summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #13505 from rst0git/checkpoint-image-1OpenShift Merge Robot2022-04-21
|\ | | | | Add support for checkpoint image
| * Add support for checkpoint imageRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement proposal for the checkpoint / restore feature of Podman that enables container migration across multiple systems with standard image distribution infrastructure. A new option `--create-image <image>` has been added to the `podman container checkpoint` command. This option tells Podman to create a container image. This is a standard image with a single layer, tar archive, that that contains all checkpoint files. This is similar to the current approach with checkpoint `--export`/`--import`. This image can be pushed to a container registry and pulled on a different system. It can also be exported locally with `podman image save` and inspected with `podman inspect`. Inspecting the image would display additional information about the host and the versions of Podman, criu, crun/runc, kernel, etc. `podman container restore` has also been extended to support image name or ID as input. Suggested-by: Adrian Reber <areber@redhat.com> Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | Merge pull request #13945 from vrothberg/vendor-commonOpenShift Merge Robot2022-04-21
|\ \ | |/ |/| vendor c/common
| * vendor c/commonValentin Rothberg2022-04-21
| | | | | | | | | | | | | | | | Update the recent events-log changes to fix the build error. [NO NEW TESTS NEEDED] since there's no functional change. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | slirp4netns: actually make ipv6 defaultPaul Holzinger2022-04-20
|/ | | | | | | | | | | | | | | | | We already have ipv6 enabled as default via the containers.conf setting. However the documentation did not reflect this. Also if no options were set in contianers.conf it would have ipv6 disabled. We can now remove the extra option from containers.conf. Also fix another outdated option description for host.containers.internal and add that the options can also be set in contianers.conf. [NO NEW TESTS NEEDED] Fixes #13914 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13583 from rhatdan/ipcOpenShift Merge Robot2022-04-16
|\ | | | | Add support for ipc namespace modes "none, private, sharable"
| * Add support for ipc namespace modes "none, private, sharable"Daniel J Walsh2022-04-12
| | | | | | | | | | | | Fixes: #13265 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13641 from nicrowe00/logfileOpenShift Merge Robot2022-04-15
|\ \ | | | | | | Add log rotation based on log size
| * | Add log rotation based on log sizeNiall Crowe2022-04-14
| |/ | | | | | | | | | | | | | | | | | | | | | | Add new functions to logfile.go for rotating and truncating the events log file once the log file and its contents exceed the maximum size limit while keeping 50% of the log file's content Also add tests to verify log rotation and truncation Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13616 from giuseppe/passwd-entryOpenShift Merge Robot2022-04-14
|\ \ | | | | | | run, create: add --passwd-entry
| * | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
| |/ | | | | | | | | | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Fix --tail log on restart problemDaniel J Walsh2022-04-13
|/ | | | | | | | | | | | | --tail=1 is not working f you restart a container with journald logging. We see the exit status and then call into the logging a second time causing all of the logs to print. Removing the tail log on exited seems to fix the problem. Fixes: https://github.com/containers/podman/issues/13098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13788 from flouthoc/support-volume-optsOpenShift Merge Robot2022-04-12
|\ | | | | run, mount: allow setting driver specific option using `volume-opt=`
| * run, mount: allow setting driver specific option using volume-optAditya R2022-04-12
| | | | | | | | | | | | | | | | | | `--mount` should allow setting driver specific options using `volume-opt` when `type=volume` is set. This ensures parity with docker's `volume-opt`. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13093 from 0xC0ncord/selinux-conmon-agnosticOpenShift Merge Robot2022-04-12
|\ \ | | | | | | selinux: remove explicit range transition when starting conmon
| * | selinux: remove explicit range transition when starting conmonKenton Groombridge2022-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not explicitly transition to s0 when starting conmon. Instead, the policy should implement this behavior. [NO NEW TESTS NEEDED] This is dependent on the SELinux policy to implement the desired behavior. Additionally, entirely custom SELinux policies may choose to implement the behavior differently. Signed-off-by: Kenton Groombridge <me@concord.sh>
* | | container,inspect: convert Entrypoint to array instead of a stringAditya R2022-04-08
| |/ |/| | | | | | | | | | | Convert container entrypoint from string to an array inorder to make sure there is parity between `podman inspect` and `docker inspect` Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13490 from gcalin/13266OpenShift Merge Robot2022-04-04
|\ \ | | | | | | pod logs enhancements: option to color logs
| * | Add option for pod logs to display different colors per container.gcalin2022-03-29
| | | | | | | | | | | | | | | Signed-off-by: Krzysztof Baran <krysbaran@gmail.com> Signed-off-by: gcalin <caling@protonmail.com>
* | | Merge pull request #13594 from cdoern/podVolumesOpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | fix pod volume passing and alter infra inheritance
| * | | fix pod volume passing and alter infra inheritancecdoern2022-03-29
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #13646 from Luap99/slirp4netns-portrangeOpenShift Merge Robot2022-03-30
|\ \ \ | | | | | | | | fix slirp4netns port forwarding with ranges
| * | | fix slirp4netns port forwarding with rangesPaul Holzinger2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes #13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13712 from Luap99/netns-scope-systemdOpenShift Merge Robot2022-03-30
|\ \ \ \ | | | | | | | | | | rootless netns: move process to scope only with systemd
| * | | | rootless netns: move process to scope only with systemdPaul Holzinger2022-03-30
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman on a non systemd system we should not try to move the process under a new systemd scope. [NO NEW TESTS NEEDED] Ref #13703 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / | | Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
|/ / / | | | | | | | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* / / replace hpcloud/tail with nxadm/tailValentin Rothberg2022-03-29
|/ / | | | | | | | | | | | | | | | | | | | | | | The hpcloud is not maintained anymore. nxadm is already part of the dependency chain, so it won't add work for downstream packages. While testing upcoming changes to the events-file backend, I noticed that nxadm is shipping required fixes. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13640 from Luap99/slirp4netns-failOpenShift Merge Robot2022-03-28
|\ \ | | | | | | network setup: fail if slirp4netns is not installed
| * | network setup: fail if slirp4netns is not installedPaul Holzinger2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | I do not see why we should only log an error. If slirp4netns is requested but not installed we should error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13677 from flouthoc/rename-eventOpenShift Merge Robot2022-03-28
|\ \ \ | | | | | | | | libpod, event: generate a valid event on container `rename` operation
| * | | event: generate a valid event on container rename operationAditya R2022-03-28
| |/ / | | | | | | | | | | | | | | | | | | | | | Following commit ensures that podman generates a valid event on `podman container rename` where event specifies that it is a rename event and container name swtichted to the latest name. Signed-off-by: Aditya R <arajan@redhat.com>
* / / Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
|/ / | | | | | | | | | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13660 from rhatdan/errorOpenShift Merge Robot2022-03-27
|\ \ | | | | | | Remove error stutter
| * | Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Run codespell to cleanup typosDaniel J Walsh2022-03-25
|/ / | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13622 from rhatdan/systemd1OpenShift Merge Robot2022-03-24
|\ \ | | | | | | When running systemd in a container set container_uuid
| * | When running systemd in a container set container_uuidDaniel J Walsh2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | systemd expects the container_uuid environment variable be set when it is running in a container. Fixes: https://github.com/containers/podman/issues/13187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13636 from Luap99/machine-port-proxyDaniel J Walsh2022-03-24
|\ \ \ | | | | | | | | podman machine: fix port forwarding with proxy
| * | | podman machine: fix port forwarding with proxyPaul Holzinger2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a user has a http proxy configured the VM will use it. However since gvproxy can only be reached internally from within the VM the port forwarding HTTP API call should not be redirected to the proxy. [NO NEW TESTS NEEDED] Fixes #13628 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13637 from Luap99/conmon-errOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | readConmonPipeData: try to improve error
| * | | | readConmonPipeData: try to improve errorPaul Holzinger2022-03-24
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #10927 reports `container create failed (no logs from conmon): EOF` errors. Since we do not know the root cause it would be helpful to try to get as much info as possible out of the error. (buffer).ReadBytes() will return the bytes read even when an error occurs. So when we get an EOF we could still have some valuable information in the buffer. Lets try to unmarshal them and if this fails we add the bytes to the error message. This does not fix the issue but it might help us getting a better error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13621 from Luap99/doc-libpodOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | [CI:DOCS] document that using libpod package directly is not supported
| * | | | document that using libpod package directly is not supportedPaul Holzinger2022-03-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We do not support using the libpod package outside of podman. There is no stable interface which can be used. Instead point users to the API and go bindings. Fixes #13086 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request from GHSA-qvf8-p83w-v58jGiuseppe Scrivano2022-03-24
|\ \ \ \ | |_|/ / |/| | | do not set the inheritable capabilities
| * | | do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13597 from Luap99/statsOpenShift Merge Robot2022-03-23
|\ \ \ \ | | | | | | | | | | podman stats: calc CPU percentage correctly
| * | | | podman stats: improve cpu average calcPaul Holzinger2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can just calculate the cpu percent for the time the container is running. There is no need to use datapoints. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | podman stats: calc CPU percentage correctlyPaul Holzinger2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman stats, the first interval always shows the wrong cpu usage. To calculate cpu percentage we get the cpu time from the cgroup and compare this against the system time between two stats. Since the first time we do not have a previous stats an empty struct is used instead. Thus we do not use the actual running time of the container but the current unix timestamp (time since Jan 1 1970). To fix this we make sure that the previous stats time is set to the container start time, when it is empty. [NO NEW TESTS NEEDED] No idea how I could create a test which would have a predictable cpu usage. See the linked bugzilla for a reproducer. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2066145 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Fix a potential race around the exec cleanup processMatthew Heon2022-03-23
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Every exec session run attached will, on exit, do two things: it will signal the associated `podman exec` that it is finished (to allow Podman to collect the exit code and exit), and spawn a cleanup process to clean up the exec session (in case the `podman exec` process died, we still need to clean up). If an exec session is created that exits almost instantly, but generates a large amount of output (e.g. prints thousands of lines), the cleanup process can potentially execute before `podman exec` has a chance to read the exit code, resulting in errors. Handle this by detecting if the cleanup process has already removed the exec session before handling the error from reading the exec exit code. [NO NEW TESTS NEEDED] I have no idea how to test this in CI. Fixes #13227 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #13398 from giuseppe/fix-warning-pod-create-rmOpenShift Merge Robot2022-03-22
|\ \ \ \ | | | | | | | | | | libpod: drop warning if cgroup doesn't exist