| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
add support to override the user namespace to use for the pod.
Closes: https://github.com/containers/podman/issues/7504
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
| |
Disable `build --output` for remote clients and update docs.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\
| |
| | |
Vendor in containers/buildah@v1.26.1
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Update rootless_tutorial.md
|
| |/
| |
| |
| |
| |
| |
| | |
The links to the installation instructions and build instructions seem to
be outdated, so this PR updates them.
Signed-off-by: Deyao Chen <chendeyao000@gmail.com>
|
|/
|
|
|
|
|
|
| |
The `usermod` calls in rootless_tutorial.md were only adding a very narrow range
for subuids and subgids, which will cause failures with containers where a file
is owned by a user or group with a uid/gid > 1001.
Signed-off-by: Dan Čermák <dcermak@suse.com>
|
|\
| |
| | |
podman system reset removed machines incorrectly
|
| |
| |
| |
| |
| |
| |
| | |
podman system reset did not clean up machines fully, leaving some config
files, and breaking machines. Now it removes all machines files fully.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In support of podman machine and its counterpart desktop, we have added
new stats to podman info.
For storage, we have added GraphRootAllocated and GraphRootUsed in
bytes.
For CPUs, we have added user, system, and idle percents based on
/proc/stat.
Fixes: #13876
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the notion of an "exit policy" to a pod. This policy controls the
behaviour when the last container of pod exits. Initially, there are
two policies:
- "continue" : the pod continues running. This is the default policy
when creating a pod.
- "stop" : stop the pod when the last container exits. This is the
default behaviour for `play kube`.
In order to implement the deferred stop of a pod, add a worker queue to
the libpod runtime. The queue will pick up work items and in this case
helps resolve dead locks that would otherwise occur if we attempted to
stop a pod during container cleanup.
Note that the default restart policy of `play kube` is "Always". Hence,
in order to really solve #13464, the YAML files must set a custom
restart policy; the tests use "OnFailure".
Fixes: #13464
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\
| |
| | |
volume: add new option -o o=noquota
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add a new option to completely disable xfs quota usage for a volume.
xfs quota set on a volume, even just for tracking disk usage, can
cause weird errors if the volume is later re-used by a container with
a different quota projid. More specifically, link(2) and rename(2)
might fail with EXDEV if the source file has a projid that is
different from the parent directory.
To prevent such kind of issues, the volume should be created
beforehand with `podman volume create -o o=noquota $ID`
Closes: https://github.com/containers/podman/issues/14049
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Truncate by default to avoid long descriptions from rendering the output
unreadable.
[NO NEW TESTS NEEDED]
Fixes: #14044
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
Add CreatedSince & CreatedAt format fields to podman image history
|
| |/
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/14012
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Allow podman machine set to change CPUs, Memory and Disk size of a QEMU machine after its been created.
Disk size can only be increased.
If one setting fails to be changed, the other settings will still be applied.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\
| |
| | |
Rootfull -> Rootful
|
| |
| |
| |
| |
| |
| |
| |
| | |
Some docs say roofull. Change to rootful.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|/
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/13860
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
use etchosts package from c/common
|
| |
| |
| |
| |
| |
| |
| |
| | |
Update the documentation for /etc/hosts options --add-host and
--no-hosts. Also make sure that all references use the same text for
consistency.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Add support for --userns=nomap
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Switch all rootful to rootfull
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Run codespell on code
|
| |/
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
podman container clone -f
|
| |
| |
| |
| |
| |
| |
| |
| | |
add the option -f to force remove the parent container if --destory is specified
resolves #13917
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \
| | |
| | | |
Add support for checkpoint image
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an enhancement proposal for the checkpoint / restore feature of
Podman that enables container migration across multiple systems with
standard image distribution infrastructure.
A new option `--create-image <image>` has been added to the
`podman container checkpoint` command. This option tells Podman to
create a container image. This is a standard image with a single layer,
tar archive, that that contains all checkpoint files. This is similar to
the current approach with checkpoint `--export`/`--import`.
This image can be pushed to a container registry and pulled on a
different system. It can also be exported locally with `podman image
save` and inspected with `podman inspect`. Inspecting the image would
display additional information about the host and the versions of
Podman, criu, crun/runc, kernel, etc.
`podman container restore` has also been extended to support image
name or ID as input.
Suggested-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
|/
|
|
|
|
|
| |
Document the *missing* pull policy in `podman build`.
Fixes: #13864
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have ipv6 enabled as default via the containers.conf setting.
However the documentation did not reflect this. Also if no options were
set in contianers.conf it would have ipv6 disabled.
We can now remove the extra option from containers.conf.
Also fix another outdated option description for host.containers.internal
and add that the options can also be set in contianers.conf.
[NO NEW TESTS NEEDED]
Fixes #13914
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Add missing events to podman-events man page
|
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Fix selinux docs for kubernetes yaml
|
| |
| |
| |
| | |
Signed-off-by: Federico Rizzo <fulminemizzega@users.noreply.github.com>
|
| |
| |
| |
| | |
Signed-off-by: Federico Rizzo <fulminemizzega@users.noreply.github.com>
|
|\ \
| | |
| | | |
Add --quiet to machine ls
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The podman machine ls command would benefit from a --quiet flag which
would only print the machine names without the extra information. It
also implies --noheader as well. This can be helpful for scripting with
the podman cli.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Add support for ipc namespace modes "none, private, sharable"
|
| |
| |
| |
| |
| |
| | |
Fixes: #13265
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Mount $HOME:$HOME by default in podman machine init
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
containers.conf now has a default volumes field for podman machine.
this pr inserts those values as the default volumes in init.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix Memory Swappiness passing in Container Clone
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`DefineCreateFlags` was excluding clone from using the memory-swappiness flag leading the value to be zero
when our deafult is -1. Rearrange the if/else to give clone these memory related options
resolves #13856
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \ \
| |_|/
|/| | |
run, create: add --passwd-entry
|