aboutsummaryrefslogtreecommitdiff
path: root/libpod
Commit message (Collapse)AuthorAge
* libpod: Move getOverlayUpperAndWorkDir and generateSpec to ↵Doug Rabson2022-09-05
| | | | | | | | container_internal_common.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Add FreeBSD implementation of container internalsDoug Rabson2022-09-05
| | | | | | | | | | This contains a lot of code in common with container_internal_linux.go. Subsequent commits will move the shared code to container_internal_common.go to reduce the duplication. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move networkDisable to container_linux.goDoug Rabson2022-09-05
| | | | | | | | | This moves platform-specific details of the network implementation out of the generic file so that we can add the FreeBSD equivalent. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Merge pull request #15618 from mheon/add_group_to_addtlgroupsOpenShift Merge Robot2022-09-05
|\ | | | | Add container GID to additional groups
| * Add container GID to additional groupsMatthew Heon2022-09-02
| | | | | | | | | | | | | | Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #15582 from dfr/freebsd-bindOpenShift Merge Robot2022-09-04
|\ \ | | | | | | Add support for FreeBSD volume mounts in specgen
| * | libpod/define: Make TypeBind a platform-specific constantDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | This allows us to redefine to the equivalent nullfs on FreeBSD. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #15581 from dfr/random-namesOpenShift Merge Robot2022-09-02
|\ \ \ | | | | | | | | libpod: Ensure that generated container names are random
| * | | libpod: Ensure that generated container names are randomDoug Rabson2022-09-01
| |/ / | | | | | | | | | | | | | | | Fixes #15569. Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #15599 from umohnani8/gen-kubeOpenShift Merge Robot2022-09-02
|\ \ \ | |_|/ |/| | Fix bind-mount-option annotation in gen/play kube
| * | Fix bind-mount-option annotation in gen/play kubeUrvashi Mohnani2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | The format used for setting the bind-mount-options annotations in the kube yaml was incorrect and caused k8s to throw an error when trying to play the generated kube yaml. Fix the annotation format to match the rules of k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | implement podman updateCharlie Doern2022-09-01
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags from podman create/run. The supported flags in crun are: this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where the resource limits are passed inthe request body and follow the OCI resource spec format –memory –cpus –cpuset-cpus –cpuset-mems –memory-swap –memory-reservation –cpu-shares –cpu-quota –cpu-period –blkio-weight –cpu-rt-period –cpu-rt-runtime -device-read-bps -device-write-bps -device-read-iops -device-write-iops -memory-swappiness -blkio-weight-device resolves #15067 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #15571 from umohnani8/gen-kubeOpenShift Merge Robot2022-09-01
|\ \ | |/ |/| Set enableServiceLinks to false in generated yaml
| * Set enableServiceLinks to false in generated yamlUrvashi Mohnani2022-08-31
| | | | | | | | | | | | | | | | Since podman doesn't set/use the needed service env variable, always set enableServiceLinks to false in the generated kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #15566 from mheon/fix_15557OpenShift Merge Robot2022-08-31
|\ \ | |/ |/| Inhibit SIGTERM during Conmon startup
| * Inhibit SIGTERM during Conmon startupMatthew Heon2022-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If we get a SIGTERM immediately after Conmon starts but before we record its PID in the database, we end up leaking a Conmon and associated OCI runtime process. Inhibit shutdown using the logic we originally wrote to prevent similar issues during container creation to prevent this problem. [NO NEW TESTS NEEDED] No real way to test this I can think of. Fixes #15557 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #15473 from umohnani8/empty-dirOpenShift Merge Robot2022-08-31
|\ \ | | | | | | Add emptyDir volume support to kube play
| * | Add emptyDir volume support to kube playUrvashi Mohnani2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a kube yaml has a volume set as empty dir, podman will create an anonymous volume with the empty dir name and attach it to the containers running in the pod. When the pod is removed, the empy dir volume created is also removed. Add tests and docs for this as well. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | libpod: Make sure writeConmonPipeData is called on FreeBSDDoug Rabson2022-08-29
|/ / | | | | | | | | | | | | | | | | I managed to miss this while factoring out moveConmonToCgroupAndSignal. Perhaps the signalling part should move to the caller instead? [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | Merge pull request #15516 from kubealex/handle-connected-networkOpenShift Merge Robot2022-08-29
|\ \ | | | | | | Handle an already connected network in libpod API
| * | Fix #15499 already connected networkAlessandro Rossi2022-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat: Treat already attached networks as a no-op Applies only to containers in created state. Maintain error in running state. Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com> Co-authored-by: Brent Baude <bbaude@redhat.com> Co-authored-by: Jason T. Greene <jason.greene@redhat.com> Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com> Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #15494 from vrothberg/fix-15492OpenShift Merge Robot2022-08-26
|\ \ \ | |/ / |/| | libpod: UpdateContainerStatus: do not wait for container
| * | libpod: UpdateContainerStatus: do not wait for containerValentin Rothberg2022-08-26
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 30e7cbccc194 accidentally added a deadlock as Podman was waiting for the exit code to show up when the container transitioned to stopped. Code paths that require the exit code to be written (by the cleanup process) should already be using `(*Container).Wait()` in a deadlock free way. [NO NEW TESTS NEEDED] as I did not manage to a reproducer that would work in CI. Ultimately, it's a race condition. Fixes: #15492 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #15474 from umohnani8/gen-kubeDaniel J Walsh2022-08-26
|\ \ | | | | | | Remove duplicate annotations in generated service yaml
| * | Remove duplicate annotations in generated service yamlUrvashi Mohnani2022-08-24
| |/ | | | | | | | | | | | | | | | | Don't add the same annotations as the pod yaml to the service yaml as it is not needed. [NO NEW TESTS NEEDED] Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* / Run codespellDaniel J Walsh2022-08-25
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #15437 from mheon/default_volume_timeoutOpenShift Merge Robot2022-08-24
|\ | | | | Add support for containers.conf volume timeouts
| * Add support for containers.conf volume timeoutsMatthew Heon2022-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, do a general cleanup of all the timeout code. Changes include: - Convert from int to *uint where possible. Timeouts cannot be negative, hence the uint change; and a timeout of 0 is valid, so we need a new way to detect that the user set a timeout (hence, pointer). - Change name in the database to avoid conflicts between new data type and old one. This will cause timeouts set with 4.2.0 to be lost, but considering nobody is using the feature at present (and the lack of validation means we could have invalid, negative timeouts in the DB) this feels safe. - Ensure volume plugin timeouts can only be used with volumes created using a plugin. Timeouts on the local driver are nonsensical. - Remove the existing test, as it did not use a volume plugin. Write a new test that does. The actual plumbing of the containers.conf timeout in is one line in volume_api.go; the remainder are the above-described cleanups. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | libpod: Enable 'podman info' for FreeBSDDoug Rabson2022-08-24
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | libpod: Move getCPUUtilization to info_linux.goDoug Rabson2022-08-24
| | | | | | | | | | | | | | | | | | The Linux implementation uses /proc/stat - the FreeBSD equivalent is quite different where this information is exposed via sysctl. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | libpod: Read kernel version and uptime using buildah/pkg/utilDoug Rabson2022-08-24
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | libpod: Split out platform-specific code from hostInfoDoug Rabson2022-08-24
|/ | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Add definition of containerPlatformState for FreeBSDDoug Rabson2022-08-23
| | | | | | | | | | | For FreeBSD, we need the name of the 'network jail' which is the parent of all containers in a pod. Having a separate jail for the network configuration also simplifies the implementation of CNI plugins so we use this pattern for solitary containers as well as pods. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* events: Add freebsd support for libpod/eventDoug Rabson2022-08-22
| | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Merge pull request #15371 from dfr/freebsd-conmonOpenShift Merge Robot2022-08-18
|\ | | | | libpod: Add FreeBSD support for ConmonOCIRuntime
| * libpod: Build oci_conmon_common.go and oci_conmon_attach_common on FreeBSDDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | This also adds FreeBSD equivalents to the functions moved to oci_conmon*_linux.go. For openUnixSocket, we create a temporary symlink to shorten the path to something that fits into sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move openUnixSocket to oci_conmon_attach_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | | | | | | | | | This function depends on linux-specific functionality in /proc/fd to allow connecting to local domain sockets with pathnames too long for sockaddr_un. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move moveConmonToCgroupAndSignal and GetLimits to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move socket label handling from oci_conmon_common.go to ↵Doug Rabson2022-08-18
| | | | | | | | | | | | | | | | oci_conmon_linux.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move rootless handling from oci_conmon_common.go to oci_conmon_linux.goDoug Rabson2022-08-18
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move oci_conmon_exec_linux.go to oci_conmon_exec_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move oci_conmon_attach_linux.go to oci_conmon_attach_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * libpod: Move oci_conmon_linux.go to oci_conmon_common.goDoug Rabson2022-08-18
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | runtime: use FindCommon from c/commonGiuseppe Scrivano2022-08-17
|/ | | | | | | | it detects conmon-rs. [NO NEW TESTS NEEDED] no functionalities added. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* libpod: Move uses of unix.O_PATH to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | | The O_PATH flag is a recent addition to the open syscall and is not present in darwin or in FreeBSD releases before 13.1. The constant is not present in the FreeBSD version of x/sys/unix since that package supports FreeBSD 12.3 and later. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Move rootless network setup details to container_internal_linux.goDoug Rabson2022-08-17
| | | | | | | | | | This removes a use of state.NetNS which is a linux-specific field defined in container_linux.go from the generic container_internal.go, allowing that to build on non-linux platforms. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* libpod: Add stubs for non-linux buildsDoug Rabson2022-08-17
| | | | | | | | | Note: this makes info.go linux-only since it mixes linux-specific and generic code. This should be addressed in a separate refactoring PR. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* Merge pull request #15248 from vrothberg/RUN-1606OpenShift Merge Robot2022-08-11
|\ | | | | kube play: sd-notify integration
| * kube play: sd-notify integrationValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrate sd-notify policies into `kube play`. The policies can be configured for all contianers via the `io.containers.sdnotify` annotation or for indidivual containers via the `io.containers.sdnotify/$name` annotation. The `kube play` process will wait for all containers to be ready by waiting for the individual `READY=1` messages which are received via the `pkg/systemd/notifyproxy` proxy mechanism. Also update the simple "container" sd-notify test as it did not fully test the expected behavior which became obvious when adding the new tests. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
| * libpod: allow the notify socket to be passed programaticallyValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | | The notify socket can now either be specified via an environment variable or programatically (where the env is ignored). The notify mode and the socket are now also displayed in `container inspect` which comes in handy for debugging and allows for propper testing. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>