bugfix/docs-publishOpenShift Merge Robot2022-06-02
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Document protocol usage for --publish
| * | | | Document protocol usage for --publishDaniel Rudolf2022-06-02
| | |/ / | |/| | | | | | | | | | | | | | | | | | This also unifies the documentation of `--publish` for `podman create`, `podman run`, and `podman pod create`. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | | | Merge pull request #14417 from Luap99/machine-sshOpenShift Merge Robot2022-06-02
|\ \ \ \ | |/ / / |/| | | podman machine ssh: set correct exit code
| * | | podman machine ssh: set correct exit codePaul Holzinger2022-05-30
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Forward the ssh exit code to the podman caller. This is useful for scripts. Use the same logic as podman unshare. Fixes #14401 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / | podman volume export/import: give better errorPaul Holzinger2022-05-30
|/ / | | | | | | | | | | | | | | | | When the volume does not exist we should output an error stating so and not some generic one. Fixes #14411 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | vendor: bump buildah to v1.26.1-0.20220524184833-5500333c2e06Aditya R2022-05-26
| | | | | | | | | | | | Bump buildah to v1.26.1-0.20220524184833-5500333c2e06 Signed-off-by: Aditya R <arajan@redhat.com>
* | First batch of resolutions to FIXMEsMatthew Heon2022-05-25
| | | | | | | | | | | | | | | | | | Most of these are no longer relevant, just drop the comments. Most notable change: allow `podman kill` on paused containers. Works just fine when I test it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #14333 from rhatdan/podOpenShift Merge Robot2022-05-25
|\ \ | | | | | | Allow podman pod create --share +pid
| * | Allow podman pod create --share +pidDaniel J Walsh2022-05-24
| |/ | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13422 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Allow podman pod create to accept name argumentDaniel J Walsh2022-05-24
|/ | | | | | | | | | | | | I am constantly attempting to add the podname to the last argument to podman pod create. Allowing this makes it match podman volume create and podman network create. It does not match podman container create, since podman container create arguments specify the arguments to run with the container. Still need to support the --name option for backwards compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix typoCosmin Tupangiu2022-05-23
| | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* Update _play kube_ doc following PR #14266 mergedCosmin Tupangiu2022-05-23
| | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* fix --init with /dev bind mountValentin Rothberg2022-05-23
| | | | | | | | | | The init binary until now has been bind-mounted to /dev/init which breaks when bind-mounting to /dev. Instead mount the init to /run/podman-init. The reasoning for using /run is that it is already used for other runtime data such as secrets. Fixes: #14251 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* [CI:DOCS] man pages: fix inconsistenciesEd Santiago2022-05-11
| | | | | | | | As part of work done in #14046, fix bugs found in man pages, basically just moving a few descriptions to the right place and removing some undesired asterisks. Signed-off-by: Ed Santiago <santiago@redhat.com>
* kube: add support for --userns=Giuseppe Scrivano2022-05-10
| | | | | | | | add support to override the user namespace to use for the pod. Closes: https://github.com/containers/podman/issues/7504 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* build: disable --output for podman-remote clientsAditya R2022-05-05
| | | | | | | | | Disable `build --output` for remote clients and update docs. [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>