summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #13646 from Luap99/slirp4netns-portrangeOpenShift Merge Robot2022-03-30
|\ | | | | fix slirp4netns port forwarding with ranges
| * fix slirp4netns port forwarding with rangesPaul Holzinger2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes #13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13712 from Luap99/netns-scope-systemdOpenShift Merge Robot2022-03-30
|\ \ | | | | | | rootless netns: move process to scope only with systemd
| * | rootless netns: move process to scope only with systemdPaul Holzinger2022-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman on a non systemd system we should not try to move the process under a new systemd scope. [NO NEW TESTS NEEDED] Ref #13703 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
|/ / | | | | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* / replace hpcloud/tail with nxadm/tailValentin Rothberg2022-03-29
|/ | | | | | | | | | | | The hpcloud is not maintained anymore. nxadm is already part of the dependency chain, so it won't add work for downstream packages. While testing upcoming changes to the events-file backend, I noticed that nxadm is shipping required fixes. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #13640 from Luap99/slirp4netns-failOpenShift Merge Robot2022-03-28
|\ | | | | network setup: fail if slirp4netns is not installed
| * network setup: fail if slirp4netns is not installedPaul Holzinger2022-03-28
| | | | | | | | | | | | | | | | | | I do not see why we should only log an error. If slirp4netns is requested but not installed we should error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13677 from flouthoc/rename-eventOpenShift Merge Robot2022-03-28
|\ \ | | | | | | libpod, event: generate a valid event on container `rename` operation
| * | event: generate a valid event on container rename operationAditya R2022-03-28
| |/ | | | | | | | | | | | | | | Following commit ensures that podman generates a valid event on `podman container rename` where event specifies that it is a rename event and container name swtichted to the latest name. Signed-off-by: Aditya R <arajan@redhat.com>
* / Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
|/ | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13660 from rhatdan/errorOpenShift Merge Robot2022-03-27
|\ | | | | Remove error stutter
| * Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Run codespell to cleanup typosDaniel J Walsh2022-03-25
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13622 from rhatdan/systemd1OpenShift Merge Robot2022-03-24
|\ | | | | When running systemd in a container set container_uuid
| * When running systemd in a container set container_uuidDaniel J Walsh2022-03-23
| | | | | | | | | | | | | | | | | | systemd expects the container_uuid environment variable be set when it is running in a container. Fixes: https://github.com/containers/podman/issues/13187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13636 from Luap99/machine-port-proxyDaniel J Walsh2022-03-24
|\ \ | | | | | | podman machine: fix port forwarding with proxy
| * | podman machine: fix port forwarding with proxyPaul Holzinger2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a user has a http proxy configured the VM will use it. However since gvproxy can only be reached internally from within the VM the port forwarding HTTP API call should not be redirected to the proxy. [NO NEW TESTS NEEDED] Fixes #13628 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13637 from Luap99/conmon-errOpenShift Merge Robot2022-03-24
|\ \ \ | | | | | | | | readConmonPipeData: try to improve error
| * | | readConmonPipeData: try to improve errorPaul Holzinger2022-03-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #10927 reports `container create failed (no logs from conmon): EOF` errors. Since we do not know the root cause it would be helpful to try to get as much info as possible out of the error. (buffer).ReadBytes() will return the bytes read even when an error occurs. So when we get an EOF we could still have some valuable information in the buffer. Lets try to unmarshal them and if this fails we add the bytes to the error message. This does not fix the issue but it might help us getting a better error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13621 from Luap99/doc-libpodOpenShift Merge Robot2022-03-24
|\ \ \ | | | | | | | | [CI:DOCS] document that using libpod package directly is not supported
| * | | document that using libpod package directly is not supportedPaul Holzinger2022-03-23
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | We do not support using the libpod package outside of podman. There is no stable interface which can be used. Instead point users to the API and go bindings. Fixes #13086 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request from GHSA-qvf8-p83w-v58jGiuseppe Scrivano2022-03-24
|\ \ \ | |_|/ |/| | do not set the inheritable capabilities
| * | do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13597 from Luap99/statsOpenShift Merge Robot2022-03-23
|\ \ \ | | | | | | | | podman stats: calc CPU percentage correctly
| * | | podman stats: improve cpu average calcPaul Holzinger2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We can just calculate the cpu percent for the time the container is running. There is no need to use datapoints. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | podman stats: calc CPU percentage correctlyPaul Holzinger2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman stats, the first interval always shows the wrong cpu usage. To calculate cpu percentage we get the cpu time from the cgroup and compare this against the system time between two stats. Since the first time we do not have a previous stats an empty struct is used instead. Thus we do not use the actual running time of the container but the current unix timestamp (time since Jan 1 1970). To fix this we make sure that the previous stats time is set to the container start time, when it is empty. [NO NEW TESTS NEEDED] No idea how I could create a test which would have a predictable cpu usage. See the linked bugzilla for a reproducer. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2066145 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Fix a potential race around the exec cleanup processMatthew Heon2022-03-23
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Every exec session run attached will, on exit, do two things: it will signal the associated `podman exec` that it is finished (to allow Podman to collect the exit code and exit), and spawn a cleanup process to clean up the exec session (in case the `podman exec` process died, we still need to clean up). If an exec session is created that exits almost instantly, but generates a large amount of output (e.g. prints thousands of lines), the cleanup process can potentially execute before `podman exec` has a chance to read the exit code, resulting in errors. Handle this by detecting if the cleanup process has already removed the exec session before handling the error from reading the exec exit code. [NO NEW TESTS NEEDED] I have no idea how to test this in CI. Fixes #13227 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #13398 from giuseppe/fix-warning-pod-create-rmOpenShift Merge Robot2022-03-22
|\ \ \ | | | | | | | | libpod: drop warning if cgroup doesn't exist
| * | | libpod: drop warning if cgroup doesn't existGiuseppe Scrivano2022-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not print a warning on cgroup removal if it doesn't exist. Closes: https://github.com/containers/podman/issues/13382 [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13580 from vrothberg/enable-lintersOpenShift Merge Robot2022-03-22
|\ \ \ \ | |_|/ / |/| | | enable linters
| * | | fix a number of errcheck issuesValentin Rothberg2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | Numerous issues remain, especially in tests/e2e. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | | fix a number of `godot` issuesValentin Rothberg2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Still an unknown number remains but I am running out of patience. Adding dots is not the best use of my time. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | | linter: enable makezeroValentin Rothberg2022-03-22
| | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | | linter: enable nilerrValentin Rothberg2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of cases looked suspicious, so I marked them with `FIXME`s to leave some breadcrumbs. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * | | linter: enable wastedassignValentin Rothberg2022-03-22
| | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13585 from flouthoc/fix-no-healthcheckOpenShift Merge Robot2022-03-22
|\ \ \ \ | |/ / / |/| | | healthcheck: stop showing wrong status when `--no-healthcheck` is set
| * | | healthcheck: stop showing wrong status when --no-healthcheck is setAditya R2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Containers started with `--no-healthcheck` are configured to contain no healthcheck and test configured as `NONE`. Podman shows wrong status as such use cases. Following commit fixes the faulty behavior of stauts field for containers started with `--no-healthcheck` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #13577 from giuseppe/drop-fedora-31-warningOpenShift Merge Robot2022-03-22
|\ \ \ \ | |/ / / |/| | | libpod: drop warning for Fedora 31
| * | | libpod: drop warning for Fedora 31Giuseppe Scrivano2022-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | drop a warning for runc not supporting cgroup v2 on Fedora 31. [NO NEW TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | bump golangci-lint to v1.45.0Valentin Rothberg2022-03-21
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | * supports Go 1.18 * disable a number of new linters * fix minor stylecheck issues [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #13552 from vrothberg/go1.18OpenShift Merge Robot2022-03-18
|\ \ \ | | | | | | | | go fmt: use go 1.18 conditional-build syntax
| * | | go fmt: use go 1.18 conditional-build syntaxValentin Rothberg2022-03-18
| | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | podman machine: remove hostip from portPaul Holzinger2022-03-17
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inside the podman machine vm we always remove the hostip from the port mapping because this should only be used on the actual host. Otherwise you run into issues when we would bind 127.0.0.1 or try to bind a host address that is not available in the VM. This was already done for cni/netavark ports and slirp4netns but not for the port bindings inside libpod which are only used as root. [NO NEW TESTS NEEDED] We still do not have machine tests! Fixes #13543 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13450 from jwhonce/bz/2052697OpenShift Merge Robot2022-03-16
|\ \ \ | | | | | | | | Exit code change BZ #2052697
| * | | Exit with 0 when receiving SIGTERMJhon Honce2022-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * systemctl stop podman.service will now return exit code 0 * Update test framework to support JSON boolean and numeric values Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | move k8s deps into podmanPaul Holzinger2022-03-15
|/ / / | | | | | | | | | | | | | | | | | | | | | We only need a small part of the k8s dependencies but they are the biggest dependencies in podman by far. Moving them into podman allows us to remove the unnecessary parts. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | slirp: fix setup on ipv6 disabled systemsPaul Holzinger2022-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enable_ipv6=true is set for slirp4netns (default since podman v4), we will try to set the accept sysctl. This sysctl will not exist on systems that have ipv6 disabled. In this case we should not error and just ignore the extra ipv6 setup. Also the current logic to wait for the slirp4 setup was kinda broken, it did not actually wait until the sysctl was set before starting slirp. This should now be fixed by using two `sync.WaitGroup`s. [NO NEW TESTS NEEDED] Fixes #13388 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Add support for --chrootdirsLStandman2022-03-14
| | | | | | | | | | | | Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
* | | Inspect network info of a joined network namespace😎 Mostafa Emami2022-03-08
| | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/13150 Signed-off-by: 😎 Mostafa Emami <mustafaemami@gmail.com>