summaryrefslogtreecommitdiff
path: root/libpod/runtime.go
Commit message (Collapse)AuthorAge
* We need to convert libpod.conf files in user homedir for cgroupv2Daniel J Walsh2019-09-21
| | | | | | | | | | | If a user upgrades to a machine that defaults to a cgroups V2 machine and has a libpod.conf file in their homedir that defaults to OCI Runtime runc, then we want to change it one time to crun. runc as of this point does not work on cgroupV2 systems. This patch will eventually be removed but is needed until runc has support. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix trivial type for event loggerbaude2019-09-19
| | | | | | Fixes: #4062 Signed-off-by: baude <bbaude@redhat.com>
* Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Ensure good defaults on blank c/storage configurationMatthew Heon2019-09-05
| | | | | | | | | | | | | | | | If c/storage paths are explicitly set to "" (the empty string) it will use compiled-in defaults. However, it won't tell us this via `storage.GetDefaultStoreOptions()` - we just get the empty string (which can put our defaults, some of which are relative to c/storage, in a bad spot). Hardcode a sane default for cases like this. Furthermore, add some sanity checks to paths, to ensure we don't use relative paths for core parts of libpod. Fixes #3952 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add an integration test for systemd in a containerMatthew Heon2019-08-28
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2940 from giuseppe/drop-firewallOpenShift Merge Robot2019-08-21
|\ | | | | networking: use firewall plugin
| * networking: use firewall pluginGiuseppe Scrivano2019-08-19
| | | | | | | | | | | | | | drop the pkg/firewall module and start using the firewall CNI plugin. It requires an updated package for CNI plugins. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3760 from rhatdan/authOpenShift Merge Robot2019-08-19
|\ \ | |/ |/| Use GetRuntimeDir to setup auth.json for login
| * Use GetRuntimeDir to setup auth.json for loginDaniel J Walsh2019-08-12
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | do not activate sd_notify support when varlinkbaude2019-08-15
|/ | | | | | | | | add ability to not activate sd_notify when running under varlink as it causes deadlocks and hangs. Fixes: #3572 Signed-off-by: baude <bbaude@redhat.com>
* rootless: cherry-pick runtime from the system configurationGiuseppe Scrivano2019-08-12
| | | | | | | | | when creating the default libpod.conf file, be sure the default OCI runtime is cherry picked from the system configuration. Closes: https://github.com/containers/libpod/issues/3781 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add conmon probe to runtime constructionPeter Hunt2019-08-08
| | | | | | Now, when a user's conmon is out of date, podman will tell them Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #3466 from TomSweeneyRedHat/dev/tsweeney/myhomeOpenShift Merge Robot2019-08-06
|\ | | | | Touch up XDG, add rootless links
| * Touch up XDG, add rootless linksTomSweeneyRedHat2019-07-29
| | | | | | | | | | | | | | | | | | | | | | Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number of man pages. Make use of the XDG_CONFIG_HOME environment variable in a rootless environment if available, or set it if not. Also added a number of links to the Rootless Podman config page and added the location of the auth.json files to that doc. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | honor libpod.conf in /usr/share/containersbaude2019-08-04
| | | | | | | | | | | | | | | | | | | | | | we should be looking for the libpod.conf file in /usr/share/containers and not in /usr/local. packages of podman should drop the default libpod.conf in /usr/share. the override remains /etc/containers/ as well. Fixes: #3702 Signed-off-by: baude <bbaude@redhat.com>
* | Add runtime and conmon path discoverySascha Grunert2019-08-01
| | | | | | | | | | | | | | | | The `$PATH` environment variable will now used as fallback if no valid runtime or conmon path matches. The debug logs has been updated to state the used executable. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Update libpod.conf to be NixOS friendlySascha Grunert2019-07-30
|/ | | | | | | | NixOS links the current system state to `/run/current-system`, so we have to add these paths to the configuration files as well to work out of the box. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Fix a segfault on Podman no-store commands with refreshMatthew Heon2019-07-23
| | | | | | | | | | | | | When a command (like `ps`) requests no store be created, but also requires a refresh be performed, we have to ignore its request and initialize the store anyways to prevent segfaults. This work was done in #3532, but that missed one thing - initializing a storage service. Without the storage service, Podman will still segfault. Fix that oversight here. Fixes #3625 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #3532 from mheon/ensure_store_on_refreshOpenShift Merge Robot2019-07-15
|\ | | | | Ensure we have a valid store when we refresh
| * Ensure we have a valid store when we refreshMatthew Heon2019-07-10
| | | | | | | | | | | | Fixes #3520 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | first pass of corrections for golangci-lintbaude2019-07-10
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* code cleanupbaude2019-07-08
| | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3437 from giuseppe/fix-nocgoOpenShift Merge Robot2019-07-03
|\ | | | | build: allow to build without cgo on RISC-V
| * lock: new lock type "file"Giuseppe Scrivano2019-07-02
| | | | | | | | | | | | it is a wrapper around containers/storage file locking. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * runtime: allow to specify the lock mechanismGiuseppe Scrivano2019-07-02
| | | | | | | | | | | | preparation for the next patch. It currently supports only "shm". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | configure runtime without storebaude2019-07-01
|/ | | | | | | | | some podman commands do not require the use of a container/image store. in those cases, it is more effecient to not open the store, because that results in having to also close the store which can be costly when the system is under heavy write I/O loads. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3324 from marcov/detach-keys-configurableOpenShift Merge Robot2019-07-01
|\ | | | | libpod: specify a detach keys sequence in libpod.conf
| * libpod: specify a detach keys sequence in libpod.confMarco Vedovati2019-06-26
| | | | | | | | | | | | Add the ability of specifying a detach keys sequence in libpod.conf Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | rootless: enable linger if /run/user/UID not existsGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | at least on Fedora 30 it creates the /run/user/UID directory for the user logged in via ssh. This needs to be done very early so that every other check when we create the default configuration file will point to the correct location. Closes: https://github.com/containers/libpod/issues/3410 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3442 from baude/removelibpodfrommainphase2OpenShift Merge Robot2019-06-27
|\ \ | | | | | | libpod removal from main (phase 2)
| * | libpod removal from main (phase 2)baude2019-06-27
| |/ | | | | | | | | | | this is phase 2 for the removal of libpod from main. Signed-off-by: baude <bbaude@redhat.com>
* | runtime: do not attempt to use global conf fileGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | | | | | | | we had a regression where the rootless user tried to use the global configuration file. We should not try to use the global configuration when running in rootless but only cherry-pick some settings from there when creating the file for the first time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | runtime: use GetRootlessUID() to get rootless uidGiuseppe Scrivano2019-06-27
| | | | | | | | | | | | otherwise it won't work in a user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3429 from cevich/strip_crio_conmonOpenShift Merge Robot2019-06-27
|\ \ | |/ |/| Remove refs to crio/conmon
| * Remove refs to crio/conmonChris Evich2019-06-26
| | | | | | | | | | | | | | | | Conmon has moved out of cri-o and into it's own dedicated repository. This commit updates configuration and definitions which referenced the old cri-o based paths. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3419 from baude/removelibpodfrommainphase1OpenShift Merge Robot2019-06-26
|\ \ | |/ |/| remove libpod from main
| * remove libpod from mainbaude2019-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | the compilation demands of having libpod in main is a burden for the remote client compilations. to combat this, we should move the use of libpod structs, vars, constants, and functions into the adapter code where it will only be compiled by the local client. this should result in cleaner code organization and smaller binaries. it should also help if we ever need to compile the remote client on non-Linux operating systems natively (not cross-compiled). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3332 from rhatdan/cgroupmanagerOpenShift Merge Robot2019-06-25
|\ \ | |/ |/| Correctly identify the defaults for cgroup-manager
| * Correctly identify the defaults for cgroup-managerDaniel J Walsh2019-06-15
| | | | | | | | | | | | | | | | | | | | | | Currently we report cgroupmanager default as systemd, even if the user modified the libpod.conf. Also cgroupmanager does not work in rootless mode. This PR correctly identifies the default cgroup manager or reports it is not supported. Also add homeDir to correctly get the homedir if the $HOME is not set. Will attempt to get Homedir out of /etc/passwd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime.go: Add /usr/local/{s,}binJamie Bliss2019-06-21
| | | | | | | | Signed-off-by: Jamie Bliss <jamie@ivyleav.es>
* | Properly handle OCI runtime being set to a pathMatthew Heon2019-06-20
| | | | | | | | | | | | This is done by the --runtime flag, and as such, by all our CI. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Make a missing OCI runtime nonfatalMatthew Heon2019-06-19
| | | | | | | | | | | | | | | | | | | | We may want to ship configurations including more than one runtime configuration - for example, crun and runc and kata, all configured. However, we don't want to make these extra runtimes hard requirements, so let's not fatally error when we can't find their executables. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Begin adding support for multiple OCI runtimesMatthew Heon2019-06-19
|/ | | | | | | | | | | | | Allow Podman containers to request to use a specific OCI runtime if multiple runtimes are configured. This is the first step to properly supporting containers in a multi-runtime environment. The biggest changes are that all OCI runtimes are now initialized when Podman creates its runtime, and containers now use the runtime requested in their configuration (instead of always the default runtime). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove unnecessary var type to fix lint warningLawrence Chan2019-06-14
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* Move installPrefix and etcDir into runtime.goLawrence Chan2019-06-14
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* Improve DESTDIR/PREFIX/ETCDIR handlingLawrence Chan2019-06-14
| | | | | | | | | | | - PREFIX is now passed saved in the binary at build-time so that default paths match installation paths. - ETCDIR is also overridable in a similar way. - DESTDIR is now applied on top of PREFIX for install/uninstall steps. Previously, a DESTDIR=/foo PREFIX=/bar make would install into /bar, rather than /foo/bar. Signed-off-by: Lawrence Chan <element103@gmail.com>
* oci: allow to specify what runtimes support JSONGiuseppe Scrivano2019-06-13
| | | | | | | | | add a new configuration `runtime_supports_json` to list what OCI runtimes support the --log-format=json option. If the runtime is not listed here, libpod will redirect stdout/stderr from the runtime process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Inherit rootless init_path from system libpod.confLawrence Chan2019-06-03
| | | | Signed-off-by: Lawrence Chan <element103@gmail.com>
* runtime: unlock the alive lock only onceValentin Rothberg2019-05-28
| | | | | | | Unlock the alive lock only once in the deferred func call. Fixes: #3207 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* rootless: use a pause processGiuseppe Scrivano2019-05-17
| | | | | | | | | | | | | | | | | use a pause process to keep the user and mount namespace alive. The pause process is created immediately on reload, and all successive Podman processes will refer to it for joining the user&mount namespace. This solves all the race conditions we had on joining the correct namespaces using the conmon processes. As a fallback if the join fails for any reason (e.g. the pause process was killed), then we try to join the running containers as we were doing before. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>