summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* networking.go tweak iptables functionsbaude2018-03-03
| | | | | | | | | | Took duplicated code and merged it into the helper function so only a single exec was executed. Signed-off-by: baude <bbaude@redhat.com> Closes: #446 Approved by: mheon
* allow DNS resolution in containersbaude2018-03-02
| | | | | | | | | | | Until https://github.com/containernetworking/plugins/pull/75 is merged upstream, we are using iptables to manually allow DNS resolution in containers that run bridged mode networking. We also remove the rule in the networkwork tear down. Resolves issue: #390 Signed-off-by: baude <bbaude@redhat.com>
* Disable FFJSON for container structsMatthew Heon2018-03-02
| | | | | | | | | We were seeing unmarshal segfaults with it on Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Fix SQL syntax errorMatthew Heon2018-03-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Remove unused existing IP addresses functionMatthew Heon2018-03-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Use more reliable function for parsing CNI resultMatthew Heon2018-03-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Update DB to hold CNI network informationMatthew Heon2018-03-02
| | | | | | | | | | | Replace our old IP and Subnet fields in state with CNI types that contain a lot more information. Retrieve these structs from the CNI plugins themselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #440 Approved by: baude
* Include error in error messageMatthew Heon2018-03-02
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #438 Approved by: rhatdan
* Instead of erroring on exit file not being found, warnMatthew Heon2018-03-02
| | | | | | | | | | | Erroring can cause us to get into an state where a container which has no exit file cannot be shown in PS, cannot be removed, etc. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #438 Approved by: rhatdan
* Replace usage of runc with runtimeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Convert exec session tracking to use a dedicated structMatthew Heon2018-03-01
| | | | | | | | | | | This will behave better if we need to add anything to it at a later date - we can add fields to the struct without breaking existing BoltDB databases. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix gofmt & golintMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Relax locking in Exec()Matthew Heon2018-03-01
| | | | | | | | | | | This allows containers to be used by `ps` and other commands while they have ongoing exec sessions. Concurrent exec should also work but is not tested. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Handle removing containers with active exec sessionsMatthew Heon2018-03-01
| | | | | | | | | | | | | For containers without --force set, an error will be returned For containers with --force, all pids in the container will be stopped, first with SIGTERM and then with SIGKILL after a timeout (this mimics the behavior of stopping a container). Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Ensure that Cleanup() will not run on active containersMatthew Heon2018-03-01
| | | | | | | | | | This ensures that containers with active exec sessions will not have storage unmounted under them or network namespaces destroyed Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for exec session IDsMatthew Heon2018-03-01
| | | | | | | | | | | Exec sessions now have an ID generated and assigned to their PID and stored in the database state. This allows us to track what exec sessions are currently active. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Remove now-unused runc launch codeMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Rework exec to enable splitting to retrieve exec PIDMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Add tracking for container exec sessions to DBMatthew Heon2018-03-01
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Small fixes to container ExecMatthew Heon2018-03-01
| | | | | | | | | | Fix an error message, and always set Privileged if the container is also privileged. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #412 Approved by: baude
* Fix checks for configuration keys in the DBMatthew Heon2018-03-01
| | | | | | | | | | | | | | | | Currently, we will error if the DB is configured with the default containers/storage config, and then opened by a libpod which has explicitly set the defaults. This is due to us using an empty config by default (to tell c/storage to use its defaults). This patch changes our handling so that unset storage config (using the default) and explicitly setting the defaults are both compatible. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #423 Approved by: baude
* podman info add registriesbaude2018-02-28
| | | | | | | | | | | | add registries and insecure registries to the podman info output. this gives us some capatibility with other container runtimes. Resolves issue #420 Signed-off-by: baude <bbaude@redhat.com> Closes: #422 Approved by: mheon
* Tweak info time formatTomSweeneyRedHat2018-02-28
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #397 Approved by: rhatdan
* podman stats add networkingbaude2018-02-28
| | | | | | | | | | | | | Add networking information to podman stats output. Also correct an issue filed where memory constraints of the cgroup were not reflected in the stats output. And finally, fix issue with PID count. Resolves issue #364 Signed-off-by: baude <bbaude@redhat.com> Closes: #417 Approved by: mheon
* CNIPluginDir: check "/usr/lib/cni"Valentin Rothberg2018-02-28
| | | | | | | | | | | Also consider "/usr/lib/cni" as a potential directory for CNI plugins. On some distributions, e.g., on openSUSE, %{_libexecdir} evaluates to "/usr/lib". Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #416 Approved by: mheon
* Restrict top output to container's pids onlybaude2018-02-26
| | | | | | | | | | | | | Due to the way ps arguments work, it was possible to display pids that dont below to the container in top output. We now filter pids that dont belong to the container out of the output. This also means the pid column must be present in the output or we throw an error. This resolves issue #391 Signed-off-by: baude <bbaude@redhat.com> Closes: #400 Approved by: rhatdan
* podman load dont panic when no repotagsbaude2018-02-26
| | | | | | | | | | | | | When performing a podman load, if there were no repotags in the image, podman would panic. In the case that the incoming image does have repotags, it should be imported as a none:none image so it can still be used by the user. Resolves issue #403 Signed-off-by: baude <bbaude@redhat.com> Closes: #405 Approved by: baude
* Add ubuntu pathsbaude2018-02-26
| | | | | | | | | | | The packages in Lokesh's ppa that is currently used for podman puts the conmon and runc binaries in /usr/lib/crio/bin/conmon and /usr/lib/cri-o-runc/sbin/runc respectively. Signed-off-by: baude <bbaude@redhat.com> Closes: #406 Approved by: baude
* Do not override user mountsbaude2018-02-26
| | | | | | | | | | | | Podman should not override users mounts with default mounts for /etc/hostname, /etc/resolv.conf, and /etc/hosts. Resolves issue #388 Signed-off-by: baude <bbaude@redhat.com> Closes: #401 Approved by: mheon
* Address review commentsbaude2018-02-24
| | | | | | | | | Review comments to delete WithNoNew function and its append. Signed-off-by: baude <bbaude@redhat.com> Closes: #369 Approved by: rhatdan
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* CreateContainerStorage by image idbaude2018-02-23
| | | | | | | | | | | When creating container storage by name, if that name is a tagged image then the storage could not be found. We now use the image id which seems more reliable. Also added an integration test to protect against regression. Signed-off-by: baude <bbaude@redhat.com> Closes: #393 Approved by: mheon
* Move Hostname accessor to more logical placeMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Refactor spec generation in libpod into a functionMatthew Heon2018-02-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #386 Approved by: baude
* Remove No New Privs from DB as it's already in the specMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #383 Approved by: rhatdan
* Add accessors to all container config and state fieldsMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #381 Approved by: rhatdan
* Implement --image-volumes for create and runumohnani82018-02-22
| | | | | | | | | | | | | | --image-volumes tells podman what to do with the image volumes in the image config There are 3 options: bind, tmpfs, and ignore bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir and bind mounts it into the container at /vol-dir tmpfs mounts /vol-dir as a tmps into the container ignore doesn't mount the image volumes onto the container Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #377 Approved by: rhatdan
* Remove unnecessary booleansMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Make operations on pod containers as a group independentMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Fix gofmtMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add ability to start containers in a podMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add kill and stop for podsMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Add pod status commandMatthew Heon2018-02-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #361 Approved by: rhatdan
* Push up createConfig.CgroupParent processing to parentJhon Honce2018-02-22
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Corrected commentJhon Honce2018-02-22
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Implement podman run option --cgroup-parentJhon Honce2018-02-22
| | | | | | | | | | | Example: sudo /usr/local/bin/podman run --cgroup-parent=/zzz fedora cat /proc/self/cgroup Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #370 Approved by: rhatdan
* Performance enhancement for podman imagesbaude2018-02-20
| | | | | | | | | | | | | Previous code was using slow routines to collect some of the information needed to output images. Specifically size was being calculated instead of using the cached, already known size already available. Also, straight- lined several of the code paths. Overall assessment is that these improvements cut the time for images in half. Signed-off-by: baude <bbaude@redhat.com> Closes: #365 Approved by: mheon
* Ensure we don't repeatedly poll disk for exit codesMatthew Heon2018-02-20
| | | | | | | | | | | | Change logic for refreshing our state using runc to only poll for conmon exit files when we first transition to the Stopped state. After that, we should already have the exit code stored in the database, so we don't need to look it up again. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #363 Approved by: TomSweeneyRedHat