summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Reveal information about container capabilitiesDaniel J Walsh2018-08-24
| | | | | | | | | | | I am often asked about the list of capabilities availabel to a container. We should be listing this data in the inspect command for effective capabilities and the bounding set. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1335 Approved by: TomSweeneyRedHat
* Vendor in latest projectatomic/buildahumohnani82018-08-23
| | | | | | | | | | Fixes to podman build for unknown image and ADD with url when doing --layers. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1330 Approved by: mheon
* Refactor error checking in With*NSFromPod optionshaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Support pause containers in varlinkhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Changed GetContainerStats to return ErrCtrStateInvalidhaircommander2018-08-23
| | | | | | | | | | | | | | This results in some functionality changes: If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats. As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur. GetContainerStats will return the ErrCtrStateInvalid as well. Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1319 Approved by: baude
* Add podman pod tophaircommander2018-08-23
| | | | | | | | | Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1298 Approved by: mheon
* Properly translate users into runc format for execMatthew Heon2018-08-23
| | | | | | | | | | | Runc exec expects the --user flag to be formatted as UID:GID. Use chrootuser code to translate whatever user is passed to exec into this format. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* Fixed segfault in stats where container had netNS none or from containerhaircommander2018-08-21
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1306 Approved by: rhatdan
* Make failure to retrieve individual ctrs/pods nonfatalMatthew Heon2018-08-17
| | | | | | | | | | | | This ensures that we can still use Podman even if a container or pod with bad config JSON makes it into the state. We still can't remove these containers, but at least we can do our best to make things usable. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1294 Approved by: rhatdan
* podman: fix --uts=hostGiuseppe Scrivano2018-08-17
| | | | | | | | | | | | | | | Do not set any hostname value in the OCI configuration when --uts=host is used and the user didn't specify any value. This prevents an error from the OCI runtime as it cannot set the hostname without a new UTS namespace. Differently, the HOSTNAME environment variable is always set. When --uts=host is used, HOSTNAME gets the value from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1280 Approved by: baude
* podman pod statsbaude2018-08-17
| | | | | | | | | add the ability to monitor container statistics in a pod. Signed-off-by: baude <bbaude@redhat.com> Closes: #1265 Approved by: rhatdan
* Change batchcontainer to sharedhaircommander2018-08-16
| | | | | | | | | To better reflect it's usage: to share functions between podman and varlink. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Moved getPodStatus to pod API to be used in varlinkhaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Fix build on non-Linux OSesMatthew Heon2018-08-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1266 Approved by: baude
* Create pod CGroups when using the systemd cgroup driverMatthew Heon2018-08-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1266 Approved by: baude
* Switch systemd default CGroup parent to machine.sliceMatthew Heon2018-08-15
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1266 Approved by: baude
* Updated pod_api to reflect function spechaircommander2018-08-14
| | | | | | | | | | Specifically, pod.Start() always returned CtrErrors, even if none failed. This cause podman start to not return the successfully started pod id. Also, pod.Kill() didn't return an error along with ctrErrors. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1272 Approved by: rhatdan
* Remove unused function in runtime.goMatthew Heon2018-08-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1264 Approved by: mheon
* Merge pull request #1254 from mheon/systemd_cgroups_defaultMatthew Heon2018-08-11
|\ | | | | Switch default CGroup manager to systemd
| * Swap default CGroup manager to systemdMatthew Heon2018-08-10
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Ensure pod inspect is locked and validity-checkedMatthew Heon2018-08-11
| | | | | | | | | | | | | | | | | | | | Also, don't return the internal podState struct - instead return a public inspect struct. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1258 Approved by: rhatdan
* | We need to sort mounts so that one mount does not over mount another.Daniel J Walsh2018-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1243 Approved by: mheon
* | Split pod.go into 3 filesMatthew Heon2018-08-10
| | | | | | | | | | | | | | | | | | | | | | This removes anything but structs and simple accessors from pod.go itself, which is a target file for FFJSON generation. This should reduce the amount of times FFJSON needs to run. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1247 Approved by: rhatdan
* | Make errors during refresh nonfatalMatthew Heon2018-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During refresh, we cannot hard-fail, as that would mean leaving a partially-configured state behind, leaving libpod unable to start without manual intervention. Instead, log errors refreshing individual containers and pods and continue. Individual containers and pods may be unusable and need to be removed manually, but libpod itself will continue to function. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1252 Approved by: rhatdan
* | Add batch check to container stats lockMatthew Heon2018-08-10
| | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1249 Approved by: rhatdan
* | removeContainer: fix deadlockValentin Rothberg2018-08-10
|/ | | | | | | | | | | | When checking if the container has already been removed, use c.state.HasContainer() instead of the runtime's API to avoid trying to take the already acquired lock. Fixes: #1245 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1251 Approved by: baude
* Add FFJSON generation to makefileMatthew Heon2018-08-09
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1240 Approved by: rhatdan
* Re-add FFJSON for container and pod structsMatthew Heon2018-08-09
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1240 Approved by: rhatdan
* Fixed a bug setting dependencies on the wrong containerhaircommander2018-08-09
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1244 Approved by: mheon
* Always connect to the stdout and stderr of streamDaniel J Walsh2018-08-09
| | | | | | | | | | | | | | If the stdout and stderr are not attach, podman will at least get a messsage that the container has completed and finish. This fixes the `podman run -a stdin fedora true` Hang issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1239 Approved by: mheon
* oci.go: syslog: fix debug formattingValentin Rothberg2018-08-09
| | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1242 Approved by: rhatdan
* add podman pod inspectbaude2018-08-09
| | | | | | | | | first pass of podman pod inspect Signed-off-by: baude <bbaude@redhat.com> Closes: #1236 Approved by: rhatdan
* Fix ambiguity in adding localhost to podman savehaircommander2018-08-08
| | | | | | | | | | | ...and some naming decisions. This change ensures podman save doesn't incorrectly prepend localhost when saving an image. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1140 Approved by: rhatdan
* Fix CGroupFS cgroup manager cgroup creation for podsMatthew Heon2018-08-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1237 Approved by: rhatdan
* Pass newly-added --log-level flag to ConmonMatthew Heon2018-08-08
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1232 Approved by: rhatdan
* Add dpkg support for returning oci/conmon versionsDaniel J Walsh2018-08-07
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1224 Approved by: baude
* Have info print conmon/oci runtime informationDaniel J Walsh2018-08-07
| | | | | | | | | We need into to identify the OCI runtime and conmon used by podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1224 Approved by: baude
* Better pull error for fully-qualified imagesbaude2018-08-06
| | | | | | | | | | | | | | | | | | | When pulling a fully-qualified image that fails, we should not be talking about registries/search registries in the the error message as it is not applicable. If a image that is fq'd and fails to pull, the error should be simplified. ``` $ sudo podman pull this-does-not-exist.example.com/foo Trying to pull this-does-not-exist.example.com/foo...Failed error pulling image "this-does-not-exist.example.com/foo": unable to pull this-does-not-exist.example.com/foo: unable to pull image, or you do not have pull access $ ``` Resolves: #1212 Signed-off-by: baude <bbaude@redhat.com> Closes: #1216 Approved by: mheon
* Add Runc and Conmon versions to Podman Versionbaude2018-08-05
| | | | | | | | | | It will be handy to know the runc and conmon versions as our code gets into the wild. Signed-off-by: baude <bbaude@redhat.com> Closes: #1207 Approved by: rhatdan
* clarify pull error messagebaude2018-08-02
| | | | | | | | | | | | | when pulling, we can fail to find an image (i.e. it doesn't exist) or we can not have authority/access to pull it. the registries don't tell us one way or another so the error message needs to cover both. Resolves #1194 Signed-off-by: baude <bbaude@redhat.com> Closes: #1195 Approved by: rhatdan
* Inline pullGoalNamesFromPossiblyUnqualifiedName into ↵Miloslav Trmač2018-08-02
| | | | | | | | | | | | | | | Runtime.pullGoalFromPossibly... Again, we only needed them split for tests; so, integrate them back. Then drop all remaining references to pullRefName and pullGoalNames, which are not used for anything. Should not change behavior Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon
* Replace getPullRefName by Runtime.getPullRefPairMiloslav Trmač2018-08-02
| | | | | | | | | | | | | | | | | | This more or less reverts 9c9401a96c0b7d43dcea19c2972ef9612cc0a136 "Replace getPullRefPair with getPullRefName"; now that tests don't require us to use pullRefName, move creation of storage references deeper into the calls stack to reduce string use. ir.getSinglePullRefNameGoal is accordingly updated to ir.getSinglePullRefPairGoal, and we need to add a ~duplicate singlePullRefPairGoal; that duplication of singlePullRefNameGoal will soon be resolved by dropping singlePullRefNameGoal. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon
* Inline pullGoalNamesFromImageReference back into ↵Miloslav Trmač2018-08-02
| | | | | | | | | | | | | | | | | | Runtime.pullGoalFromImageReference Now that we don't need a separate pullGoalNamesFromImageReference for running tests, inline it back. This forces us to add some glue code to getSinglePullRefNameGoal and to convert between pullGoal and *pullGoal; that is temporary and will be cleaned up soon. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon
* Introduce getSinglePullRefNameGoalMiloslav Trmač2018-08-02
| | | | | | | | | | | | | | | | | This merely wraps the > return singlePullRefNameGoal(getPullRefName(... reference)), nil pattern which is used for almost all getPullRefName uses. For now it seems not really worth it, but it will result in shorter code (and smaller migration) after we replace getPullRefName with getPullRefPair, which can fail, again - the pullGoalNamesFromImageReference will not have to add any error handling. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon
* Test Runtime.pullGoalFromPossiblyUnqualifiedName instead of pullGoalNameFrom...Miloslav Trmač2018-08-02
| | | | | | | | | | | | | | Similarly to pullGoalNamesFromImageReference, use a storage.Store and test the actually created references; that is more representative, and clearly shows the impact of further normalization in storageReference (like defaulting to :latest on NameOnly references). Only modifies tests, so does not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon
* Test Runtime.pullGoalFromImageReference instead of ↵Miloslav Trmač2018-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | pullGoalNamesFromImageReference pullGoalNamesFromImageReference has been added only to allow testing without a storage.Store, because I thought that a storage.Store can only be created by root. It turns out that non-root stores, at least good enough for reference parsing and formatting, are possible (and have existed in c/image/storage tests), so this creates such a store, and modifies the existing test to test the created c/image/storage.storageReference values instead of strings; that is more representative, and clearly shows the impact of further normalization in storageReference (like defaulting to :latest on NameOnly references). Eventually we will want to get rid of pullGoalNames / pullRefName. Only modifies tests, so does not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1198 Approved by: mheon