| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #507
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
so that the OCI runtime creates the network namespace from the correct
userNS.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
first pass at adding in the container related endpoints/methods for the libpod
backend. Couple of important notes:
* endpoints that can use a console are not going to be done until we have "remote" console
* several of the container methods should probably be able to stream as opposed to a one-off return
Signed-off-by: baude <bbaude@redhat.com>
Closes: #708
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
We need these for commit, and they cannot be properly deduced
from just the OCI spec, so save them in the database so we can
retrieve them for commit.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #700
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
The hidden flag is used to override the path of the default mounts file
for testing purposes.
Also modified the secrets pkg to allow for this override to happen.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #678
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
If an integer is passed into the --user flag, i.e --user=1234
don't look up the user in /etc/passwd, just assign the integer as the uid.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #652
Approved by: mheon
|
|
|
|
|
|
|
|
| |
If the host is in FIPS mode and /etc/system-fips exists
/run/secrets/system-fips is created in the container so that
the container can run in FIPS mode as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
- fix host string split to permit IPv6
Signed-off-by: Nathan Williams <nath.e.will@gmail.com>
Closes: #635
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #619
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #155
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of checking during init(), which could result in major
locking issues when used with pods, make our dependency checks in
the public API instead. This avoids doing them when we start pods
(where, because of the dependency graph, we can reasonably say
all dependencies are up before we start a container).
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have other tools using containers/storage. They can delete our
containers in c/storage without us knowing. Try and handle this
better by warning instead of erroring when delete our storage and
it is already gone.
This does not handle cases where libpod thinks the container is
mounted, but it is not. This is harder to check for, because
c/storage Mount() and Unmount() take a layer, image, or container
and that complicates our "container no longer exists" question.
Further work is needed here.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
This fixes the situation where we fail to create a container when a name already exists.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #517
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add only when it's not already present.
Add a more specific version in podman spec generation
so we get 'container=podman' not 'container=libpod'
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #540
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #533
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #533
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
This will allow programs to easily identify they are running in a
container
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #533
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #525
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Migrate the podman create and commit subcommandis to leverage the images library. I also had
to migrate the cmd/ portions of run and rmi.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #498
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #482
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
| |
This solves our prior problems with attach races by ensuring the
order is correct.
Also contains substantial cleanups to the attach code.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #482
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #482
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This represents the stage3 implementation for the image library. At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references. This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #484
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Separate Init() and Start() does not make sense on the pod side,
where we may have to start containers in order to initialize
others due to dependency orders.
Also adjusts internal containers API for more code sharing.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #478
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactors creation of bind mounts into a separate function that
can be called from elsewhere (e.g. pod start or container
restart). This function stores the mounts in the DB using the
field established last commit.
Spec generation now relies upon this field in the DB instead of
manually enumerating files to be bind mounted in.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #462
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #462
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
We don't want this in our public API - better to let us control
what gets put in container storage and where.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #462
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
It will be needed for restarting containers
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #462
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
Replace our old IP and Subnet fields in state with CNI types that
contain a lot more information. Retrieve these structs from the
CNI plugins themselves.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #440
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #412
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #412
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
Exec sessions now have an ID generated and assigned to their PID
and stored in the database state. This allows us to track what
exec sessions are currently active.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #412
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman should not override users mounts with default mounts
for /etc/hostname, /etc/resolv.conf, and /etc/hosts.
Resolves issue #388
Signed-off-by: baude <bbaude@redhat.com>
Closes: #401
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #386
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Example:
sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #370
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #268
Approved by: rhatdan
|
|
|
|
|
|
| |
This patch will cleanup the network stack when the container exits
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #135
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Normal Stop should not need a timeout, and should use the default
Add a function that does accept a timeout aside it
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #272
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the ability to override the container's hostname. Also, uses
the first twelve characters of the container ID as the default hostname
if none is provided.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #248
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each of these options are destructive in nature, meaning if the user
adds one of them, all current ones are removed from the produced
resolv.conf.
* dns-server allows the user to specify dns servers.
* dns-opt allows the user to specify special resolv.conf options
* dns-search allows the user to specify search domains
The add-host option is not destructive and truly just adds the host
to /etc/hosts.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #231
Approved by: mheon
|