summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Ensure that named volumes have their options parsedMatthew Heon2019-05-01
| | | | | | | This involves moving some code out of pkg/spec/ into util/ so it can also be used by libpod. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3025 from rhatdan/read-onlyOpenShift Merge Robot2019-04-29
|\ | | | | Add --read-only-tmpfs options
| * Add --read-only-tmpfs optionsDaniel J Walsh2019-04-26
| | | | | | | | | | | | | | | | | | | | | | The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp if the container is running int read-only mode. The default is true, so you would need to execute a command like --read-only --read-only-tmpfs=false to turn off this behaviour. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime: pass down the contextGiuseppe Scrivano2019-04-26
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | system: add new subcommand "migrate"Giuseppe Scrivano2019-04-26
| | | | | | | | | | | | | | | | | | | | | | it is useful to migrate existing containers to a new version of podman. Currently, it is needed to migrate rootless containers that were created with podman <= 1.2 to a newer version which requires all containers to be running in the same user namespace. Closes: https://github.com/containers/libpod/issues/2935 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3019 from mheon/system_eventsOpenShift Merge Robot2019-04-26
|\ \ | |/ |/| Add System event type and renumber, refresh events
| * Do not hard fail on non-decodable eventsMatthew Heon2019-04-26
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Add System event type and renumber, refresh eventsMatthew Heon2019-04-25
| | | | | | | | | | | | | | Also, re-add locking to file eventer Write() to protect against concurrent events. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | enable podman remote topbaude2019-04-25
|/ | | | | | | add the ability for the remote client to display a container's running processes. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3013 from mheon/logging_for_refreshOpenShift Merge Robot2019-04-25
|\ | | | | Logging for refresh
| * Add a debug message indicating that a refresh occurredMatthew Heon2019-04-25
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2850 from baude/eventsjournaldOpenShift Merge Robot2019-04-25
|\ \ | | | | | | journald event logging
| * | journald event loggingbaude2019-04-24
| |/ | | | | | | | | | | | | | | | | add the ability for podman to read and write events to journald instead of just a logfile. This can be controlled in libpod.conf with the `events_logger` attribute of `journald` or `file`. The default will be set to `journald`. Signed-off-by: baude <bbaude@redhat.com>
* | image: rework parent/child/history matchingNalin Dahyabhai2019-04-25
| | | | | | | | | | | | | | | | Rework our expectations of how images that are derived from each other look, so that we don't assume that an image that's derived from a base image always adds layers relative to that base image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | images: add context to GetParent/IsParent/Remove/Prune...Nalin Dahyabhai2019-04-25
|/ | | | | | | Add a context.Context parameter to Image.GetParent(), Image.IsParent(), Image.GetChildren(), Image.Remove(), and Runtime.PruneImages(). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Internal names do not match external namesDaniel J Walsh2019-04-18
| | | | | | | | | | We refer to the pause_image and pause_container in the libpod.conf description, but internally we had infra_image and infra_container. This means it the user made changes to the conf, it would not effect the actual tool using libpod. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman command --change CMDDaniel J Walsh2019-04-17
| | | | | | | | | | | | | | | | | | Currently in Docker if you commit with --change 'CMD a b c' The command that gets added is [/bin/sh -c "a b c"] If you commit --change 'CMD ["a","b","c"]' You get [a b c] This patch set makes podman match this behaviour. Similar change required for Entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2870 from rhatdan/changeOpenShift Merge Robot2019-04-15
|\ | | | | Validate ENV/LABEL Change options in varlink
| * Validate ENV/LABEL Change options in varlinkDaniel J Walsh2019-04-14
| | | | | | | | | | | | | | | | | | If you pass in an invalid CHANGE ENV or LABEL option without the "=" character podman crashes. I see that there were other problems with the handling of commit --change handling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2928 from giuseppe/fix-umountOpenShift Merge Robot2019-04-14
|\ \ | | | | | | oci: fix umount of /sys/kernel
| * | oci: fix umount of /sys/kernelGiuseppe Scrivano2019-04-14
| | | | | | | | | | | | | | | | | | | | | if the mount was already umounted as part of the cleanup (i.e. being a submount), the umount would fail. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2501 from mtrmac/fixed-hook-orderOpenShift Merge Robot2019-04-14
|\ \ \ | |_|/ |/| | RFC: Make hooks sort order locale-independent
| * | Potentially breaking: Make hooks sort order locale-independentMiloslav Trmač2019-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't sort OCI hooks using the locale collation order; it does not make sense for the same system-wide directory to be interpreted differently depending on the user's LC_COLLATE setting, and the language-specific collation order can even change over time. Besides, the current collation order determination code has never worked with the most common LC_COLLATE values like en_US.UTF-8. Ideally, we would like to just order based on Unicode code points to be reliably stable, but the existing implementation is case-insensitive, so we are forced to rely on the unicode case mapping tables at least. (This gives up on canonicalization and width-insensitivity, potentially breaking users who rely on these previously documented properties.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | Merge pull request #2912 from adrianreber/labelOpenShift Merge Robot2019-04-14
|\ \ \ | |_|/ |/| | Use the same SELinux label for CRIU log files
| * | Use the same SELinux label for CRIU log filesAdrian Reber2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | The SELinux label for the CRIU dump.log was explicitly set in Podman. The label for the restore.log, however, not. This just moves the code to label the log file into a function and calls that functions during checkpoint and restore. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #2913 from mheon/get_instead_of_lookupOpenShift Merge Robot2019-04-12
|\ \ \ | |/ / |/| | Use GetContainer instead of LookupContainer for full ID
| * | Use GetContainer instead of LookupContainer for full IDMatthew Heon2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All IDs in libpod are stored as a full container ID. We can get a container by full ID faster with GetContainer (which directly retrieves) than LookupContainer (which finds a match, then retrieves). No reason to use Lookup when we have full IDs present and available. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2895 from mheon/commit_no_default_include_volumesOpenShift Merge Robot2019-04-11
|\ \ \ | | | | | | | | Add --include-volumes flag to 'podman commit'
| * | | Add --include-volumes flag to 'podman commit'Matthew Heon2019-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'docker commit' will never include a container's volumes when committing, without an explicit request through '--change'. Podman, however, defaulted to including user volumes as image volumes. Make this behavior depend on a new flag, '--include-volumes', and make the default behavior match Docker. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2901 from mheon/improve_debug_on_cleanup_errOpenShift Merge Robot2019-04-11
|\ \ \ \ | | | | | | | | | | Expand debugging for container cleanup errors
| * | | | Expand debugging for container cleanup errorsMatthew Heon2019-04-11
| | |/ / | |/| | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2899 from giuseppe/prevent-sys-fs-kernel-paths-in-usernsOpenShift Merge Robot2019-04-11
|\ \ \ \ | |/ / / |/| | | userns: prevent /sys/kernel/* paths in the container
| * | | userns: prevent /sys/kernel/* paths in the containerGiuseppe Scrivano2019-04-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when we run in a user namespace, there are cases where we have not enough privileges to mount a fresh sysfs on /sys. To circumvent this limitation, we rbind /sys from the host. This carries inside of the container also some mounts we probably don't want to. We are also limited by the kernel to use rbind instead of bind, as allowing a bind would uncover paths that were not previously visible. This is a slimmed down version of the intermediate mount namespace logic we had before, where we only set /sys to slave, so the umounts done to the storage by the cleanup process are propagated back to the host. We also don't setup any new directory, so there is no additional cleanup to do. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / rootless: fix segfault on refresh if there are containersGiuseppe Scrivano2019-04-10
|/ / | | | | | | | | | | | | | | | | create immediately a namespace if we need a refresh. This is necessary to access the rootless storage. Closes: https://github.com/containers/libpod/issues/2894 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2892 from edsantiago/healthcheck_typo_fixOpenShift Merge Robot2019-04-10
|\ \ | | | | | | (minor): fix misspelled 'Healthcheck'
| * | (minor): fix misspelled 'Healthcheck'Ed Santiago2019-04-10
| | | | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #2880 from mheon/update_allowed_regex_errorOpenShift Merge Robot2019-04-10
|\ \ \ | |/ / |/| | Update invalid name errors to report the correct regex
| * | Update invalid name errors to report the correct regexMatthew Heon2019-04-09
| |/ | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2882 from baude/remotepsOpenShift Merge Robot2019-04-10
|\ \ | | | | | | podman-remote ps
| * | podman-remote psbaude2019-04-09
| |/ | | | | | | | | | | add the ability to run ps on containers using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* / Implement podman-remote rmJhon Honce2019-04-09
|/ | | | | | | | | * refactor command output to use one function * Add new worker pool parallel operations * Implement podman-remote umount * Refactored podman wait to use printCmdOutput() Signed-off-by: Jhon Honce <jhonce@redhat.com>
* add image rmi eventbaude2019-04-08
| | | | | | | when deleting a commited image, the path for deletion has an early exit and the image remove event was not being triggered. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2831 from baude/remotetreeOpenShift Merge Robot2019-04-04
|\ | | | | podman-remote image tree
| * podman-remote image treebaude2019-04-04
| | | | | | | | | | | | | | add the ability for the podman-remote client to be able to print an image tree. Signed-off-by: baude <bbaude@redhat.com>
* | Fix E2E testsMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Commit test is blatantly wrong and testing buggy behavior. We should be commiting the destination, if anything - and more likely nothing at all. When force-removing volumes, don't remove the volumes of containers we need to remove. This can lead to a chicken and the egg problem where the container removes the volume before we can. When we re-add volume locks this could lead to deadlocks. I don't really want to deal with this, and this doesn't seem a particularly harmful quirk, so we'll let this slide until we get a bug report. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Drop LocalVolumes from our the databaseMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Volume force-remove now removed dependent containersMatthew Heon2019-04-04
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add handling for new named volumes code in pkg/specMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Create non-existing named volumes at container createMatthew Heon2019-04-04
| | | | | | | | | | | | Replaces old functionality we used for handling image volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>