| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the --userns flag to podman pod create and keep
track of the userns setting that pod was created with
so that all containers created within the pod will inherit
that userns setting.
Specifically we need to be able to launch a pod with
--userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\
| |
| | |
auto-update: simple rollback
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for simple rollbacks during `podman auto-update`. Rollbacks
are enabled by default. If a systemd unit cannot be restarted after an
update, the previous image will be retagged and the unit will be
restarted a second time.
Add system tests for rollbacks. Also fix a bug in the restart sequence;
we have to use the channel to actually know whether the restart was
successful or not.
NOTE: To make rollbacks really useful, users must run their containers
with `--sdnotify=container` such that the containers send the ready
message over the (mounted) socket. This way, restarting the systemd
units during auto update will block until the message has been received
(or a timeout kicked in).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Execution domains tell Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries
compiled under other UNIX-like operating systems.
Reference: https://man7.org/linux/man-pages/man2/personality.2.html
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \
| |/
|/| |
implement init containers in podman
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this is the first pass at implementing init containers for podman pods.
init containersare made popular by k8s as a way to run setup for pods
before the pods standard containers run.
unlike k8s, we support two styles of init containers: always and
oneshot. always means the container stays in the pod and starts
whenever a pod is started. this does not apply to pods restarting.
oneshot means the container runs onetime when the pod starts and then is
removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Support size options on builtin volumes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED] Since it is difficult to setup xfs quota
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
stats: add a interval parameter to cli and api stats streaming
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman stats polled by default in a 1 sec period.
This can put quite some load on a machine if you run many containers.
The default value is now 5 seconds.
You can change this interval with a new, optional, --interval, -i cli flag.
The api request got also a interval query parameter for the same purpose.
Additionally a unused const was removed.
Api and cli will fail the request if a 0 or negative value is passed in.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix rootless port forwarding with network dis-/connect
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]
To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.
Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().
Fixes #10052
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
s/Loaded images(s)/Loaded image(s)/
[NO TESTS NEEDED] (I think we should test the output at some point)
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Created image scp feature
|
| |/
| |
| |
| |
| |
| |
| |
| | |
added functionality for image secure copying from local to remote.
Also moved system connection add code around a bit so functions within that file
can be used by scp.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Update podman-cp manpage
|
| | |
| | |
| | |
| | | |
Signed-off-by: Mehul Arora <aroram18@mcmaster.ca>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
adrianreber/2021-07-12-checkpoint-restore-into-pod
Add support for checkpoint/restore into and out of pods
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support to checkpoint containers out of pods and restore
container into pods.
It is only possible to restore a container into a pod if it has been
checkpointed out of pod. It is also not possible to restore a non pod
container into a pod.
The main reason this does not work is the PID namespace. If a non pod
container is being restored in a pod with a shared PID namespace, at
least one process in the restored container uses PID 1 which is already
in use by the infrastructure container. If someone tries to restore
container from a pod with a shared PID namespace without a shared PID
namespace it will also fail because the resulting PID namespace will not
have a PID 1.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Implement container to container copy. Previously data could only be
copied from/to the host.
Fixes: #7370
Co-authored-by: Mehul Arora <aroram18@mcmaster.ca>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add prune until filter test for podman volume cli
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit follows work started in #10756. Changes made in #11015
enabled cli support for volume prune --filter until. Adding e2e test
closes #10579.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998
Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Implemented --until flag for Libpod's Container Logs
|
| |/
| |
| |
| |
| |
| |
| | |
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Add notes to flags not supported on cgroups V2
|
| | |
| | |
| | |
| | |
| | |
| | | |
Clarify what flags are not supported on cgroups V2 in documentation.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \ \
| | | |
| | | | |
Add until filter to volume ls filters list
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| |_|/
|/| | |
[CI:DOCS] Fix GitHub URL to Podman logo
|
| |/
| |
| |
| |
| |
| | |
The Podman logo is not rendered on docs.podman.io with the current URL.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
* Write a description to outline the scope and mechanism of runlabel.
* Describe the variables/attributes that we want to be used.
* Do not describe the --optN or OPTN flags/variables since they are
already hidden flags and date back to the Atomic days.
* Update references to other man pages.
* Remove unsupported variables (e.g., SUDO_*) which caused confusion.
Fixes: #10799
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds the new --infra-name command line argument allowing users to define
the name of the infra container
Issue #10794
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|
|\
| |
| | |
podman pod create --pid flag
|
| |
| |
| |
| |
| |
| |
| |
| | |
added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Correct a typo in documentation
|
| | |
| | |
| | |
| | | |
Signed-off-by: Guido Aulisi <guido.aulisi@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a --dry-run flag to `podman auto-update` which will look for new
images but won't perform any pull or restart any service or container.
The "UPDATED" column will now indicate the availability of a newer image
via "pending".
```
$ podman auto-update --dry-run
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Fixes: #9949
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Fix up documentation of the userns audit flag
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add reference to the `containers` user in the /etc/subuid and
/etc/subgid files.
Fixes: https://github.com/containers/podman/issues/10906
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When optional information such as container IDs and names in pods, the
headers are not displayed. This fix restored the headers.
Documentation of this subcommand is also updated.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Mention new hostname for loopback IP
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is:
a) easier to remember than some random IP
b) if the IP changes some time in the future the container will continue to work
And explain hostname adding in more detail
As per @mheon's suggestion.
And explain hostname adding *reason*
Also implies an suggestion for using the hostname instead.
And port change from podman-create man page to podman-run, too
Signed-off-by: rugk <rugk+git@posteo.de>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Update docs/tutorials/rootless_tutorial.md:
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Change references of 'master' to 'main' in URLs e.g. https://github.com/containers/podman/blob/main/install.md
* Wrap names of files or programs by '`' e.g. `dnf`, `containers.conf`, `/etc/subuid`, etc.
* Change sentence with ambiguous subject to 'Root privileges are required to add or update entries within these files'
* Link to kernel.org documentation for the `getpwent` command
* Change sentence: 'Note that the values for each user must be unique ~and without any overlap~'
* Make references to the Podman project upper-case instead of lower-case
* Reorder sentence 'Update the `/etc/subuid` and `/etc/subgid` with fields for each user' to emphasize 'For each user'
* Remove reference to asciiart demos and update README.md link
Signed-off-by: Colin Eberl Coe <ebb-earl-co@pm.me>
|
| |/
|/|
| |
| |
| |
| | |
You've renamed your branch from master to main and thus this URL here did not work anymore and caused a glitch in displaying the image in the docs.
Signed-off-by: rugk <rugk+git@posteo.de>
|
|/
|
|
|
|
|
|
|
|
|
| |
Remove outdated information on go bindings. Moved the tips for
debugging into the REAME and tidied up relevant links.
Fixes: #9334
[CI_DOCS]
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
support pulling multiple images sequentially in a single podman pull
|