summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* podman-top: use containers/psgoValentin Rothberg2018-07-19
| | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Vendor in latest code for storage,image, buildahDaniel J Walsh2018-07-19
| | | | | | | | | | | vendor in containers/storage vendor in containers/image vendor in projectatomic/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1114 Approved by: mheon
* Abort a test on nil containers, so that future tests don't panicMiloslav Trmač2018-07-19
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Fix TestPostDeleteHooks on macOSMiloslav Trmač2018-07-19
| | | | | | | | | os.TempDir() is /var/folders/.../T/ on macOS, not /tmp. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Use `...` for a regexp constant to improve readabilityMiloslav Trmač2018-07-19
| | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* oci: keep exposed ports busy and leak the fd into conmonGiuseppe Scrivano2018-07-19
| | | | | | | | | | | | | Bind all the specified TCP and UDP ports so that another process cannot reuse them. The fd of the listener is then leaked into conmon so that the socket is kept busy until the container exits. Closes: https://github.com/projectatomic/libpod/issues/210 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1100 Approved by: mheon
* Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * runtime: delete unused functionGiuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
| * | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| | | | | | | | | | | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>
* | | fix pull image that includes a shabaude2018-07-13
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when pulling an image that includes a sha such as: centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7 the final image name in libpod should not contain portions of the sha itself nor the sha identifier. and like docker, we provide a 'none' tag as well. this should fix #877 Signed-off-by: baude <bbaude@redhat.com> Closes: #1085 Approved by: mheon
* | Added created time to pod statehaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1079 Approved by: rhatdan
* | Support multiple networksbaude2018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a refresh of Dan William's PR #974 with a rebase and proper vendoring of ocicni and containernetworking/cni. It adds the ability to define multiple networks as so: podman run --network=net1,net2,foobar ... Signed-off-by: baude <bbaude@redhat.com> Closes: #1082 Approved by: baude
* | podman rmi should only untag image if parent of anotherumohnani82018-07-12
|/ | | | | | | | | | | | podman rmi was deleting an image even if it was a parent of another image. This fix just untags the image instead. This also fixes podman rmi to remove intermediate images of an image when the image is removed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1055 Approved by: mheon
* Allow Init() on stopped containersMatthew Heon2018-07-09
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1068 Approved by: baude
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* pkg/ctime: Factor libpod/finished* into a separate packageW. Trevor King2018-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes some boilerplate from the libpod package, so we can focus on container stuff there. And it gives us a tidy sub-package for focusing on ctime extraction, so we can focus on unit testing and portability of the extraction utility there. For the unsupported implementation, I'm falling back to Go's ModTime [1]. That's obviously not the creation time, but it's likely to be closer than the uninitialized Time structure from cc6f0e85 (more changes to compile darwin, 2018-07-04, #1047). Especially for our use case in libpod/oci, where we're looking at write-once exit files. The test is more complicated than I initially expected, because on Linux filesystem timestamps come from a truncated clock without interpolation [2] (and network filesystems can be completely decoupled [3]). So even for local disks, creation times can be up to a jiffie earlier than 'before'. This test ensures at least monotonicity by creating two files and ensuring the reported creation time for the second is greater than or equal to the reported creation time for the first. It also checks that both creation times are within the window from one second earlier than 'before' through 'after'. That should be enough of a window for local disks, even if the kernel for those systems has an abnormally large jiffie. It might be ok on network filesystems, although it will not be very resilient to network clock lagging behind the local system clock. [1]: https://golang.org/pkg/os/#FileInfo [2]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/_4eJEuJoAQAJ Subject: Re: Apparent backward time travel in timestamps on file creation Date: Thu, 30 Mar 2017 20:20:02 +0200 Message-ID: <tqMPU-1Sb-21@gated-at.bofh.it> [3]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/cTKj4OBuAQAJ Subject: Re: Apparent backward time travel in timestamps on file creation Date: Thu, 30 Mar 2017 22:10:01 +0200 Message-ID: <tqOyl-36A-1@gated-at.bofh.it> Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1050 Approved by: mheon
* remove buildah requirement for the libpod image librarybaude2018-07-06
| | | | | | | | | | | if we snip the requirement to use a buildah const in the libpod image library, we can save something on the order of 85 vendored files in consumers of the the library. Signed-off-by: baude <bbaude@redhat.com> Closes: #1054 Approved by: mheon
* Remove now-unneeded cleanupCgroup() for unsupported OSMatthew Heon2018-07-06
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1051 Approved by: umohnani8
* Remove per-container CGroup parentsMatthew Heon2018-07-06
| | | | | | | | | | | | | | | | | | | Originally, it seemed like a good idea to place Conmon and the container it managed under a shared CGroup, so we could manage the two together. It's become increasingly clear that this is a potential performance sore point, gains us little practical benefit in managing Conmon, and adds extra steps to container cleanup that interfere with Conmon postrun hooks. Revert back to a shared CGroup for conmon processes under the CGroup parent. This will retain per-pod conmon CGroups as well if the pod is set to create a CGroup and act as CGroup parent for its containers. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1051 Approved by: umohnani8
* libpod/runtime_pod: Make removePod per-platformW. Trevor King2018-07-06
| | | | | | | | | | | | | | | | | | | | b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015) made RemovePod per-platform, but left out docs for the unsupported version [1]: libpod/runtime_pod_unsupported.go:14:1:warning: exported method Runtime.RemovePod should have comment or be unexported (golint) To keep the docs DRY, I've restored RemovePod and its docs to their previous location, and named a new, internal removePod for the per-platform implementations. [1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L159 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1034 Approved by: baude
* libpod/networking_unsupported: Remove JoinNetworkNameSpaceW. Trevor King2018-07-06
| | | | | | | | | | | | | | | | | | This function was added in cc6f0e85 (more changes to compile darwin, 2018-07-04, #1047), but it has no consumers and no Linux analog. Remove it, which also fixes the [1]: libpod/networking_unsupported.go:9:1:warning: exported function JoinNetworkNameSpace should have comment or be unexported (golint) lint issue. [1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L158 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1034 Approved by: baude
* more changes to compile darwinbaude2018-07-05
| | | | | | | | | | | | | | | | this should represent the last major changes to get darwin to **compile**. again, the purpose here is to get darwin to compile so that we can eventually implement a ci task that would protect against regressions for darwin compilation. i have left the manual darwin compilation largely static still and in fact now only interject (manually) two build tags to assist with the build. trevor king has great ideas on how to make this better and i will defer final implementation of those to him. Signed-off-by: baude <bbaude@redhat.com> Closes: #1047 Approved by: rhatdan
* rootless: add /run/user/$UID to the lookup pathsGiuseppe Scrivano2018-07-05
| | | | | | | | | | when XDG_RUNTIME_DIR is not set, still attempt to use /run/user/$UID before looking up other directories. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
* rootless: always set XDG_RUNTIME_DIRGiuseppe Scrivano2018-07-05
| | | | | | | | | containers/image uses XDG_RUNTIME_DIR to locate the auth file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
* rootless: set XDG_RUNTIME_DIR also for state and execGiuseppe Scrivano2018-07-05
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1048 Approved by: mheon
* libpod/container: Replace containerState* with containerPlatformStateW. Trevor King2018-07-05
| | | | | | | | | | | | | | | This way we don't need to stub in structures for other OSes (e.g. the Darwin stub in a Linux-only file). Matthew was concerned about errors unmarshalling, say, a Linux state object on a Windows box [1], but we can address that in checks when loading the database [2]. [1]: https://github.com/projectatomic/libpod/pull/1015#discussion_r198649043 [2]: https://github.com/projectatomic/libpod/pull/1015#discussion_r198802956 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1033 Approved by: mheon
* add image user to inspect databaude2018-07-02
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1036 Approved by: rhatdan
* changes to allow for darwin compilationbaude2018-06-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1015 Approved by: baude
* Fix built-in volume issue with podman run/createumohnani82018-06-29
| | | | | | | | | | | | | The destination path of the built-in volume was not being created but a relabel was being attempted on it, this was causing issues with all images that have built-in volumes. This patch fixes that and ensures the destination volume path is created. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1026 Approved by: mheon
* Add `podman container cleanup` to CLIDaniel J Walsh2018-06-29
| | | | | | | | | | | | | When we run containers in detach mode, nothing cleans up the network stack or the mount points. This patch will tell conmon to execute the cleanup code when the container exits. It can also be called to attempt to cleanup previously running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #942 Approved by: mheon
* Returning joining namespace error should not be fatalDaniel J Walsh2018-06-29
| | | | | | | | | | | | | | | | | | | | | | I got my database state in a bad way by killing a hanging container. It did not setup the network namespace correctly listing/remove bad containers becomes impossible. podman run alpine/nginx ^c got me in this state. I got into a state in the database where podman ps -a was returning errors and I could not get out of it, Makeing joining the network namespace a non fatal error fixes the issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #918 Approved by: mheon
* conmon no longer writes to syslogDaniel J Walsh2018-06-29
| | | | | | | | | | | If the caller sets up the app to be in logrus.DebugLevel, then we will add the --syslog flag to conmon to get all of the messages. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1014 Approved by: TomSweeneyRedHat
* *: Replace Generator.Spec() with Generator.ConfigW. Trevor King2018-06-27
| | | | | | | | | | | | Catching up with opencontainers/runtime-tools@84a62c6a (generate: Move Generator.spec to Generator.Config, 2016-11-06, #266, v0.6.0), now that we've bumped runtime-tools in f6c0fc1a (Vendor in latest runtime-tools, 2018-06-26, #1007). Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1008 Approved by: mheon
* generator.New() requires an OS string input variablebaude2018-06-27
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1007 Approved by: baude
* rootless: use $HOME/.config/containers/libpod.confGiuseppe Scrivano2018-06-27
| | | | | | | | | If the file exists, use it to read the configuration. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* rootless: do not configure additional groupsGiuseppe Scrivano2018-06-27
| | | | | | | | | Additional groups are not allowed in an userNS. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* oci: set XDG_RUNTIME_DIR to the runtime from GetRootlessRuntimeDir()Giuseppe Scrivano2018-06-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* rootless: add management for the userNSGiuseppe Scrivano2018-06-27
| | | | | | | | | | When running podman as non root user always create an userNS and let the OCI runtime use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #936 Approved by: rhatdan
* container_internal: don't ignore error from cleanupNetwork()Giuseppe Scrivano2018-06-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1002 Approved by: rhatdan
* Mark containers invalid earlier during removalMatthew Heon2018-06-27
| | | | | | | | | | | Fixes a bug where we might try saving back to the database during cleanup, which would fail as the container was already removed from the database. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1001 Approved by: rhatdan
* Make CGroups cleanup optional on whether they existMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add Refresh() to ctrs to refresh state after db changeMatthew Heon2018-06-22
| | | | | | | | | | The Refresh() function is used to reset a container's state after a database format change to state is made that requires migration Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Podman history now prints out intermediate image IDsumohnani82018-06-22
| | | | | | | | | | If the intermediate image exists in the store, podman history will show the IDs of the intermediate image of each layer. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #982 Approved by: mheon
* Fix image volumes access and mount problems on restartMarco Vedovati2018-06-22
| | | | | | | | | | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> - Set srcPath permissions so that the container user can R/W it. - Fix uninitialized spec.Mount when restarting a container. - Check for srcPath instead of volumePath existence when setting up a volume mount point for a container. - Set the overlay volumePath with the same owner and permissions as srcPath to allow proper access by the container user. Closes #844 Closes: #951 Approved by: rhatdan
* We are using err in defer function, needs to be defined nameDaniel J Walsh2018-06-22
| | | | | | | | | | Since we are checking if err is non nil in defer function we need to define it, so that the check will work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #985 Approved by: mheon
* libpod: fix race with attach/startGiuseppe Scrivano2018-06-20
| | | | | | | | | | | Move the StartContainer call after the attach to the UNIX socket. It solves a race where the StartContainer could be done earlier and a short-lived container could already exit by the time we tried to attach to the socket. Closes: https://github.com/projectatomic/libpod/issues/835 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>