summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
...
* | Merge pull request #8669 from giuseppe/unmask-also-cover-ro-pathsOpenShift Merge Robot2020-12-09
|\ \ | | | | | | security: honor systempaths=unconfined for ro paths
| * | security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8661 from rhatdan/codespellOpenShift Merge Robot2020-12-09
|\ \ \ | |/ / |/| | Fix spelling mistakes
| * | Fix spelling mistakesDaniel J Walsh2020-12-09
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8599 from rhatdan/pruneOpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | Repeat system pruning until there is nothing removed
| * | | Repeat system pruning until there is nothing removedDaniel J Walsh2020-12-09
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / auto updates: document systemd unit and timerValentin Rothberg2020-12-09
|/ / | | | | | | | | Fixes: #8605 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ | | | | | | Add systempaths=unconfined option
| * | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ \ \ | | | | | | | | Implement pod-network-reload
| * | | Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ \ | |_|_|/ |/| | | generate kube on multiple containers
| * | | generate kube on multiple containersbaude2020-12-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* / | image sign using per user registries.dQi Wang2020-12-07
|/ / | | | | | | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ | | | | | | rewrite container copy
| * | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add containerenv information to /run/.containerenvDaniel J Walsh2020-12-03
|/ / | | | | | | | | | | | | | | | | | | | | | | | | We have been asked to leak some information into the container to indicate: * The name and id of the container * The version of podman used to launch the container * The image name and ID the container is based on. * Whether the container engine is running in rootless mode. Fixes: https://github.com/containers/podman/issues/6192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Correct which network commands can be run as rootlessPaul Holzinger2020-12-03
| | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8408 from umohnani8/sec-optOpenShift Merge Robot2020-12-03
|\ \ | |/ |/| Add mask and unmask option to --security-opt
| * Add mask and unmask option to --security-optUrvashi Mohnani2020-12-02
| | | | | | | | | | | | | | | | | | Add the mask and unmask option to the --security-opt flag to allow users to specify paths to mask and unmask in the container. If unmask=ALL, this will unmask all the paths we mask by default. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #8112 from QiWang19/load-optional-nameOpenShift Merge Robot2020-12-02
|\ \ | | | | | | Drop name argument from Load API
| * | Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | | | | | | | | | | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Add support for network idsPaul Holzinger2020-12-02
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network ID is not stored. It is just the sha256 hash from the network name. There is a risk of a potential hash collision. However it's very unlikely and even if we hit this it will complain that more than network with this ID exists. The main benefit is that the compat api can have proper network ID support. Also this adds the support for `podman network ls --format "{{.ID}}"` and `--filter id=<ID>`. It also ensures that we can do network rm <ID> and network inspect <ID>. Since we use a hash this commit is backwards compatible even for already existing networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add podman network create option for bridge vlanAnders F Björklund2020-12-01
| | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Add podman network create option for bridge mtuAnders F Björklund2020-12-01
| | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | Merge pull request #8488 from rhatdan/platformOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Add support for --platform
| * | Add support for --platformDaniel J Walsh2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For docker compatibility we need to support --platform flag. podman create --platform podman run --platform podman pull --platform Since we have --override-os and --override-arch already this can be done just by modifying the client to split the --platform call into os and arch and then pass those options to the server side. Fixes: https://github.com/containers/podman/issues/6244 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ \ | |_|/ |/| | podman network label support
| * | podman network label supportPaul Holzinger2020-11-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ | | | | | | Remove varlink support from podman
| * | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8519 from rhatdan/manOpenShift Merge Robot2020-12-01
|\ \ | | | | | | [CI:DOCS] Document volume mounts of source directories do NOT get created
| * | Document volume mounts of source directories do NOT get createdDaniel J Walsh2020-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We differ from Docker, in that we do not create the source directory in a --volume mount if it does not exists. We return an error. We do not believe that a `typo` from the user should cause a directory to be created and silently ignored by Podman. Fixes: https://github.com/containers/podman/issues/8513 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8475 from rhatdan/subscriptionsOpenShift Merge Robot2020-12-01
|\ \ \ | |/ / |/| | Switch from pkg/secrets to pkg/subscriptions
| * | Switch from pkg/secrets to pkg/subscriptionsDaniel J Walsh2020-11-26
| |/ | | | | | | | | | | | | | | The buildah/pkg/secrts package was move to containers/common/pkg/subscriptions. Switch to using this by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8517 from rhatdan/manOpenShift Merge Robot2020-11-30
|\ \ | | | | | | [CI:DOCS] Fix option names --subuidname and --subgidname
| * | Fix option names --subuidname and --subgidnameDaniel J Walsh2020-11-30
| | | | | | | | | | | | | | | | | | | | | | | | Options --subuid and --subgid does not exists Fixes: https://github.com/containers/podman/issues/8510 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fix extra quotation mark in manpages.Matthew Heon2020-11-30
| | | | | | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8465 from rhatdan/pullOpenShift Merge Robot2020-11-30
|\ \ \ | | | | | | | | Document docker transport is the only supported remote transport
| * | | Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8514 from Luap99/revert-8410-fix-multiple-networksOpenShift Merge Robot2020-11-30
|\ \ \ | |_|/ |/| | Revert "Allow multiple --network flags for podman run/create"
| * | Revert "Allow multiple --network flags for podman run/create"Luap992020-11-30
| |/ | | | | | | | | | | | | | | | | As described in issue #8507 this commit contains a breaking change which is not wanted in v2.2. We can discuss later if we want this in 3.0 or not. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * Merge pull request #8459 from QiWang19/doc-saveOpenShift Merge Robot2020-11-24
| |\ | | | | | | [CI:DOCS] fix misleading save/load usage
| | * [CI:DOCS] fix misleading save/load usageQi Wang2020-11-24
| | | | | | | | | | | | | | | | | | Fix the container archive description in podman save/load docs that may lead to misusing the save/load instead of import/export for containers. Signed-off-by: Qi Wang <qiwan@redhat.com>
| * | [tutorials:mac-win-client] Fix command ensuring sshd is enabledLucendio2020-11-24
| |/ | | | | | | | | | | `-s, --signal` requires a value and is probably not intended to be here Signed-off-by: Lucendio <dev@lucend.io>
| * Merge pull request #8446 from Luap99/podman-container-psOpenShift Merge Robot2020-11-23
| |\ | | | | | | Add podman container ps command
| | * Add podman container ps commandPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This command exists in docker and is also in our documentation. Also remove mentions of `podman ls` or `podman list`. These commands do not exists in podman or docker. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | clarify ps(1) fallback of `podman top`Valentin Rothberg2020-11-23
| |/ | | | | | | | | | | | | | | | | Podman top falls back to executing ps(1) inside the container in the presence of ps-specific flags. Clarify that a bit more to help users resolve issues when, for instance, ps(1) isn't installed in the container. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Merge pull request #8410 from Luap99/fix-multiple-networksOpenShift Merge Robot2020-11-21
| |\ | | | | | | Allow multiple --network flags for podman run/create
| | * Allow multiple --network flags for podman run/createPaul Holzinger2020-11-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We allow a container to be connected to several cni networks but only if they are listed comma sperated. This is not intuitive for users especially since the flag parsing allows multiple string flags but only would take the last value. see: spf13/pflag#72 Also get rid of the extra parsing logic for pods. The invalid options are already handled by `pkg/specgen`. A test is added to prevent a future regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>