summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #6152 from mheon/fix_pod_join_cgroupnsOpenShift Merge Robot2020-05-09
|\ | | | | Fix bug where pods would unintentionally share cgroupns
| * Ensure `podman inspect` output for NetworkMode is rightMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | I realized that setting NetworkMode to private when we are making a network namespace but not configuring it with CNI or Slirp is wrong; that's considered `--net=none` not `--net=private`. At the same time, realized that we actually store whether Slirp is in use, so we can be more specific than just "default" and instead say slirp4netns or bridge. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Fix bug where pods would unintentionally share cgroupnsMatthew Heon2020-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This one was a massive pain to track down. The original symptom was an error message from rootless Podman trying to make a container in a pod. I unfortunately did not look at the error message closely enough to realize that the namespace in question was the cgroup namespace (the reproducer pod was explicitly set to only share the network namespace), else this would have been quite a bit shorter. I spent considerable effort trying to track down differences between the inspect output of the two containers, and when that failed I was forced to resort to diffing the OCI specs. That finally proved fruitful, and I was able to determine what should have been obvious all along: the container was joining the cgroup namespace of the infra container when it really ought not to have. From there, I discovered a variable collision in pod config. The UsePodCgroup variable means "create a parent cgroup for the pod and join containers in the pod to it". Unfortunately, it is very similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares this namespace", so an accessor was accidentally added for it that indicated the pod shared the cgroup namespace when it really did not. Once I realized that, it was a quick fix - add a bool to the pod's configuration to indicate whether the cgroup ns was shared (distinct from UsePodCgroup) and use that for the accessor. Also included are fixes for `podman inspect` and `podman pod inspect` that fix them to actually display the state of the cgroup namespace (for container inspect) and what namespaces are shared (for pod inspect). Either of those would have made tracking this down considerably quicker. Fixes #6149 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | V2 Impliment tunnelled podman versionJhon Honce2020-05-08
|/ | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix handling of overridden paths from databaseDaniel J Walsh2020-05-08
| | | | | | | | | | | | | | If the first time you run podman in a user account you do a su - USER, and the second time, you run as the logged in USER podman fails, because it is not handling the tmpdir definition in the database. This PR fixes this problem. vendor containers/common v0.11.1 This should fix a couple of issues we have seen in podman 1.9.1 with handling of libpod.conf. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6091 from rhatdan/v2OpenShift Merge Robot2020-05-06
|\ | | | | Eliminate race condition on podman info
| * Eliminate race condition on podman infoDaniel J Walsh2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | There is a potential of a race condition where a container is removed while podman is looking up information on the total containers. This can cause podman info to fail with an error "no such container". This change ignores the failure. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6063 from QiWang19/manifest-annotateOpenShift Merge Robot2020-05-06
|\ \ | | | | | | manifest annotate
| * | manifest annotateQi Wang2020-05-05
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6081 from baude/v2systemOpenShift Merge Robot2020-05-05
|\ \ | |/ |/| v2 system subcommand
| * v2 system subcommandbaude2020-05-05
| | | | | | | | | | | | | | | | | | | | add system df, info, load, renumber, and migrate Refactor for specialized libpod engines add the ability to prune images, volumes, containers, and pods Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6080 from baude/v2statsOpenShift Merge Robot2020-05-05
|\ \ | | | | | | v2 podman stats
| * | v2 podman statsbaude2020-05-05
| | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | image removal: refactor part 2Valentin Rothberg2020-05-04
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Continue the refactoring of image removal. I didn't manage to break all the following changes into smaller and easier to digest commits due to time constraints: * Return an error slice instead of a single error. Use multierror only in the client/frontend. Reflect that in the types. * Use the batch image removal in the client while preserving the more rest-idiomatic single-image removal endpoint. * Add a new handler for the single-image removal endpoint to make it share the same code as the batch endpoint. * Expose bindings for the single and batch endpoints, so we can properly test them. * Add several convenience functions for error handling to pkg/errorhandling. * Set the correct error type in libpod to set the exit code to 2 when one or more containers are using an image. * Massage the bindings tests a bit and tackle compilation errors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Fix errors found in coverity scanDaniel J Walsh2020-05-01
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable prune integration test. Fixes container prune.Sujil022020-04-30
| | | | | | | Fixes container prune to prune created and configured containers. Disables couple of system prune test as not yet in with v2. Signed-off-by: Sujil02 <sushah@redhat.com>
* Merge pull request #6011 from sujil02/podman-save-issue-5234OpenShift Merge Robot2020-04-28
|\ | | | | Fixes podman save fails when specifying an image using a digest fixes-5234
| * Fixes podman save fails when specifying an image using a digest #5234Sujil022020-04-28
| | | | | | | | | | | | | | Adds check to parse normalized name and create docker archive dst reference for tagged untagged image. Relevant test case added. Signed-off-by: Sujil02 <sushah@redhat.com>
* | Merge pull request #6007 from baude/v2intvolumesOpenShift Merge Robot2020-04-28
|\ \ | |/ |/| enable volume integration tests
| * enable volume integration testsBrent Baude2020-04-27
| | | | | | | | | | | | | | | | enabled integration tests for volumes. there are two exceptions that still need work because of something not yet implemented. also, add code to deal with the fact that containers conf appears to set a local volume driver where it used to be simply blank. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | separate healthcheck and container log pathsBrent Baude2020-04-27
|/ | | | | | | | instead of using the container log path to derive where to put the healthchecks, we now put them into the rundir to avoid collision of health check log files when the log path is set by user. Fixes: #5915 Signed-off-by: Brent Baude <bbaude@redhat.com>
* libpod: set hostname from joined containerGiuseppe Scrivano2020-04-27
| | | | | | | when joining a UTS namespace, take the hostname from the destination container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5976 from QiWang19/manifest-add-osOpenShift Merge Robot2020-04-27
|\ | | | | Add --os to manifest add
| * Add --os to manifest addQi Wang2020-04-24
| | | | | | | | | | | | Add --os to manifest add for overriding the os field. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Enable pod inspect integration testSujil022020-04-26
|/ | | | | | | | Enable pod inspect integration test Get rid of libpod pod inspect references Remove libpod PodInspect struct. Signed-off-by: Sujil02 <sushah@redhat.com>
* Merge pull request #5962 from rhatdan/selinuxOpenShift Merge Robot2020-04-24
|\ | | | | Fix SELinux functions names to not be repetitive
| * Fix SELinux functions names to not be repetitiveDaniel J Walsh2020-04-23
| | | | | | | | | | | | | | Since functions are now in an selinux subpackage, they should not start with SELinux Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | remove blank lineLes Aker2020-04-23
| | | | | | | | Signed-off-by: Les Aker <me@lesaker.org>
* | set bigfilestemporarydir for pullLes Aker2020-04-23
|/ | | | Signed-off-by: Les Aker <me@lesaker.org>
* Merge pull request #5843 from QiWang19/manifest_createOpenShift Merge Robot2020-04-23
|\ | | | | manifest create,add,inspect
| * manifest create,add,inspectQi Wang2020-04-22
| | | | | | | | | | | | Implememts manifest subcommands create, add, inspect. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Stop wrapping pull messagesDaniel J Walsh2020-04-23
| | | | | | | | | | | | | | | | | | | | The length and size of our error messages on failure to pull is huge. This patch at least eliminates some of the wrapping. But I think eventually we need to look at containers/image and see if we can modify the error messages to something a little more human friendly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | V2 Restore rmi testsJhon Honce2020-04-22
| | | | | | | | | | | | | | * Introduced define.ErrImageInUse to assist in determining the exit code without resorting string searches. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Move selinux labeling support from pkg/util to pkg/selinuxDaniel J Walsh2020-04-22
|/ | | | | | | The goal here is to make the package less heavy and not overload the pkg/util. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5647 from rhatdan/containers.confOpenShift Merge Robot2020-04-21
|\ | | | | Update podmanV2 to use containers.conf
| * Update podman to use containers.confDaniel J Walsh2020-04-20
| | | | | | | | | | | | | | | | Add more default options parsing Switch to using --time as opposed to --timeout to better match Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add functions to return image informationsDaniel J Walsh2020-04-20
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update pod inspect report to hold current pod status.Sujil022020-04-20
| | | | | | | Added status field in pod inspect report. Fixed pod tests to use it. Signed-off-by: Sujil02 <sushah@redhat.com>
* Add pod prune for api v2.Sujil022020-04-17
| | | | | | | | Add the ability to prune pods for api v2, Includes the addition of force flag, for client side prompt. Update test suite to support this use case. Signed-off-by: Sujil02 <sushah@redhat.com>
* Merge pull request #5548 from kunalkushwaha/image-pruneOpenShift Merge Robot2020-04-17
|\ | | | | image prune skips images with child images.
| * image prune skips images with child images.Kunal Kushwaha2020-04-15
| | | | | | | | | | | | | | | | While image build process, intermediate images are created. These images are also used as cache images, used in rebuilding same images. This fix the deletion of cache images. Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | Merge pull request #5657 from AlbanBedel/network-name-fixOpenShift Merge Robot2020-04-17
|\ \ | | | | | | Fix the pod name passed to cni
| * | If possible use the pod name when creating a networkAlban Bedel2020-04-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When creating a network we pass down a name which end up in the K8S_POD_NAME argument to cni plugins. Currently this name is always filled with the container name, so for pods it is the name of the infra container, not really what one would expect. This mess up with the dnsname plugin as it doesn't receive the pod name in K8S_POD_NAME. To fix this pass the pod name when the container is part of a pod, otherwise use the container name like before. Signed-off-by: Alban Bedel <albeu@free.fr> --- v2: Only call GetPod() when a pod id is set
* | | podman v2 remove bloat v2Brent Baude2020-04-16
| | | | | | | | | | | | | | | | | | rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5690 from rhatdan/selinuxOpenShift Merge Robot2020-04-16
|\ \ \ | | | | | | | | Add support for selecting kvm and systemd labels
| * | | Add support for selecting kvm and systemd labelsDaniel J Walsh2020-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to better support kata containers and systemd containers container-selinux has added new types. Podman should execute the container with an SELinux process label to match the container type. Traditional Container process : container_t KVM Container Process: containre_kvm_t PID 1 Init process: container_init_t Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Add version to podman info commandDaniel J Walsh2020-04-15
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5752 from mheon/pod_inspect_structsOpenShift Merge Robot2020-04-15
|\ \ \ \ | | | | | | | | | | Add basic structure of output for APIv2 pod inspect
| * | | | Add basic structure of output for APIv2 pod inspectMatthew Heon2020-04-15
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | This will replace the structs in use in libpod, which cannot be used as they are also directly involved in the database representation of pods and cannot be moved out of Libpod. Signed-off-by: Matthew Heon <mheon@redhat.com>