summaryrefslogtreecommitdiff
path: root/libpod/container_inspect.go
Commit message (Collapse)AuthorAge
* Populate inspect with security-opt settingsMatthew Heon2019-07-17
| | | | | | | | We can infer no-new-privileges. For now, manually populate seccomp (can't infer what file we sourced from) and SELinux/Apparmor (hard to tell if they're enabled or not). Signed-off-by: Matthew Heon <mheon@redhat.com>
* Move the HostConfig portion of Inspect inside libpodMatthew Heon2019-07-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we first began writing Podman, we ran into a major issue when implementing Inspect. Libpod deliberately does not tie its internal data structures to Docker, and stores most information about containers encoded within the OCI spec. However, Podman must present a CLI compatible with Docker, which means it must expose all the information in 'docker inspect' - most of which is not contained in the OCI spec or libpod's Config struct. Our solution at the time was the create artifact. We JSON'd the complete CreateConfig (a parsed form of the CLI arguments to 'podman run') and stored it with the container, restoring it when we needed to run commands that required the extra info. Over the past month, I've been looking more at Inspect, and refactored large portions of it into Libpod - generating them from what we know about the OCI config and libpod's (now much expanded, versus previously) container configuration. This path comes close to completing the process, moving the last part of inspect into libpod and removing the need for the create artifact. This improves libpod's compatability with non-Podman containers. We no longer require an arbitrarily-formatted JSON blob to be present to run inspect. Fixes: #3500 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* golangci-lint pass number 2baude2019-07-11
| | | | | | clean up and prepare to migrate to the golangci-linter Signed-off-by: baude <bbaude@redhat.com>
* code cleanupbaude2019-07-08
| | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3472 from haircommander/generate-volumesOpenShift Merge Robot2019-07-04
|\ | | | | generate kube with volumes
| * Improve parsing of mountsPeter Hunt2019-07-02
| | | | | | | | | | | | Specifically, we were needlessly doing a double lookup to find which config mounts were user volumes. Improve this by refactoring a bit of code from inspect Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Store Conmon's PID in our state and display in inspectMatthew Heon2019-07-02
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* libpod removal from main (phase 2)baude2019-06-27
| | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* Fix gofmtMatthew Heon2019-06-21
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Adjust names to match struct tags in InspectMatthew Heon2019-06-21
| | | | | | | | In Go templating, we use the names of fields, not the JSON struct tags. To ensure templating works are expected, we need the two to match. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix inspect --format '{{.Mounts}}.Matthew Heon2019-06-21
| | | | | | | | Go templating is incapable of dealing with pointers, so when we moved to Docker compatible mounts JSON, we broke it. The solution is to not use pointers in this part of inspect. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3378 from mheon/multiple_runtimesOpenShift Merge Robot2019-06-21
|\ | | | | Begin adding support for multiple OCI runtimes
| * Print container's OCI runtime in `inspect`Matthew Heon2019-06-19
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3358 from mheon/use_disk_specOpenShift Merge Robot2019-06-18
|\ \ | |/ |/| Swap to using the on-disk spec for inspect mounts
| * Swap to using the on-disk spec for inspect mountsMatthew Heon2019-06-18
| | | | | | | | | | | | | | | | | | | | When available, using the on-disk spec will show full mount options in use when the container is running, which can differ from mount options provided in the original spec - on generating the final spec, for example, we ensure that some form of root propagation is set. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Move the Config portion of Inspect into libpodMatthew Heon2019-06-17
|/ | | | | | | | While we're at it, rewrite how we populate it. There were several potential segfaults in the optional spec.Process block, and a few fields not being populated correctly versus 'docker inspect'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Split mount options in inspect furtherMatthew Heon2019-06-13
| | | | | | | Docker only uses Mode for :z/:Z, so move other options out into a new field. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Make Inspect's mounts struct accurate to DockerMatthew Heon2019-06-12
| | | | | | | | | | | We were formerly dumping spec.Mount structs, with no care as to whether it was user-generated or not - a relic of the very early days when we didn't know whether a user made a mount or not. Now that we do, match our output to Docker's dedicated mount struct. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Provide OCI spec path in `podman inspect` outputMatthew Heon2019-06-12
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Begin to break up pkg/inspectMatthew Heon2019-06-03
| | | | | | | | | | Let's put inspect structs where they're actually being used. We originally made pkg/inspect to solve circular import issues. There are no more circular import issues. Image structs remain for now, I'm focusing on container inspect. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for retry count with --restart flagMatthew Heon2019-05-03
| | | | | | | | | The on-failure restart option supports restarting only a given number of times. To do this, we need one additional field in the DB to track restart count (which conveniently fills a field in Inspect we weren't populating), plus some plumbing logic. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Export ConmonPidFile in 'podman inspect' for containersDebarshi Ray2019-03-18
| | | | | | | | | This can help scripts provide a more meaningful message when coming across issues [1] which require the container to be re-created. [1] eg., https://github.com/containers/libpod/issues/2673 Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add "podman volume" commandumohnani82018-12-06
| | | | | | | | | | | | | | | Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Allow containers/storage to handle on SELinux labelingDaniel J Walsh2018-10-23
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Reveal information about container capabilitiesDaniel J Walsh2018-08-24
| | | | | | | | | | | I am often asked about the list of capabilities availabel to a container. We should be listing this data in the inspect command for effective capabilities and the bounding set. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1335 Approved by: TomSweeneyRedHat
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Add missing runtime.go lines to set namespaceMatthew Heon2018-07-24
| | | | | | Also add namespace to inspect output to verify its presence Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* more changes to compile darwinbaude2018-07-05
| | | | | | | | | | | | | | | | this should represent the last major changes to get darwin to **compile**. again, the purpose here is to get darwin to compile so that we can eventually implement a ci task that would protect against regressions for darwin compilation. i have left the manual darwin compilation largely static still and in fact now only interject (manually) two build tags to assist with the build. trevor king has great ideas on how to make this better and i will defer final implementation of those to him. Signed-off-by: baude <bbaude@redhat.com> Closes: #1047 Approved by: rhatdan
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Add MacAddress to inspectWim2018-06-18
| | | | | | | Signed-off-by: Wim <wim@42.be> Closes: #955 Approved by: rhatdan
* Add more network info ipv4/ipv6 and be more compatible with dockerWim2018-06-17
| | | | | | | Signed-off-by: Wim <wim@42.be> Closes: #953 Approved by: mheon
* podman: accept option --rootfs to use exploded imagesGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* Make references to the Process part of Spec conditionalMatthew Heon2018-05-25
| | | | | | | | | | | The OCI runtime spec does not require Process to be passed (IE, it can be nil). Make most of our references to it conditional on it existing. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #828 Approved by: mheon
* Retrieve IP addresses for container from DBMatthew Heon2018-04-26
| | | | | | | | | | Instead of execing out to the host's IP, use the IP address we got back from CNI to populate Inspect's IP address information. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #680 Approved by: umohnani8
* Add container dependencies to Inspect outputMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Fix some minor issues lint has been picking upMatthew Heon2018-03-27
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #556 Approved by: baude
* Convert bind mounts to use DB fieldMatthew Heon2018-03-08
| | | | | | | | | | | | | | | Refactors creation of bind mounts into a separate function that can be called from elsewhere (e.g. pod start or container restart). This function stores the mounts in the DB using the field established last commit. Spec generation now relies upon this field in the DB instead of manually enumerating files to be bind mounted in. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Allow users to specify logpathDaniel J Walsh2018-02-03
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #135 Approved by: mheon
* Migrate Create|Commit to ginkgobaude2018-02-02
| | | | | | | | | | | | Migrate create and commit bats tests to the ginkgo test suite. In doing so, some structures had to be moved to pkg/podmanstructs/podmanstructs.go so we could do better verification of test results. Signed-off-by: baude <bbaude@redhat.com> Closes: #286 Approved by: rhatdan
* Expose ports from imagebaude2018-01-22
| | | | | | | | | | | | When an image has a port to expose, we need to expose it. User's input overrides the image's port information. Also, enable port information in ps so we can see which random port is assigned. Signed-off-by: baude <bbaude@redhat.com> Closes: #249 Approved by: rhatdan
* Add basic network inspection infoMatthew Heon2018-01-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #196 Approved by: rhatdan
* Update kpod inspect to use the new container stateumohnani82017-12-12
kpod inspect now uses the new libpod container state and closely matches the output of docker inspect some aspects of it are still WIP as the libpod container state is still being worked on Signed-off-by: umohnani8 <umohnani@redhat.com>