summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* podman-remote buildbaude2019-02-13
| | | | | | | add the ability to build images using files local to the remote-client but over a varlink interface to a "remote" server. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote volume inspect|lsbaude2019-02-13
| | | | | | | add the ability to list and inspect volumes using the remote client and varlink Signed-off-by: baude <bbaude@redhat.com>
* podman-remote pushbaude2019-02-13
| | | | | | | | | | enable podman-remote push so that users can push images from a remote client. change in push API to deal with the need to see output over the varlink connection. Signed-off-by: baude <bbaude@redhat.com>
* varlink: Rename `SearchImage` to `SearchImages`Lars Karlitski2019-02-12
| | | | | | | Also rename image result struct to `ImageSearchResult` and make `limit` parameter optional. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Rename `ContainerInList` to `Container`Lars Karlitski2019-02-12
| | | | | | Container more clearly describes what the type represents. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Rename `ImageInList` to `Image`Lars Karlitski2019-02-12
| | | | | | | | | Image more clearly describes what the type represents. Also, only include the image name in the `ImageNotFound` error returned by `GetImage()`, not the full error message. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Simplify GetVersion() callLars Karlitski2019-02-12
| | | | | | | Not having the `Version` wrapper type makes it easier for clients to work with the returned data. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Return all times in RFC 3339 formatLars Karlitski2019-02-12
| | | | | | | | | This is more consistent and eaiser to parse than the format that golang's time.String() returns. Fixes #2260 Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Remove the Ping() methodLars Karlitski2019-02-12
| | | | | | | | There are other ways for developers to "ensure their varlink setup is working", for example by calling `GetVersion()` or any call on the org.varlink.service interface. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* varlink: Remove `NotImplemented` typeLars Karlitski2019-02-12
| | | | | | | | Remove the `NotImplemented` type and comment out the methods that use it. This way we can keep track of the methods that still need to be implemented without committing them to stable API. Signed-off-by: Lars Karlitski <lars@karlitski.net>
* podman-remote volume rmbaude2019-02-11
| | | | | | | add the ability to remove/delete volumes with the podman remote client. Signed-off-by: baude <bbaude@redhat.com>
* podman-remote volume createbaude2019-02-11
| | | | | | create a volume using the remote client over varlink Signed-off-by: baude <bbaude@redhat.com>
* Migrate to cobra CLIbaude2019-02-08
| | | | | | | | We intend to migrate to the cobra cli from urfave/cli because the project is more well maintained. There are also some technical reasons as well which extend into our remote client work. Signed-off-by: baude <bbaude@redhat.com>
* cleanup: use the correct runtimeGiuseppe Scrivano2019-02-07
| | | | | | | make sure "containers cleanup" uses the correct runtime if it was overriden. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2278 from rhatdan/varlinkOpenShift Merge Robot2019-02-07
|\ | | | | Fix handling of memory limits via varlink
| * Fix handling of memory limits via varlinkDaniel J Walsh2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently handlin memory via varlink is hard coded to 0 Changing to Memory: create.Resources.Memory, MemoryReservation: create.Resources.Memory_reservation, MemorySwap: create.Resources.Memory_swap, MemorySwappiness: int(create.Resources.Memory_swappiness), KernelMemory: create.Resources.Kernel_memory, Allows callers to modify these memory settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2268 from mheon/force_storage_refreshOpenShift Merge Robot2019-02-06
|\ \ | | | | | | Unconditionally refresh storage options from config
| * | Unconditionally refresh storage options from configMatthew Heon2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to our unconditionally setting some storage options, we are not always reading storage options from storage.conf. This can lead to some fields in the storage config (most notably extra storage options) being ignored, despite being set in storage.conf. Resolve this by unconditionally refreshing our storage config from storage.conf (this was previously only done for rootless Podman) Fixes #2217 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2279 from giuseppe/pts-no-override-if-not-neededOpenShift Merge Robot2019-02-06
|\ \ \ | |_|/ |/| | rootless: do not override /dev/pts if not needed
| * | rootless: do not override /dev/pts if not neededGiuseppe Scrivano2019-02-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when running in rootless mode we were unconditionally overriding /dev/pts to take ride of gid=5. This is not needed when multiple gids are present in the namespace, which is always the case except when running the tests suite with only one mapping. So change it to check how many gids are present before overriding the default mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | podman-remote import|exportbaude2019-02-05
| |/ |/| | | | | | | | | | | | | addition of import and export for the podman-remote client. This includes the ability to send and receive files between the remote-client and the "podman" host using an upgraded varlink connection. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2196 from baude/toolboxDaniel J Walsh2019-02-05
|\ \ | |/ |/| Changes to container runlabel for toolbox project
| * Changes to container runlabel for toolbox projectbaude2019-01-30
| | | | | | | | | | | | | | | | | | | | The toolbox project would benefit from a few changes to more closely resembe the original atomic cli project. Changes made are: * only pull image for container runlabel if the label exists in the image * if a container image does not have the desired label, exit with non-zero Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2143 from QiWang19/continue2108OpenShift Merge Robot2019-02-01
|\ \ | | | | | | Fix up `image sign` in PR 2108
| * | Fix up `image sign` in PR 2108Qi Wang2019-01-15
| | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #2236 from baude/listcontainermountsmapOpenShift Merge Robot2019-02-01
|\ \ \ | |_|/ |/| | Alter varlink API for ListContainerMounts to return a map
| * | Alter varlink API for ListContainerMounts to return a mapbaude2019-01-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | We want to return a map of containermounts where the key is container id and it points to the mountpath. Issue #2215 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2225 from cevich/enable_apparmorOpenShift Merge Robot2019-01-30
|\ \ \ | | | | | | | | Cirrus: Enable AppArmor build and test
| * | | apparmor: don't load default profile in rootless modeValentin Rothberg2019-01-29
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | AppArmor requires root privileges, so skip loading the default profile in rootless mode. Also add a log to ease debugging. Fixes: #2223 Reported-by: @dmacvicar Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / / podman image prune -- implement all flagbaude2019-01-29
|/ / | | | | | | | | | | | | | | | | | | | | we now, by default, only prune dangling images. if --all is passed, we prune dangling images AND images that do not have an associated containers. also went ahead and enabled the podman-remote image prune side of things. Fixes: #2192 Signed-off-by: baude <bbaude@redhat.com>
* | enable podman-remote versionbaude2019-01-21
| | | | | | | | | | | | | | | | | | | | initial enablement of podman-remote version. includes add a APIVersion const that will allow us to check compatibility between host/client when connections are made. also added client related information to podman info. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2142 from giuseppe/expose-portsOpenShift Merge Robot2019-01-20
|\ \ | | | | | | rootless: support port redirection from the host
| * | rootless: support port redirection from the hostGiuseppe Scrivano2019-01-19
| |/ | | | | | | | | | | | | | | | | | | add support for ports redirection from the host. It needs slirp4netns v0.3.0-alpha.1. Closes: https://github.com/containers/libpod/issues/2081 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-remote inspectbaude2019-01-18
| | | | | | | | | | | | base enablement of the inspect command. Signed-off-by: baude <bbaude@redhat.com>
* | rootless: fix --pid=host without --privilegedGiuseppe Scrivano2019-01-18
| | | | | | | | | | | | | | When using --pid=host don't try to cover /proc paths, as they are coming from the /proc bind mounted from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Cleanup coverity scan issuesDaniel J Walsh2019-01-15
|/ | | | | | If realloc fails, then buffer will be leaked, this change frees up the buffer. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2141 from baude/remotetagOpenShift Merge Robot2019-01-13
|\ | | | | Add darwin support for remote-client
| * Add darwin support for remote-clientbaude2019-01-11
| | | | | | | | | | | | | | | | Add the ability to cross-compile podman remote for OSX. Also, add image exists and tag to remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | podman play kube: add containers to podbaude2019-01-11
|/ | | | | | | | | when defining containers, we missed the conditional logic to allow the container to be defined with "WithPod" and so forth. I had to slightly modify the createcontainer process to pass a libpod.Pod that could override things; use nil as no pod. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2135 from baude/varlinkpruneOpenShift Merge Robot2019-01-11
|\ | | | | Add varlink support for prune
| * Add varlink support for prunebaude2019-01-10
| | | | | | | | | | | | | | Add the ability to prune unused images using the varlink API. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2113 from baude/remoteimagesOpenShift Merge Robot2019-01-11
|\ \ | |/ |/| remote-client support for images
| * remote-client support for imagesbaude2019-01-10
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2131 from mheon/restore_storage_defaultsOpenShift Merge Robot2019-01-10
|\ \ | | | | | | Use defaults if paths are not specified in storage.conf
| * | Use defaults if paths are not specified in storage.confMatthew Heon2019-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless Podman, if storage.conf exists but does not specify one or both of RunRoot and GraphRoot, set them to rootless defaults so we don't end up with an unusable configuration. Fixes #2125 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2108 from QiWang19/from1899OpenShift Merge Robot2019-01-10
|\ \ \ | |_|/ |/| | Fix 'image trust' from PR1899
| * | Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | createconfig: always cleanup a rootless containerGiuseppe Scrivano2019-01-10
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the rootless container storage is always mounted in a different mount namespace, owned by the unprivileged user. Even if it is mounted, a process running in another namespace cannot reuse the already mounted storage. Make sure the storage is always cleaned up once the container terminates. This has worked with vfs since there is no real mounted storage. Closes: https://github.com/containers/libpod/issues/2112 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2114 from vrothberg/issue-2107OpenShift Merge Robot2019-01-10
|\ \ | | | | | | apparmor: apply default profile at container initialization
| * | apparmor: apply default profile at container initializationValentin Rothberg2019-01-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Apply the default AppArmor profile at container initialization to cover all possible code paths (i.e., podman-{start,run}) before executing the runtime. This allows moving most of the logic into pkg/apparmor. Also make the loading and application of the default AppArmor profile versio-indepenent by checking for the `libpod-default-` prefix and over-writing the profile in the run-time spec if needed. The intitial run-time spec of the container differs a bit from the applied one when having started the container, which results in displaying a potentially outdated AppArmor profile when inspecting a container. To fix that, load the container config from the file system if present and use it to display the data. Fixes: #2107 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>