summaryrefslogtreecommitdiff
path: root/libpod/container_internal.go
Commit message (Collapse)AuthorAge
* Add validation for CGroup parents. Pass CGroups path into runcMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* podman, userNS: configure an intermediate mount namespaceGiuseppe Scrivano2018-05-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #690 Approved by: mheon
* networking, userNS: configure the network namespace after createGiuseppe Scrivano2018-05-04
| | | | | | | | | | | so that the OCI runtime creates the network namespace from the correct userNS. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* varlink containersbaude2018-05-03
| | | | | | | | | | | | | first pass at adding in the container related endpoints/methods for the libpod backend. Couple of important notes: * endpoints that can use a console are not going to be done until we have "remote" console * several of the container methods should probably be able to stream as opposed to a one-off return Signed-off-by: baude <bbaude@redhat.com> Closes: #708 Approved by: baude
* Store user Volumes, Entrypoint, Command in databaseMatthew Heon2018-05-03
| | | | | | | | | | | We need these for commit, and they cannot be properly deduced from just the OCI spec, so save them in the database so we can retrieve them for commit. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Update hooks to use config bool to detect volume mountsMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Add --default-mounts-file hidden flagumohnani82018-04-26
| | | | | | | | | | | The hidden flag is used to override the path of the default mounts file for testing purposes. Also modified the secrets pkg to allow for this override to happen. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #678 Approved by: mheon
* Modify --user flag for podman create and runumohnani82018-04-24
| | | | | | | | | | If an integer is passed into the --user flag, i.e --user=1234 don't look up the user in /etc/passwd, just assign the integer as the uid. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #652 Approved by: mheon
* Add FIPS mode secretumohnani82018-04-23
| | | | | | | | If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* - reverse host field order (ip goes first)Nathan Williams2018-04-18
| | | | | | | | | - fix host string split to permit IPv6 Signed-off-by: Nathan Williams <nath.e.will@gmail.com> Closes: #635 Approved by: rhatdan
* Change container.locked to batchedTomSweeneyRedHat2018-04-16
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #619 Approved by: mheon
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Add hooks support to podmanDaniel J Walsh2018-04-05
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #155 Approved by: mheon
* Refactor dependency checks from init() into public APIMatthew Heon2018-04-03
| | | | | | | | | | | | | Instead of checking during init(), which could result in major locking issues when used with pods, make our dependency checks in the public API instead. This avoids doing them when we start pods (where, because of the dependency graph, we can reasonably say all dependencies are up before we start a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Ensure dependencies are running before initializing containersMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan
* Change errorf to warnf in warning removing ctr storageMatthew Heon2018-04-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #571 Approved by: rhatdan
* More gracefully handle unexpected storage deletionMatthew Heon2018-04-02
| | | | | | | | | | | | | | | | | | We have other tools using containers/storage. They can delete our containers in c/storage without us knowing. Try and handle this better by warning instead of erroring when delete our storage and it is already gone. This does not handle cases where libpod thinks the container is mounted, but it is not. This is harder to check for, because c/storage Mount() and Unmount() take a layer, image, or container and that complicates our "container no longer exists" question. Further work is needed here. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #571 Approved by: rhatdan
* Add secrets patch to podmanumohnani82018-03-29
| | | | | | | | | | Adds support for mounting secrets especially on RHEL where the container can use the host subsription to run yum Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #544 Approved by: rhatdan
* Check for duplicate names when generating new container and pod names.Daniel J Walsh2018-03-29
| | | | | | | | | This fixes the situation where we fail to create a container when a name already exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Make container env variable conditionalMatthew Heon2018-03-23
| | | | | | | | | | | | Add only when it's not already present. Add a more specific version in podman spec generation so we get 'container=podman' not 'container=libpod' Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #540 Approved by: baude
* Add CONTAINER environment variableMatthew Heon2018-03-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #533 Approved by: baude
* Document .containerenv in manpages. Move it to /run.Matthew Heon2018-03-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #533 Approved by: baude
* Add .containerenv fileMatthew Heon2018-03-23
| | | | | | | | | | This will allow programs to easily identify they are running in a container Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #533 Approved by: baude
* Migrate podman inspect and tag to image librarybaude2018-03-21
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #525 Approved by: baude
* Image library stage 4 - create and commitbaude2018-03-20
| | | | | | | | | | Migrate the podman create and commit subcommandis to leverage the images library. I also had to migrate the cmd/ portions of run and rmi. Signed-off-by: baude <bbaude@redhat.com> Closes: #498 Approved by: mheon
* Add additional debug loggingMatthew Heon2018-03-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Add StartAndAttach() API endpoint for containersMatthew Heon2018-03-15
| | | | | | | | | | | | This solves our prior problems with attach races by ensuring the order is correct. Also contains substantial cleanups to the attach code. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Implement container restartingMatthew Heon2018-03-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #482 Approved by: baude
* Stage3 Image Librarybaude2018-03-14
| | | | | | | | | | | | | This represents the stage3 implementation for the image library. At this point, we are moving the image-centric functions to pkg/image including migration of args and object-oriented references. This is a not a one-for-one migration of funcs and some funcs will need to continue to reside in runtime_img as they are overly specific to libpod and probably not useful to others. Signed-off-by: baude <bbaude@redhat.com> Closes: #484 Approved by: baude
* Modify pod API to move Init() into Start()Matthew Heon2018-03-13
| | | | | | | | | | | | | Separate Init() and Start() does not make sense on the pod side, where we may have to start containers in order to initialize others due to dependency orders. Also adjusts internal containers API for more code sharing. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #478 Approved by: rhatdan
* Convert bind mounts to use DB fieldMatthew Heon2018-03-08
| | | | | | | | | | | | | | | Refactors creation of bind mounts into a separate function that can be called from elsewhere (e.g. pod start or container restart). This function stores the mounts in the DB using the field established last commit. Spec generation now relies upon this field in the DB instead of manually enumerating files to be bind mounted in. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Move internal function resizeTty to container_internalMatthew Heon2018-03-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Make WriteStringToRundir internalMatthew Heon2018-03-08
| | | | | | | | | | We don't want this in our public API - better to let us control what gets put in container storage and where. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Refactor saving OCI spec to disk into separate functionMatthew Heon2018-03-08
| | | | | | | | | It will be needed for restarting containers Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #462 Approved by: baude
* Update DB to hold CNI network informationMatthew Heon2018-03-02
| | | | | | | | | | | Replace our old IP and Subnet fields in state with CNI types that contain a lot more information. Retrieve these structs from the CNI plugins themselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Replace usage of runc with runtimeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Do not override user mountsbaude2018-02-26
| | | | | | | | | | | | Podman should not override users mounts with default mounts for /etc/hostname, /etc/resolv.conf, and /etc/hosts. Resolves issue #388 Signed-off-by: baude <bbaude@redhat.com> Closes: #401 Approved by: mheon
* Refactor spec generation in libpod into a functionMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Implement podman run option --cgroup-parentJhon Honce2018-02-22
| | | | | | | | | | | Example: sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Fix gofmt and lintMatthew Heon2018-02-09
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #268 Approved by: rhatdan
* cleanup network stack as well as storage when container shuts down.Daniel J Walsh2018-02-08
| | | | | | This patch will cleanup the network stack when the container exits Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow users to specify logpathDaniel J Walsh2018-02-03
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #135 Approved by: mheon
* Add StopWithTimeout API function for containersMatthew Heon2018-01-30
| | | | | | | | | | Normal Stop should not need a timeout, and should use the default Add a function that does accept a timeout aside it Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #272 Approved by: rhatdan
* Override hostname for containerbaude2018-01-21
| | | | | | | | | | | Adds the ability to override the container's hostname. Also, uses the first twelve characters of the container ID as the default hostname if none is provided. Signed-off-by: baude <bbaude@redhat.com> Closes: #248 Approved by: baude
* Add --dns-search, --dns-opt, --dns-server and --add-host.baude2018-01-19
| | | | | | | | | | | | | | | | | | Each of these options are destructive in nature, meaning if the user adds one of them, all current ones are removed from the produced resolv.conf. * dns-server allows the user to specify dns servers. * dns-opt allows the user to specify special resolv.conf options * dns-search allows the user to specify search domains The add-host option is not destructive and truly just adds the host to /etc/hosts. Signed-off-by: baude <bbaude@redhat.com> Closes: #231 Approved by: mheon