| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
When adding the HOSTNAME environment variable, only do so if it
is not already present in the spec. If it is already present, it
was likely added by the user, and we should honor their requested
value.
Fixes #8886
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
close journald when reading
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
when reading from journald, we need to close the journal handler for
events and logging.
Fixes: #8864
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Ensure we do not edit container config in Exec
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The existing code grabs the base container's process, and then
modifies it for use with the exec session. This could cause
errors in `podman inspect` or similar on the container, as the
definition of its OCI spec has been changed by the exec session.
The change never propagates to the DB, so it's limited to a
single process, but we should still avoid it when possible - so
deep-copy it before use.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Allow image errors to bubble up from lower level functions.
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Currently we ignore ErrMultipleImages being returned from findImageInRepoTags.
Fixes: https://github.com/containers/podman/issues/8868
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
so that the PIDFile can be accessed also without being in the rootless
user namespace.
Closes: https://github.com/containers/podman/issues/8506
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
exec: honor --privileged
|
| | |
| |
| |
| |
| |
| |
| | |
write the capabilities to the configuration passed to the OCI
runtime.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
The slirp4netns sandbox requires pivot_root
|
| | |/
| |
| |
| |
| |
| | |
Disable the sandbox, when running on rootfs
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \
| | |
| | | |
Add support for Gentoo file to package query
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
On Gentoo systems where `app-portage/gentoolkit` is installed the binary
`equery` is used to query for information on which package a file
belongs to.
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
|
| |/
|
|
|
|
|
| |
Per the conversation on pull/8724 I am consolidating filter logic
and helper functions under the pkg/domain/filters dir.
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| |\
| |
| | |
re-open container log files
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
when following container log files, if the file gets rotated due to
something like size limit, re-open it and keep following.
Fixes: #8733
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Pass down EnableKeyring from containers.conf to conmon
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have a new field in containers.conf that tells whether
or not we want to generate a new keyring in a container.
This field was being ignored. It now will be followed and
passed down to conmon.
Fixes: https://github.com/containers/podman/issues/8384
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Prefer read/write images over read/only images
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With additional stores there is a risk that you could have
multiple images with the same name. IE An older image in a
read/only store versus a newer version in the read/write store.
This patch will ignore multiple images with the same name iff
one is read/write and all of the others are read/only.
Fixes: https://github.com/containers/podman/issues/8176
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Spelling
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
| |\ \ \
| | | |
| | | | |
Fix missing options in volume's display while setting uid and gid
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
```
$ podman volume create testvol --opt o=uid=1001,gid=1001
$ ./bin/podman volume create testvol2 --opt o=uid=1001,gid=1001
$ podman volume inspect testvol
"Options": {},
$ podman volume inspect testvol2
"Options": {
"GID": "1001",
"UID": "1001",
"o": "uid=1001,gid=1001"
},
```
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
add pod filter for ps
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
adds the ability to filter containers based on the filter "pod". the
value can be a pod name or its full or partial id.
Fixes: #8512
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Add volume filters to system prune
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change was missed in pull/8689. Now that volume pruneing supports
filters system pruneing can pass its filters down to the volume
pruneing. Additionally this change adds tests for the following components
* podman system prune subcommand with `--volumes` & `--filter` options
* apiv2 api tests for `/system/` and `/libpod/system` endpoints
Relates to #8453, #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| |/
|
|
|
|
|
|
| |
When debugging issues, it would be helpful to know the
security settings of the system running into the problem.
Adding security info to `podman info` is also useful to users.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Don't accidently remove XDG_RUNTIME_DIR when reseting storage
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In certain cases XDG_RUNTIME_DIR was deleted by accident based on
settings in the storage.conf. This patch verifies that when doing
a storage reset, we don't accidently remove XDG_RUNTIME_DIR.
Fixes: https://github.com/containers/podman/issues/8680
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Always add the default gateway to the cni config file
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`podman network create` should always add a gateway to the cni config.
If no gateway is given use the first ip in the subnet. CNI does not require
the gateway field but we need it because of network inspect.
This worked with previous version but was dropped in Commit(e7a72d72fd59).
Fixes #8748
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
|
|
|
| |
- refactor package query logic to be package manager agnostic.
- `pacman -Qo` is the equivalent to `rpm -qf` [1].
[1] https://wiki.archlinux.org/index.php/Pacman/Rosetta#Querying_specific_packages
Signed-off-by: xatier <xatierlike@gmail.com>
|
| |
|
|
|
|
|
| |
Other log options are available so we need to add ability to look
up LogSize.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Change the log level when running as rootless when moving conmon to a
different cgroup.
Closes: https://github.com/containers/podman/issues/8721
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
podman events allow future time for --until
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The podman events aren't read until the given timestamp if the
timestamp is in the future. It just reads all events until now
and exits afterwards.
This does not make sense and does not match docker. The correct
behavior is to read all events until the given time is reached.
This fixes a bug where the wrong event log file path was used
when running first time with a new storage location.
Fixes #8694
This also fixes the events api endpoint which only exited when
an error occurred. Otherwise it just hung after reading all events.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
podman: drop checking valid rootless UID
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not check whether the specified ID is valid in the user namespace.
crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.
$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
10 0 1
[1] https://github.com/containers/crun/pull/556
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Add volume prune --filter support
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| |/
|
|
|
|
|
|
| |
Make the ContainerLogsOptions support two io.Writers,
one for stdout and the other for stderr. The logline already
includes the information to which Writer it has to be written.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
enable short-name aliasing
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Short-name aliasing was introduced with Podman 2.2 as an opt-in preview
by enabling an environment variable. Now, as we're preparing for the
3.0 release, we can enable short-name aliasing by default. Opting out
can be done by configuring the `registries.conf` config file.
Please refer to the following blog post for more details:
https://www.redhat.com/sysadmin/container-image-short-names
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Just checking for `rootless.IsRootless()` does not catch all the
cases where slirp4netns is in use - we actually allow it to be
used as root as well. Fortify the conditional here so we don't
fail in the root + slirp case.
Fixes #7883
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
Implement pod-network-reload
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
