summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #2658 from mheon/sctpOpenShift Merge Robot2019-03-16
|\ | | | | Add support for SCTP port forwarding
| * Add support for SCTP port forwardingMatthew Heon2019-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SCTP is already present and enabled in the CNI plugins, so all we need to do to add support is not error on attempting to bind ports to reserve them. I investigated adding this binding for SCTP, but support for SCTP in Go is honestly a mess - there's no widely-supported library for doing it that will do what we need. For now, warn that port reservation for SCTP is not supported and forward the ports. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2675 from giuseppe/rootless-use-readable-path-for-conmonOpenShift Merge Robot2019-03-16
|\ \ | | | | | | rootless: change default path for conmon.pid
| * | rootless: change default path for conmon.pidGiuseppe Scrivano2019-03-15
| |/ | | | | | | | | | | | | | | | | | | | | | | We cannot use the RunDir for writing the conmon.pid file as we might not be able to read it before we join a namespace, since it is owned by the root in the container which can be a different uid when using uidmap. To avoid completely the issue, we will just write it to the static dir which is always readable by the unprivileged user. Closes: https://github.com/containers/libpod/issues/2673 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Make sure buildin volumes have the same ownership and permissions as imageDaniel J Walsh2019-03-15
|/ | | | | | | | | | | | When creating a new image volume to be mounted into a container, we need to make sure the new volume matches the Ownership and permissions of the path that it will be mounted on. For example if a volume inside of a containre image is owned by the database UID, we want the volume to be mounted onto the image to be owned by the database UID. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2617 from giuseppe/fix-with-configOpenShift Merge Robot2019-03-15
|\ | | | | runtime: fill the runtime config with sane defaults
| * rootless: do not override user settingsGiuseppe Scrivano2019-03-15
| | | | | | | | | | | | | | | | | | if the settings are available in the user config file, do not override them with the global configuration. Closes: https://github.com/containers/libpod/issues/2614 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * runtime: refactor NewRuntime and NewRuntimeFromConfigGiuseppe Scrivano2019-03-15
| | | | | | | | | | | | | | | | | | | | we had two functions NewRuntimeFromConfig and NewRuntime that differed only for the config file they use. Move comon logic to newRuntimeFromConfig and let it lookup the configuration file to use when one is not specified. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * events: use os.SEEK_END instead of its valueGiuseppe Scrivano2019-03-15
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | container: check containerInfo.Config before accessing itGiuseppe Scrivano2019-03-15
|/ | | | | | | | | check that containerInfo.Config is not nil before trying to access it. Closes: https://github.com/containers/libpod/issues/2654 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: fix CI regression when using slirp4netnsGiuseppe Scrivano2019-03-14
| | | | | | | | | | Older versions of slirp4netns do not have the --disable-host-loopback flag. Remove the check once we are sure the updated version is available everywhere. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1642 from kunalkushwaha/image-treeOpenShift Merge Robot2019-03-14
|\ | | | | Tree implementation for podman images
| * Tree implementation for podman imagesKunal Kushwaha2019-03-14
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
* | slirp4netns: use --disable-host-loopbackGiuseppe Scrivano2019-03-14
| | | | | | | | | | | | Closes: https://github.com/containers/libpod/issues/2642 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | slirp4netns: set mtu to 65520Giuseppe Scrivano2019-03-14
| | | | | | | | | | | | | | | | | | | | it improves significantly the performance of the slirp4netns network: https://github.com/rootless-containers/slirp4netns/tree/777bdccceffa5bee38dbfd9eefc06628cc160ff6#iperf3-netns---host Closes: https://github.com/containers/libpod/issues/1732 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2621 from mheon/event_on_deathOpenShift Merge Robot2019-03-13
|\ \ | | | | | | Add event on container death
| * | Add event on container deathMatthew Heon2019-03-13
| |/ | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2622 from baude/protectdarwinOpenShift Merge Robot2019-03-13
|\ \ | | | | | | Add gating tasks
| * | Add gating tasksbaude2019-03-13
| |/ | | | | | | | | | | | | | | | | | | | | to protect against regressions, we need to add a few gating tasks: * build with varlink * build podman-remote * build podman-remote-darwin we already have a gating task for building without varlink Signed-off-by: baude <bbaude@redhat.com>
* / Vendor docker/docker, fsouza and more #2TomSweeneyRedHat2019-03-13
|/ | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Vendors in fsouza/docker-client, docker/docker and a few more related. Of particular note, changes to the TweakCapabilities() function from docker/docker along with the parse.IDMappingOptions() function from Buildah. Please pay particular attention to the related changes in the call from libpod to those functions during the review. Passes baseline tests.
* Merge pull request #2562 from baude/healtcheckphase2OpenShift Merge Robot2019-03-12
|\ | | | | healthcheck phase 2
| * healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2585 from giuseppe/build-honor-netOpenShift Merge Robot2019-03-12
|\ \ | | | | | | build: honor --net
| * | slirp4netns: add builtin DNS server to resolv.confGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ \ | | | | | | | | Add event logging to libpod, even display to podman
| * | | Add event logging to libpod, even display to podmanbaude2019-03-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* | | | Ensure that tmpfs mounts do not have symlinksMatthew Heon2019-03-11
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting a tmpfs, runc attempts to make the directory it will be mounted at. Unfortunately, Golang's os.MkdirAll deals very poorly with symlinks being part of the path. I looked into fixing this in runc, but it's honestly much easier to just ensure we don't trigger the issue on our end. Fixes BZ #1686610 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Buffer stdin to a file when importing "-"Nalin Dahyabhai2019-03-11
|/ / | | | | | | | | | | | | | | When importing an image from a file somewhere, we already know how to download data from a URL to a file, so do the same for stdin, in case it's unexpectedly large. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ \ | | | | | | rootless: fix stop and rm when the container is running with uid != 0
| * | errors: fix error cause comparisonGiuseppe Scrivano2019-03-11
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2538 from giuseppe/slirp4netns-pathOpenShift Merge Robot2019-03-11
|\ \ | | | | | | libpod: allow to configure path to the slirp4netns binary
| * | libpod: allow to configure path to the network-cmd binaryGiuseppe Scrivano2019-03-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | allow to configure the path to the network-cmd binary, either via an option flag --network-cmd-path or through the libpod.conf configuration file. This is currently used to customize the path to the slirp4netns binary. Closes: https://github.com/containers/libpod/issues/2506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / pull: promote debug statement to errorGiuseppe Scrivano2019-03-11
|/ | | | | | print an error if there is any failure pulling an image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix generation of infra container commandMatthew Heon2019-03-10
| | | | | | | | | | | | When sourcing from an image, we need to grab its entrypoint first and then add command on to mimic the behavior of Docker. The default Kube pause image just sets ENTRYPOINT, and not CMD, so nothing changes there, but this ought to fix other images (for example, nginx would try to run the pause command instead of an nginx process without this patch) Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Remove an unused if statement I addedMatthew Heon2019-03-10
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Don't delete another container's resolv and hosts filesMatthew Heon2019-03-10
| | | | | | | | | | | The logic of deleting and recreating /etc/hosts and /etc/resolv.conf only makes sense when we're the one that creates the files - when we don't, it just removes them, and there's nothing left to use. Fixes #2602 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix a potential segfault during infra container createMatthew Heon2019-03-10
| | | | | | | | | I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2516 from rhatdan/secretsOpenShift Merge Robot2019-03-09
|\ | | | | Move secrets package to buildah
| * Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | | | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2590 from haircommander/pause_entry_cmdOpenShift Merge Robot2019-03-08
|\ \ | |/ |/| Default to image entrypoint for infra container
| * Default to image entrypoint for infra containerPeter Hunt2019-03-08
| | | | | | | | | | | | | | If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease. Also use process environment variables from image Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
|/ | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2573 from giuseppe/exec-extra-filesOpenShift Merge Robot2019-03-07
|\ | | | | oci: make explicit the extra files to the exec
| * oci: make explicit the extra files to the execGiuseppe Scrivano2019-03-07
| | | | | | | | | | | | | | | | | | In the previous version I forgot to add the fds to preserve into AdditionalFiles. It doesn't make a difference as the files were still preserved, but this seems to be the correct way of making it explicit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2550 from wking/language-dot-splitOpenShift Merge Robot2019-03-07
|\ \ | |/ |/| libpod/container_internal: Split locale at the first dot, etc.
| * libpod/container_internal: Split locale at the first dot, etc.W. Trevor King2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're going to feed this into Go's BCP 47 language parser. Language tags have the form [1]: language ["-" script] ["-" region] *("-" variant) *("-" extension) ["-" privateuse] and locales have the form [2]: [language[_territory][.codeset][@modifier]] The modifier is useful for collation, but Go's language-based API [3] does not provide a way for us to supply it. This code converts our locale to a BCP 47 language by stripping the dot and later and replacing the first underscore, if any, with a hyphen. This will avoid errors like [4]: WARN[0000] failed to parse language "en_US.UTF-8": language: tag is not well-formed when feeding language.Parse(...). [1]: https://tools.ietf.org/html/bcp47#section-2.1 [2]: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 [3]: https://github.com/golang/go/issues/25340 [4]: https://github.com/containers/libpod/issues/2494 Signed-off-by: W. Trevor King <wking@tremily.us>
* | Merge pull request #2563 from mheon/lookup_double_match_always_returns_nameOpenShift Merge Robot2019-03-07
|\ \ | | | | | | Change LookupContainer logic to match Docker
| * | Change LookupContainer logic to match DockerMatthew Heon2019-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When looking up a container or pod by from user input, we handle collisions between names and IDs differently than Docker at present. In Docker, when there is a container with an ID starting with "c1" and a container named "c1", commands on "c1" will always act on the container named "c1". For the same scenario in podman, we throw an error about name collision. Change Podman to follow Docker, by returning the named container or pod instead of erroring. This should also have a positive effect on performance in the lookup-by-full-name case, which no longer needs to fully traverse the list of all pods or containers. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2545 from haircommander/weird_pod_bugOpenShift Merge Robot2019-03-06
|\ \ \ | | | | | | | | Fix pod create failure
| * | | Fix incorrect pod create failurePeter Hunt2019-03-06
| | |/ | |/| | | | | | | | | | | | | Before, a pod create would fail if it was set to share no namespaces, but had an infra container. While inefficient (you add a container for no reason), it shouldn't be a fatal failure. Fix this by only failing if the pod was set to share namespaces, but had no infra container, and writing a warning if vice versa. Signed-off-by: Peter Hunt <pehunt@redhat.com>