| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman pre-1.8 also included a field with this name, which was a
String. Podman 2.2.0 added a new field reusing the name but as a
Struct. This completely broke JSON decode for pre-1.8 containers
in Podman 2.2, resulting in completely broken behavior.
Re-name the JSON field and add a note that the old name should
not be re-used to prevent this problem from re-occurring. This
will still result in containers from 2.2.0 being broken
(specifically, containers with image volumes will have them
disappear) but this is the lesser of two evils.
Fixes #8613
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Add ability to set system wide options for slirp4netns
|
| |
| |
| |
| |
| |
| | |
Wire in containers.conf options for slirp
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
More docker compat API fixes
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
|\ \ \
| |_|/
|/| | |
rewrite container copy
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Add containerenv information to /run/.containerenv
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have been asked to leak some information into the container
to indicate:
* The name and id of the container
* The version of podman used to launch the container
* The image name and ID the container is based on.
* Whether the container engine is running in rootless mode.
Fixes: https://github.com/containers/podman/issues/6192
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Use Libpod tmpdir for pause path
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we always computed pause path from the Rootless
runtime directory. Problem: this does not match the behavior of
Libpod when the directory changes. Libpod will continue to use
the previous directory, cached in the database; Pause pidfiles
will swap to the new path. This is problematic when the directory
needs to exist to write the pidfile, and Libpod is what creates
the directory.
There are two potential solutions - allow the pause pidfile to
move and just make the directory when we want to write it, or use
the cached Libpod paths for a guaranteed location. This patch
does the second, because it seems safer - we will never miss a
previously-existing pidfile because the location is now
consistent.
Fixes #8539
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
Drop name argument from Load API
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close #7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | | |
Add podman network create flag for bridge mtu
|
| | |
| | |
| | |
| | |
| | |
| | | |
Thanks Luap99 for the validation suggestion
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|\ \ \
| |/ /
|/| | |
Add API for communicating with Docker volume plugins
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Docker provides extensibility through a plugin system, of which
several types are available. This provides an initial library API
for communicating with one type of plugins, volume plugins.
Volume plugins allow for an external service to create and manage
a volume on Podman's behalf.
This does not integrate the plugin system into Libpod or Podman
yet; that will come in subsequent pull requests.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| | |
| | | |
podman network label support
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config
https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| |_|/
|/| | |
Do not ignore infra command from config files
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It looks like this was previously removed because the default
hard-coded `/pause` so we would never take into account the image
config. I've removed the default in c/common and re-added support
to check config files.
While we're at it, fix ENTRYPOINT support - we should not be
setting this if we got ENTRYPOINT from the image.
Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1853455
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
network connect disconnect on non-running containers
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
a container can connect and disconnet to networks even when not in a
running state.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Remove varlink support from podman
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Switch from pkg/secrets to pkg/subscriptions
|
| |/
| |
| |
| |
| |
| |
| |
| | |
The buildah/pkg/secrts package was move to
containers/common/pkg/subscriptions.
Switch to using this by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Fix problems with network remove
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
First, make sure we are only trying to remove the network
interface if we are root.
Second, if we cannot get the interface name (e.g macvlan config)
then we should not fail. Just remove the config file.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
regression introduced when moving to Podman 2.0.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1877228
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
Avoid using the image from load storage for `manifest create` and `manifest add`
since the local image does not include other entries of the list from the registry.
`--all` flag of `manifest create` and `manifest add` can not add all of the lists as expected.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\
| |
| | |
Fix custom mac address with a custom cni network
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The cni plugin `tuning` is required to set a custom mac address.
This plugin is configured in the default cni config file which is
packaged with podman but was not included the generated config form
`podman network create`.
Fixes #8385
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
a bug was being caused by the fact that the container network results
were not being updated properly.
given that jhon is on PTO, this PR will replace #8362
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes #8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
Set PATH env in systemd timer.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes an issue where binaries that are in the path of the original
podman process are not found in the transient systemd timer for
healthchecks.
This showed up for me on a NixOS machine since binaries are not installed
in the usual places.
Signed-off-by: Marco Munizaga <git@marcopolo.io>
|
|\ \
| | |
| | | |
Fix ip-range for classless subnet masks
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `LastIPInSubnet` function worked only for classful subnet
masks (e.g. /8, /16, /24). For non standard subnet masks this
returned the wrong ip address.
This works now for all subnet mask. A unit test is added to
ensure this.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| |/ /
|/| | |
Allow containers to --restart on-failure with --rm
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes things a lot more clear - if we are actually joining a
CNI network, we are guaranteed to get a non-zero length list of
networks.
We do, however, need to know if the network we are joining is the
default network for inspecting containers as it determines how we
populate the response struct. To handle this, add a bool to
indicate that the network listed was the default network, and
only the default network.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
When running on cgroups v1, `/proc/{PID}/cgroup` has multiple entries,
each pointing potentially to a different cgroup. Some may be empty,
some may point to parents.
The one we really need is the libpod-specific one, which always is the
longest path. So instead of looking at the first entry, look at all and
select the longest one.
Fixes: #8397
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
add network connect|disconnect compat endpoints
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Filters with the same key work inclusive with the only exception being
`label` which is exclusive. Filters with different keys always work exclusive.
Also update the documentation with the new behavior.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|