summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Fix E2E testsMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | The Commit test is blatantly wrong and testing buggy behavior. We should be commiting the destination, if anything - and more likely nothing at all. When force-removing volumes, don't remove the volumes of containers we need to remove. This can lead to a chicken and the egg problem where the container removes the volume before we can. When we re-add volume locks this could lead to deadlocks. I don't really want to deal with this, and this doesn't seem a particularly harmful quirk, so we'll let this slide until we get a bug report. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Drop LocalVolumes from our the databaseMatthew Heon2019-04-04
| | | | | | | | We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Volume force-remove now removed dependent containersMatthew Heon2019-04-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add handling for new named volumes code in pkg/specMatthew Heon2019-04-04
| | | | | | | | | Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Create non-existing named volumes at container createMatthew Heon2019-04-04
| | | | | | Replaces old functionality we used for handling image volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Switch Libpod over to new explicit named volumesMatthew Heon2019-04-04
| | | | | | | | | | | | | This swaps the previous handling (parse all volume mounts on the container and look for ones that might refer to named volumes) for the new, explicit named volume lists stored per-container. It also deprecates force-removing volumes that are in use. I don't know how we want to handle this yet, but leaving containers that depend on a volume that no longer exists is definitely not correct. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add named volumes for each container to databaseMatthew Heon2019-04-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2706 from giuseppe/rootless-single-usernamespaceOpenShift Merge Robot2019-04-04
|\ | | | | rootless: single user namespace
| * rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix a potential segfault in podman searchMatthew Heon2019-04-03
|/ | | | | | | | | | | | | When generating headers for search, we unconditionally access element 0 of an array, and I saw this segfault in our CI. There's no reason we have to do this, we're just going through it to get field names with reflect, so just make a new copy of the struct in question. Also, move this code, which is only for CLI display, into cmd/podman from libpod/image. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #2801 from mheon/remove_wait_eventOpenShift Merge Robot2019-03-29
|\ | | | | Remove wait event
| * Remove wait eventMatthew Heon2019-03-29
| | | | | | | | | | | | | | It's not necessary to log an event for a read-only operation like wait. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add locking to ensure events file is concurrency-safeMatthew Heon2019-03-29
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #2635 from rhatdan/cacheOpenShift Merge Robot2019-03-29
|\ | | | | Set blob cache directory based on GraphDriver
| * Set blob cache directory based on GraphDriverDaniel J Walsh2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | Currently in rootless containers, we end up not using the blob cache. We also don't store the blob cache based on the users specified graph storage. This change will cause the cache directory to be stored with the rest of the containe images. While doing this patch, I found that we had duplicated GetSystemContext in two places in libpod. I cleaned this up. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2797 from giuseppe/rootless-set-stickyOpenShift Merge Robot2019-03-29
|\ \ | | | | | | rootless: set sticky bit on rundir
| * | rootless: set sticky bit on rundirGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | it prevents the directory to be auto pruned, according to the XDG specifications. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | oci: drop reference to runcGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | it can be any OCI runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2730 from giuseppe/userns-take-rid-of-intermediate-mountnsOpenShift Merge Robot2019-03-29
|\ \ \ | | | | | | | | userns: do not use an intermediate mount namespace
| * | | userns: do not use an intermediate mount namespaceGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have an issue in the current implementation where the cleanup process is not able to umount the storage as it is running in a separate namespace. Simplify the implementation for user namespaces by not using an intermediate mount namespace. For doing it, we need to relax the permissions on the parent directories and allow browsing them. Containers that are running without a user namespace, will still maintain mode 0700 on their directory. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | volumes: push the chown logic to runtime_volume_linux.goGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2793 from mheon/alter_name_regexOpenShift Merge Robot2019-03-29
|\ \ \ \ | |/ / / |/| | | Alter container/pod/volume name regexp to match Docker
| * | | Alter container/pod/volume name regexp to match DockerMatthew Heon2019-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker's upstream name validation regex has two major differences from ours that we pick up in this PR. The first requires that the first character of a name is a letter or number, not a special character. The second allows periods in names. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #2575 from haircommander/hotfix_play_kubeOpenShift Merge Robot2019-03-29
|\ \ \ \ | |_|_|/ |/| | | Default to SELinux private label for play kube mounts
| * | | Default to SELinux private label for play kube mountsPeter Hunt2019-03-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #2796 from mheon/fix_cni_multinetworkOpenShift Merge Robot2019-03-29
|\ \ \ | |_|/ |/| | Ensure that we make a netns for CNI non-default nets
| * | Ensure that we make a netns for CNI non-default netsMatthew Heon2019-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We accidentally patched this out trying to enable ns:/path/to/ns This should restore the ability to configure nondefault CNI networks with Podman, by ensuring that they request creation of a network namespace. Completely remove the WithNetNS() call when we do use an explicit namespace from a path. We use that call to indicate that a netns is going to be created - there should not be any question about whether it actually does. Fixes #2795 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #2786 from giuseppe/change-rootless-env-namesOpenShift Merge Robot2019-03-28
|\ \ \ | |/ / |/| | rootless: change env prefix
| * | rootless: change env prefixGiuseppe Scrivano2019-03-28
| |/ | | | | | | | | | | | | | | | | | | from _LIBPOD to _CONTAINERS. The same change was done in buildah unshare. This is necessary for podman to detect we are running in a rootless environment and work properly from a "buildah unshare" session. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
|/ | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Resolve review commentsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support to disable creation of network config filesMatthew Heon2019-03-27
| | | | | | | | Specifically, we want to be able to specify whether resolv.conf and /etc/hosts will be create and bind-mounted into the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add "died" eventbaude2019-03-25
| | | | | | | | | | We have a new event for container 'Exited' which has been renamed to 'died'. also removed the stream bool from the varlink endpoint for events because it can be determined by the varlink more value. Signed-off-by: baude <bbaude@redhat.com>
* podman health check phase3baude2019-03-22
| | | | | | | | | | | | | | | | podman will not start a transient service and timer for healthchecks. this handles the tracking of the timing for health checks. added the 'started' status which represents the time that a container is in its start-period. the systemd timing can be disabled with an env variable of DISABLE_HC_SYSTEMD="true". added filter for ps where --filter health=[starting, healthy, unhealthy] can now be used. Signed-off-by: baude <bbaude@redhat.com>
* userns: use the intermediate mountns for volumesGiuseppe Scrivano2019-03-21
| | | | | | | | | | | when --uidmap is used, the user won't be able to access /var/lib/containers/storage/volumes. Use the intermediate mount namespace, that is accessible to root in the container, for mounting the volumes inside the container. Closes: https://github.com/containers/libpod/issues/2713 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* volume: create new volumes with right ownershipGiuseppe Scrivano2019-03-21
| | | | | | | when we create a new volume we must be sure it is owned by root in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix Bug 1688041-podman image save removes existing imageQi Wang2019-03-20
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* ps: fix segfault if the store is not initializedGiuseppe Scrivano2019-03-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Export ConmonPidFile in 'podman inspect' for containersDebarshi Ray2019-03-18
| | | | | | | | | This can help scripts provide a more meaningful message when coming across issues [1] which require the container to be re-created. [1] eg., https://github.com/containers/libpod/issues/2673 Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* podman logs on created container should exitbaude2019-03-18
| | | | | | | | | | | when running podman logs on a created container (which has no logs), podman should return gracefully (like docker) with a 0 return code. if multiple containers are provided and one is only in the created state (and no follow is used), we still display the logs for the other ids. fixes issue #2677 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2670 from giuseppe/runtime-write-rootless-conf-before-reloadOpenShift Merge Robot2019-03-18
|\ | | | | rootless: write the custom config file before reload
| * utils: split generation and writing of storage.confGiuseppe Scrivano2019-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | split the generation for the default storage.conf and when we write it if not existing for a rootless user. This is necessary because during the startup we might be overriding the default configuration through --storage-driver and --storage-opt, that would not be written down to the storage.conf file we generated. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: write the custom config file before reloadGiuseppe Scrivano2019-03-15
| | | | | | | | | | | | | | so that when we do a rootlessReload we inherit the correct settings from the command line. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2620 from baude/multilogsOpenShift Merge Robot2019-03-16
|\ \ | | | | | | display logs for multiple containers at the same time
| * | Integration test tweaksbaude2019-03-15
| | | | | | | | | | | | | | | | | | | | | Wait for more than 1 second on podman info to complete. Also, add clarification to why slirp fails. Signed-off-by: baude <bbaude@redhat.com>
| * | display logs for multiple containers at the same timebaude2019-03-15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability for users to specify more than one container at a time while using podman logs. If more than one container is being displayed, podman will also prepend a shortened container id of the container on the log line. also, enabled the podman-remote logs command during the refactoring of the above ability. fixes issue #2219 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2658 from mheon/sctpOpenShift Merge Robot2019-03-16
|\ \ | | | | | | Add support for SCTP port forwarding