| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
podman: skip /sys/fs/cgroup/systemd if not present
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
skip adding the /sys/fs/cgroup/systemd bind mount if it is not already
present on the host.
[NO NEW TESTS NEEDED] requires a system without systemd.
Closes: https://github.com/containers/podman/issues/15647
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
Fixes for conmon support on FreeBSD
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On FreeBSD, ENOTCONN can be reported if shutdown is called on a unix
domain socket where the remote end is already closed. This change
ignores those errors instead of printing an error message on container
exit.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This moves the code which sets the process capabilites for the exec to
oci_conmon_exec_linux.go since this is a linux-specific feature. Adding
a no-op stub for FreeBSD enables 'podman exec' when using the ocijail
runtime.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \
| |_|/
|/| | |
Closes #15617: emit container labels for container exited and exec died events
|
| | |/
| |
| |
| |
| |
| |
| | |
- adds unit test for container labels on container die event
- implements #15617
Signed-off-by: Harald Albrecht <harald.albrecht@gmx.net>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
In case of a hard OS shutdown, containers may have a "removing"
state after a reboot, and an attempt to remove Pods with such
containers is unsuccessful:
error freeing lock for container ...: no such file or directory
[NO NEW TESTS NEEDED]
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
It turns out that field names in syscall.Stat_t are platform-specific.
An alternative to this could change fixVolumePermissions to use
unix.Lstat since unix.Stat_t uses the same mmember name for Atim on both
Linux and FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
|
| |
This mount has never been standard on FreeBSD, preferring to use /tmp or
/var/tmp optionally with tmpfs to ensure data is lost on a reboot.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
| |
container_internal_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
| |
container_internal_common.go
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
|
|
| |
This contains a lot of code in common with container_internal_linux.go.
Subsequent commits will move the shared code to
container_internal_common.go to reduce the duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
|
| |
This moves platform-specific details of the network implementation out
of the generic file so that we can add the FreeBSD equivalent.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\
| |
| | |
Add container GID to additional groups
|
| | |
| |
| |
| |
| |
| |
| | |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Add support for FreeBSD volume mounts in specgen
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows us to redefine to the equivalent nullfs on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \
| | | |
| | | | |
libpod: Ensure that generated container names are random
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes #15569.
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \ \
| |_|/
|/| | |
Fix bind-mount-option annotation in gen/play kube
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \
| |/
|/| |
Set enableServiceLinks to false in generated yaml
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Since podman doesn't set/use the needed service env
variable, always set enableServiceLinks to false in
the generated kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| |/
|/| |
Inhibit SIGTERM during Conmon startup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If we get a SIGTERM immediately after Conmon starts but before we
record its PID in the database, we end up leaking a Conmon and
associated OCI runtime process. Inhibit shutdown using the logic
we originally wrote to prevent similar issues during container
creation to prevent this problem.
[NO NEW TESTS NEEDED] No real way to test this I can think of.
Fixes #15557
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
Add emptyDir volume support to kube play
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
I managed to miss this while factoring out moveConmonToCgroupAndSignal.
Perhaps the signalling part should move to the caller instead?
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |\ \
| | |
| | | |
Handle an already connected network in libpod API
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Compat: Treat already attached networks as a no-op
Applies only to containers in created state. Maintain error in running state.
Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com>
Co-authored-by: Brent Baude <bbaude@redhat.com>
Co-authored-by: Jason T. Greene <jason.greene@redhat.com>
Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com>
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
libpod: UpdateContainerStatus: do not wait for container
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 30e7cbccc194 accidentally added a deadlock as Podman was waiting
for the exit code to show up when the container transitioned to stopped.
Code paths that require the exit code to be written (by the cleanup
process) should already be using `(*Container).Wait()` in a deadlock
free way.
[NO NEW TESTS NEEDED] as I did not manage to a reproducer that would
work in CI. Ultimately, it's a race condition.
Fixes: #15492
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
Remove duplicate annotations in generated service yaml
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Don't add the same annotations as the pod yaml to the
service yaml as it is not needed.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add support for containers.conf volume timeouts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
