summaryrefslogtreecommitdiff
path: root/libpod/runtime_ctr.go
Commit message (Collapse)AuthorAge
* Fixes to handle /dev/shm correctly.Daniel J Walsh2018-12-24
| | | | | | | | | | | | | | | | | | We had two problems with /dev/shm, first, you mount the container read/only then /dev/shm was mounted read/only. This is a bug a tmpfs directory should be read/write within a read-only container. The second problem is we were ignoring users mounted /dev/shm from the host. If user specified podman run -d -v /dev/shm:/dev/shm ... We were dropping this mount and still using the internal mount. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod: always store the conmon pid fileGiuseppe Scrivano2018-12-21
| | | | | | | we need this information to later be able to join the conmon process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add "podman volume" commandumohnani82018-12-06
| | | | | | | | | | | | | | | Add support for podman volume and its subcommands. The commands supported are: podman volume create podman volume inspect podman volume ls podman volume rm podman volume prune This is a tool to manage volumes used by podman. For now it only handle named volumes, but eventually it will handle all volumes used by podman. Signed-off-by: umohnani8 <umohnani@redhat.com>
* rm -f now removes a paused containerbaude2018-11-08
| | | | | | | | | | | | We now can remove a paused container by sending it a kill signal while it is paused. We then unpause the container and it is immediately killed. Also, reworked how the parallelWorker results are handled to provide a more consistent approach to how each subcommand implements it. It also fixes a bug where if one container errors, the error message is duplicated when printed out. Signed-off-by: baude <bbaude@redhat.com>
* EXPERIMENTAL: Do not call out to runc for syncMatthew Heon2018-11-07
| | | | | | | | | | | | | | | When syncing container state, we normally call out to runc to see the container's status. This does have significant performance implications, though, and we've seen issues with large amounts of runc processes being spawned. This patch attempts to use stat calls on the container exit file created by Conmon instead to sync state. This massively decreases the cost of calling updateContainer (it has gone from an almost-unconditional fork/exec of runc to a single stat call that can be avoided in most states). Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Allow containers/storage to handle on SELinux labelingDaniel J Walsh2018-10-23
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix bug with exited state and container removeMatthew Heon2018-10-02
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Address review comments and fix ps outputMatthew Heon2018-10-02
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add ContainerStateExited and OCI delete() in cleanup()Matthew Heon2018-10-02
| | | | | | | | | | | | | | | | To work better with Kata containers, we need to delete() from the OCI runtime as a part of cleanup, to ensure resources aren't retained longer than they need to be. To enable this, we need to add a new state to containers, ContainerStateExited. Containers transition from ContainerStateStopped to ContainerStateExited via cleanupRuntime which is invoked as part of cleanup(). A container in the Exited state is identical to Stopped, except it has been removed from the OCI runtime and thus will be handled differently when initializing the container. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add new field to libpod to indicate whether or not to use labellingDaniel J Walsh2018-09-20
| | | | | | | | | | | | | | | Also update some missing fields libpod.conf obtions in man pages. Fix sort order of security options and add a note about disabling labeling. When a process requests a new label. libpod needs to reserve all labels to make sure that their are no conflicts. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1406 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* removeContainer: fix deadlockValentin Rothberg2018-08-10
| | | | | | | | | | | | When checking if the container has already been removed, use c.state.HasContainer() instead of the runtime's API to avoid trying to take the already acquired lock. Fixes: #1245 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1251 Approved by: baude
* Fix CGroupFS cgroup manager cgroup creation for podsMatthew Heon2018-08-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1237 Approved by: rhatdan
* Set namespace for new pods/containers based on runtimeMatthew Heon2018-07-24
| | | | | | | | New containers and pods will default to the namespace of the runtime, but this can be overridden by With... options if desired. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Returning joining namespace error should not be fatalDaniel J Walsh2018-06-29
| | | | | | | | | | | | | | | | | | | | | | I got my database state in a bad way by killing a hanging container. It did not setup the network namespace correctly listing/remove bad containers becomes impossible. podman run alpine/nginx ^c got me in this state. I got into a state in the database where podman ps -a was returning errors and I could not get out of it, Makeing joining the network namespace a non fatal error fixes the issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #918 Approved by: mheon
* Mark containers invalid earlier during removalMatthew Heon2018-06-27
| | | | | | | | | | | Fixes a bug where we might try saving back to the database during cleanup, which would fail as the container was already removed from the database. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1001 Approved by: rhatdan
* Remove container from state before cleaning up.Daniel J Walsh2018-06-10
| | | | | | | | | | Attempt to cleanup as much of the container as possible, even if one of the cleanup stages fails. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #895 Approved by: mheon
* libpod: Execute poststop hooks locallyW. Trevor King2018-06-04
| | | | | | | | | | | | Instead of delegating to the runtime, since some runtimes do not seem to handle these reliably [1]. [1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #864 Approved by: rhatdan
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Use container cleanup() functions when removingMatthew Heon2018-05-17
| | | | | | | | | | | | Instead of manually calling the individual functions that cleanup uses to tear down a container's resources, just call the cleanup function to make sure that cleanup only needs to happen in one place. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #790 Approved by: rhatdan
* Remove parent cgroup we create with cgroupfsMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* Add validation for CGroup parents. Pass CGroups path into runcMatthew Heon2018-05-11
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #507 Approved by: baude
* podman, userNS: configure an intermediate mount namespaceGiuseppe Scrivano2018-05-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #690 Approved by: mheon
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* Error is already wrapped properly.Daniel J Walsh2018-03-29
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Check for duplicate names when generating new container and pod names.Daniel J Walsh2018-03-29
| | | | | | | | | This fixes the situation where we fail to create a container when a name already exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #517 Approved by: baude
* Handle removing containers with active exec sessionsMatthew Heon2018-03-01
| | | | | | | | | | | | | For containers without --force set, an error will be returned For containers with --force, all pids in the container will be stopped, first with SIGTERM and then with SIGKILL after a timeout (this mimics the behavior of stopping a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add implementation for BoltDB-backed stateMatthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Rework state tests to avoid boilerplate. Begin adding pod tests.Matthew Heon2018-02-09
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #268 Approved by: rhatdan
* Add pod removal codeMatthew Heon2018-02-09
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #268 Approved by: rhatdan
* Allow users to specify logpathDaniel J Walsh2018-02-03
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #135 Approved by: mheon
* Address review commentsMatthew Heon2018-01-17
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #229 Approved by: rhatdan
* Change handling for pods in libpod stateMatthew Heon2018-01-17
| | | | | | | | | | Add new functions to update pods and add/remove containers from them Use these new functions in place of manually modifying pods Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #229 Approved by: rhatdan
* Prevent containers with dependencies from being removedMatthew Heon2018-01-16
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #220 Approved by: rhatdan
* Add latest to waitbaude2018-01-08
| | | | | | | | | | | | It is desirable to have a --latest switch on the podman wait command so we can wait on the latest container created to end. Also, fixes a panic with latest where no containers are available. Signed-off-by: baude <bbaude@redhat.com> Closes: #201 Approved by: baude
* Shortcut for most recent containerbaude2018-01-08
| | | | | | | | | | | | It is desirable to have a shortcut for the most recently created container. We can now use "**latest" to represent the most recent container instead of its container ID or name. For example: Signed-off-by: baude <bbaude@redhat.com> Closes: #179 Approved by: baude
* Clean up network namespaces on container removalMatthew Heon2018-01-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #197 Approved by: rhatdan
* podman create/run need to load information from the imageDaniel J Walsh2018-01-03
| | | | | | | | | | We should be pulling information out of the image to set the defaults to use when setting up the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #110 Approved by: mheon
* Plumb through the --stop-timeout signal handlingDaniel J Walsh2017-12-20
| | | | | | | | | | | | | podman run/create have the ability to set the stop timeout flag. We need to stop it in the database. Also Allowing negative time for stop timeout makes no sense, so switching to timeout of uint, allows user to specify huge timeout values. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #158 Approved by: TomSweeneyRedHat
* kpod statsbaude2017-12-13
| | | | | | | | | Move kpod stats to the libpod backend. Signed-off-by: baude <bbaude@redhat.com> Closes: #113 Approved by: baude
* Remove SQL state locking and rely on sqlite lockingMatthew Heon2017-12-04
| | | | | | | Also renames some parameters from locksDir -> lockDir for consistency. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Move containers to file locks from c/storageMatthew Heon2017-12-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add NetMode, UTSMode and IPCModeDaniel J Walsh2017-12-02
| | | | | | | | | | | | | | Allow kpod create/run to create contianers in different network namespaces, uts namespaces and IPC Namespaces. This patch just handles the simple join the host, or another containers namespaces. Lots more work needed to full integrate --net Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #64 Approved by: mheon
* Add randomly generates container namesMatthew Heon2017-11-30
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #88 Approved by: baude
* Fix error in runtime_ctrMatthew Heon2017-11-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #85 Approved by: rhatdan
* Ensure that we can't remove paused containersMatthew Heon2017-11-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #85 Approved by: rhatdan
* Fix rmi -f removing containers from storage without telling libpodMatthew Heon2017-11-29
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #68 Approved by: rhatdan