summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* podman, userNS: configure an intermediate mount namespaceGiuseppe Scrivano2018-05-04
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #690 Approved by: mheon
* networking, userNS: configure the network namespace after createGiuseppe Scrivano2018-05-04
| | | | | | | | | | | so that the OCI runtime creates the network namespace from the correct userNS. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* Begin wiring in USERNS Support into podmanDaniel J Walsh2018-05-04
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #690 Approved by: mheon
* Fix pulling from secure registrybaude2018-05-04
| | | | | | | | | | when pulling from a secure registry that is documented in registries.conf, we should be able to pull without tls-verify=false Signed-off-by: baude <bbaude@redhat.com> Closes: #718 Approved by: rhatdan
* Optionally init() during container restartMatthew Heon2018-05-04
| | | | | | | | | | | This allows us to restart containers that have never been started without error. This makes RestartWithTimeout work with running, stopped, and created containers. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #719 Approved by: rhatdan
* varlink containersbaude2018-05-03
| | | | | | | | | | | | | first pass at adding in the container related endpoints/methods for the libpod backend. Couple of important notes: * endpoints that can use a console are not going to be done until we have "remote" console * several of the container methods should probably be able to stream as opposed to a one-off return Signed-off-by: baude <bbaude@redhat.com> Closes: #708 Approved by: baude
* Make podman commit to localhost rather then docker.ioDaniel J Walsh2018-05-03
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #715 Approved by: mheon
* Add accessors for new image fields in container configMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Store user Volumes, Entrypoint, Command in databaseMatthew Heon2018-05-03
| | | | | | | | | | | We need these for commit, and they cannot be properly deduced from just the OCI spec, so save them in the database so we can retrieve them for commit. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Further fix Godoc comments in options.goMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Update hooks to use config bool to detect volume mountsMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Fix Godoc comments in options.goMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Add config bool to indicate there are user volumesMatthew Heon2018-05-03
| | | | | | | | | | This allows us to accurately trigger OCI hooks that trigger on the presence of volume mounts. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #700 Approved by: rhatdan
* Print the Buildah comment from commit to given writerMatthew Heon2018-05-03
| | | | | | | | | Much better than unconditionally dumping to stdout Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #706 Approved by: rhatdan
* Do not print unnecessary Buildah details during commitMatthew Heon2018-05-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #706 Approved by: rhatdan
* do not commit default volumes from containerbaude2018-04-30
| | | | | | | | | | | when performing a container commit, we should not add the default list of volumes for a container to the resulting image. it will cause the resulting image to crash when run subsequently. Signed-off-by: baude <bbaude@redhat.com> Closes: #699 Approved by: mheon
* Use buildah commit and bud in podmanbaude2018-04-27
| | | | | | | | | | | Vendor in buildah and use as much of commit and bug as possible for podman build and commit. Resolves #586 Signed-off-by: baude <bbaude@redhat.com> Closes: #681 Approved by: mheon
* Modify secrets pkgumohnani82018-04-27
| | | | | | | | | | | Made a mistake in my earlier patch. I though that if you add an empty string to an array, the length of the array would still be 0... Realised this when vendoring the secrets pkg into cri-o. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #685 Approved by: mheon
* varlink imagesbaude2018-04-26
| | | | | | | | | | | | | implement varlink image functions for working with libpod with the exception of a couple due to incompletions on the libpod side of things (build). also, created a first pass at a libpodpy package which will stand as a client to working with libpod's varlink methods using python. Signed-off-by: baude <bbaude@redhat.com> Closes: #669 Approved by: baude
* Retrieve IP addresses for container from DBMatthew Heon2018-04-26
| | | | | | | | | | Instead of execing out to the host's IP, use the IP address we got back from CNI to populate Inspect's IP address information. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #680 Approved by: umohnani8
* Add --default-mounts-file hidden flagumohnani82018-04-26
| | | | | | | | | | | The hidden flag is used to override the path of the default mounts file for testing purposes. Also modified the secrets pkg to allow for this override to happen. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #678 Approved by: mheon
* Strip transport from image name when looking for local imagebaude2018-04-26
| | | | | | | | | | | When a user pulls an image using a transport, like docker-daemon, we try to lookup the new image in storage by the input name after the pull. Because the input name has a transport (different than local storage), that lookup would fail. Signed-off-by: baude <bbaude@redhat.com> Closes: #644 Approved by: rhatdan
* Remove more Errorf in favor of WrapfMatthew Heon2018-04-25
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #668 Approved by: rhatdan
* Do not eat error messages from pullImageMatthew Heon2018-04-25
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #668 Approved by: rhatdan
* Modify --user flag for podman create and runumohnani82018-04-24
| | | | | | | | | | If an integer is passed into the --user flag, i.e --user=1234 don't look up the user in /etc/passwd, just assign the integer as the uid. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #652 Approved by: mheon
* Add FIPS mode secretumohnani82018-04-23
| | | | | | | | If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Initial varlink implementationbaude2018-04-23
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
* Vendor in latest containers/image and contaners/storageumohnani82018-04-19
| | | | | | | | | Made necessary changes to functions to include contex.Context wherever needed Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #640 Approved by: baude
* regression: tls verify should be set on registries.conf if insecurebaude2018-04-18
| | | | | | | | | | | In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude <bbaude@redhat.com> Closes: #626 Approved by: mheon
* - reverse host field order (ip goes first)Nathan Williams2018-04-18
| | | | | | | | | - fix host string split to permit IPv6 Signed-off-by: Nathan Williams <nath.e.will@gmail.com> Closes: #635 Approved by: rhatdan
* Change container.locked to batchedTomSweeneyRedHat2018-04-16
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #619 Approved by: mheon
* podman pull should always try to pullbaude2018-04-14
| | | | | | | | | | | | | | In the case where you have an image local, if the the user runs podman pull, we should always attempt to pull an updated image. Added a forceRemote bool to New (image) so we can differentiate between "pull" or run because the actions differ. Run does not need to pull the latest -- only run. Signed-off-by: baude <bbaude@redhat.com> Closes: #618 Approved by: baude
* Fix another comparison of a Go interface against nilMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Allowing attaching stdin to non-interactive containersMatthew Heon2018-04-13
| | | | | | | | | Mimics docker's behavior Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Change attach to accept a struct containing streamsMatthew Heon2018-04-13
| | | | | | | | | | | Comparing Go interfaces, like io.Reader, to nil does not work. As such, we need to include a bool with each stream telling whether to attach to it. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Changes to attach to enable per-stream attachingMatthew Heon2018-04-13
| | | | | | | | | | This allows us to attach to attach to just stdout or stderr or stdin, or any combination of these. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Fix locking interaction in batched Exec() on containerMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #610 Approved by: giuseppe
* Force host UID/GID mapping when creating containersNalin Dahyabhai2018-04-12
| | | | | | | | | | Until we can handle running containers which use UID/GID mappings, make sure that we always create containers that use the host mappings. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #609 Approved by: baude
* Do not lock all containers during pod killMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Make pod stop lock one container at a timeMatthew Heon2018-04-12
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Do not lock all containers during pod startMatthew Heon2018-04-12
| | | | | | | | | | This solves a nasty locking issue with getting the path of namespaces for dependencies Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #600 Approved by: rhatdan
* Containers transitioning to stop should not break statsbaude2018-04-11
| | | | | | | | | | | | When a container is transitioning from running to stopped and stats is runnings, we should not break stats if we are unable to get stats for that container. Resolves: #598 Signed-off-by: baude <bbaude@redhat.com> Closes: #599 Approved by: mheon
* Use buildah commit for podman commitbaude2018-04-10
| | | | | | | | Resolves: #586 and #520 Signed-off-by: baude <bbaude@redhat.com> Closes: #592 Approved by: mheon
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Remove image via storage if a buildah container is associatedTomSweeneyRedHat2018-04-05
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #522 Approved by: mheon
* Add hooks support to podmanDaniel J Walsh2018-04-05
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #155 Approved by: mheon
* Prevent a potential race when stopping containersMatthew Heon2018-04-04
| | | | | | | | | | | If sending a signal fails, check if the container is alive. If it is not, it probably stopped on its own before we could send the signal, so don't error out. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #591 Approved by: rhatdan
* Only allocate tty when -tbaude2018-04-03
| | | | | | | | | | | In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it. Resolves: #573 Signed-off-by: baude <bbaude@redhat.com> Closes: #574 Approved by: rhatdan
* Stopping a stopped container should not be an errorbaude2018-04-03
| | | | | | | | | Resolves: #575 Signed-off-by: baude <bbaude@redhat.com> Closes: #588 Approved by: mheon
* Fix golintMatthew Heon2018-04-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #577 Approved by: rhatdan