| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have race conditions where a container can be removed
by two different processes when running podman --remove rm.
It can be cleaned up in the API or by the conmon executing
podman container cleanup.
When we fail to remove a container that does not exists we should
not be printing errors or warnings, we should just debug the fact.
[NO TESTS NEEDED] Since this is a race condition it is difficult to
test.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
update c/common
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update containers common to the latest HEAD. Some bug fixes in libimage
forced us to have a clearer separation between ordinary images and
manifest lists. Hence, when looking up manifest lists without recursing
into any of their instances, we need to use `LookupManifestList()`.
Also account for some other changes in c/common (e.g., the changed order
in the security labels).
Further vendor the latest HEAD from Buildah which is required to get the
bud tests to pass.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
| |
This is mainly to match command line of Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Support uid,gid,mode options for secrets
|
| | |
| |
| |
| |
| |
| |
| | |
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
image prune: remove unused images only with `--all`
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
| |
In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |
|
|
| |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10192
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
add --mac-address to podman play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |/
|
|
|
| |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
[NO TESTS NEEDED] since we are just removing unused code.
Replaces: https://github.com/containers/podman/pull/9558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Fix podman ps --filter ancestor to match exact ImageName/ImageID
|
| | |
| |
| |
| | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |/
|
|
|
|
|
|
|
| |
when deciding to create a user namespace, check for CAP_SYS_ADMIN
instead of looking at the euid.
[NO TESTS NEEDED] Needs nested Podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
podman-remote should show podman.sock info
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Currently podman-remote info does not show socket information.
Fixes: https://github.com/containers/podman/issues/10077
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In libpod/image.Image.Remove(), if the attempt to find the image's
parent fails for any reason, log a warning and proceed as though it
didn't have one instead of failing, which would leave us unable to
remove the image without resetting everything.
In libpod/Runtime.RemoveImage(), if we can't determine if an image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove
all images, if we encounter an error checking if a given image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\
| |
| | |
add --ip to podman play kube
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
fix build with with GO111MODULE=off
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |/
|
|
|
|
|
|
|
|
| |
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes #10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Fix handling of $NAME and $IMAGE in runlabel
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/9405
Add system runlabel tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Add network prune filters support to bindings
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \
| | |
| | | |
Add support for play/generate kube PersistentVolumeClaims and Podman volumes
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
podman unshare: add --rootless-cni to join the ns
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new --rootless-cni option to podman unshare to also join the
rootless-cni network namespace. This is useful if you want to connect
to a rootless container via IP address. This is only possible from the
rootless-cni namespace and not from the host namespace. This option also
helps to debug problems in the rootless-cni namespace.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Volumes endpoints for HTTP compat and libpod APIs allowed
usage of list HTTP endpoint filter funcs. Documentation in
case of compat API does not allow that. This commit aligns
code with the documentation and also ligns libpod with compat API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \
| |/
|/| |
Add --requires flag to podman run/create
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman has, for a long time, had an internal concept of
dependency management, used mainly to ensure that pod infra
containers are started before any other container in the pod. We
also have the ability to recursively start these dependencies,
which we use to ensure that `podman start` on a container in a
pod will not fail because the infra container is stopped. We have
not, however, exposed these via the command line until now.
Add a `--requires` flag to `podman run` and `podman create` to
allow users to manually specify dependency containers. These
containers must be running before the container will start. Also,
make recursive starting with `podman start` default so we can
start these containers and their dependencies easily.
Fixes #9250
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We define in the man page that this overrides the default storage
options, but the code was appending to the existing options.
This PR also makes a change to allow users to specify --storage-opt="".
This will turn off all storage options.
https://github.com/containers/podman/issues/9852
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \
| |/
|/| |
Containers prune endpoint should use only prune filters
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \
| | |
| | | |
[NO TESTS NEEDED] Shrink the size of podman bindings
|
| | |/
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add support for env from secrets in play kube
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for secretRef and secretKeyRef to allow env vars to be set
from a secret. As K8S secrets are dictionaries the secret value must
be a JSON dictionary compatible with the data field of a K8S secret
object. The keys must consist of alphanumeric characters, '-', '_'
or '.', and the values must be base64 encoded strings.
Signed-off-by: Alban Bedel <albeu@free.fr>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
If I run podman within a container without /sys/fs/cgroups mounted,
we get this warning, which the user can not do much about. I don't
see a reason for requiring this warning to show by default, so we
should drop it to Info.
User can not do anything about it either, and code works well with
the somewhat expected error.
Helps fix: https://github.com/containers/podman/issues/9753
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
