| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]
To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.
Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().
Fixes #10052
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Created image scp feature
|
| |
| |
| |
| |
| |
| |
| |
| | |
added functionality for image secure copying from local to remote.
Also moved system connection add code around a bit so functions within that file
can be used by scp.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Update podman-cp manpage
|
| | |
| | |
| | |
| | | |
Signed-off-by: Mehul Arora <aroram18@mcmaster.ca>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
adrianreber/2021-07-12-checkpoint-restore-into-pod
Add support for checkpoint/restore into and out of pods
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds support to checkpoint containers out of pods and restore
container into pods.
It is only possible to restore a container into a pod if it has been
checkpointed out of pod. It is also not possible to restore a non pod
container into a pod.
The main reason this does not work is the PID namespace. If a non pod
container is being restored in a pod with a shared PID namespace, at
least one process in the restored container uses PID 1 which is already
in use by the infrastructure container. If someone tries to restore
container from a pod with a shared PID namespace without a shared PID
namespace it will also fail because the resulting PID namespace will not
have a PID 1.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Implement container to container copy. Previously data could only be
copied from/to the host.
Fixes: #7370
Co-authored-by: Mehul Arora <aroram18@mcmaster.ca>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add prune until filter test for podman volume cli
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit follows work started in #10756. Changes made in #11015
enabled cli support for volume prune --filter until. Adding e2e test
closes #10579.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998
Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Implemented --until flag for Libpod's Container Logs
|
| |/
| |
| |
| |
| |
| |
| | |
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Add notes to flags not supported on cgroups V2
|
| | |
| | |
| | |
| | |
| | |
| | | |
Clarify what flags are not supported on cgroups V2 in documentation.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \ \
| | | |
| | | | |
Add until filter to volume ls filters list
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \
| |_|/
|/| | |
[CI:DOCS] Fix GitHub URL to Podman logo
|
| |/
| |
| |
| |
| |
| | |
The Podman logo is not rendered on docs.podman.io with the current URL.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
* Write a description to outline the scope and mechanism of runlabel.
* Describe the variables/attributes that we want to be used.
* Do not describe the --optN or OPTN flags/variables since they are
already hidden flags and date back to the Atomic days.
* Update references to other man pages.
* Remove unsupported variables (e.g., SUDO_*) which caused confusion.
Fixes: #10799
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds the new --infra-name command line argument allowing users to define
the name of the infra container
Issue #10794
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
|
|\
| |
| | |
podman pod create --pid flag
|
| |
| |
| |
| |
| |
| |
| |
| | |
added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Correct a typo in documentation
|
| | |
| | |
| | |
| | | |
Signed-off-by: Guido Aulisi <guido.aulisi@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a --dry-run flag to `podman auto-update` which will look for new
images but won't perform any pull or restart any service or container.
The "UPDATED" column will now indicate the availability of a newer image
via "pending".
```
$ podman auto-update --dry-run
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Fixes: #9949
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Fix up documentation of the userns audit flag
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add reference to the `containers` user in the /etc/subuid and
/etc/subgid files.
Fixes: https://github.com/containers/podman/issues/10906
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When optional information such as container IDs and names in pods, the
headers are not displayed. This fix restored the headers.
Documentation of this subcommand is also updated.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \
| | |
| | | |
[CI:DOCS] Mention new hostname for loopback IP
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is:
a) easier to remember than some random IP
b) if the IP changes some time in the future the container will continue to work
And explain hostname adding in more detail
As per @mheon's suggestion.
And explain hostname adding *reason*
Also implies an suggestion for using the hostname instead.
And port change from podman-create man page to podman-run, too
Signed-off-by: rugk <rugk+git@posteo.de>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] Update docs/tutorials/rootless_tutorial.md:
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Change references of 'master' to 'main' in URLs e.g. https://github.com/containers/podman/blob/main/install.md
* Wrap names of files or programs by '`' e.g. `dnf`, `containers.conf`, `/etc/subuid`, etc.
* Change sentence with ambiguous subject to 'Root privileges are required to add or update entries within these files'
* Link to kernel.org documentation for the `getpwent` command
* Change sentence: 'Note that the values for each user must be unique ~and without any overlap~'
* Make references to the Podman project upper-case instead of lower-case
* Reorder sentence 'Update the `/etc/subuid` and `/etc/subgid` with fields for each user' to emphasize 'For each user'
* Remove reference to asciiart demos and update README.md link
Signed-off-by: Colin Eberl Coe <ebb-earl-co@pm.me>
|
| |/
|/|
| |
| |
| |
| | |
You've renamed your branch from master to main and thus this URL here did not work anymore and caused a glitch in displaying the image in the docs.
Signed-off-by: rugk <rugk+git@posteo.de>
|
|/
|
|
|
|
|
|
|
|
|
| |
Remove outdated information on go bindings. Moved the tips for
debugging into the REAME and tidied up relevant links.
Fixes: #9334
[CI_DOCS]
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
support pulling multiple images sequentially in a single podman pull
|
| |
| |
| |
| | |
Signed-off-by: Mehul Arora <aroram18@mcmaster.ca>
|
|\ \
| | |
| | | |
podman diff accept two images or containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First, make podman diff accept optionally a second argument. This allows
the user to specify a second image/container to compare the first with.
If it is not set the parent layer will be used as before.
Second, podman container diff should only use containers and podman
image diff should only use images. Previously, podman container diff
would use the image when both an image and container with this name
exists.
To make this work two new parameters have been added to the api. If they
are not used the previous behaviour is used. The same applies to the
bindings.
Fixes #10649
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clarify in the man page that podman-search is not generally realiable
way of determining the presence/existence of an image. The results of
the v1 and the v2 endpoints depend on the implementation of each
registry; the semantics are not really specified. Some registries may
not support search at all as it's not part of the OCI dist spec.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1978556
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|
|
|
|
|
| |
* Add support for the tcp and unix schemes in connection URLs.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
read secret config from config file if no user data.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
feat: read secret config from config file if the user hasn't entered
explicit config values
feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values
fix: show driver options in `podman secret inspect`
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
|
|\ \
| |/
|/| |
[CI:DOCS] podman save: clarify formats and transports
|
| |
| |
| |
| |
| |
| |
| | |
Mention all supports --format values and put them into the context of
supported transports.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
[CI:DOCS] Follow-up to PR 10676
|
| |
| |
| |
| |
| |
| | |
See [PR 10676](https://github.com/containers/podman/pull/10676).
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
|