| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bug where we might try saving back to the database during
cleanup, which would fail as the container was already removed
from the database.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #1001
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #981
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
The Refresh() function is used to reset a container's state after
a database format change to state is made that requires migration
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #981
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
If the intermediate image exists in the store, podman history
will show the IDs of the intermediate image of each layer.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #982
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
- Set srcPath permissions so that the container user can R/W it.
- Fix uninitialized spec.Mount when restarting a container.
- Check for srcPath instead of volumePath existence when setting up a
volume mount point for a container.
- Set the overlay volumePath with the same owner and permissions as
srcPath to allow proper access by the container user.
Closes #844
Closes: #951
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Since we are checking if err is non nil in defer function we need
to define it, so that the check will work correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #985
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
Move the StartContainer call after the attach to the UNIX socket. It
solves a race where the StartContainer could be done earlier and a
short-lived container could already exit by the time we tried to
attach to the socket.
Closes: https://github.com/projectatomic/libpod/issues/835
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upon updating a container, if its network namespace has been
removed, we attempt to clean up the network namespace locally,
to ensure we don't leave hanging file descriptors. This triggers
cleanup code which assumes the network namespace still exists,
but it almost certainly was removed by whoever removed it from
the database. As such, we end up with unavoidable errors if we
don't want to leak FDs. Make these errors nonfatal and log them
because of this.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #962
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Ensure we can identify what hook is running so we can tell which
are erroring.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #960
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
podman images will not show intermediate images by default.
To view all images, including intermediate images created during
a build, use the --all flag.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #947
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Wim <wim@42.be>
Closes: #955
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the output of top tabular to be compatible with Docker. Please
note, that any user-input for `GetContainerPidInformation(...)` will be
ignored until we have found a way to generically and reliably parse ps-1
output or until there is a go-lib to extract all the data from /proc in
a ps-1 compatible fashion.
Fixes: #458
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #939
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Wim <wim@42.be>
Closes: #953
Approved by: mheon
|
|
|
|
|
| |
Closes: #954
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
so that the user has rw access to it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containernetworking/plugins ns package does not support
unmounting and removing namespaces that were opened by another
process. Work around this by doing it ourself.
Closes: #858
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #949
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #944
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Attempt to cleanup as much of the container as possible, even if one
of the cleanup stages fails.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #895
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have an issue where iptables command is being executed by podman
and attempted to run with a different label. This fix changes podman
to only change the label on the conmon command and then set the
SELinux interface back to the default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #906
Approved by: giuseppe
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of delegating to the runtime, since some runtimes do not seem
to handle these reliably [1].
[1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #864
Approved by: rhatdan
|
|\
| |
| | |
Add OnBuild support for podman build
|
| |
| |
| |
| |
| |
| | |
Only supported for docker formated images. OCI Does not support this flag.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
when there are no registries configured for the system and the user provided
a short image name, we panic'd due a logic bug in recent image pull changes.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #841
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
There was a new line at the end of does not exist
which was causing this to fail.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #863
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If SELinux is enabled, we are leaking in pipes into the container
owned by conmon. The container processes are not allowed to use
these pipes, if the calling process is fully ranged. By changing
the level of the conmon process to s0, this allows container processes
to use the pipes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #854
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
The OCI runtime spec does not require Process to be passed (IE,
it can be nil). Make most of our references to it conditional on
it existing.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #828
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #819
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #831
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #827
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we are dropping the command entry from the create
line and using the image Cmd. This change will only use the
image Cmd if the user did not specify a Cmd.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #823
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
| |
First pass at implement API endpoints for create and start.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #805
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the case where changes are made to Env, Expose, Volumes, or labels, we should
honor that multiple values are valid.
Resolves: #795
Signed-off-by: baude <bbaude@redhat.com>
Closes: #815
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #784
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pods can now create their own (cgroupfs) cgroups which containers
in them can (optionally) use.
This presently only works with CGroupFS, systemd cgroups are
still WIP
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #784
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Add a mutable state to pods, and database backend sutable for
modifying and updating said state.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #784
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of manually calling the individual functions that cleanup
uses to tear down a container's resources, just call the cleanup
function to make sure that cleanup only needs to happen in one
place.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #790
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we're given a numeric --user value, default to GID 0 if the numeric
ID doesn't correspond to a user entry in /etc/passwd that can provide us
with the user's primary group ID.
Make sure that GetAdditionalGroupsForUser() returns wrapped errors.
Also test various user:group forms.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #728
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the user uses the image ID when saving to either docker-archive
or oci-archive, then do not save a reference in the manifest/index.json.
If the user chooses to push without an image reference, i.e <transport>:<path>
it should be valid and succeed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #782
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #762
Approved by: baude
|