summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* pkg/bindings/images.nTar(): set ownership of build context to 0:0Nalin Dahyabhai2021-09-07
| | | | | | | | | | | | | | | | | | When attempting to run remote builds, users with UID/GID values that were high enough that they wouldn't be mapped into their default user namespace configurations would see their builds fail when the server attempted to extract the build contexts that they supplied, and failed to set ownership of the build context content to the UID/GID that were originally assigned to them. When archiving the build context at the client, set ownership of everything to 0:0, which we know is always mapped. Both ADD and COPY require that we set the ownership of newly-added content to 0:0 (unless the --chown flag is used), so throwing away the original ownership information doesn't hurt, anyway. As usual, tarballs that we extract as part of ADD aren't going to be affected. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #11431 from jmguzik/secrets-ls-filtersOpenShift Merge Robot2021-09-07
|\ | | | | Add filtering functionality to http api secrets list
| * Add filtering functionality to http api secrets listJakub Guzik2021-09-03
| | | | | | | | | | | | | | | | Filtering is missing in both compat API and libpod API, while docker has filtering functinality. This commit enables filtering option using name and id in both libpod and http API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #11437 from MichaelAnckaert/fix-11418OpenShift Merge Robot2021-09-07
|\ \ | | | | | | [NO TESTS NEEDED] Fix #11418 - Default TMPDIR to /tmp on OS X
| * | Fix #11418 - Default TMPDIR to /tmp on OS XMichael Anckaert2021-09-04
| | | | | | | | | | | | Signed-off-by: Michael Anckaert <michael.anckaert@sinax.be>
* | | Merge pull request #11427 from flouthoc/kube-pod-logsOpenShift Merge Robot2021-09-07
|\ \ \ | | | | | | | | kube: Add support for `podman pod logs`.
| * | | kube: Add support for podman pod logsAditya Rajan2021-09-05
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds support for `kubectl` like `pod logs` to podman. Usage `podman pod logs <podIDorName` gives a stream of logs for all the containers within the pod with **containername** as a field. Just like **`kubectl`** also supports `podman pod logs -c ctrIDorName podIDorName` to limit the log stream to any of the specificied container which belongs to pod. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | Merge pull request #11434 from coypoop/patch1OpenShift Merge Robot2021-09-07
|\ \ \ | | | | | | | | Spell "build linux darwin" as "build !windows".
| * | | Spell "build linux darwin" as "build !windows".Maya Rashish2021-09-03
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Equivalent for supported platforms, and makes it easier to support additional unix-like OSes. [NO TESTS NEEDED] Signed-off-by: Maya Rashish <maya@NetBSD.org>
* | | Merge pull request #11466 from jelly/doc_api_restartOpenShift Merge Robot2021-09-07
|\ \ \ | | | | | | | | [CI:DOCS] Document default timeout for libpod API Container Restart
| * | | Document default timeout for libpod API Container RestartJelle van der Waa2021-09-07
| | | | | | | | | | | | | | | | Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
* | | | Merge pull request #11459 from vrothberg/fix-11438OpenShift Merge Robot2021-09-07
|\ \ \ \ | |/ / / |/| | | generate systemd: handle --restart
| * | | generate systemd: handle --restartValentin Rothberg2021-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle custom restart policies of containers when generating the unit files; those should be set on the unit level and removed from ExecStart flags. Fixes: #11438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #11442 from scottschreckengaust/mainOpenShift Merge Robot2021-09-07
|\ \ \ \ | |/ / / |/| | | Adding `-cpu host` for qemu for MacOS
| * | | Fix warning of unsupported feature on MacOSScott Schreckengaust2021-09-06
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding the `-cpu host` option to the `addArchOptions` function for darwin removes the warning message, "host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2]" by qemu-system-x86_64 when using the `podman machine start` command on MacOS Closes #11421 [NO TESTS NEEDED] Signed-off-by: Scott Schreckengaust <scottschreckengaust@users.noreply.github.com>
* | | cgroup-info: check if user.slice is valid before accessing valueAditya Rajan2021-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent hitting `panic: runtime error: index out of range [1] with length 1` while performing `podman info` when unexpected values for user.slice is found. [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | TCG Accel fallback for Apple Silicon. Iss #10577Jonathan Springer2021-09-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cause qemu to fall back to using TCG acceleration when HVP acceleration is not available on Darwin Aarch64. Qemu prints a warning which it is desirable to leave to embarrass the upstream Qemu into approving the HVF patches. [NO TESTS NEEDED] Signed-off-by: Jonathan Springer <jspringer@us.ibm.com> Signed-off-by: Jonathan Springer <jonpspri@gmail.com>
* | | Merge pull request #11439 from coypoop/libvirt-unusedOpenShift Merge Robot2021-09-04
|\ \ \ | |/ / |/| | Remove unused stubs intended to start a machine with libvirt
| * | Remove unused stubs intended to start a machine with libvirtMaya Rashish2021-09-03
| |/ | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Maya Rashish <maya@NetBSD.org>
* / machine: always check error of net.Dial, even after last tryGuillaume Rose2021-09-03
|/ | | | | | | | | When net.Dial always fail in the above loop, the code following the loop is executed. This error check prevents this. [NO TESTS NEEDED] Signed-off-by: Guillaume Rose <gurose@redhat.com>
* Merge pull request #11406 from flouthoc/manifest-rm-only-manifestOpenShift Merge Robot2021-09-02
|\ | | | | manifest: `rm` should not remove referenced images.
| * manifest: rm should not remove referenced images.Aditya Rajan2021-09-02
| | | | | | | | | | | | | | | | | | | | Following PR makes sure that `podman manifest rm <list>` only removes the named manifest list and not referenced images. Bumping and squashing c/common to v0.43.3-0.20210902095222-a7acc160fb25 in same commit in order to make sure build commit test passes. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | make podman run --systemd case insensitivePaul Holzinger2021-09-02
|/ | | | | | | | | Since boolean flags accept `True` and `False` the systemd flag should do this as well. Fixes #11387 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11391 from Luap99/rootlessport-socketOpenShift Merge Robot2021-09-01
|\ | | | | rootlessport: allow socket paths with more than 108 chars
| * rootlessport: allow socket paths with more than 108 charsPaul Holzinger2021-09-01
| | | | | | | | | | | | | | | | | | | | | | | | Creating the rootlessport socket can fail with `bind: invalid argument` when the socket path is longer than 108 chars. This is the case for users with a long runtime directory. Since the kernel does not allow to use socket paths with more then 108 chars use a workaround to open the socket path. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11388 from Luap99/stop-cleanupOpenShift Merge Robot2021-09-01
|\ \ | | | | | | podman stop always cleanup
| * | podman stop always cleanupPaul Holzinger2021-09-01
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container is configured for auto removal podman stop should still do cleanup, there is no guarantee the the cleanup process spawned by conmon will be successful. Also a user expects after podman stop that the network/mounts are cleaned up. Therefore podman stop should not return early and instead do the cleanup and ignore errors if the container was already removed. [NO TESTS NEEDED] I don't know how to test this. Fixes #11384 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / generate systemd: clarify limitations of `--new`Valentin Rothberg2021-09-01
|/ | | | | | | | | | | | | `generate systemd --new` is looking at the "create command" of the container/pod which is simply the os.Args at creation time. It does not work on containers or pods created via the REST API since the create command is not set. `--new` does work on such containers and pods since there is no reliable way to reverse-map their configs to command-line arguments of podman. Fixes: #11370 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11357 from vrothberg/fix-11171OpenShift Merge Robot2021-08-31
|\ | | | | auto-update: fix authfile label
| * auto-update: fix authfile labelValentin Rothberg2021-08-30
| | | | | | | | | | | | | | | | | | | | | | | | Make sure that the container's authfile label is used when pulling down a new image. [NO TESTS NEEDED] since it would require some larger rewrite of the auto-update system tests that I currently have no time for. I added a reminder to have some breadcrumbs when there is more time. Fixes: #11171 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #11342 from baude/machinecleanupsMatthew Heon2021-08-30
|\ \ | |/ |/| clean up socket and pid files from podman machine
| * clean up socket and pid files from podman machineBrent Baude2021-08-30
| | | | | | | | | | | | | | | | | | | | | | to avoid segvs, we should clean up as much of the socket and regular files from podman machine as possible on stop. also, on start, we should add logic to remove these files before starting in case the start process is stopped prematurely (due to an error for example). [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11334 from jwhonce/issues/10831OpenShift Merge Robot2021-08-27
|\ \ | | | | | | Add support for mount options to API
| * | Add support for mount options to APIJhon Honce2021-08-27
| |/ | | | | | | | | | | | | | | When creating containers the specialized mount options where not populated via the API. Fixes: #10831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #11333 from rhatdan/http-proxyOpenShift Merge Robot2021-08-27
|\ \ | |/ |/| Globally replace http:// with https://
| * Globally replace http:// with https://Daniel J Walsh2021-08-27
| | | | | | | | | | | | [NO TESTS NEEDED] Hopefully existing tests will find issues. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | InfraContainer Reworkcdoern2021-08-26
|/ | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ | | | | teardown play kube
| * teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11208 from ashley-cui/streamsOpenShift Merge Robot2021-08-26
|\ \ | | | | | | [NO TESTS NEEDED] Allow setting of machine stream and image path from containers.conf
| * | Allow setting of machine stream and image path from containers.confAshley Cui2021-08-24
| | | | | | | | | | | | | | | | | | Default is "testing" Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #11218 from cdoern/untilBugOpenShift Merge Robot2021-08-26
|\ \ \ | | | | | | | | logFile until flag issue, negative duration replaced with positive
| * | | logFile until flag issuecdoern2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were adding a negative duration in podman events, causing inputs like -5s to be correct and 5s to be incorrect. fixes #11158 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #11103 from jwhonce/wip/bindingsOpenShift Merge Robot2021-08-25
|\ \ \ \ | | | | | | | | | | Fix file descriptor leaks in bindings and add test
| * | | | Fix file descriptor leaks and add testJhon Honce2021-08-24
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11314 from Luap99/expose-portsOpenShift Merge Robot2021-08-25
|\ \ \ \ | |_|_|/ |/| | | podman inspect show exposed ports
| * | | podman inspect show exposed portsPaul Holzinger2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman inspect has to show exposed ports to match docker. This requires storing the exposed ports in the container config. A exposed port is shown as `"80/tcp": null` while a forwarded port is shown as `"80/tcp": [{"HostIp": "", "HostPort": "8080" }]`. Also make sure to add the exposed ports to the new image when the container is commited. Fixes #10777 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11263 from nalind/journal-readOpenShift Merge Robot2021-08-24
|\ \ \ \ | | | | | | | | | | libpod/Container.readFromJournal(): don't skip the first entry
| * | | | logs: adjust handling around partial log messagesNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In libpod/logs.LogLine.Write(), don't write a newline to stdout/stderr when the log message is only part of a line. In libpod.ConmonOCIRuntime.HTTPAttach(), don't send a newline over the HTTP connection when the log message is only part of a line. In pkg/api/handlers/compat.LogsFromContainer(), don't send a newline over the HTTP connection when the log message is only part of a line, and don't make doing so conditional on whether or not the client used the docker or podman endpoint. In pkg/domain/infra/tunnel.ContainerEngine.ContainerLogs(), don't add our own newline to log messages, since they already come through from the server when they need to. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | | | Merge pull request #11315 from vrothberg/fix-11304OpenShift Merge Robot2021-08-24
|\ \ \ \ \ | |_|_|/ / |/| | | | generate systemd: use --cidfile again