| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes things a lot more clear - if we are actually joining a
CNI network, we are guaranteed to get a non-zero length list of
networks.
We do, however, need to know if the network we are joining is the
default network for inspecting containers as it determines how we
populate the response struct. To handle this, add a bool to
indicate that the network listed was the default network, and
only the default network.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running on cgroups v1, `/proc/{PID}/cgroup` has multiple entries,
each pointing potentially to a different cgroup. Some may be empty,
some may point to parents.
The one we really need is the libpod-specific one, which always is the
longest path. So instead of looking at the first entry, look at all and
select the longest one.
Fixes: #8397
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
add network connect|disconnect compat endpoints
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Filters with the same key work inclusive with the only exception being
`label` which is exclusive. Filters with different keys always work exclusive.
Also update the documentation with the new behavior.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| |/
|/| |
Align the podman ps --filter behavior with docker
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All of our filters worked exclusive resulting in `--filter status=created --filter status=exited` to return nothing.
In docker filters with the same key work inclusive with the only exception being `label` which is exclusive. Filters with different keys always work exclusive.
This PR aims to match the docker behavior with podman.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this enables the ability to connect and disconnect a container from a
given network. it is only for the compatibility layer. some code had to
be refactored to avoid circular imports.
additionally, tests are being deferred temporarily due to some
incompatibility/bug in either docker-py or our stack.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
use container cgroups path
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
When looking up a container's cgroup path, parse /proc/[PID]/cgroup.
This will work across all cgroup managers and configurations and is
supported on cgroups v1 and v2.
Fixes: #8265
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Make sure /etc/hosts populated correctly with networks
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The --hostname and containername should always be added to containers.
Added some tests to make sure you can always ping the hostname and container
name from within the container.
Fixes: https://github.com/containers/podman/issues/8095
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One main advantage of the new shell completion logic is that
we can easly parse flags and adjust based on the given flags
the suggestions. For example some commands accept the
`--latest` flag only if no arguments are given.
This commit implements this logic in a simple maintainable way
since it reuses the already existing `Args` function in the
cmd struct.
I also refactored the `getXXX` function to match based on the
namei/id which could speed up the shell completion with many
containers, images, etc...
I also added the degraded status to the valid pod status
filters which was implemented in #8081.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
|
|
| |
Add support for short-name aliasing.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Cleanup error reporting
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The error message reported is overlay complicated and the added test does not
really help the user.
Currently the error looks like:
podman run -p 80:80 fedora echo hello
Error: failed to expose ports via rootlessport: "cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied\n"
After this change
./bin/podman run -p 80:80 fedora echo hello
Error: cannot expose privileged port 80, you might need to add "net.ipv4.ip_unprivileged_port_start=0" (currently 1024) to /etc/sysctl.conf, or choose a larger port number (>= 1024): listen tcp 0.0.0.0:80: bind: permission denied
Control chars have been eliminated.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add support for network connect / disconnect to DB
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Convert the existing network aliases set/remove code to network
connect and disconnect. We can no longer modify aliases for an
existing network, but we can add and remove entire networks. As
part of this, we need to add a new function to retrieve current
aliases the container is connected to (we had a table for this
as of the first aliases PR, but it was not externally exposed).
At the same time, remove all deconflicting logic for aliases.
Docker does absolutely no checks of this nature, and allows two
containers to have the same aliases, aliases that conflict with
container names, etc - it's just left to DNS to return all the
IP addresses, and presumably we round-robin from there? Most
tests for the existing code had to be removed because of this.
Convert all uses of the old container config.Networks field,
which previously included all networks in the container, to use
the new DB table. This ensures we actually get an up-to-date list
of in-use networks. Also, add network aliases to the output of
`podman inspect`.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
Ensure we do not double-lock the same volume in create
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When making containers, we want to lock all named volumes we are
adding the container to, to ensure they aren't removed from under
us while we are working. Unfortunately, this code did not account
for a container having the same volume mounted in multiple places
so it could deadlock. Add a map to ensure that we don't lock the
same name more than once to resolve this.
Fixes #8221
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
network aliases for container creation
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
enable the ipv6 flag in podman network to be able to create
dual-stack networks for containers.
This is required to be compatible with docker, where --ipv6
really means dual stack.
podman, unlike docker, support IPv6 only containers since
07e3f1bba9674c0cb93a0fa260930bfebbf75728.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
|/
|
|
| |
Signed-off-by: Joel Smith <joelsmith@redhat.com>
|
|
|
|
|
|
| |
This restores pre f7e72bc86aff2ff986290f190309deceb7f22099 behavior
Signed-off-by: Yan Minari <yangm97@gmail.com>
|
|\
| |
| | |
Add support for mounting external containers
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Continue progress on use of external containers.
This PR adds the ability to mount, umount and list the
storage containers whether they are in libpod or not.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Only use container/storage/pkg/unshare.HomeDir()
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We are resolving the homedir of the user in many different
places. This Patch consolodates them to use container/storage
version.
This PR also fixes a failure mode when the homedir does not
exists, and the user sets a root path. In this situation
podman should continue to work. Podman does not require a users
homedir to exist in order to run.
Finally the rootlessConfigHomeDirOnce and rootlessRuntimeDirOnce
were broken, because if an error ever happened, they would not be recorded
the second time, and "" would be returned as the path.
Fixes: https://github.com/containers/podman/issues/8131
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Use regex for "pod ps" name filter to match "ps" behavior
|
| |
| |
| |
| | |
Signed-off-by: Joel Smith <joelsmith@redhat.com>
|
|\ \
| |/
|/| |
Add network aliases for containers to DB
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As part of this, we need two new functions, for retrieving all
aliases for a network and removing all aliases for a network,
both required to test.
Also, rework handling for some things the tests discovered were
broken (notably conflicts between container name and existing
aliases).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The original interface only allowed retrieving aliases for a
specific network, not for all networks. This will allow aliases
to be retrieved for every network the container is present in,
in a single DB operation.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the database backend for network aliases. Aliases are
additional names for a container that are used with the CNI
dnsname plugin - the container will be accessible by these names
in addition to its name. Aliases are allowed to change over time
as the container connects to and disconnects from networks.
Aliases are implemented as another bucket in the database to
register all aliases, plus two buckets for each container (one to
hold connected CNI networks, a second to hold its aliases). The
aliases are only unique per-network, to the global and
per-container aliases buckets have a sub-bucket for each CNI
network that has aliases, and the aliases are stored within that
sub-bucket. Aliases are formatted as alias (key) to container ID
(value) in both cases.
Three DB functions are defined for aliases: retrieving current
aliases for a given network, setting aliases for a given network,
and removing all aliases for a given network.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| | |
When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters.
This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint
Closes #6765
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
Allow users to mount with unbindable flag
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow users to specify unbindable on volume command line
Switch internal mounts to rprivate to help prevent leaks.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
|\ \
| | |
| | | |
Fix dnsname when joining a different network namespace in a pod
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When creating a container in a pod the podname was always set as
the dns entry. This is incorrect when the container is not part
of the pods network namespace. This happend both rootful and
rootless. To fix this check if we are part of the pods network
namespace and if not use the container name as dns entry.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
Stop excessive wrapping of errors
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most of the builtin golang functions like os.Stat and
os.Open report errors including the file system object
path. We should not wrap these errors and put the file path
in a second time, causing stuttering of errors when they
get presented to the user.
This patch tries to cleanup a bunch of these errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
andylibrian/grab-systemd-mount-flags-from-the-host-7661
Improve setupSystemd, grab mount options from the host
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
fixes #7661
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Containers that share IPC Namespaces share each others
/dev/shm, which means a private /dev/shm needs to be setup
for the infra container.
Added a system test and an e2e test to make sure the
/dev/shm is shared.
Fixes: https://github.com/containers/podman/issues/8181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Podman often reports OCI Runtime does not exist, even if it does
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the OCI Runtime tries to set certain settings in cgroups
it can get the error "no such file or directory", the wrapper
ends up reporting a bogus error like:
```
Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error
{"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500}
```
On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting
message":"open io.max: No such file or directory
Which is what we want the user to concentrate on.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
new "image" mount type
|