| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Add the ability to prune pods for api v2,
Includes the addition of force flag, for client side prompt.
Update test suite to support this use case.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
| |\
| |
| | |
image prune skips images with child images.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
While image build process, intermediate images are created.
These images are also used as cache images, used in rebuilding
same images. This fix the deletion of cache images.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| |\ \
| | |
| | | |
Fix the pod name passed to cni
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When creating a network we pass down a name which end up in the
K8S_POD_NAME argument to cni plugins. Currently this name is always
filled with the container name, so for pods it is the name of the
infra container, not really what one would expect.
This mess up with the dnsname plugin as it doesn't receive the pod
name in K8S_POD_NAME. To fix this pass the pod name when the container
is part of a pod, otherwise use the container name like before.
Signed-off-by: Alban Bedel <albeu@free.fr>
---
v2: Only call GetPod() when a pod id is set
|
| | | |
| | |
| | |
| | |
| | |
| | | |
rid ourseleves of libpod references in v2 client
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for selecting kvm and systemd labels
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order to better support kata containers and systemd containers
container-selinux has added new types. Podman should execute the
container with an SELinux process label to match the container type.
Traditional Container process : container_t
KVM Container Process: containre_kvm_t
PID 1 Init process: container_init_t
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add basic structure of output for APIv2 pod inspect
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will replace the structs in use in libpod, which cannot be
used as they are also directly involved in the database
representation of pods and cannot be moved out of Libpod.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix up SELinux labeling
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
SELinux label options processing fixes, should allow system tests to pass.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Adds ability to prune containers for v2.
Adds client side prompt with force flag and filters options to prune.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A few major fixes here:
- Support for attaching to Configured containers, to match Docker
behavior.
- Support for stream parameter has been improved (we now properly
handle cases where it is not set).
- Initial support for logs parameter has been added.
- Setting attach streams when the container has a terminal is now
supported.
- Errors are properly reported once the hijack has begun.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
userns: support --userns=auto
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
automatically pick an empty range and create an user namespace for the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podmanv2 ps
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
add the ability to list containers
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
the current implementation of info, while typed, is very loosely done so. we need stronger types for our apiv2 implmentation and bindings.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
add the ability to attach to a running container. the tunnel side of this is not enabled yet as we have work on the endpoints and plumbing to do yet.
add the ability to exec a command in a running container. the tunnel side is also being deferred for same reason.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
podmanv2 save image
|
| | |/
| |
| |
| |
| |
| | |
add ability to save an image for podman v2
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Prepare for crun checkpoint support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For (almost) all commands which podman passes on to a OCI runtime
XDG_RUNTIME_DIR is set to the same value. This does not happen for the
checkpoint command.
Using crun to checkpoint a container without this change will lead to
crun using XDG_RUNTIME_DIR of the currently logged in user and so it
will not find the container Podman wants to checkpoint.
This bascially just copies a few lines from on of the other commands to
handle 'checkpoint' as all the other commands.
Thanks to Giuseppe for helping me with this.
For 'restore' it is not needed as restore goes through conmon and for
calling conmon Podman already configures XDG_RUNTIME_DIR correctly.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman was checking if the runtime support checkpointing by running
'runtime checkpoint -h'. That works for runc.
crun, however, does not use '-h, --help' for help output but, '-?,
--help'.
This commit switches both checkpoint support detection from
'runtime checkpoint -h'
to
'runtime checkpoint --help'.
Podman can now correctly detect if 'crun' also support checkpointing.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| | |
| | | |
Pass path environment down to the OCI runtime
|
| | |/
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Fix/improve pkg/storage.InitFSMounts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of getting mount options from /proc/self/mountinfo, which is
very costly to read/parse (and can even be unreliable), let's use
statfs(2) to figure out the flags we need.
[v2: move getting default options to pkg/util, make it linux-specific]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
skip doing a socket shutdown on an error, since we are not sure the
socket was already closed and we end up using the wrong fd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
if the control path file is deleted, libpod hangs waiting for a reader
to open it. Attempt to open it as non blocking until it returns an
error different than EINTR or EAGAIN.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
enable podman load for v2
add reexec into main
add systemd build flag to v2 makefile
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/
|
|
|
|
| |
add the ability to list pods in podmanv2
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
cpu-share is 0 in docker inspect, see
https://github.com/moby/moby/issues/35452
This reverts commit eb229d526c04f17ca8b7e65abba745fd5b465a6c.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
| |\
| |
| | |
Update vendor of boltdb and containers/image
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
| |
Implement `podman pod top` for podmanV2.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
| |
vendor in c/common config pkg for containers.conf
Signed-off-by: Qi Wang qiwan@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
using the factory approach similar to container, we now create pods based on a pod spec generator. wired up the podmanv2 pod create command, podcreatewithspec binding, simple binding test, and apiv2 endpoint.
also included some code refactoring as it introduced as easy circular import.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The `pause:3.1` has wrong configs for non-amd64 images as they all claim
to be for amd64. The issue has now been fixed in the latest
`pause:3.2`.
[1] https://github.com/kubernetes/kubernetes/issues/87325
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
| |
add ability to inspect a container
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
Implement APIv2 Exec Create and Inspect Endpoints
|
| | |
| |
| |
| |
| |
| |
| | |
Also adds some basic tests for these two. More tests are needed
but will have to wait for state to be finished.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| | |
Start and Resize require further implementation work.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| | |
add a check for --enable-seccomp support in slirp4netns. If it is
supported, always enable it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We previously tried to send resize events only after the exec
session successfully started, which makes sense (we might drop an
event or two that came in before the exec session started
otherwise). However, the start function blocks, so waiting
actually means we send no resize events at all, which is
obviously worse than losing a few.. Sending resizes before attach
starts seems to work fine in my testing, so let's do that until we
get bug reports that it doesn't work.
Fixes #5584
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
| |
add volume commands: create, inspect, ls, prune, and rm
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
Attempt manual removal of CNI IP allocations on refresh
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We previously attempted to work within CNI to do this, without
success. So let's do it manually, instead. We know where the
files should live, so we can remove them ourselves instead. This
solves issues around sudden reboots where containers do not have
time to fully tear themselves down, and leave IP address
allocations which, for various reasons, are not stored in tmpfs
and persist through reboot.
Fixes #5433
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
