| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new per-platform method makePlatformBindMounts and moves the
/etc/hostname mount. This file is only needed on Linux.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The code which generates resolv.conf dereferenced c.config.Spec.Linux
and this field is not set for FreeBSD containers.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The current code only sets EventsLogFilePath when the tmp is overwritten
from the db. We should always set the default when no path was set in
containers.conf.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is no reason to create a new eventer every time. The libpod runtime
already has one attached which should be used instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently podman events will just fail with `Error: failed to get journal
cursor: failed to get cursor: cannot assign requested address` when the
journal contains zero podman events.
The problem is that we are using the journal accessors wrong. There is no
need to call GetCursor() and compare them manually. The Next() return an
integer which tells if it moved to the next or not. This means the we can
remove GetCursor() which would fail when there is no entry.
This also includes another bug fix. Previously the logic called Next()
twice for the first entry which caused us to miss the first entry.
To reproduce this issue you can run the following commands:
```
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
```
Note that this will delete the full journal.
Now run podman events and it fails but with this patch it works.
Now generate a single event, i.e. podman pull alpine, and run
podman events --until 1s.
I am not sure how to get a reliable test into CI, I really do not want
to delete the journal and developer or CI systems.
Fixes second part of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman --events-backend none events should return with an error since it
will never be able to actually list events.
Fixes part three of #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman --events-backend file events --stream=false should never hang. The
problem is that our tail library will wait for the file to be created
which makes sense when we do not run with --stream=false. To fix this we
can just always create the file when the logger is initialized. This
would also help to report errors early on in case the file is not
accessible.
Fixes part one from #15688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| |/
|/| |
Fix stutters
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
refactor: use `os.ReadDir` for lightweight directory reading
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |\ \
| |/
|/| |
Include PATH in conmon env.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Include the path and helper binary dir so that the podman
environment more closely matches when conmon calls it as an
exit command.
Also match the CONTAINERS_CONF lookup to the codestyle of other
environment lookups.
[NO NEW TESTS NEEDED]
Resolves #15707
Signed-off-by: Kenny MacDermid <kenny@macdermid.ca>
|
| |\ \
| | |
| | | |
stop: fix error handling
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix the error handling in the fallback logic of `stop` when Podman
resorts to killing a container; the error message wrapped the wrong
error.
[NO NEW TESTS NEEDED] as it is a rare flake in the tests and I do not
know how to reliably reproduce it.
Fixes: #15661
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
health check: add on-failure actions
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For systems that have extreme robustness requirements (edge devices,
particularly those in difficult to access environments), it is important
that applications continue running in all circumstances. When the
application fails, Podman must restart it automatically to provide this
robustness. Otherwise, these devices may require customer IT to
physically gain access to restart, which can be prohibitively difficult.
Add a new `--on-failure` flag that supports four actions:
- **none**: Take no action.
- **kill**: Kill the container.
- **restart**: Restart the container. Do not combine the `restart`
action with the `--restart` flag. When running inside of
a systemd unit, consider using the `kill` or `stop`
action instead to make use of systemd's restart policy.
- **stop**: Stop the container.
To remain backwards compatible, **none** is the default action.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Fix #15243 Set AutomountServiceAccountToken to false
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman does not use any service account token, so we set the automount flag
to false in podman generate kube.
Signed-off-by: François Poirotte <clicky@erebot.net>
|
| |\ \ \
| | | |
| | | | |
podman: skip /sys/fs/cgroup/systemd if not present
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
skip adding the /sys/fs/cgroup/systemd bind mount if it is not already
present on the host.
[NO NEW TESTS NEEDED] requires a system without systemd.
Closes: https://github.com/containers/podman/issues/15647
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fixes for conmon support on FreeBSD
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On FreeBSD, ENOTCONN can be reported if shutdown is called on a unix
domain socket where the remote end is already closed. This change
ignores those errors instead of printing an error message on container
exit.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This moves the code which sets the process capabilites for the exec to
oci_conmon_exec_linux.go since this is a linux-specific feature. Adding
a no-op stub for FreeBSD enables 'podman exec' when using the ocijail
runtime.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Closes #15617: emit container labels for container exited and exec died events
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- adds unit test for container labels on container die event
- implements #15617
Signed-off-by: Harald Albrecht <harald.albrecht@gmx.net>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In case of a hard OS shutdown, containers may have a "removing"
state after a reboot, and an attempt to remove Pods with such
containers is unsuccessful:
error freeing lock for container ...: no such file or directory
[NO NEW TESTS NEEDED]
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It turns out that field names in syscall.Stat_t are platform-specific.
An alternative to this could change fixVolumePermissions to use
unix.Lstat since unix.Stat_t uses the same mmember name for Atim on both
Linux and FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This mount has never been standard on FreeBSD, preferring to use /tmp or
/var/tmp optionally with tmpfs to ensure data is lost on a reboot.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
container_internal_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
container_internal_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This contains a lot of code in common with container_internal_linux.go.
Subsequent commits will move the shared code to
container_internal_common.go to reduce the duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This moves platform-specific details of the network implementation out
of the generic file so that we can add the FreeBSD equivalent.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \
| | | |
| | | | |
Add container GID to additional groups
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for FreeBSD volume mounts in specgen
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This allows us to redefine to the equivalent nullfs on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \ \
| | | | |
| | | | | |
libpod: Ensure that generated container names are random
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #15569.
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
