summaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* Enforce namespace checks on container addMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add tests for state namespacingMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add namespaces to in memory stateMatthew Heon2018-07-24
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Untested implementation of namespaced BoltDB accessMatthew Heon2018-07-24
| | | | | | | | | | | All BoltDB access and update functions now understand namespaces. Accessing containers outside of your namespace will produce errors, except for Lookup and All functions, which will perform their tasks only on containers within your namespace. The "" namespace remains a reserved, no-restrictions namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add constraint that dependencies must be in the same nsMatthew Heon2018-07-24
| | | | | | | Dependency containers must be in the same namespace, to ensure there are never problems resolving a dependency. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add namespaces and initial constraints to databaseMatthew Heon2018-07-24
| | | | | | | | Add basic awareness of namespaces to the database. As part of this, add constraints so containers can only be added to pods in the same namespace. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Add container and pod namespaces to configsMatthew Heon2018-07-24
| | | | | | | Libpod namespaces are a way to logically separate groups of pods and containers within the state. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* Update container Mounted() and Mountpoint() functionsMatthew Heon2018-07-24
| | | | | | | | | | | | | | | | Addresses a regression in `podman mount` due to our mount changes to allow concurrency by letting c/storage handle mounting and unmounting. Combine Mounted() and Mountpoint() into one function and query c/storage directly to ensure we get accurate information. Fixes: #1143 Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1144 Approved by: baude
* Use the result of reference.Parse when checking for digests.Miloslav Trmač2018-07-23
| | | | | | | | | | | | No need to do a separate string search when reference.Parse has already determined this. Changes behavior: non-SHA256 digest formats are now recognized as well. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Make refNamesFromPossiblyUnqualifiedName independent from ImageMiloslav Trmač2018-07-23
| | | | | | | | | | | ... which finally makes it very easy to add comprehensive tests; so do that. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Make Image.HasShaInInputName to an independent local functionMiloslav Trmač2018-07-23
| | | | | | | | | | | | The functionality only depends on Image.InputName, and we will want to make the only user of this independent of the fairly complex Image type. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split createNamesToPull into ref{Names,Pairs}FromPossiblyUnqualifiedNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | | | One part creates []*pullRefName; the other just trivially converts it into []*pullRefPair. Also use much more explicit names to explain the functionality. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename local variables in Runtime.pullRefPairsFromRefNamesMiloslav Trmač2018-07-23
| | | | | | | | | | | ... to be more conventional. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split Runtime.pullRefPairsFromRefNames from Image.createNamesToPullMiloslav Trmač2018-07-23
| | | | | | | | | | | This will have another user shortly. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename nameToPull to pullRefNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | We will use it not only in createNamesToPull, but also in getPullListFromRef soon. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Rename pullStruct to pullRefPairMiloslav Trmač2018-07-23
| | | | | | | | | | | | "Struct" is meaningless, and we will need the "reference pair" mentioned to distinguish srcRef+dstRef from srcRef+dstName. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Replace optional nameToPull.shaPullName with mandatory dstNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | | This consolidates the shaPullName logic into a single place, (and eliminates the unclear shaPullName member name completely). The resulting nameToPull will shortly be more generally useful. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Introduce nameToPull, move shaPullName in thereMiloslav Trmač2018-07-23
| | | | | | | | | | | | | | | | | shaPullName is only used internally in createNamesToPull; so, introduce a nameToPull as a variant of pullStruct which has shaPullName (and does not have destRef). Eventually, we want to split pullStruct preparation into easily-testable store-independent name preparation, and a store-dependent and difficult-to-test but trivial conversion using StorageTransport.ParseStoreReference. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Split normalizeTag from Image.TagImageMiloslav Trmač2018-07-23
| | | | | | | | | | | ... so that it can be tested without side effects, and add the tests. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Remove Image.isShortNameMiloslav Trmač2018-07-23
| | | | | | | | | | | | It has no users, and it depends on the incorrect imageParts.hasRegistry. So, just drop it instead of worrying whether it is OK to change its semantics. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Inline getTags into its only userMiloslav Trmač2018-07-23
| | | | | | | | | | | | This also eliminates a duplicate call to reference.Parse() and removes an impossible erorr path. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Add unit tests for imagePartsMiloslav Trmač2018-07-23
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1112 Approved by: rhatdan
* Merge pull request #1103 from haircommander/load_dockerlessMatthew Heon2018-07-20
|\ | | | | Podman load/tag/save prepends localhost when no registry is present
| * Podman load/tag/save prepend localhost when no repository is presenthaircommander2018-07-20
| | | | | | | | | | | | Instead of having docker.io/library as its repository. Test included. Signed-off-by: haircommander <pehunt@redhat.com>
* | Merge pull request #1104 from rhatdan/mountingMatthew Heon2018-07-20
|\ \ | | | | | | Let containers/storage keep track of mounts
| * | Let containers/storage keep track of mountsDaniel J Walsh2018-07-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we unmount storage that is still in use. We should not be unmounting storeage that we mounted via a different command or by podman mount. This change relies on containers/storage to umount keep track of how many times the storage was mounted before really unmounting it from the system. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | pull: get registries using the registries pkgGiuseppe Scrivano2018-07-20
| |/ |/| | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-top: use containers/psgoValentin Rothberg2018-07-19
|/ | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Vendor in latest code for storage,image, buildahDaniel J Walsh2018-07-19
| | | | | | | | | | | vendor in containers/storage vendor in containers/image vendor in projectatomic/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1114 Approved by: mheon
* Abort a test on nil containers, so that future tests don't panicMiloslav Trmač2018-07-19
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Fix TestPostDeleteHooks on macOSMiloslav Trmač2018-07-19
| | | | | | | | | os.TempDir() is /var/folders/.../T/ on macOS, not /tmp. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Use `...` for a regexp constant to improve readabilityMiloslav Trmač2018-07-19
| | | | | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* oci: keep exposed ports busy and leak the fd into conmonGiuseppe Scrivano2018-07-19
| | | | | | | | | | | | | Bind all the specified TCP and UDP ports so that another process cannot reuse them. The fd of the listener is then leaked into conmon so that the socket is kept busy until the container exits. Closes: https://github.com/projectatomic/libpod/issues/210 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1100 Approved by: mheon
* Record whether the container has exitedMatthew Heon2018-07-13
| | | | | | | | Use this to supplement exit codes returned from containers, to make sure we know when exit codes are invalid (as the container has not yet exited) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * runtime: delete unused functionGiuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: propagate errors from GetRootlessRuntimeDir()Giuseppe Scrivano2018-07-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1065 from haircommander/pod-start-create-rmDaniel J Walsh2018-07-13
|\ \ | | | | | | Podman pod create/rm/ps commands with man pages and tests
| * | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
| * | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| | | | | | | | | | | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>
* | | fix pull image that includes a shabaude2018-07-13
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when pulling an image that includes a sha such as: centos/nginx-112-centos7@sha256:42330f7f29ba1ad67819f4ff3ae2472f62de13a827a74736a5098728462212e7 the final image name in libpod should not contain portions of the sha itself nor the sha identifier. and like docker, we provide a 'none' tag as well. this should fix #877 Signed-off-by: baude <bbaude@redhat.com> Closes: #1085 Approved by: mheon
* | Added created time to pod statehaircommander2018-07-12
| | | | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1079 Approved by: rhatdan
* | Support multiple networksbaude2018-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | This is a refresh of Dan William's PR #974 with a rebase and proper vendoring of ocicni and containernetworking/cni. It adds the ability to define multiple networks as so: podman run --network=net1,net2,foobar ... Signed-off-by: baude <bbaude@redhat.com> Closes: #1082 Approved by: baude
* | podman rmi should only untag image if parent of anotherumohnani82018-07-12
|/ | | | | | | | | | | | podman rmi was deleting an image even if it was a parent of another image. This fix just untags the image instead. This also fixes podman rmi to remove intermediate images of an image when the image is removed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1055 Approved by: mheon
* Allow Init() on stopped containersMatthew Heon2018-07-09
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #1068 Approved by: baude
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* pkg/ctime: Factor libpod/finished* into a separate packageW. Trevor King2018-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes some boilerplate from the libpod package, so we can focus on container stuff there. And it gives us a tidy sub-package for focusing on ctime extraction, so we can focus on unit testing and portability of the extraction utility there. For the unsupported implementation, I'm falling back to Go's ModTime [1]. That's obviously not the creation time, but it's likely to be closer than the uninitialized Time structure from cc6f0e85 (more changes to compile darwin, 2018-07-04, #1047). Especially for our use case in libpod/oci, where we're looking at write-once exit files. The test is more complicated than I initially expected, because on Linux filesystem timestamps come from a truncated clock without interpolation [2] (and network filesystems can be completely decoupled [3]). So even for local disks, creation times can be up to a jiffie earlier than 'before'. This test ensures at least monotonicity by creating two files and ensuring the reported creation time for the second is greater than or equal to the reported creation time for the first. It also checks that both creation times are within the window from one second earlier than 'before' through 'after'. That should be enough of a window for local disks, even if the kernel for those systems has an abnormally large jiffie. It might be ok on network filesystems, although it will not be very resilient to network clock lagging behind the local system clock. [1]: https://golang.org/pkg/os/#FileInfo [2]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/_4eJEuJoAQAJ Subject: Re: Apparent backward time travel in timestamps on file creation Date: Thu, 30 Mar 2017 20:20:02 +0200 Message-ID: <tqMPU-1Sb-21@gated-at.bofh.it> [3]: https://groups.google.com/d/msg/linux.kernel/mdeXx2TBYZA/cTKj4OBuAQAJ Subject: Re: Apparent backward time travel in timestamps on file creation Date: Thu, 30 Mar 2017 22:10:01 +0200 Message-ID: <tqOyl-36A-1@gated-at.bofh.it> Signed-off-by: W. Trevor King <wking@tremily.us> Closes: #1050 Approved by: mheon
* remove buildah requirement for the libpod image librarybaude2018-07-06
| | | | | | | | | | | if we snip the requirement to use a buildah const in the libpod image library, we can save something on the order of 85 vendored files in consumers of the the library. Signed-off-by: baude <bbaude@redhat.com> Closes: #1054 Approved by: mheon
* Remove now-unneeded cleanupCgroup() for unsupported OSMatthew Heon2018-07-06
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1051 Approved by: umohnani8
* Remove per-container CGroup parentsMatthew Heon2018-07-06
| | | | | | | | | | | | | | | | | | | Originally, it seemed like a good idea to place Conmon and the container it managed under a shared CGroup, so we could manage the two together. It's become increasingly clear that this is a potential performance sore point, gains us little practical benefit in managing Conmon, and adds extra steps to container cleanup that interfere with Conmon postrun hooks. Revert back to a shared CGroup for conmon processes under the CGroup parent. This will retain per-pod conmon CGroups as well if the pod is set to create a CGroup and act as CGroup parent for its containers. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1051 Approved by: umohnani8
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-06 11:30:02 +0000