summaryrefslogtreecommitdiff
path: root/libpod/container_api.go
Commit message (Collapse)AuthorAge
* rootless: exec handle processes that create an user namespaceGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | Manage the case where the main process of the container creates and joins a new user namespace. In this case we want to join only the first child in the new hierarchy, which is the user namespace that was used to create the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* Properly translate users into runc format for execMatthew Heon2018-08-23
| | | | | | | | | | | Runc exec expects the --user flag to be formatted as UID:GID. Use chrootuser code to translate whatever user is passed to exec into this format. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* We need to sort mounts so that one mount does not over mount another.Daniel J Walsh2018-08-10
| | | | | | | | | | | | | | | | | Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1243 Approved by: mheon
* Add --force to podman umount to force the unmounting of the rootfsDaniel J Walsh2018-08-01
| | | | | | | | | | | | podman umount will currently only unmount file system if not other process is using it, otherwise the umount decrements the container storage to indicate that the caller is no longer using the mount point, once the count gets to 0, the file system is actually unmounted. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1184 Approved by: TomSweeneyRedHat
* Added pod.Restart() functionality to libpod.haircommander2018-07-25
| | | | | | | | | | | Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function. Refactored startNode to be able to either start or restart a node. Built pod Restart() with new startNode with refresh true. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* Let containers/storage keep track of mountsDaniel J Walsh2018-07-19
| | | | | | | | | | | Currently we unmount storage that is still in use. We should not be unmounting storeage that we mounted via a different command or by podman mount. This change relies on containers/storage to umount keep track of how many times the storage was mounted before really unmounting it from the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow Init() on stopped containersMatthew Heon2018-07-09
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1068 Approved by: baude
* Make CGroups cleanup optional on whether they existMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add Refresh() to ctrs to refresh state after db changeMatthew Heon2018-06-22
| | | | | | | | | | The Refresh() function is used to reset a container's state after a database format change to state is made that requires migration Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* We are using err in defer function, needs to be defined nameDaniel J Walsh2018-06-22
| | | | | | | | | | Since we are checking if err is non nil in defer function we need to define it, so that the check will work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #985 Approved by: mheon
* libpod: fix race with attach/startGiuseppe Scrivano2018-06-20
| | | | | | | | | | | Move the StartContainer call after the attach to the UNIX socket. It solves a race where the StartContainer could be done earlier and a short-lived container could already exit by the time we tried to attach to the socket. Closes: https://github.com/projectatomic/libpod/issues/835 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Optionally init() during container restartMatthew Heon2018-05-04
| | | | | | | | | | | This allows us to restart containers that have never been started without error. This makes RestartWithTimeout work with running, stopped, and created containers. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #719 Approved by: rhatdan
* varlink containersbaude2018-05-03
| | | | | | | | | | | | | first pass at adding in the container related endpoints/methods for the libpod backend. Couple of important notes: * endpoints that can use a console are not going to be done until we have "remote" console * several of the container methods should probably be able to stream as opposed to a one-off return Signed-off-by: baude <bbaude@redhat.com> Closes: #708 Approved by: baude
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* Change container.locked to batchedTomSweeneyRedHat2018-04-16
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #619 Approved by: mheon
* Change attach to accept a struct containing streamsMatthew Heon2018-04-13
| | | | | | | | | | | Comparing Go interfaces, like io.Reader, to nil does not work. As such, we need to include a bool with each stream telling whether to attach to it. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Changes to attach to enable per-stream attachingMatthew Heon2018-04-13
| | | | | | | | | | This allows us to attach to attach to just stdout or stderr or stdin, or any combination of these. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Fix locking interaction in batched Exec() on containerMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #610 Approved by: giuseppe
* Use buildah commit for podman commitbaude2018-04-10
| | | | | | | | Resolves: #586 and #520 Signed-off-by: baude <bbaude@redhat.com> Closes: #592 Approved by: mheon
* Stopping a stopped container should not be an errorbaude2018-04-03
| | | | | | | | | Resolves: #575 Signed-off-by: baude <bbaude@redhat.com> Closes: #588 Approved by: mheon
* Refactor dependency checks from init() into public APIMatthew Heon2018-04-03
| | | | | | | | | | | | | Instead of checking during init(), which could result in major locking issues when used with pods, make our dependency checks in the public API instead. This avoids doing them when we start pods (where, because of the dependency graph, we can reasonably say all dependencies are up before we start a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Do not require Init() before Start()Matthew Heon2018-04-03
| | | | | | | | | This will help dependency races Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Stage 4 Image cleanupbaude2018-03-23
| | | | | | | | | | Cull funcs from runtime_img.go which are no longer needed. Also, fix any remaining spots that use the old image technique. Signed-off-by: baude <bbaude@redhat.com> Closes: #532 Approved by: mheon
* Image library stage 4 - create and commitbaude2018-03-20
| | | | | | | | | | Migrate the podman create and commit subcommandis to leverage the images library. I also had to migrate the cmd/ portions of run and rmi. Signed-off-by: baude <bbaude@redhat.com> Closes: #498 Approved by: mheon
* Remove ability to specify mount label when mountingMatthew Heon2018-03-16
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #506 Approved by: rhatdan
* Add additional debug loggingMatthew Heon2018-03-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Add StartAndAttach() API endpoint for containersMatthew Heon2018-03-15
| | | | | | | | | | | | This solves our prior problems with attach races by ensuring the order is correct. Also contains substantial cleanups to the attach code. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Implement container restartingMatthew Heon2018-03-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Modify pod API to move Init() into Start()Matthew Heon2018-03-13
| | | | | | | | | | | | | Separate Init() and Start() does not make sense on the pod side, where we may have to start containers in order to initialize others due to dependency orders. Also adjusts internal containers API for more code sharing. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #478 Approved by: rhatdan
* Convert bind mounts to use DB fieldMatthew Heon2018-03-08
| | | | | | | | | | | | | | | Refactors creation of bind mounts into a separate function that can be called from elsewhere (e.g. pod start or container restart). This function stores the mounts in the DB using the field established last commit. Spec generation now relies upon this field in the DB instead of manually enumerating files to be bind mounted in. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Move internal function resizeTty to container_internalMatthew Heon2018-03-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Refactor saving OCI spec to disk into separate functionMatthew Heon2018-03-08
| | | | | | | | | It will be needed for restarting containers Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* podman import, load, and commit are too verbosebaude2018-03-07
| | | | | | | | | | | | | | | The progress should not be show for import, load, and commit. It makes machine parsing of the output much more difficult. Also, each command should output an image ID or name for the user. Added a --verbose flag for users that still want to see progress. Resolves issue #450 Signed-off-by: baude <bbaude@redhat.com> Closes: #456 Approved by: rhatdan
* attach: set the terminal size and handle SIGWINCHGiuseppe Scrivano2018-03-06
| | | | | | | | | | | | Notify conmon when the terminal size changes. Use the same notification to set the correct initial size. Closes: https://github.com/projectatomic/libpod/issues/351 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #448 Approved by: baude
* Replace usage of runc with runtimeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Convert exec session tracking to use a dedicated structMatthew Heon2018-03-01
| | | | | | | | | | | This will behave better if we need to add anything to it at a later date - we can add fields to the struct without breaking existing BoltDB databases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Relax locking in Exec()Matthew Heon2018-03-01
| | | | | | | | | | | This allows containers to be used by `ps` and other commands while they have ongoing exec sessions. Concurrent exec should also work but is not tested. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Ensure that Cleanup() will not run on active containersMatthew Heon2018-03-01
| | | | | | | | | | This ensures that containers with active exec sessions will not have storage unmounted under them or network namespaces destroyed Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Rework exec to enable splitting to retrieve exec PIDMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Small fixes to container ExecMatthew Heon2018-03-01
| | | | | | | | | | Fix an error message, and always set Privileged if the container is also privileged. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Address review commentsbaude2018-02-24
| | | | | | | | | Review comments to delete WithNoNew function and its append. Signed-off-by: baude <bbaude@redhat.com> Closes: #369 Approved by: rhatdan
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* Refactor spec generation in libpod into a functionMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Fix libpod to use given CGroup parent instead of a hardcoded oneMatthew Heon2018-02-09
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #319 Approved by: TomSweeneyRedHat
* cleanup network stack as well as storage when container shuts down.Daniel J Walsh2018-02-08
| | | | | | This patch will cleanup the network stack when the container exits Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change pause so only running containers are validMatthew Heon2018-02-07
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>