| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Add support for checkpoint image
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an enhancement proposal for the checkpoint / restore feature of
Podman that enables container migration across multiple systems with
standard image distribution infrastructure.
A new option `--create-image <image>` has been added to the
`podman container checkpoint` command. This option tells Podman to
create a container image. This is a standard image with a single layer,
tar archive, that that contains all checkpoint files. This is similar to
the current approach with checkpoint `--export`/`--import`.
This image can be pushed to a container registry and pulled on a
different system. It can also be exported locally with `podman image
save` and inspected with `podman inspect`. Inspecting the image would
display additional information about the host and the versions of
Podman, criu, crun/runc, kernel, etc.
`podman container restore` has also been extended to support image
name or ID as input.
Suggested-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
|\ \
| |/
|/| |
vendor c/common
|
| |
| |
| |
| |
| |
| |
| |
| | |
Update the recent events-log changes to fix the build error.
[NO NEW TESTS NEEDED] since there's no functional change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have ipv6 enabled as default via the containers.conf setting.
However the documentation did not reflect this. Also if no options were
set in contianers.conf it would have ipv6 disabled.
We can now remove the extra option from containers.conf.
Also fix another outdated option description for host.containers.internal
and add that the options can also be set in contianers.conf.
[NO NEW TESTS NEEDED]
Fixes #13914
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
Add support for ipc namespace modes "none, private, sharable"
|
| |
| |
| |
| |
| |
| | |
Fixes: #13265
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add log rotation based on log size
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add new functions to logfile.go for rotating and truncating
the events log file once the log file and its contents
exceed the maximum size limit while keeping 50% of the
log file's content
Also add tests to verify log rotation and truncation
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
run, create: add --passwd-entry
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
It allows to customize the entry that is written to the `/etc/passwd`
file when --passwd is used.
Closes: https://github.com/containers/podman/issues/13185
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
--tail=1 is not working f you restart a container with journald logging.
We see the exit status and then call into the logging a second time
causing all of the logs to print.
Removing the tail log on exited seems to fix the problem.
Fixes: https://github.com/containers/podman/issues/13098
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
run, mount: allow setting driver specific option using `volume-opt=`
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`--mount` should allow setting driver specific options using
`volume-opt` when `type=volume` is set.
This ensures parity with docker's `volume-opt`.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| | |
| | | |
selinux: remove explicit range transition when starting conmon
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not explicitly transition to s0 when starting conmon. Instead, the
policy should implement this behavior.
[NO NEW TESTS NEEDED]
This is dependent on the SELinux policy to implement the desired
behavior. Additionally, entirely custom SELinux policies may choose to
implement the behavior differently.
Signed-off-by: Kenton Groombridge <me@concord.sh>
|
| |/
|/|
| |
| |
| |
| |
| | |
Convert container entrypoint from string to an array inorder to make
sure there is parity between `podman inspect` and `docker inspect`
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| | |
| | | |
pod logs enhancements: option to color logs
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Krzysztof Baran <krysbaran@gmail.com>
Signed-off-by: gcalin <caling@protonmail.com>
|
|\ \ \
| | | |
| | | | |
fix pod volume passing and alter infra inheritance
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the infra Inherit function was not properly passing pod volume information to new containers
alter the inherit function and struct to use the new `ConfigToSpec` function used in clone
pick and choose the proper entities from a temp spec and validate them on the spegen side rather
than passing directly to a config
resolves #13548
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \
| | | |
| | | | |
fix slirp4netns port forwarding with ranges
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The slirp4netns port forwarder was not updated to make use of the new
port format. This results in a problem when port ranges are used since
it does not read the range field from the port.
Update the logic to iterate through all ports with the range and
protocols. Also added a system test for port ranges with slirp4netns,
rootlesskit and the bridge network mode.
Fixes #13643
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
rootless netns: move process to scope only with systemd
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When you run podman on a non systemd system we should not try to move the
process under a new systemd scope.
[NO NEW TESTS NEEDED]
Ref #13703
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: John Matthews <jwmatthews@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The hpcloud is not maintained anymore. nxadm is already part of the
dependency chain, so it won't add work for downstream packages.
While testing upcoming changes to the events-file backend, I noticed
that nxadm is shipping required fixes.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \
| | |
| | | |
network setup: fail if slirp4netns is not installed
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I do not see why we should only log an error. If slirp4netns is
requested but not installed we should error.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
libpod, event: generate a valid event on container `rename` operation
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Following commit ensures that podman generates a valid event on `podman
container rename` where event specifies that it is a rename event and
container name swtichted to the latest name.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
WalkDir should be faster the Walk, since we often do
not need to stat files.
[NO NEW TESTS NEEDED] Existing tests should find errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Remove error stutter
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When podman gets an error it prints out "Error: " before
printing the error string. If the error message starts with
error, we end up with
Error: error ...
This PR Removes all of these stutters.
logrus.Error() also prints out that this is an error, so no need for the
error stutter.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
When running systemd in a container set container_uuid
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
systemd expects the container_uuid environment variable be set
when it is running in a container.
Fixes: https://github.com/containers/podman/issues/13187
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman machine: fix port forwarding with proxy
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a user has a http proxy configured the VM will use it. However
since gvproxy can only be reached internally from within the VM the port
forwarding HTTP API call should not be redirected to the proxy.
[NO NEW TESTS NEEDED]
Fixes #13628
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
readConmonPipeData: try to improve error
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Issue #10927 reports `container create failed (no logs from conmon): EOF`
errors. Since we do not know the root cause it would be helpful to try
to get as much info as possible out of the error.
(buffer).ReadBytes() will return the bytes read even when an error
occurs. So when we get an EOF we could still have some valuable
information in the buffer. Lets try to unmarshal them and if this fails
we add the bytes to the error message.
This does not fix the issue but it might help us getting a better error.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] document that using libpod package directly is not supported
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We do not support using the libpod package outside of podman. There is
no stable interface which can be used. Instead point users to the API
and go bindings.
Fixes #13086
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
do not set the inheritable capabilities
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The kernel never sets the inheritable capabilities for a process, they
are only set by userspace. Emulate the same behavior.
Closes: CVE-2022-27649
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
podman stats: calc CPU percentage correctly
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We can just calculate the cpu percent for the time the container is
running. There is no need to use datapoints.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When you run podman stats, the first interval always shows the wrong cpu
usage. To calculate cpu percentage we get the cpu time from the cgroup
and compare this against the system time between two stats. Since the
first time we do not have a previous stats an empty struct is used
instead. Thus we do not use the actual running time of the container but
the current unix timestamp (time since Jan 1 1970).
To fix this we make sure that the previous stats time is set to the
container start time, when it is empty.
[NO NEW TESTS NEEDED] No idea how I could create a test which would have
a predictable cpu usage.
See the linked bugzilla for a reproducer.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2066145
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Every exec session run attached will, on exit, do two things: it
will signal the associated `podman exec` that it is finished (to
allow Podman to collect the exit code and exit), and spawn a
cleanup process to clean up the exec session (in case the `podman
exec` process died, we still need to clean up). If an exec
session is created that exits almost instantly, but generates a
large amount of output (e.g. prints thousands of lines), the
cleanup process can potentially execute before `podman exec` has
a chance to read the exit code, resulting in errors. Handle this
by detecting if the cleanup process has already removed the exec
session before handling the error from reading the exec exit
code.
[NO NEW TESTS NEEDED] I have no idea how to test this in CI.
Fixes #13227
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
libpod: drop warning if cgroup doesn't exist
|