summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Mark containers invalid earlier during removalMatthew Heon2018-06-27
| | | | | | | | | | | Fixes a bug where we might try saving back to the database during cleanup, which would fail as the container was already removed from the database. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1001 Approved by: rhatdan
* Make CGroups cleanup optional on whether they existMatthew Heon2018-06-22
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Add Refresh() to ctrs to refresh state after db changeMatthew Heon2018-06-22
| | | | | | | | | | The Refresh() function is used to reset a container's state after a database format change to state is made that requires migration Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #981 Approved by: baude
* Podman history now prints out intermediate image IDsumohnani82018-06-22
| | | | | | | | | | If the intermediate image exists in the store, podman history will show the IDs of the intermediate image of each layer. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #982 Approved by: mheon
* Fix image volumes access and mount problems on restartMarco Vedovati2018-06-22
| | | | | | | | | | | | | | | | | | | Signed-off-by: Marco Vedovati <mvedovati@suse.com> - Set srcPath permissions so that the container user can R/W it. - Fix uninitialized spec.Mount when restarting a container. - Check for srcPath instead of volumePath existence when setting up a volume mount point for a container. - Set the overlay volumePath with the same owner and permissions as srcPath to allow proper access by the container user. Closes #844 Closes: #951 Approved by: rhatdan
* We are using err in defer function, needs to be defined nameDaniel J Walsh2018-06-22
| | | | | | | | | | Since we are checking if err is non nil in defer function we need to define it, so that the check will work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #985 Approved by: mheon
* libpod: fix race with attach/startGiuseppe Scrivano2018-06-20
| | | | | | | | | | | Move the StartContainer call after the attach to the UNIX socket. It solves a race where the StartContainer could be done earlier and a short-lived container could already exit by the time we tried to attach to the socket. Closes: https://github.com/projectatomic/libpod/issues/835 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Errors from closing a netns on removal from DB are nonfatalMatthew Heon2018-06-19
| | | | | | | | | | | | | | | | Upon updating a container, if its network namespace has been removed, we attempt to clean up the network namespace locally, to ensure we don't leave hanging file descriptors. This triggers cleanup code which assumes the network namespace still exists, but it almost certainly was removed by whoever removed it from the database. As such, we end up with unavoidable errors if we don't want to leak FDs. Make these errors nonfatal and log them because of this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #962 Approved by: rhatdan
* Add extra debug so we can tell apart postdelete hooksMatthew Heon2018-06-19
| | | | | | | | | | Ensure we can identify what hook is running so we can tell which are erroring. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #960 Approved by: rhatdan
* Add --all,-a flag to podman imagesumohnani82018-06-18
| | | | | | | | | | | podman images will not show intermediate images by default. To view all images, including intermediate images created during a build, use the --all flag. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #947 Approved by: rhatdan
* Add MacAddress to inspectWim2018-06-18
| | | | | | | Signed-off-by: Wim <wim@42.be> Closes: #955 Approved by: rhatdan
* top: make output tabularValentin Rothberg2018-06-18
| | | | | | | | | | | | | | Make the output of top tabular to be compatible with Docker. Please note, that any user-input for `GetContainerPidInformation(...)` will be ignored until we have found a way to generically and reliably parse ps-1 output or until there is a go-lib to extract all the data from /proc in a ps-1 compatible fashion. Fixes: #458 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #939 Approved by: rhatdan
* Add more network info ipv4/ipv6 and be more compatible with dockerWim2018-06-17
| | | | | | | Signed-off-by: Wim <wim@42.be> Closes: #953 Approved by: mheon
* Do not run iptablesDNS workaround on IPv6 addressesWim2018-06-17
| | | | | Closes: #954 Approved by: mheon
* container: specify path to error messageGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: use a different store for the rootless caseGiuseppe Scrivano2018-06-15
| | | | | | | | | so that the user has rw access to it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* container: do not set any mapping when using a rootfsGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: do not use Chown in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* network: do not attempt to create a network in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* oci: do not use hooks in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* oci: do not set the cgroup path in Rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* container: do not add shm in rootless modeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* oci: pass XDG_RUNTIME_DIR down to the OCI runtimeGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* podman: accept option --rootfs to use exploded imagesGiuseppe Scrivano2018-06-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
* Fix cleaning up network namespaces on detached ctrsMatthew Heon2018-06-15
| | | | | | | | | | | | | The containernetworking/plugins ns package does not support unmounting and removing namespaces that were opened by another process. Work around this by doing it ourself. Closes: #858 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #949 Approved by: rhatdan
* Correctly report errors retrieving containers in psMatthew Heon2018-06-14
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #944 Approved by: rhatdan
* Remove container from state before cleaning up.Daniel J Walsh2018-06-10
| | | | | | | | | | Attempt to cleanup as much of the container as possible, even if one of the cleanup stages fails. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #895 Approved by: mheon
* Remove SELinux transition rule after conmon is started.Daniel J Walsh2018-06-06
| | | | | | | | | | | | We have an issue where iptables command is being executed by podman and attempted to run with a different label. This fix changes podman to only change the label on the conmon command and then set the SELinux interface back to the default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #906 Approved by: giuseppe
* Added a defer to an Unlock that immediately followed a Lockhaircommander2018-06-05
| | | | Signed-off-by: haircommander <pehunt@redhat.com>
* libpod: Execute poststop hooks locallyW. Trevor King2018-06-04
| | | | | | | | | | | | Instead of delegating to the runtime, since some runtimes do not seem to handle these reliably [1]. [1]: https://github.com/projectatomic/libpod/issues/730#issuecomment-392959938 Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #864 Approved by: rhatdan
* Merge pull request #859 from rhatdan/onbuildDaniel J Walsh2018-06-01
|\ | | | | Add OnBuild support for podman build
| * Add OnBuild support for podman buildDaniel J Walsh2018-06-01
| | | | | | | | | | | | Only supported for docker formated images. OCI Does not support this flag. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runtime: add /usr/libexec/podman/conmon to the conmon pathsGiuseppe Scrivano2018-06-01
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix panic with podman pullbaude2018-05-31
| | | | | | | | | | when there are no registries configured for the system and the user provided a short image name, we panic'd due a logic bug in recent image pull changes. Signed-off-by: baude <bbaude@redhat.com> Closes: #841 Approved by: rhatdan
* Catch does not exist errorDaniel J Walsh2018-05-31
| | | | | | | | | | There was a new line at the end of does not exist which was causing this to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #863 Approved by: baude
* We need to change the SELinux label of the conmon process to s0Daniel J Walsh2018-05-31
| | | | | | | | | | | | | If SELinux is enabled, we are leaking in pipes into the container owned by conmon. The container processes are not allowed to use these pipes, if the calling process is fully ranged. By changing the level of the conmon process to s0, this allows container processes to use the pipes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #854 Approved by: mheon
* Make references to the Process part of Spec conditionalMatthew Heon2018-05-25
| | | | | | | | | | | The OCI runtime spec does not require Process to be passed (IE, it can be nil). Make most of our references to it conditional on it existing. Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #828 Approved by: mheon
* save and load should support multi-tag for docker-archiveumohnani82018-05-25
| | | | | | | | | | | | The docker-archive tar files can have multiple tags for the same image stored in it. Load pulls all the tags found in the archive when loading a tar file. Save can oush multiple tags of the same image to a tar archive. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #819 Approved by: rhatdan
* Spell check strings and commentsJhon Honce2018-05-25
| | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com> Closes: #831 Approved by: rhatdan
* Set Entrypoint from image only if not already setMatthew Heon2018-05-24
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #827 Approved by: rhatdan
* Fix handling of command in imagesDaniel J Walsh2018-05-23
| | | | | | | | | | | Currently we are dropping the command entry from the create line and using the image Cmd. This change will only use the image Cmd if the user did not specify a Cmd. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #823 Approved by: umohnani8
* podman create, start, getattachsocketbaude2018-05-21
| | | | | | | | | First pass at implement API endpoints for create and start. Signed-off-by: baude <bbaude@redhat.com> Closes: #805 Approved by: baude
* honor multiple change valuesbaude2018-05-21
| | | | | | | | | | | | In the case where changes are made to Env, Expose, Volumes, or labels, we should honor that multiple values are valid. Resolves: #795 Signed-off-by: baude <bbaude@redhat.com> Closes: #815 Approved by: mheon
* Refresh pods when refreshing podman stateMatthew Heon2018-05-17
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add per-pod CGroupsMatthew Heon2018-05-17
| | | | | | | | | | | | | Pods can now create their own (cgroupfs) cgroups which containers in them can (optionally) use. This presently only works with CGroupFS, systemd cgroups are still WIP Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Add pod stateMatthew Heon2018-05-17
| | | | | | | | | | Add a mutable state to pods, and database backend sutable for modifying and updating said state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #784 Approved by: rhatdan
* Use container cleanup() functions when removingMatthew Heon2018-05-17
| | | | | | | | | | | | Instead of manually calling the individual functions that cleanup uses to tear down a container's resources, just call the cleanup function to make sure that cleanup only needs to happen in one place. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #790 Approved by: rhatdan
* chrootuser: default to GID 0 when given a numeric --userNalin Dahyabhai2018-05-17
| | | | | | | | | | | | | | | When we're given a numeric --user value, default to GID 0 if the numeric ID doesn't correspond to a user entry in /etc/passwd that can provide us with the user's primary group ID. Make sure that GetAdditionalGroupsForUser() returns wrapped errors. Also test various user:group forms. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #728 Approved by: mheon
* Allow push/save without image referenceumohnani82018-05-16
| | | | | | | | | | | | If the user uses the image ID when saving to either docker-archive or oci-archive, then do not save a reference in the manifest/index.json. If the user chooses to push without an image reference, i.e <transport>:<path> it should be valid and succeed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #782 Approved by: rhatdan
* implement varlink commitbaude2018-05-15
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #762 Approved by: baude