| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Made a mistake in my earlier patch. I though that if you add an empty string
to an array, the length of the array would still be 0...
Realised this when vendoring the secrets pkg into cri-o.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #685
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
| |
Instead of execing out to the host's IP, use the IP address we
got back from CNI to populate Inspect's IP address information.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #680
Approved by: umohnani8
|
| |
|
|
|
|
|
|
|
|
|
| |
The hidden flag is used to override the path of the default mounts file
for testing purposes.
Also modified the secrets pkg to allow for this override to happen.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #678
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
When a user pulls an image using a transport, like docker-daemon, we try to lookup
the new image in storage by the input name after the pull. Because the input name
has a transport (different than local storage), that lookup would fail.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #644
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #668
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #668
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
If an integer is passed into the --user flag, i.e --user=1234
don't look up the user in /etc/passwd, just assign the integer as the uid.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #652
Approved by: mheon
|
| |
|
|
|
|
|
|
| |
If the host is in FIPS mode and /etc/system-fips exists
/run/secrets/system-fips is created in the container so that
the container can run in FIPS mode as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #627
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
| |
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
- fix host string split to permit IPv6
Signed-off-by: Nathan Williams <nath.e.will@gmail.com>
Closes: #635
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #619
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where you have an image local, if the the user runs
podman pull, we should always attempt to pull an updated image.
Added a forceRemote bool to New (image) so we can differentiate
between "pull" or run because the actions differ. Run does not
need to pull the latest -- only run.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #618
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
| |
|
|
|
|
|
|
|
| |
Mimics docker's behavior
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
| |
Comparing Go interfaces, like io.Reader, to nil does not work. As
such, we need to include a bool with each stream telling whether
to attach to it.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
| |
This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #610
Approved by: giuseppe
|
| |
|
|
|
|
|
|
|
|
| |
Until we can handle running containers which use UID/GID mappings, make
sure that we always create containers that use the host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #609
Approved by: baude
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #600
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #600
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
This solves a nasty locking issue with getting the path of
namespaces for dependencies
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #600
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When a container is transitioning from running to stopped and stats is runnings,
we should not break stats if we are unable to get stats for that container.
Resolves: #598
Signed-off-by: baude <bbaude@redhat.com>
Closes: #599
Approved by: mheon
|
| |
|
|
|
|
|
|
| |
Resolves: #586 and #520
Signed-off-by: baude <bbaude@redhat.com>
Closes: #592
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #522
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #155
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
If sending a signal fails, check if the container is alive. If it
is not, it probably stopped on its own before we could send the
signal, so don't error out.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #591
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Resolves: #575
Signed-off-by: baude <bbaude@redhat.com>
Closes: #588
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of checking during init(), which could result in major
locking issues when used with pods, make our dependency checks in
the public API instead. This avoids doing them when we start pods
(where, because of the dependency graph, we can reasonably say
all dependencies are up before we start a container).
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
This will help dependency races
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We don't use it directly, we aren't going to cache it in the DB,
and when we do use it (image volumes) we might well be in a
different process (podman create -> podman start). No point in
keeping it around.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have other tools using containers/storage. They can delete our
containers in c/storage without us knowing. Try and handle this
better by warning instead of erroring when delete our storage and
it is already gone.
This does not handle cases where libpod thinks the container is
mounted, but it is not. This is harder to check for, because
c/storage Mount() and Unmount() take a layer, image, or container
and that complicates our "container no longer exists" question.
Further work is needed here.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We should allow users to pass in image ids with the sha256: prefix
for local images.
Resolves: #493
Signed-off-by: baude <bbaude@redhat.com>
Closes: #560
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
| |
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of looping to find containers with no dependencies,
maintain a map of them and remove entries as we add dependency
edges.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #517
Approved by: baude
|
