summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Instead of erroring on exit file not being found, warnMatthew Heon2018-03-02
| | | | | | | | | | | Erroring can cause us to get into an state where a container which has no exit file cannot be shown in PS, cannot be removed, etc. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #438 Approved by: rhatdan
* Replace usage of runc with runtimeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Convert exec session tracking to use a dedicated structMatthew Heon2018-03-01
| | | | | | | | | | | This will behave better if we need to add anything to it at a later date - we can add fields to the struct without breaking existing BoltDB databases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Relax locking in Exec()Matthew Heon2018-03-01
| | | | | | | | | | | This allows containers to be used by `ps` and other commands while they have ongoing exec sessions. Concurrent exec should also work but is not tested. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Handle removing containers with active exec sessionsMatthew Heon2018-03-01
| | | | | | | | | | | | | For containers without --force set, an error will be returned For containers with --force, all pids in the container will be stopped, first with SIGTERM and then with SIGKILL after a timeout (this mimics the behavior of stopping a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Ensure that Cleanup() will not run on active containersMatthew Heon2018-03-01
| | | | | | | | | | This ensures that containers with active exec sessions will not have storage unmounted under them or network namespaces destroyed Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Remove now-unused runc launch codeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Rework exec to enable splitting to retrieve exec PIDMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for container exec sessions to DBMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Small fixes to container ExecMatthew Heon2018-03-01
| | | | | | | | | | Fix an error message, and always set Privileged if the container is also privileged. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix checks for configuration keys in the DBMatthew Heon2018-03-01
| | | | | | | | | | | | | | | | Currently, we will error if the DB is configured with the default containers/storage config, and then opened by a libpod which has explicitly set the defaults. This is due to us using an empty config by default (to tell c/storage to use its defaults). This patch changes our handling so that unset storage config (using the default) and explicitly setting the defaults are both compatible. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #423 Approved by: baude
* podman info add registriesbaude2018-02-28
| | | | | | | | | | | | add registries and insecure registries to the podman info output. this gives us some capatibility with other container runtimes. Resolves issue #420 Signed-off-by: baude <bbaude@redhat.com> Closes: #422 Approved by: mheon
* Tweak info time formatTomSweeneyRedHat2018-02-28
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #397 Approved by: rhatdan
* podman stats add networkingbaude2018-02-28
| | | | | | | | | | | | | Add networking information to podman stats output. Also correct an issue filed where memory constraints of the cgroup were not reflected in the stats output. And finally, fix issue with PID count. Resolves issue #364 Signed-off-by: baude <bbaude@redhat.com> Closes: #417 Approved by: mheon
* CNIPluginDir: check "/usr/lib/cni"Valentin Rothberg2018-02-28
| | | | | | | | | | | Also consider "/usr/lib/cni" as a potential directory for CNI plugins. On some distributions, e.g., on openSUSE, %{_libexecdir} evaluates to "/usr/lib". Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #416 Approved by: mheon
* Restrict top output to container's pids onlybaude2018-02-26
| | | | | | | | | | | | | Due to the way ps arguments work, it was possible to display pids that dont below to the container in top output. We now filter pids that dont belong to the container out of the output. This also means the pid column must be present in the output or we throw an error. This resolves issue #391 Signed-off-by: baude <bbaude@redhat.com> Closes: #400 Approved by: rhatdan
* podman load dont panic when no repotagsbaude2018-02-26
| | | | | | | | | | | | | When performing a podman load, if there were no repotags in the image, podman would panic. In the case that the incoming image does have repotags, it should be imported as a none:none image so it can still be used by the user. Resolves issue #403 Signed-off-by: baude <bbaude@redhat.com> Closes: #405 Approved by: baude
* Add ubuntu pathsbaude2018-02-26
| | | | | | | | | | | The packages in Lokesh's ppa that is currently used for podman puts the conmon and runc binaries in /usr/lib/crio/bin/conmon and /usr/lib/cri-o-runc/sbin/runc respectively. Signed-off-by: baude <bbaude@redhat.com> Closes: #406 Approved by: baude
* Do not override user mountsbaude2018-02-26
| | | | | | | | | | | | Podman should not override users mounts with default mounts for /etc/hostname, /etc/resolv.conf, and /etc/hosts. Resolves issue #388 Signed-off-by: baude <bbaude@redhat.com> Closes: #401 Approved by: mheon
* Address review commentsbaude2018-02-24
| | | | | | | | | Review comments to delete WithNoNew function and its append. Signed-off-by: baude <bbaude@redhat.com> Closes: #369 Approved by: rhatdan
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* CreateContainerStorage by image idbaude2018-02-23
| | | | | | | | | | | When creating container storage by name, if that name is a tagged image then the storage could not be found. We now use the image id which seems more reliable. Also added an integration test to protect against regression. Signed-off-by: baude <bbaude@redhat.com> Closes: #393 Approved by: mheon
* Move Hostname accessor to more logical placeMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Refactor spec generation in libpod into a functionMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Remove No New Privs from DB as it's already in the specMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #383 Approved by: rhatdan
* Add accessors to all container config and state fieldsMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #381 Approved by: rhatdan
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Remove unnecessary booleansMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Make operations on pod containers as a group independentMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add ability to start containers in a podMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add kill and stop for podsMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add pod status commandMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Push up createConfig.CgroupParent processing to parentJhon Honce2018-02-22
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Corrected commentJhon Honce2018-02-22
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Implement podman run option --cgroup-parentJhon Honce2018-02-22
| | | | | | | | | | | Example: sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Performance enhancement for podman imagesbaude2018-02-20
| | | | | | | | | | | | | Previous code was using slow routines to collect some of the information needed to output images. Specifically size was being calculated instead of using the cached, already known size already available. Also, straight- lined several of the code paths. Overall assessment is that these improvements cut the time for images in half. Signed-off-by: baude <bbaude@redhat.com> Closes: #365 Approved by: mheon
* Ensure we don't repeatedly poll disk for exit codesMatthew Heon2018-02-20
| | | | | | | | | | | | Change logic for refreshing our state using runc to only poll for conmon exit files when we first transition to the Stopped state. After that, we should already have the exit code stored in the database, so we don't need to look it up again. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #363 Approved by: TomSweeneyRedHat
* Change uptime format in `podman info` to human-readableMatthew Heon2018-02-19
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #355 Approved by: rhatdan
* Remove unused registry related options from libpodMatthew Heon2018-02-19
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #349 Approved by: rhatdan
* Add FFJSON encoding/decoding for our container structsMatthew Heon2018-02-16
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #323 Approved by: mheon
* Squash logged errors from failed SQL rollbacksMatthew Heon2018-02-15
| | | | | | | | | | | | | | | | Currently we unconditionally roll back transactions after error, even if a commit has already been attempted. Commit is guaranteed to end a transaction, though, whether by successfully committing or by rolling back if that fails. As such, we attempt a double rollback if a transaction fails at commit (for example, for a constraint violation), which doesn't error but does log angry warning messages. Ensure we don't try rolling back after commit runs to prevent this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #327 Approved by: rhatdan
* Make libpod build on 32-bit systemsMatthew Heon2018-02-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #324 Approved by: rhatdan
* Address review commentv0.2Matthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Add buckets for all containers and all podsMatthew Heon2018-02-12
| | | | | | | | | | | Now, we don't need to use the global ID registry to iterate - we can iterate only through containers or only through pods, without having to iterate through both. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Containers in a pod can only join namespaces in that podMatthew Heon2018-02-12
| | | | | | | | | | | | | | This solves some dependency problems in the state, and makes sense from a design standpoint. Containers not in a pod can still depend on the namespaces of containers joined to a pod, which we might also want to change in the future. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude
* Fix gofmt and lintMatthew Heon2018-02-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #184 Approved by: baude