| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Add a problem statement about shadow-utils and missing entries from
/etc/subuid and /etc/subgid.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Update image-trust man with further comments
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
After the last update, @mtrmac had some great suggestions which I've incorporated.
I've updated the G:oogle doc and have added this PR in case it's easier to see the diffs.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| |/
|/| |
Add documentation on running systemd on SELinux systems
|
| |
| |
| |
| |
| |
| |
| |
| | |
Lots of users are attempting to run systemd within a container. They are
being blocked from running SELinux systems since they need the
container_manage_cgroup which is not enabled by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
We are missing the equivalence of the docker system commands
This patch set adds `podman system prune`
and `podman system info`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Changes to container runlabel for toolbox project
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Touch up image-trust man
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
In #1899, @rhatdan asked me to try and tweak the verbiage
a bit in the podman-images-trust man page. I've done so,
or attempted to, and have also added a policy-json(5) link.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Rework the Podman Description. I'm starting off with the Podman man page
to build consensus and we can then add to other places as appropriate.
This partially addresses: #1636
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\ \
| | |
| | | |
Add support for short option -f in podman version
|
| |/
| |
| |
| |
| |
| | |
docker version supports a short options -f for --format
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add support for short option -s in podman inspect
|
| |/
| |
| |
| |
| |
| | |
docker inspect supports a short -s option for --size.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
| |
docker info supports a short -f option for --format.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
we now, by default, only prune dangling images. if --all is passed, we
prune dangling images AND images that do not have an associated containers.
also went ahead and enabled the podman-remote image prune side of things.
Fixes: #2192
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
|
|\
| |
| | |
remove sudo
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
just tested with podman 1.0.0 on fedora 29
we don't need sudo
I tried this again and it seems like we DO need sudo?
Maybe I misunderstood something
but looks like I am unable to reproduce getting an IP address
also it would be nice if creating a check point
(which I belive means writing to disk) could be done without root
but I guess it depends on where on disk I am writing?
in any case, here is my new console output
```console
[kus@asus-vivobook personal]$ cd libpod/
[kus@asus-vivobook libpod]$ git checkout patch-1
Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'.
Switched to a new branch 'patch-1'
[kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures
Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s
Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s
Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s
Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\"
"IPAddress": "",
[kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\"
[sudo] password for kus:
no such container
[kus@asus-vivobook libpod]$ podman logs --latest
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1
[Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations
[Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND'
[Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize
[kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND
default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND
default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND
default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND
[kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
checkpointing a container requires root
[kus@asus-vivobook libpod]$ podman stop --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman rm --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
```
original:
```console
[kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures
Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s
Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s
Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s
Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1
[kus@mcny ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage
[kus@mcny ~]$
```
Signed-off-by: Kushal <kushaldeveloper@gmail.com>
|
|/
|
|
|
|
| |
These pages are a litte out of data. Add missing content.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
I find these useful for playing around with containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
we can define multiple OCI runtimes that can be chosen with
--runtime.
in libpod.conf is possible to specify them with:
[runtimes]
foo = [
"/usr/bin/foo",
"/usr/sbin/foo",
]
bar = [
"/usr/bin/foo",
"/usr/sbin/foo",
]
If the argument to --runtime is an absolute path then it is used
directly without any lookup in the configuration.
Closes: https://github.com/containers/libpod/issues/1750
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
| |
Add completions
Fix man pages
fix code in sign to answer PR Comments.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Support podman image sign
|
| |
| |
| |
| |
| |
| | |
Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/).
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | |
| | |
| | | |
debarshiray/wip/debarshiray/man-page-order-long-short-options
List the long variant of each option before its shorter counterpart
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is the style followed in most of the other man pages.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's been a lot of discussion over in [1] about how to support the
NVIDIA folks and others who want to be able to create devices
(possibly after having loaded kernel modules) and bind userspace
libraries into the container. Currently that's happening in the
middle of runc's create-time mount handling before the container
pivots to its new root directory with runc's incorrectly-timed
prestart hook trigger [2]. With this commit, we extend hooks with a
'precreate' stage to allow trusted parties to manipulate the config
JSON before calling the runtime's 'create'.
I'm recycling the existing Hook schema from pkg/hooks for this,
because we'll want Timeout for reliability and When to avoid the
expense of fork/exec when a given hook does not need to make config
changes [3].
[1]: https://github.com/opencontainers/runc/pull/1811
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059
Signed-off-by: W. Trevor King <wking@tremily.us>
|
|\ \
| | |
| | | |
Add a --workdir option to 'podman exec'
|
| |/
| |
| |
| | |
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|/
|
|
|
|
|
|
|
|
| |
The --sig-proxy option in both 'podman attach' and 'podman run' default
to true, and there's no reason for 'podman start --attach' to be any
different. However, since it only makes sense to proxy signals when
the container is attached, 'podman start --sig-proxy' will continue to
error if --attach isn't used.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
| |
Users have no idea what storage configuration file is used to setup
storage, so adding this to podman info, should make it easier to
discover.
This requires a revendor of containers/storage
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonit
Fixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
A common failure with people building container images is the
creation of large sparse files, particularly useradd creating
the lastlog file.
This PR Documents the failures.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Allow multiple alias for listing containers and images.
Also fix documentation for umount and unmount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
This will more closely match what Docker is doing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Add Play
|
| |
| |
| |
| |
| |
| |
| | |
podman play kube adds the ability for the user to recreate pods and containers
from a Kubernetes YAML file in libpod.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
docs/tutorials: add a basic network config
|
| | |
| | |
| | |
| | | |
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
|
|\ \ \
| |_|/
|/| | |
Support podman image trust command
|
| | |
| | |
| | |
| | |
| | |
| | | |
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add information on --restart
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
We need to recommend that users use Systemd unit files if they want
the container to restart automatically.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
add getlogin command
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Returns user if user is logged-in to the registry. Returns error
if not logged in with non-zero status code.
Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
no longer require the service object be output to a different file; we should be
doing this inline with the pods for user convenience.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
add timeout to pod stop
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
|