| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This retains the existing string parsing heuristic for users
who must continue to use it (notably the varlink API - or is
it still subject to change?), but allows callers who can get
precise references to supply them without having to deal
with string formatting.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have a c/image/docker/reference.Named; no need to
round-trip it through a string. This also eliminates the theoretical
parsing failure, and the unchecked .(reference.Named) cast.
Also add a check for DockerReference() == nil to be extra paranoid,
although that should never happen.
Should not change behavior (but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(... but keep it in DefaultTransport, which remains irregular.)
This makes DockerTransport consistent with the others, and much more importantly,
allows several instances to do
> imgRef.Transport().Name() == DockerTransport
instead of the current
> strings.HasPrefix(DockerTransport, imgRef.Transport().Name())
, which currently works but is pretty nonsensical (it does not check
the "docker://" prefix against the _full reference_, but it checks
the _transport name_ as a prefix of "docker://", i.e. a transport named
"d" would be accepted.
Should not change behavior, because the only currently existing transport
which has a name that is a prefix of "docker://" is c/image/docker.Transport
(but does not add unit tests).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
They are not used anywhere AFAICS, and the underlying idea
that transport-specific image names are reusable across transports
is very dubious anyway. So, drop them instead of documenting
or fixing them.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This has no ambition to change the design, just to be clear about
what the design is.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
This avoids another "append an only item to an empty array"
pattern, and will allow us to get rid of the "dest" variable
entirely.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
This should not change behavior, only to make future edits
for an early exit easier to review.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Almost all paths appended to pullNames exactly once; just construct a
single-element array in place and return it.
That way we can add empty lines as separators, and still come out shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because srcRef is created by parsing imgName, both hard-code assumptions
about transport-specific formats of the strings, so that is neither better nor worse;
but we do less explicit parsing.
Should not change behavior for dir:, nor for fully-correct docker-archive:.
docker-archive:, though, also supports docker-archive:path:reference, where
the reference is ignored (with a warning) on read; in such cases the previous
code would use the reference only (not the path), the new code uses both
as the path. Neither works, we just change the failure mode (but
"error opening path:reference" is now more suggestive of the correct usage).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
... it is always nil.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a bit more specific as to what "ref" or "list" means,
and consistent with refPairsFromPossiblyUnqualifiedName
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Again, that makes the core logic independent from Runtime == containers-storage,
and easier to test independently.
So, this also adds tests.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... and use pullRefPairsFromRefNames to convert to the
desired data structure later.
This will make both getPullRefName, and later the bulk of
getPullListFromRef, independent of the storage, and thus much easier to test.
Then add tests for getPullRefName. (Ideally they should be shorter,
e.g. hopefully the .image member can be eliminated.)
Should not change behavior, except that error messages on invalid
dstName will now include the value.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
This will make any failures easier to attribute to the cause.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1176
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
| |
podman umount will currently only unmount file system if not other
process is using it, otherwise the umount decrements the container
storage to indicate that the caller is no longer using the mount
point, once the count gets to 0, the file system is actually unmounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1184
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
|
| |
refresh() is the only major command we had that did not perform a
sync before running, and thus was not guaranteed to pick up a
good copy of the state. Fix this by updating the state before a
refresh().
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
Pod and container State structs are now allowed to be empty on
first being retrieved from the database. Rework pod and container
equality functions used in testing to account for this change.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
The new state changes are potentially confusing to people writing
API functions on containers or pods. Add comments to the structs
on how to safely use them.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not necessary to fill in state immediately, as we'll be
overwriting it on any API call accessing it thanks to
syncContainer(). It is also causing races when we fetch it
without holding the container lock (which syncContainer() does).
As such, just don't retrieve the state on initial pull from the
database with Bolt.
Also, refactor some Linux-specific netns handling functions out
of container_internal_linux.go into boltdb_linux.go.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
slirp4netns is required to setup the network namespace:
https://github.com/rootless-containers/slirp4netns
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1156
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
If an image is created from another and it is deleted,
only delete the actual image and not the parent images
if the parent images have names/references.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1174
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
Added Pause() and Unpause() to libpod/pod.go
Added man pages, tests and completions
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1126
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CNI plugins upstream removed their network namespace creation
code, making it a test package only. Copy it into our repository
and slightly modify it for our use (most notably, use MNT_DETACH
when unmounting namespaces).
This new CNI code splits closing and unmounting network
namespaces, which allows us to greatly reduce the number of
occasions on which we call teardownNetwork() and make more errors
in that function fatal instead of warnings. Instead, we can call
Close() and just close the open file descriptor in cases where
the namespace has already been cleaned up.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This just muves the Linux implementation, unchanged, to the
platform-agnostic file. Should not change behavior on Linux.
On non-Linux platforms, reading containers from BoltDB now works
(and rejects containers with namespace data). The checkRuntimeConfig
validation ensures that each BoltDB database is only used on one platform,
so network namespaces should never exist in non-Linux BoltDB files.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the actual platform-specific part of getContainerFromDB.
Factor it out, unchanged, on Linux. On other platforms, introduce
a stub which fails if any data exists; this stub is not yet called.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On macOS NewImageRuntimeFromOptions fails with chown EPERM because the
"vfs" driver tries to chown its home to root:root 0700; in fact running
as root seems to be a generic requirement. So, skip the tests if not
running as root.
(This could maybe benefit from an extra state, maybe an environment
variable like RUNNING_IN_CI, to make sure the tests are actually
run often enough.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1162
Approved by: rhatdan
|
| |\
| |
| | |
Add a mutex to BoltDB state to prevent lock issues
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081,
POSIX file advisory locks are unsafe to use within a single
process if multiple file descriptors are open for the same file.
Unfortunately, this has a strong potential to happen for
multithreaded usage of libpod, and could result in DB corruption.
To prevent this, wrap all access to BoltDB within a single
libpod instance in a mutex to ensure concurrent access cannot
occur.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
With tests, man page and completions.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1152
Approved by: rhatdan
|
| |/
|
|
|
|
|
|
|
|
|
| |
Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function.
Refactored startNode to be able to either start or restart a node.
Built pod Restart() with new startNode with refresh true.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1152
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Better explain the inner workings of both state types in comments
to make reviews and changes easier.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
| |
Also add namespace to inspect output to verify its presence
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
| |
New containers and pods will default to the namespace of the
runtime, but this can be overridden by With... options if
desired.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Allows joining libpod to a specific namespace when running a
Podman command.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Include details on how namespaces interact with the
state.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
All BoltDB access and update functions now understand namespaces.
Accessing containers outside of your namespace will produce
errors, except for Lookup and All functions, which will perform
their tasks only on containers within your namespace.
The "" namespace remains a reserved, no-restrictions namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Dependency containers must be in the same namespace, to ensure
there are never problems resolving a dependency.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add basic awareness of namespaces to the database. As part of
this, add constraints so containers can only be added to pods in
the same namespace.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
| |
Libpod namespaces are a way to logically separate groups of pods
and containers within the state.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses a regression in `podman mount` due to our mount changes
to allow concurrency by letting c/storage handle mounting and
unmounting.
Combine Mounted() and Mountpoint() into one function and query
c/storage directly to ensure we get accurate information.
Fixes: #1143
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1144
Approved by: baude
|
