| Commit message (Collapse) | Author | Age |
|\
| |
| | |
podman: support --mount type=devpts
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow to create a devpts mount.
This is useful for containers that bind mount /dev/ from the host but
at the same time want to create a terminal.
It can be used as:
podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ...
Closes: https://github.com/containers/podman/issues/6804
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker and CNI have very different ideas of what 0.0.0.0 means.
Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4
address on the host. CNI (and, thus, root Podman) take it to mean
the literal IP 0.0.0.0. Instead, CNI interprets the empty string
("") as "bind to all IPs".
We could ask CNI to change, but given this is established
behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and
turn it into "" when we parse ports.
Fixes #7014
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
`/usr/lib/systemd/system` should only be used by the package manager
administrators should use: `/etc/systemd/system` or
`/usr/local/lib/systemd/system`
see: man systemd.unit
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Add podman image mount
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are many use cases where you want to just mount an image
without creating a container on it. For example you might want
to just examine the content in an image after you pull it for
security analysys. Or you might want to just use the executables
on the image without running it in a container.
The image is mounted readonly since we do not want people changing
images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests for #7094, in which symlinks in a volume would
cause chown errors and nonrunnable containers.
Tests for environment variable precedence, now
include --env-host and proxy settings
Fix a bug caught by covscan in helpers.t ('source'
path would fail if path included spaces).
Fix podman-run man page: it was incorrect in stating
precedence between in-image environment and --env-host.
Fixes: #7099
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
Switch all references to github.com/containers/libpod -> podman
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
update configuration for rootless podman
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I updated the configuration part of the tutorial on rootless podman. I added the
order in which configuration files are read in and a hint, how users can create
default configuration in the home directories.
Closes #6777
Signed-off-by: Niklas Netter <niknett@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Cleanup handling of podman mount/unmount
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We should default to the user name unmount rather then the internal
name of umount.
Also User namespace was not being handled correctly. We want to inform
the user that if they do a mount when in rootless mode that they have
to be first in the podman unshare state.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
| |
Signed-off-by: Bence Mélykúti <bence.melykuti@gmail.com>
|
|\
| |
| | |
Refactor podman system connection
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add support to manage multiple connections
* Add connection
* Remove connection
* Rename connection
* Set connection as default
* Add markdown/man pages
* Fix recursion in hack/xref-helpmsgs-manpages
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Improve Docs for `podman system reset`
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Jeffrey Konowitch <jeff.konowitch@onepeloton.com>
Update podman-system-reset.1.md
Signed-off-by: Jeffrey Konowitch <jeff.konowitch@onepeloton.com>
PR feedback
Signed-off-by: Jeffrey Konowitch <jeff.konowitch@onepeloton.com>
remove errant punctuation
Signed-off-by: Jeffrey Konowitch <jeff.konowitch@onepeloton.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
- Added a space between 'containers' and 'this' in the opening paragraph
- comming -> coming
- 'looking our' -> 'looking at our'
Signed-off-by: Luke Mitchell <luke@lpmitchell.com>
|
|\ \
| | |
| | | |
Add --umask flag for create, run
|
| |/
| |
| |
| |
| |
| |
| |
| | |
--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
Add noop function disable-content-trust
|
| |/
| |
| |
| |
| |
| |
| |
| | |
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
docs: Fix formatting mistake
|
| |
| |
| |
| | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
Part of this section was a code block, and part of it was absorbed into
the preceding normal paragraph.
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Add support -v for overlay volume mounts in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\
| |
| | |
allow switching of port-forward approaches in rootless/using slirp4netns
|
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies.
For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|/
|
|
|
|
|
|
| |
When running "podman pod create --share user" the errors appears:
Error: User sharing functionality not supported on pod level
Fix docs and remove 'user' from shareable parameters.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
|
|
|
|
|
| |
This also pulls in latest runc and containers/common
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--sdnotify container|conmon|ignore
With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI
runtime doesn't pass it into the container. We also advertise "ready" when the
OCI runtime finishes to advertise the service as ready.
With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI
runtime passes it into the container for initialization, and let the container advertise further metadata.
This is the default, which is closest to the behavior podman has done in the past.
The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor
any child processes will talk to systemd.
This removes the need for hardcoded CID and PID files in the command line, and
the PIDFile directive, as the pid is advertised directly through sd-notify.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
|
|\
| |
| | |
Add --tz flag to create, run
|
| |
| |
| |
| |
| |
| |
| | |
--tz flag sets timezone inside container
Can be set to IANA timezone as well as `local` to match host machine
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
Set engine env from common config
|
| |/
| |
| |
| |
| |
| |
| | |
Set the env that is used by Podman.
related issue containers/common#31
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Clarify in the help message and the man page that auto updates only work
with systemd units that are similar to the ones from `generate systemd
--new`. Units that merely start/stop a container do not work as they
will use the same image.
Fixes: #6793
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
docs: recommend alternatives to podman inspect
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman inspect is problematic because there can be naming clashes. Also,
it only inspects a couple of types of objects and the docs for it didn't
help discover that several more types could be inspected as well.
To address both concerns, we deprecate `podman inspect` and update the
docs to point to to the recommend alternatives.
Issue: #6756
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
|/
|
|
|
|
|
|
| |
This makes it clear that we target compatibility with a specific
Docker version (v1.40), but do not reject other versions. It also
adds a link to documentation on the Podman-specific API.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Allow empty host port in --publish flag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes #6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
podman: add new cgroup mode split
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functionality in hack/man-page-checker: start cross-
referencing the man page 'Synopsis' line against the
output of 'podman foo --help'. This is part 1, flag/option
consistency. Part 2 (arg consistency) is too big and will
have to wait for later.
flag/option consistency means: if 'podman foo --help'
includes the string '[flags]' in the Usage message,
make sure the man page includes '[*options*]' in its
Synopsis line, and vice-versa. This found several
inconsistencies, which I've fixed.
While doing this I realized that Cobra automatically
includes a 'Flags:' subsection in its --help output
for all subcommands that have defined flags. This
is great - it lets us cross-check against the
usage synopsis, and make sure that '[flags]' is
present or absent as needed, without fear of
human screwups. If a flag-less subcommand ever
gets extended with flags, but the developer forgets
to add '[flags]' and remove DisableFlagsInUseLine,
we now have a test that will catch that. (This,
too, caught two instances which I fixed).
I don't actually know if the new man-page-checker
functionality will work in CI: I vaguely recall that
it might run before 'make podman' does; and also
vaguely recall that some steps were taken to remedy
that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|