summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/oci.go
Commit message (Collapse)AuthorAge
* specgen: fix order for setting rlimitsRalf Haferkamp2020-06-26
| | | | | | | | | | | | Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* Fix --init and --init-pathJoseph Gooch2020-06-16
| | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* Ensure that containers in pods properly set hostnameMatthew Heon2020-06-04
| | | | | | | | | | | | | | | | | | When we moved to the new Namespace types in Specgen, we made a distinction between taking a namespace from a pod, and taking it from another container. Due to this new distinction, some code that previously worked for both `--pod=$ID` and `--uts=container:$ID` has accidentally become conditional on only the latter case. This happened for Hostname - we weren't properly setting it in cases where the container joined a pod. Fortunately, this is an easy fix once we know to check the condition. Also, ensure that `podman pod inspect` actually prints hostname. Fixes #6494 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add remaining annotations for `podman inspect`Matthew Heon2020-05-08
| | | | | | This should finish support for `podman inspect` in APIv2. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add {generate,play} kubeValentin Rothberg2020-05-06
| | | | | | | | | | | | | | | | | | | Add the `podman generate kube` and `podman play kube` command. The code has largely been copied from Podman v1 but restructured to not leak the K8s core API into the (remote) client. Both commands are added in the same commit to allow for enabling the tests at the same time. Move some exports from `cmd/podman/common` to the appropriate places in the backend to avoid circular dependencies. Move definitions of label annotations to `libpod/define` and set the security-opt labels in the frontend to make kube tests pass. Implement rest endpoints, bindings and the tunnel interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Properly handle default capabilities listed in containers.confDaniel J Walsh2020-05-01
| | | | | | | If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Properly handle containers.conf devicesDaniel J Walsh2020-05-01
| | | | | | We need to add the default devices listed in containers.conf Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6004 from rhatdan/ulimitsOpenShift Merge Robot2020-05-01
|\ | | | | Set up ulimits for rootless containers.
| * Set up ulimits for rootless containers.Daniel J Walsh2020-04-28
| | | | | | | | | | | | | | Currently we are setting the maximum limits for rootful podman containers, no reason not to set them by default for rootless users as well Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | cmd, podman: do not override entrypoint if unsetGiuseppe Scrivano2020-04-30
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Improve Entrypoint and Command supportMatthew Heon2020-04-27
| | | | | | | | | | | | | We should not be overwriting the Specgen's Command and Entrypoint when building the final command to pass in the OCI spec. Both of these will be provided to Libpod for use in `podman inspect` and committing containers, and both must be set to the user's input, not overwritten by the image if unset. Fix this by moving command generation into OCI spec generation and not modifying the SpecGenerator when we do so. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Modify namespace generation code for specgenMatthew Heon2020-04-21
| | | | | | | | | | | | Namespaces have now been changed to properly handle all cases. Spec handling code for namespaces was consolidated in a single function. Still missing: - Image ports - Pod namespaces likely still broken in Podmanv2 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* pkg: implement rlimitsGiuseppe Scrivano2020-04-21
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman v2 remove bloat v2Brent Baude2020-04-16
| | | | | | rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2specgen prune libpodBrent Baude2020-04-14
use libpod only in the specgen/generate package so that the remote clients do not inherit libpod bloat. Signed-off-by: Brent Baude <bbaude@redhat.com>