| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Move SHM specific code into a subpackage. Within the main locks
package, move the manager to be linux-only and add a non-Linux
unsupported build file.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
| |
Also add a few more unit tests
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check value of semaphores when incrementing to ensure we never go
beyond 1, preserving mutex invariants.
Also, add cleanup code to the lock tests, ensuring that we never
leave the locks in a bad state after a test. We aren't destroying
and recreating the SHM every time, so we have to be careful not
to leak state between test runs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonit
Fixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Log container command before starting the container
|
| |
| |
| |
| |
| |
| |
| | |
Runc does not produce helpful error messages when the container's
command is not found, so print the command ourselves.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
|
|
| |
Casting integers to strings is definitely not correct, so let the
standard library handle matters.
Fixes #2066
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
| |
Currently if the user installs runc in an alternative path
podman run uses it but podman build does not.
This patch will pass the default oci runtime to be used by podman
down to the image builder.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had two problems with /dev/shm, first, you mount the
container read/only then /dev/shm was mounted read/only.
This is a bug a tmpfs directory should be read/write within
a read-only container.
The second problem is we were ignoring users mounted /dev/shm
from the host.
If user specified
podman run -d -v /dev/shm:/dev/shm ...
We were dropping this mount and still using the internal mount.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
This will more closely match what Docker is doing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
we need this information to later be able to join
the conmon process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Add Play
|
| |
| |
| |
| |
| |
| |
| | |
podman play kube adds the ability for the user to recreate pods and containers
from a Kubernetes YAML file in libpod.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
| |
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\
| |
| | |
Containers sharing a netns should share resolv/hosts
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When sharing a network namespace, containers should also share
resolv.conf and /etc/hosts in case a container process made
changes to either (for example, if I set up a VPN client in
container A and join container B to its network namespace, I
expect container B to use the DNS servers from A to ensure it can
see everything on the VPN).
Resolves: #1546
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
condition fixed for adding volume to boltdb.
|
| |/
| |
| |
| | |
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
|
|\ \
| |/
|/| |
Set Socket label for contianer
|
| |
| |
| |
| |
| |
| |
| | |
This will allow container processes to write to the CRIU socket that gets injected
into the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Prevent a second lookup of user for image volumes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of forcing another user lookup when mounting image
volumes, just use the information we looked up when we started
generating the spec.
This may resolve #1817
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Ensure storage options are properly initialized
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
If one of storage GraphRoot or RunRoot are specified, but the
other is not, c/storage will not use the default, and will throw
an error instead. Ensure that in cases where this would happen,
we populate the fields with the c/storage defaults ourselves.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
|
|
|
| |
Using the default capabilities, we can determine which caps were
added and dropped. Now added them to the security context structure.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Fix errors where OCI hooks directory does not exist
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
add timeout to pod stop
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| | |
generate kube
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability to generate kubernetes pod and service yaml representations
of libpod containers and pods.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
i.e. actually reflect the environment variable and/or rootless mode
instead of always using the default path.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Instead, just set SystemRegistriesConfPath and let the transport do it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
DockerRegistryOptions.DockerInsecureSkipTLSVerify as an types.OptionalBool
can now represent that value, so forceSecure is redundant.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Unrelated to the rest of the PR.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
|/|
| |
| |
| |
| | |
... instead of unnecessarily adapting it for the DockerInsecureSkipTLSVerify type change.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
containers inside pods need to make sure they get /etc/resolv.conf
and /etc/hosts bind mounted when network is expected
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Add "podman volume" command
|
| | |
| | |
| | |
| | | |
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for podman volume and its subcommands.
The commands supported are:
podman volume create
podman volume inspect
podman volume ls
podman volume rm
podman volume prune
This is a tool to manage volumes used by podman. For now it only handle
named volumes, but eventually it will handle all volumes used by podman.
Signed-off-by: umohnani8 <umohnani@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add ability to prune containers and images
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow user to prune unused/unnamed images, the layer images from building,
via podman rmi --prune.
Allow user to prune stopped/exiuted containers via podman rm --prune.
This should resolve #1910
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously not needed as it only worked inside of Batch(), but
now that it can be called anywhere we need to add mutual
exclusion on its config changes.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|