summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Merge pull request #13972 from Luap99/staticcheckOpenShift Merge Robot2022-04-22
|\ | | | | enable staticcheck linter
| * enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | | | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13964 from rhatdan/rootfullOpenShift Merge Robot2022-04-22
|\ \ | |/ |/| Switch all rootful to rootfull
| * Switch all rootful to rootfullDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | We are inconsistent on the name, we should stick with rootfull. [NO NEW TESTS NEEDED] Existing tests should handle this and no tests for machines exists yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Revert "container,inspect: convert Entrypoint to array instead of a string"Aditya R2022-04-22
|/ | | | | | | | | | | | | | It seems this breaks older version of `podman-remote` users hence it looks like this patch would be a better candidate for podman `5.0` Problem * Client with `4.0` cannot interact with a server of `4.1` Plan this patch for podman `5.0` This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #13505 from rst0git/checkpoint-image-1OpenShift Merge Robot2022-04-21
|\ | | | | Add support for checkpoint image
| * Add support for checkpoint imageRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement proposal for the checkpoint / restore feature of Podman that enables container migration across multiple systems with standard image distribution infrastructure. A new option `--create-image <image>` has been added to the `podman container checkpoint` command. This option tells Podman to create a container image. This is a standard image with a single layer, tar archive, that that contains all checkpoint files. This is similar to the current approach with checkpoint `--export`/`--import`. This image can be pushed to a container registry and pulled on a different system. It can also be exported locally with `podman image save` and inspected with `podman inspect`. Inspecting the image would display additional information about the host and the versions of Podman, criu, crun/runc, kernel, etc. `podman container restore` has also been extended to support image name or ID as input. Suggested-by: Adrian Reber <areber@redhat.com> Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | Merge pull request #13945 from vrothberg/vendor-commonOpenShift Merge Robot2022-04-21
|\ \ | |/ |/| vendor c/common
| * vendor c/commonValentin Rothberg2022-04-21
| | | | | | | | | | | | | | | | Update the recent events-log changes to fix the build error. [NO NEW TESTS NEEDED] since there's no functional change. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | slirp4netns: actually make ipv6 defaultPaul Holzinger2022-04-20
|/ | | | | | | | | | | | | | | | | We already have ipv6 enabled as default via the containers.conf setting. However the documentation did not reflect this. Also if no options were set in contianers.conf it would have ipv6 disabled. We can now remove the extra option from containers.conf. Also fix another outdated option description for host.containers.internal and add that the options can also be set in contianers.conf. [NO NEW TESTS NEEDED] Fixes #13914 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13583 from rhatdan/ipcOpenShift Merge Robot2022-04-16
|\ | | | | Add support for ipc namespace modes "none, private, sharable"
| * Add support for ipc namespace modes "none, private, sharable"Daniel J Walsh2022-04-12
| | | | | | | | | | | | Fixes: #13265 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13641 from nicrowe00/logfileOpenShift Merge Robot2022-04-15
|\ \ | | | | | | Add log rotation based on log size
| * | Add log rotation based on log sizeNiall Crowe2022-04-14
| |/ | | | | | | | | | | | | | | | | | | | | | | Add new functions to logfile.go for rotating and truncating the events log file once the log file and its contents exceed the maximum size limit while keeping 50% of the log file's content Also add tests to verify log rotation and truncation Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13616 from giuseppe/passwd-entryOpenShift Merge Robot2022-04-14
|\ \ | | | | | | run, create: add --passwd-entry
| * | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
| |/ | | | | | | | | | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Fix --tail log on restart problemDaniel J Walsh2022-04-13
|/ | | | | | | | | | | | | --tail=1 is not working f you restart a container with journald logging. We see the exit status and then call into the logging a second time causing all of the logs to print. Removing the tail log on exited seems to fix the problem. Fixes: https://github.com/containers/podman/issues/13098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13788 from flouthoc/support-volume-optsOpenShift Merge Robot2022-04-12
|\ | | | | run, mount: allow setting driver specific option using `volume-opt=`
| * run, mount: allow setting driver specific option using volume-optAditya R2022-04-12
| | | | | | | | | | | | | | | | | | `--mount` should allow setting driver specific options using `volume-opt` when `type=volume` is set. This ensures parity with docker's `volume-opt`. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13093 from 0xC0ncord/selinux-conmon-agnosticOpenShift Merge Robot2022-04-12
|\ \ | | | | | | selinux: remove explicit range transition when starting conmon
| * | selinux: remove explicit range transition when starting conmonKenton Groombridge2022-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not explicitly transition to s0 when starting conmon. Instead, the policy should implement this behavior. [NO NEW TESTS NEEDED] This is dependent on the SELinux policy to implement the desired behavior. Additionally, entirely custom SELinux policies may choose to implement the behavior differently. Signed-off-by: Kenton Groombridge <me@concord.sh>
* | | container,inspect: convert Entrypoint to array instead of a stringAditya R2022-04-08
| |/ |/| | | | | | | | | | | Convert container entrypoint from string to an array inorder to make sure there is parity between `podman inspect` and `docker inspect` Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13490 from gcalin/13266OpenShift Merge Robot2022-04-04
|\ \ | | | | | | pod logs enhancements: option to color logs
| * | Add option for pod logs to display different colors per container.gcalin2022-03-29
| | | | | | | | | | | | | | | Signed-off-by: Krzysztof Baran <krysbaran@gmail.com> Signed-off-by: gcalin <caling@protonmail.com>
* | | Merge pull request #13594 from cdoern/podVolumesOpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | fix pod volume passing and alter infra inheritance
| * | | fix pod volume passing and alter infra inheritancecdoern2022-03-29
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #13646 from Luap99/slirp4netns-portrangeOpenShift Merge Robot2022-03-30
|\ \ \ | | | | | | | | fix slirp4netns port forwarding with ranges
| * | | fix slirp4netns port forwarding with rangesPaul Holzinger2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The slirp4netns port forwarder was not updated to make use of the new port format. This results in a problem when port ranges are used since it does not read the range field from the port. Update the logic to iterate through all ports with the range and protocols. Also added a system test for port ranges with slirp4netns, rootlesskit and the bridge network mode. Fixes #13643 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13712 from Luap99/netns-scope-systemdOpenShift Merge Robot2022-03-30
|\ \ \ \ | | | | | | | | | | rootless netns: move process to scope only with systemd
| * | | | rootless netns: move process to scope only with systemdPaul Holzinger2022-03-30
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman on a non systemd system we should not try to move the process under a new systemd scope. [NO NEW TESTS NEEDED] Ref #13703 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / | | Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
|/ / / | | | | | | | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* / / replace hpcloud/tail with nxadm/tailValentin Rothberg2022-03-29
|/ / | | | | | | | | | | | | | | | | | | | | | | The hpcloud is not maintained anymore. nxadm is already part of the dependency chain, so it won't add work for downstream packages. While testing upcoming changes to the events-file backend, I noticed that nxadm is shipping required fixes. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13640 from Luap99/slirp4netns-failOpenShift Merge Robot2022-03-28
|\ \ | | | | | | network setup: fail if slirp4netns is not installed
| * | network setup: fail if slirp4netns is not installedPaul Holzinger2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | I do not see why we should only log an error. If slirp4netns is requested but not installed we should error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13677 from flouthoc/rename-eventOpenShift Merge Robot2022-03-28
|\ \ \ | | | | | | | | libpod, event: generate a valid event on container `rename` operation
| * | | event: generate a valid event on container rename operationAditya R2022-03-28
| |/ / | | | | | | | | | | | | | | | | | | | | | Following commit ensures that podman generates a valid event on `podman container rename` where event specifies that it is a rename event and container name swtichted to the latest name. Signed-off-by: Aditya R <arajan@redhat.com>
* / / Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
|/ / | | | | | | | | | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13660 from rhatdan/errorOpenShift Merge Robot2022-03-27
|\ \ | | | | | | Remove error stutter
| * | Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Run codespell to cleanup typosDaniel J Walsh2022-03-25
|/ / | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13622 from rhatdan/systemd1OpenShift Merge Robot2022-03-24
|\ \ | | | | | | When running systemd in a container set container_uuid
| * | When running systemd in a container set container_uuidDaniel J Walsh2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | systemd expects the container_uuid environment variable be set when it is running in a container. Fixes: https://github.com/containers/podman/issues/13187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13636 from Luap99/machine-port-proxyDaniel J Walsh2022-03-24
|\ \ \ | | | | | | | | podman machine: fix port forwarding with proxy
| * | | podman machine: fix port forwarding with proxyPaul Holzinger2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a user has a http proxy configured the VM will use it. However since gvproxy can only be reached internally from within the VM the port forwarding HTTP API call should not be redirected to the proxy. [NO NEW TESTS NEEDED] Fixes #13628 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13637 from Luap99/conmon-errOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | readConmonPipeData: try to improve error
| * | | | readConmonPipeData: try to improve errorPaul Holzinger2022-03-24
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #10927 reports `container create failed (no logs from conmon): EOF` errors. Since we do not know the root cause it would be helpful to try to get as much info as possible out of the error. (buffer).ReadBytes() will return the bytes read even when an error occurs. So when we get an EOF we could still have some valuable information in the buffer. Lets try to unmarshal them and if this fails we add the bytes to the error message. This does not fix the issue but it might help us getting a better error. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13621 from Luap99/doc-libpodOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | [CI:DOCS] document that using libpod package directly is not supported
| * | | | document that using libpod package directly is not supportedPaul Holzinger2022-03-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We do not support using the libpod package outside of podman. There is no stable interface which can be used. Instead point users to the API and go bindings. Fixes #13086 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request from GHSA-qvf8-p83w-v58jGiuseppe Scrivano2022-03-24
|\ \ \ \ | |_|/ / |/| | | do not set the inheritable capabilities
| * | | do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>