summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* tutorials: describe how to use podman in updates-testingKen Dreyer2019-01-25
| | | | Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
* Merge pull request #2203 from 9034725985/patch-1OpenShift Merge Robot2019-01-23
|\ | | | | remove sudo
| * remove sudoKushal2019-01-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | just tested with podman 1.0.0 on fedora 29 we don't need sudo I tried this again and it seems like we DO need sudo? Maybe I misunderstood something but looks like I am unable to reproduce getting an IP address also it would be nice if creating a check point (which I belive means writing to disk) could be done without root but I guess it depends on where on disk I am writing? in any case, here is my new console output ```console [kus@asus-vivobook personal]$ cd libpod/ [kus@asus-vivobook libpod]$ git checkout patch-1 Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'. Switched to a new branch 'patch-1' [kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s Writing manifest to image destination Storing signatures 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\" "IPAddress": "", [kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\" [sudo] password for kus: no such container [kus@asus-vivobook libpod]$ podman logs --latest => sourcing 10-set-mpm.sh ... => sourcing 20-copy-config.sh ... => sourcing 40-ssl-certs.sh ... AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name [Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor [Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1 [Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations [Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND' [Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize [kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 USER PID PPID %CPU ELAPSED TTY TIME COMMAND default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND [kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 checkpointing a container requires root [kus@asus-vivobook libpod]$ podman stop --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman rm --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 ``` original: ```console [kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s Writing manifest to image destination Storing signatures d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1 [kus@mcny ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage [kus@mcny ~]$ ``` Signed-off-by: Kushal <kushaldeveloper@gmail.com>
* | Update transfer.md and commands.md to add missing commands.Daniel J Walsh2019-01-21
|/ | | | | | These pages are a litte out of data. Add missing content. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix up image sign and trustDaniel J Walsh2019-01-09
| | | | | | | | Add completions Fix man pages fix code in sign to answer PR Comments. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2103 from ↵OpenShift Merge Robot2019-01-09
|\ \ | | | | | | | | | | | | debarshiray/wip/debarshiray/man-page-order-long-short-options List the long variant of each option before its shorter counterpart
| * | List the long variant of each option before its shorter counterpartDebarshi Ray2019-01-09
| | | | | | | | | | | | | | | | | | This is the style followed in most of the other man pages. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | hooks: Add pre-create hooks for runtime-config manipulationW. Trevor King2019-01-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's been a lot of discussion over in [1] about how to support the NVIDIA folks and others who want to be able to create devices (possibly after having loaded kernel modules) and bind userspace libraries into the container. Currently that's happening in the middle of runc's create-time mount handling before the container pivots to its new root directory with runc's incorrectly-timed prestart hook trigger [2]. With this commit, we extend hooks with a 'precreate' stage to allow trusted parties to manipulate the config JSON before calling the runtime's 'create'. I'm recycling the existing Hook schema from pkg/hooks for this, because we'll want Timeout for reliability and When to avoid the expense of fork/exec when a given hook does not need to make config changes [3]. [1]: https://github.com/opencontainers/runc/pull/1811 [2]: https://github.com/opencontainers/runc/issues/1710 [3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059 Signed-off-by: W. Trevor King <wking@tremily.us>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| |/ | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* / Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Add the configuration file used to setup storage to podman infoDaniel J Walsh2019-01-07
| | | | | | | | | | Users have no idea what storage configuration file is used to setup storage, so adding this to podman info, should make it easier to discover. This requires a revendor of containers/storage Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add troubleshooting for sparse filesDaniel J Walsh2018-12-30
| | | | | | | | | | A common failure with people building container images is the creation of large sparse files, particularly useradd creating the lastlog file. This PR Documents the failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow alias for list, ls, ps to workDaniel J Walsh2018-12-23
| | | | | | | | Allow multiple alias for listing containers and images. Also fix documentation for umount and unmount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #1967 from baude/kubereplayOpenShift Merge Robot2018-12-20
|\ | | | | Add Play
| * Add Playbaude2018-12-19
| | | | | | | | | | | | | | podman play kube adds the ability for the user to recreate pods and containers from a Kubernetes YAML file in libpod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1900 from vbatts/cni-config-instructionsOpenShift Merge Robot2018-12-20
|\ \ | | | | | | docs/tutorials: add a basic network config
| * | docs/tutorials: add a basic network configVincent Batts2018-12-17
| | | | | | | | | | | | Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | | Merge pull request #1899 from QiWang19/trustimgOpenShift Merge Robot2018-12-19
|\ \ \ | |_|/ |/| | Support podman image trust command
| * | Support podman image trust commandQi Wang2018-12-19
| | | | | | | | | | | | | | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #2021 from rhatdan/restartOpenShift Merge Robot2018-12-18
|\ \ \ | | | | | | | | Add information on --restart
| * | | Add information on --restartDaniel J Walsh2018-12-18
| |/ / | | | | | | | | | | | | | | | | | | We need to recommend that users use Systemd unit files if they want the container to restart automatically. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1935 from deuscapturus/masterOpenShift Merge Robot2018-12-18
|\ \ \ | | | | | | | | add getlogin command
| * | | add --get-login command to podman-login.Theodore Cowan2018-12-17
| |/ / | | | | | | | | | | | | | | | | | | Returns user if user is logged-in to the registry. Returns error if not logged in with non-zero status code. Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
* / / generate service object inlinebaude2018-12-18
|/ / | | | | | | | | | | | | no longer require the service object be output to a different file; we should be doing this inline with the pods for user convenience. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1953 from baude/podstoptimeoutOpenShift Merge Robot2018-12-07
|\ \ | | | | | | add timeout to pod stop
| * | add timeout to pod stopbaude2018-12-07
| | | | | | | | | | | | | | | | | | | | | | | | like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #1928 from baude/podtokubeOpenShift Merge Robot2018-12-07
|\ \ \ | |/ / |/| | generate kube
| * | generate kubebaude2018-12-04
| | | | | | | | | | | | | | | | | | | | | add the ability to generate kubernetes pod and service yaml representations of libpod containers and pods. Signed-off-by: baude <bbaude@redhat.com>
* | | Minimally update for the DockerInsecureSkipTLSVerify type changeMiloslav Trmač2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | Merge pull request #1904 from umohnani8/volumeOpenShift Merge Robot2018-12-06
|\ \ \ | | | | | | | | Add "podman volume" command
| * | | Add "podman volume" commandumohnani82018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>
* | | | Merge pull request #1912 from baude/pruneOpenShift Merge Robot2018-12-06
|\ \ \ \ | | | | | | | | | | Add ability to prune containers and images
| * | | | Add ability to prune containers and imagesbaude2018-12-05
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow user to prune unused/unnamed images, the layer images from building, via podman rmi --prune. Allow user to prune stopped/exiuted containers via podman rm --prune. This should resolve #1910 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #1887 from mheon/rm_syncOpenShift Merge Robot2018-12-06
|\ \ \ \ | | | | | | | | | | Add --sync option to podman rm
| * | | | Remove --sync flag from `podman rm`Matthew Heon2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per discussion with Dan, it would be better to automatically handle potential runtime errors by automatically syncing if they occur. Retaining the flag for `ps` makes sense, as we won't even be calling the OCI runtime and as such won't see errors if the state desyncs, but rm can be handled automatically. The automatic desync handling code will take some additional work so we'll land this as-is (sync on ps is enough to solve most desync issues). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Add --sync flag to podman psMatthew Heon2018-12-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous commit added support for --sync to podman rm to ensure state inconsistencies would not prevent containers from being removed. Add the flag to podman ps as well, so that all containers can be forcibly synced and all state inconsistencies resolved. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Add --sync option to podman rmMatthew Heon2018-12-06
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the changes made recently to ensure Podman does not hit the OCI runtime as often to sync state, we can find ourselves in a situation where the runtime's state does not match ours. Add a --sync flag to podman rm to ensure we can still remove containers when this happens. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / / / tutorial: add ostree dependencyGiuseppe Scrivano2018-12-06
|/ / / | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ \ \ | | | | | | | | libpod/container_internal: Deprecate implicit hook directories
| * | | libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | | | create pod on the flybaude2018-12-03
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* | | podman pod existsbaude2018-12-03
|/ / | | | | | | | | | | | | | | | | like containers and images, users would benefit from being able to check if a pod exists in local storage. if the pod exists, the return code is 0. if the pod does not exists, the return code is 1. Any other return code indicates a real errors, such as permissions or runtime. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1317 from rhatdan/privilegedOpenShift Merge Robot2018-11-30
|\ \ | | | | | | Disable mount options when running --privileged