summaryrefslogtreecommitdiff
path: root/pkg/specgen/namespaces.go
Commit message (Collapse)AuthorAge
* podman: implement userns=keep-idGiuseppe Scrivano2020-04-24
| | | | | | | add missing implementation for userns=keep-id and enable the user namespaces tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: handle namespaces specified on the CLIGiuseppe Scrivano2020-04-23
| | | | | | | and handle differently the user namespace as it supports additional options. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Modify namespace generation code for specgenMatthew Heon2020-04-21
| | | | | | | | | | | | Namespaces have now been changed to properly handle all cases. Spec handling code for namespaces was consolidated in a single function. Still missing: - Image ports - Pod namespaces likely still broken in Podmanv2 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* V2 Enable rootlessJhon Honce2020-04-16
| | | | | | | | | | | | | * Enable running podman V2 rootless * Fixed cobra.PersistentPreRunE usage in all the commands * Leveraged cobra.PersistentPreRunE/cobra.PersistentPostRunE to manage: * rootless * trace (--trace) * profiling (--cpu-profile) * initializing the registry copies of Image/Container engines * Help and Usage templates autoset for all sub-commands Signed-off-by: Jhon Honce <jhonce@redhat.com>
* v2specgen prune libpodBrent Baude2020-04-14
| | | | | | use libpod only in the specgen/generate package so that the remote clients do not inherit libpod bloat. Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman container createBrent Baude2020-04-03
| | | | | | create a container in podmanv2 using specgen approach. this is the core implementation and still has quite a bit of code commented out specifically around volumes, devices, and namespaces. need contributions from smes on these parts. Signed-off-by: Brent Baude <bbaude@redhat.com>
* add default network for apiv2 createBrent Baude2020-03-06
| | | | | | | | | | | | | during container creation, if no network is provided, we need to add a default value so the container can be later started. use apiv2 container creation for RunTopContainer instead of an exec to the system podman. RunTopContainer now also returns the container id and an error. added a libpod commit endpoint. also, changed the use of the connections and bindings slightly to make it more convenient to write tests. Fixes: 5366 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Allow devs to set labels in container images for default capabilities.Daniel J Walsh2020-03-02
| | | | | | | | | | | | | | | | This patch allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" tells podman that the contained image should work fine with just these two capabilties, instead of running with the default capabilities, podman will launch the container with just these capabilties. If the user or image specified capabilities that are not in the default set, the container will print an error message and will continue to run with the default capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* spec: allow container alias name in lookupGiuseppe Scrivano2020-02-26
| | | | | | | | Previously --uts=container: expected the full container ID. Closes: https://github.com/containers/libpod/issues/5289 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* apiv2 container create using specgenBrent Baude2020-02-19
this uses the specgen structure to create containers rather than the outdated createconfig. right now, only the apiv2 create is wired up. eventually the cli will also have to be done. Signed-off-by: Brent Baude <bbaude@redhat.com>