| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
when we use namespaces, we set the run directory to 0711 to allow
other users to access it.
without this relaxation, the /run/user/$UID directory would be
skipped.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we return a runtime directory of the form
`/run/user/<uid>`, even when running as root. Depending on configuration,
that directory may be deleted when the user logs out, which is quite
awkward when the container is started as a systemd service and then
someone logs in and out as root.
This patch fixes the problem by returning an empty runtime directory if the
container is being started by root. The runtime should automatically use
the default runtime directory (`/run/crun` when crun is used), which should
be accessible to root.
Tested in Fedora 31 by running containers under both root and a regular
user. State for root containers is stored in `/run/crun`, while state for
rootless containers is in `/run/user/<uid>/crun`.
Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Do not require 0755 permissons for the ~/.config directory but require
at least 0700 which should be sufficient. The current implementation
internally creates this directory with 0755 if it does not exist, but if the
directory already exists with different perissions the current code returns
an empty string.
Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Touch up XDG, add rootless links
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number
of man pages. Make use of the XDG_CONFIG_HOME environment variable
in a rootless environment if available, or set it if not.
Also added a number of links to the Rootless Podman config page and
added the location of the auth.json files to that doc.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |/
|
|
|
|
|
|
| |
Drop errors to debug when trying to setup the runtimetmpdir. If the tool
can not setup a runtime dir, it will error out with a correct message
no need to put errors on the screen, when the tool actually succeeds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
|
|
| |
this is phase 2 for the removal of libpod from main.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
| |
We were always raising an error when the rootless user attempted to
setup resources, but this is not the case anymore with cgroup v2.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
|
