summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Change name of imageVolumes in container config JSONMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | Podman pre-1.8 also included a field with this name, which was a String. Podman 2.2.0 added a new field reusing the name but as a Struct. This completely broke JSON decode for pre-1.8 containers in Podman 2.2, resulting in completely broken behavior. Re-name the JSON field and add a note that the old name should not be re-used to prevent this problem from re-occurring. This will still result in containers from 2.2.0 being broken (specifically, containers with image volumes will have them disappear) but this is the lesser of two evils. Fixes #8613 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #8489 from ashley-cui/commonslirpOpenShift Merge Robot2020-12-05
|\ | | | | Add ability to set system wide options for slirp4netns
| * Add ability to set system wide options for slirp4netnsAshley Cui2020-12-04
| | | | | | | | | | | | Wire in containers.conf options for slirp Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #8494 from mlegenovic/masterOpenShift Merge Robot2020-12-04
|\ \ | | | | | | More docker compat API fixes
| * | More docker compat API fixesMilivoje Legenovic2020-12-04
| | | | | | | | | | | | | | | | | | Fixes wrong VirtualSize, ParentId, Architecture, Author, Os and OsVersion value Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ \ | |_|/ |/| | rewrite container copy
| * | rewrite podman-cpValentin Rothberg2020-12-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8476 from rhatdan/containerenvOpenShift Merge Robot2020-12-04
|\ \ | |/ |/| Add containerenv information to /run/.containerenv
| * Add containerenv information to /run/.containerenvDaniel J Walsh2020-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | We have been asked to leak some information into the container to indicate: * The name and id of the container * The version of podman used to launch the container * The image name and ID the container is based on. * Whether the container engine is running in rootless mode. Fixes: https://github.com/containers/podman/issues/6192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Drop default log-level from error to warnDaniel J Walsh2020-12-03
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our users are missing certain warning messages that would make debugging issues with Podman easier. For example if you do a podman build with a Containerfile that contains the SHELL directive, the Derective is silently ignored. If you run with the log-level warn you get a warning message explainging what happened. $ podman build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT --> 7a207be102a 7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e $ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/ STEP 1: FROM ubi8 STEP 2: SHELL ["/bin/bash", "-c"] STEP 3: COMMIT WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format --> 7bd96fd25b9 7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f These messages will no longer be lost, when we default to WARNing level. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8556 from mheon/fix_8539OpenShift Merge Robot2020-12-02
|\ | | | | Use Libpod tmpdir for pause path
| * Use Libpod tmpdir for pause pathMatthew Heon2020-12-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we always computed pause path from the Rootless runtime directory. Problem: this does not match the behavior of Libpod when the directory changes. Libpod will continue to use the previous directory, cached in the database; Pause pidfiles will swap to the new path. This is problematic when the directory needs to exist to write the pidfile, and Libpod is what creates the directory. There are two potential solutions - allow the pause pidfile to move and just make the directory when we want to write it, or use the cached Libpod paths for a guaranteed location. This patch does the second, because it seems safer - we will never miss a previously-existing pidfile because the location is now consistent. Fixes #8539 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8112 from QiWang19/load-optional-nameOpenShift Merge Robot2020-12-02
|\ \ | | | | | | Drop name argument from Load API
| * | Do not pass name argument to Load APIQi Wang2020-12-02
| | | | | | | | | | | | | | | | | | | | | Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image. Close #7337 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Add support for network idsPaul Holzinger2020-12-02
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The network ID is not stored. It is just the sha256 hash from the network name. There is a risk of a potential hash collision. However it's very unlikely and even if we hit this it will complain that more than network with this ID exists. The main benefit is that the compat api can have proper network ID support. Also this adds the support for `podman network ls --format "{{.ID}}"` and `--filter id=<ID>`. It also ensures that we can do network rm <ID> and network inspect <ID>. Since we use a hash this commit is backwards compatible even for already existing networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8457 from afbjorklund/bridge-mtuOpenShift Merge Robot2020-12-02
|\ \ | | | | | | Add podman network create flag for bridge mtu
| * | Validate that the bridge option is supportedAnders F Björklund2020-12-01
| | | | | | | | | | | | | | | | | | Thanks Luap99 for the validation suggestion Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Add podman network create option for bridge vlanAnders F Björklund2020-12-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Add podman network create option for bridge mtuAnders F Björklund2020-12-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #8357 from mheon/add_volume_interface_packageOpenShift Merge Robot2020-12-01
|\ \ \ | |/ / |/| | Add API for communicating with Docker volume plugins
| * | Add API for communicating with Docker volume pluginsMatthew Heon2020-12-01
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Docker provides extensibility through a plugin system, of which several types are available. This provides an initial library API for communicating with one type of plugins, volume plugins. Volume plugins allow for an external service to create and manage a volume on Podman's behalf. This does not integrate the plugin system into Libpod or Podman yet; that will come in subsequent pull requests. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #8505 from Luap99/network-labelsOpenShift Merge Robot2020-12-01
|\ \ | | | | | | podman network label support
| * | podman network label supportPaul Holzinger2020-11-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add label support for podman network create. Use the `args` field in the cni config file to store the podman labels. Use `podman_labels` as key name and store the labels as map[string]string. For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration Example snippet: ``` ... "args": { "podman_labels": { "key1":"value1", "key2":"value2" } } ... ``` Make podman network list support several filters. Supported filters are name, plugin, driver and label. Filters with different keys work exclusive. Several label filters work exclusive and the other filter keys are working inclusive. Also adjust the compat api to support labels in network create and list. Breaking changes: - podman network ls -f shortform is used for --filter instead --format This matches docker and other podman commands (container ps, volume ps) - libpod network list endpoint filter parameter is removed. Instead the filters paramter should be used as json encoded map[string][]string. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8426 from mheon/fix_infra_cmd_from_configOpenShift Merge Robot2020-12-01
|\ \ \ | |_|/ |/| | Do not ignore infra command from config files
| * | Do not ignore infra command from config filesMatthew Heon2020-11-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It looks like this was previously removed because the default hard-coded `/pause` so we would never take into account the image config. I've removed the default in c/common and re-added support to check config files. While we're at it, fix ENTRYPOINT support - we should not be setting this if we got ENTRYPOINT from the image. Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1853455 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8515 from baude/netconnectstateOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | network connect disconnect on non-running containers
| * | | network connect disconnect on non-running containersbaude2020-11-30
| |/ / | | | | | | | | | | | | | | | | | | a container can connect and disconnet to networks even when not in a running state. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ \ \ | | | | | | | | Remove varlink support from podman
| * | | Remove varlink support from PodmanDaniel J Walsh2020-11-26
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8475 from rhatdan/subscriptionsOpenShift Merge Robot2020-12-01
|\ \ \ | |_|/ |/| | Switch from pkg/secrets to pkg/subscriptions
| * | Switch from pkg/secrets to pkg/subscriptionsDaniel J Walsh2020-11-26
| |/ | | | | | | | | | | | | | | The buildah/pkg/secrts package was move to containers/common/pkg/subscriptions. Switch to using this by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8493 from Luap99/net-rm-macvlanOpenShift Merge Robot2020-11-28
|\ \ | | | | | | Fix problems with network remove
| * | Fix problems with network removePaul Holzinger2020-11-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | First, make sure we are only trying to remove the network interface if we are root. Second, if we cannot get the interface name (e.g macvlan config) then we should not fail. Just remove the config file. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | runtime: set XDG_* env variables if missingGiuseppe Scrivano2020-11-27
| |/ |/| | | | | | | | | | | | | regression introduced when moving to Podman 2.0. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1877228 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Not use local image create/add manifestQi Wang2020-11-24
|/ | | | | | | | Avoid using the image from load storage for `manifest create` and `manifest add` since the local image does not include other entries of the list from the registry. `--all` flag of `manifest create` and `manifest add` can not add all of the lists as expected. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #8467 from Luap99/fix-mac-custom-netOpenShift Merge Robot2020-11-24
|\ | | | | Fix custom mac address with a custom cni network
| * Fix custom mac address with a custom cni networkPaul Holzinger2020-11-24
| | | | | | | | | | | | | | | | | | | | | | The cni plugin `tuning` is required to set a custom mac address. This plugin is configured in the default cni config file which is packaged with podman but was not included the generated config form `podman network create`. Fixes #8385 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | update container status with new resultsbaude2020-11-23
| | | | | | | | | | | | | | | | | | a bug was being caused by the fact that the container network results were not being updated properly. given that jhon is on PTO, this PR will replace #8362 Signed-off-by: baude <bbaude@redhat.com>
* | Refactor compat container create endpointJhon Honce2020-11-23
|/ | | | | | | | | | | | * Make endpoint compatibile with docker-py network expectations * Update specgen helper when called from compat endpoint * Update godoc on types * Add test for network/container create using docker-py method * Add syslog logging when DEBUG=1 for tests Fixes #8361 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #8438 from MarcoPolo/marco/set-path-for-systemd-healthcheckOpenShift Merge Robot2020-11-23
|\ | | | | Set PATH env in systemd timer.
| * Set PATH env in systemd timer.Marco Munizaga2020-11-23
| | | | | | | | | | | | | | | | | | | | | | This fixes an issue where binaries that are in the path of the original podman process are not found in the transient systemd timer for healthchecks. This showed up for me on a NixOS machine since binaries are not installed in the usual places. Signed-off-by: Marco Munizaga <git@marcopolo.io>
* | Merge pull request #8451 from Luap99/fix-subnet-rangeOpenShift Merge Robot2020-11-23
|\ \ | | | | | | Fix ip-range for classless subnet masks
| * | Fix ip-range for classless subnet masksPaul Holzinger2020-11-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `LastIPInSubnet` function worked only for classful subnet masks (e.g. /8, /16, /24). For non standard subnet masks this returned the wrong ip address. This works now for all subnet mask. A unit test is added to ensure this. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8263 from rhatdan/restartOpenShift Merge Robot2020-11-23
|\ \ \ | |/ / |/| | Allow containers to --restart on-failure with --rm
| * | Allow containers to --restart on-failure with --rmDaniel J Walsh2020-11-20
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Make c.networks() list include the default networkMatthew Heon2020-11-20
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | This makes things a lot more clear - if we are actually joining a CNI network, we are guaranteed to get a non-zero length list of networks. We do, however, need to know if the network we are joining is the default network for inspecting containers as it determines how we populate the response struct. To handle this, add a bool to indicate that the network listed was the default network, and only the default network. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / fix container cgroup lookupValentin Rothberg2020-11-20
|/ | | | | | | | | | | | | When running on cgroups v1, `/proc/{PID}/cgroup` has multiple entries, each pointing potentially to a different cgroup. Some may be empty, some may point to parents. The one we really need is the libpod-specific one, which always is the longest path. So instead of looking at the first entry, look at all and select the longest one. Fixes: #8397 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8391 from baude/networkconnectdisconnectOpenShift Merge Robot2020-11-19
|\ | | | | add network connect|disconnect compat endpoints
| * add network connect|disconnect compat endpointsbaude2020-11-19
| | | | | | | | | | | | | | | | | | | | | | this enables the ability to connect and disconnect a container from a given network. it is only for the compatibility layer. some code had to be refactored to avoid circular imports. additionally, tests are being deferred temporarily due to some incompatibility/bug in either docker-py or our stack. Signed-off-by: baude <bbaude@redhat.com>
* | Align the podman pod ps --filter behavior with podman psPaul Holzinger2020-11-18
| | | | | | | | | | | | | | | | | | Filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive. Also update the documentation with the new behavior. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>