aboutsummaryrefslogtreecommitdiff
path: root/pkg/specgenutil
Commit message (Collapse)AuthorAge
* Replace deprecated ioutilChris Evich2022-09-20
| | | | | | | | | | Package `io/ioutil` was deprecated in golang 1.16, preventing podman from building under Fedora 37. Fortunately, functionality identical replacements are provided by the packages `io` and `os`. Replace all usage of all `io/ioutil` symbols with appropriate substitutions according to the golang docs. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix stuttersDaniel J Walsh2022-09-10
| | | | | | | | | | | | | | Podman adds an Error: to every error message. So starting an error message with "error" ends up being reported to the user as Error: error ... This patch removes the stutter. Also ioutil.ReadFile errors report the Path, so wrapping the err message with the path causes a stutter. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* health check: add on-failure actionsValentin Rothberg2022-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | For systems that have extreme robustness requirements (edge devices, particularly those in difficult to access environments), it is important that applications continue running in all circumstances. When the application fails, Podman must restart it automatically to provide this robustness. Otherwise, these devices may require customer IT to physically gain access to restart, which can be prohibitively difficult. Add a new `--on-failure` flag that supports four actions: - **none**: Take no action. - **kill**: Kill the container. - **restart**: Restart the container. Do not combine the `restart` action with the `--restart` flag. When running inside of a systemd unit, consider using the `kill` or `stop` action instead to make use of systemd's restart policy. - **stop**: Stop the container. To remain backwards compatible, **none** is the default action. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* implement podman updateCharlie Doern2022-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags from podman create/run. The supported flags in crun are: this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where the resource limits are passed inthe request body and follow the OCI resource spec format –memory –cpus –cpuset-cpus –cpuset-mems –memory-swap –memory-reservation –cpu-shares –cpu-quota –cpu-period –blkio-weight –cpu-rt-period –cpu-rt-runtime -device-read-bps -device-write-bps -device-read-iops -device-write-iops -memory-swappiness -blkio-weight-device resolves #15067 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* remove github.com/docker/libnetwork dependencyMikhail Khachayants2022-08-27
| | | | | | | | | Code from this dependency was replaced with a simple version. As a result Podman's memory consumption has been reduced by ~10%. [NO NEW TESTS NEEDED] Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
* Merge pull request #15434 from rhatdan/manifest1OpenShift Merge Robot2022-08-24
|\ | | | | Allow podman to run in an environment with keys containing spaces
| * Allow podman to run in an environment with keys containing spacesDaniel J Walsh2022-08-23
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/15251 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | run,create: add support for --env-merge for preprocessing varsAditya R2022-08-24
|/ | | | | | | | | | | | | | | Allow end users to preprocess default environment variables before injecting them into container using `--env-merge` Usage ``` podman run -it --rm --env-merge some=${some}-edit --env-merge some2=${some2}-edit2 myimage sh ``` Closes: https://github.com/containers/podman/issues/15288 Signed-off-by: Aditya R <arajan@redhat.com>
* fix container create/run throttle devicesCharlie Doern2022-07-22
| | | | | | pod resource limits introduced a regression where `FinishThrottleDevices` was not called for create/run Signed-off-by: Charlie Doern <cdoern@redhat.com>
* resource limits for podsCharlie Doern2022-07-21
| | | | | | | | | | | | | | | | | | added the following flags and handling for podman pod create --memory-swap --cpuset-mems --device-read-bps --device-write-bps --blkio-weight --blkio-weight-device --cpu-shares given the new backend for systemd in c/common, all of these can now be exposed to pod create. most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here as well! Signed-off-by: Charlie Doern <cdoern@redhat.com>
* pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Docker-compose disable healthcheck properly handledJake Correnti2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if a container had healthchecks disabled in the docker-compose.yml file and the user did a `podman inspect <container>`, they would have an incorrect output: ``` "Healthcheck":{ "Test":[ "CMD-SHELL", "NONE" ], "Interval":30000000000, "Timeout":30000000000, "Retries":3 } ``` After a quick change, the correct output is now the result: ``` "Healthcheck":{ "Test":[ "NONE" ] } ``` Additionally, I extracted the hard-coded strings that were used for comparisons into constants in `libpod/define` to prevent a similar issue from recurring. Closes: #14493 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* Fix spelling "read only" -> "read-only"Erik Sjölund2022-07-02
| | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* specgen: fix parsing of cgroup devices ruleGiuseppe Scrivano2022-07-01
| | | | | | | | | Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman pod clonecdoern2022-06-10
| | | | | | | | | | | | | | | implement podman pod clone, a command to create an exact copy of a pod while changing certain config elements current supported flags are: --name change the pod name --destroy remove the original pod --start run the new pod on creation and all infra-container related flags from podman pod create (namespaces etc) resolves #12843 Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ | | | | Support setting image_volume_mode in containers.conf
| * Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Podman no-new-privileges formatNiall Crowe2022-05-30
|/ | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* enable gocritic linterPaul Holzinger2022-04-26
| | | | | | | | | | | | | | | | | | | | | | The linter ensures a common code style. - use switch/case instead of else if - use if instead of switch/case for single case statement - add space between comment and text - detect the use of defer with os.Exit() - use short form var += "..." instead of var = var + "..." - detect problems with append() ``` newSlice := append(orgSlice, val) ``` This could lead to nasty bugs because the orgSlice will be changed in place if it has enough capacity too hold the new elements. Thus we newSlice might not be a copy. Of course most of the changes are just cosmetic and do not cause any logic errors but I think it is a good idea to enforce a common style. This should help maintainability. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13908 from n1hility/win-mountsOpenShift Merge Robot2022-04-26
|\ | | | | Implement Windows volume/mount support
| * Implements Windows volume/mount supportJason T. Greene2022-04-25
| | | | | | | | | | | | | | Based on WSL2 9p support: remaps windows paths to /mnt/<drive> locations for both podman and Docker API clients. Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Unit tests for pkg/specgenutil pkg/signalBrent Baude2022-04-25
|/ | | | | | Add some lightweight unit tests to the arsenal. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13978 from Luap99/unparamOpenShift Merge Robot2022-04-25
|\ | | | | enable unparam linter
| * enable unparam linterPaul Holzinger2022-04-25
| | | | | | | | | | | | | | The unparam linter is useful to detect unused function parameters and return values. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Add support for passing --volumepathDaniel J Walsh2022-04-23
|/ | | | | | Fixes: https://github.com/containers/podman/issues/13860 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* specgen-volumes: parse --mount using csv-reader instead of split by commaAditya R2022-04-22
| | | | | | | | | | | Following commit ensures that csv escaping is supported while using inline `--mount=type=......` flag with `podman run` by using `encoding/csv` to parse options instead of performing a `split.String(` by `comma`. Closes: https://github.com/containers/podman/issues/13922 Signed-off-by: Aditya R <arajan@redhat.com>
* Translate Memory Limit to Swap in APIcdoern2022-04-18
| | | | | | | | | in specgen, CLI path uses the given memory limit to define the swap value (if not already specified) add a route to this piece of code from within the api handlers resolves #13145 Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #13583 from rhatdan/ipcOpenShift Merge Robot2022-04-16
|\ | | | | Add support for ipc namespace modes "none, private, sharable"
| * Add support for ipc namespace modes "none, private, sharable"Daniel J Walsh2022-04-12
| | | | | | | | | | | | Fixes: #13265 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
|/ | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* run, mount: allow setting driver specific option using volume-optAditya R2022-04-12
| | | | | | | | | `--mount` should allow setting driver specific options using `volume-opt` when `type=volume` is set. This ensures parity with docker's `volume-opt`. Signed-off-by: Aditya R <arajan@redhat.com>
* Merge pull request #13765 from giuseppe/do-not-set-oom-score-adjOpenShift Merge Robot2022-04-04
|\ | | | | specgen: do not set OOMScoreAdj by default
| * specgen: do not set OOMScoreAdj by defaultGiuseppe Scrivano2022-04-04
| | | | | | | | | | | | | | | | | | do not force a value of OOMScoreAdj=0 if it is wasn't specified by the user. Closes: https://github.com/containers/podman/issues/13731 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Allow creating anonymous volumes with --mountAndrew Aylett2022-04-02
| | | | | | | | | | | | | | | | | | | | | | This fixes #13756. All the mechanics to create anonymous volumes is already present, but there's still a validation preventing that path from being taken. We remove the validation, which allows the volume to be created successfully. Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
* | fix pod volume passing and alter infra inheritancecdoern2022-03-29
|/ | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* linter: enable wastedassignValentin Rothberg2022-03-22
| | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Add support for --chrootdirsLStandman2022-03-14
| | | | Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
* Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ | | | | Implement Podman Container Clone
| * Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | pkg: support passing down options for idmapGiuseppe Scrivano2022-02-16
|/ | | | | | | | | | [NO NEW TESTS NEEDED] the feature is still being worked in crun: https://github.com/containers/crun/pull/874 also needs: https://github.com/containers/common/pull/927 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix size to match Docker selectionDaniel J Walsh2022-02-01
| | | | | | Fixes: https://github.com/containers/podman/issues/13096 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Run codespell on codeDaniel J Walsh2022-01-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rename --cni-config-dir to --network-config-dirPaul Holzinger2022-01-18
| | | | | | | | Since this option will also be used for netavark we should rename it to something more generic. It is important that --cni-config-dir still works otherwise we could break existing container cleanup commands. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12870 from rhatdan/userns1OpenShift Merge Robot2022-01-18
|\ | | | | Use PODMAN_USERNS environment variable when running as a service
| * Use PODMAN_USERNS environment variable when running as a serviceDaniel J Walsh2022-01-17
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11350#issuecomment-1011562526 Also add inspect information about the idmappings if they exists. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12860 from rhatdan/cgroupsOpenShift Merge Robot2022-01-17
|\ \ | | | | | | Use CONTAINERS_CONF cgroups flag for remote API.
| * | Fix cgroup mode handling in api serverDaniel J Walsh2022-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Also change code to globably be consistent when refering to capatilized Cgroup. Fixed: https://github.com/containers/podman/issues/12550 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Standardize on capatalized CgroupsDaniel J Walsh2022-01-14
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>