summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #1158 from mheon/prevent_multiple_boltdb_connsMatthew Heon2018-07-26
|\ | | | | Add a mutex to BoltDB state to prevent lock issues
| * Add a mutex to BoltDB state to prevent lock issuesMatthew Heon2018-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081, POSIX file advisory locks are unsafe to use within a single process if multiple file descriptors are open for the same file. Unfortunately, this has a strong potential to happen for multithreaded usage of libpod, and could result in DB corruption. To prevent this, wrap all access to BoltDB within a single libpod instance in a mutex to ensure concurrent access cannot occur. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Added pod restarthaircommander2018-07-25
| | | | | | | | | | | | | | | | | | With tests, man page and completions. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* | Added pod.Restart() functionality to libpod.haircommander2018-07-25
|/ | | | | | | | | | | Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function. Refactored startNode to be able to either start or restart a node. Built pod Restart() with new startNode with refresh true. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1152 Approved by: rhatdan
* Update comments in BoltDB and In-Memory statesMatthew Heon2018-07-24
| | | | | | | Better explain the inner workings of both state types in comments to make reviews and changes easier. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add missing runtime.go lines to set namespaceMatthew Heon2018-07-24
| | | | | | Also add namespace to inspect output to verify its presence Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Address first round of review commentsMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Set namespace for new pods/containers based on runtimeMatthew Heon2018-07-24
| | | | | | | | New containers and pods will default to the namespace of the runtime, but this can be overridden by With... options if desired. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add --namespace flag to PodmanMatthew Heon2018-07-24
| | | | | | | Allows joining libpod to a specific namespace when running a Podman command. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update documentation for the State interfaceMatthew Heon2018-07-24
| | | | | | | Include details on how namespaces interact with the state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Ensure pods are part of the set namespace when addedMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Enforce namespace checks on container addMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add tests for state namespacingMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add namespaces to in memory stateMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Untested implementation of namespaced BoltDB accessMatthew Heon2018-07-24
| | | | | | | | | | | All BoltDB access and update functions now understand namespaces. Accessing containers outside of your namespace will produce errors, except for Lookup and All functions, which will perform their tasks only on containers within your namespace. The "" namespace remains a reserved, no-restrictions namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add constraint that dependencies must be in the same nsMatthew Heon2018-07-24
| | | | | | | Dependency containers must be in the same namespace, to ensure there are never problems resolving a dependency. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add namespaces and initial constraints to databaseMatthew Heon2018-07-24
| | | | | | | | Add basic awareness of namespaces to the database. As part of this, add constraints so containers can only be added to pods in the same namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add container and pod namespaces to configsMatthew Heon2018-07-24
| | | | | | | Libpod namespaces are a way to logically separate groups of pods and containers within the state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update container Mounted() and Mountpoint() functionsMatthew Heon2018-07-24
| | | | | | | | | | | | | | | | Addresses a regression in `podman mount` due to our mount changes to allow concurrency by letting c/storage handle mounting and unmounting. Combine Mounted() and Mountpoint() into one function and query c/storage directly to ensure we get accurate information. Fixes: #1143 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1144 Approved by: baude
* Use the result of reference.Parse when checking for digests.Miloslav Trmač2018-07-23
| | | | | | | | | | | | No need to do a separate string search when reference.Parse has already determined this. Changes behavior: non-SHA256 digest formats are now recognized as well. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Make refNamesFromPossiblyUnqualifiedName independent from ImageMiloslav Trmač2018-07-23
| | | | | | | | | | | ... which finally makes it very easy to add comprehensive tests; so do that. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Make Image.HasShaInInputName to an independent local functionMiloslav Trmač2018-07-23
| | | | | | | | | | | | The functionality only depends on Image.InputName, and we will want to make the only user of this independent of the fairly complex Image type. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split createNamesToPull into ref{Names,Pairs}FromPossiblyUnqualifiedNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | | | One part creates []*pullRefName; the other just trivially converts it into []*pullRefPair. Also use much more explicit names to explain the functionality. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename local variables in Runtime.pullRefPairsFromRefNamesMiloslav Trmač2018-07-23
| | | | | | | | | | | ... to be more conventional. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split Runtime.pullRefPairsFromRefNames from Image.createNamesToPullMiloslav Trmač2018-07-23
| | | | | | | | | | | This will have another user shortly. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename nameToPull to pullRefNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | We will use it not only in createNamesToPull, but also in getPullListFromRef soon. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename pullStruct to pullRefPairMiloslav Trmač2018-07-23
| | | | | | | | | | | | "Struct" is meaningless, and we will need the "reference pair" mentioned to distinguish srcRef+dstRef from srcRef+dstName. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Replace optional nameToPull.shaPullName with mandatory dstNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | | This consolidates the shaPullName logic into a single place, (and eliminates the unclear shaPullName member name completely). The resulting nameToPull will shortly be more generally useful. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Introduce nameToPull, move shaPullName in thereMiloslav Trmač2018-07-23
| | | | | | | | | | | | | | | | | shaPullName is only used internally in createNamesToPull; so, introduce a nameToPull as a variant of pullStruct which has shaPullName (and does not have destRef). Eventually, we want to split pullStruct preparation into easily-testable store-independent name preparation, and a store-dependent and difficult-to-test but trivial conversion using StorageTransport.ParseStoreReference. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split normalizeTag from Image.TagImageMiloslav Trmač2018-07-23
| | | | | | | | | | | ... so that it can be tested without side effects, and add the tests. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Remove Image.isShortNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | It has no users, and it depends on the incorrect imageParts.hasRegistry. So, just drop it instead of worrying whether it is OK to change its semantics. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Inline getTags into its only userMiloslav Trmač2018-07-23
| | | | | | | | | | | | This also eliminates a duplicate call to reference.Parse() and removes an impossible erorr path. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Add unit tests for imagePartsMiloslav Trmač2018-07-23
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Merge pull request #1103 from haircommander/load_dockerlessMatthew Heon2018-07-20
|\ | | | | Podman load/tag/save prepends localhost when no registry is present
| * Podman load/tag/save prepend localhost when no repository is presenthaircommander2018-07-20
| | | | | | | | | | | | Instead of having docker.io/library as its repository. Test included. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1104 from rhatdan/mountingMatthew Heon2018-07-20
|\ \ | | | | | | Let containers/storage keep track of mounts
| * | Let containers/storage keep track of mountsDaniel J Walsh2018-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we unmount storage that is still in use. We should not be unmounting storeage that we mounted via a different command or by podman mount. This change relies on containers/storage to umount keep track of how many times the storage was mounted before really unmounting it from the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | pull: get registries using the registries pkgGiuseppe Scrivano2018-07-20
| |/ |/| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-top: use containers/psgoValentin Rothberg2018-07-19
|/ | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Vendor in latest code for storage,image, buildahDaniel J Walsh2018-07-19
| | | | | | | | | | | vendor in containers/storage vendor in containers/image vendor in projectatomic/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1114 Approved by: mheon
* Abort a test on nil containers, so that future tests don't panicMiloslav Trmač2018-07-19
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Fix TestPostDeleteHooks on macOSMiloslav Trmač2018-07-19
| | | | | | | | | os.TempDir() is /var/folders/.../T/ on macOS, not /tmp. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Use `...` for a regexp constant to improve readabilityMiloslav Trmač2018-07-19
| | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* oci: keep exposed ports busy and leak the fd into conmonGiuseppe Scrivano2018-07-19
| | | | | | | | | | | | | Bind all the specified TCP and UDP ports so that another process cannot reuse them. The fd of the listener is then leaked into conmon so that the socket is kept busy until the container exits. Closes: https://github.com/projectatomic/libpod/issues/210 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1100 Approved by: mheon
* Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * runtime: delete unused functionGiuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-06 14:35:26 +0000