| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Add support for anonymous volumes to `podman run -v`
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, when `podman run` encountered a volume mount without
separate source and destination (e.g. `-v /run`) we would assume
that both were the same - a bind mount of `/run` on the host to
`/run` in the container. However, this does not match Docker's
behavior - in Docker, this makes an anonymous named volume that
will be mounted at `/run`.
We already have (more limited) support for these anonymous
volumes in the form of image volumes. Extend this support to
allow it to be used with user-created volumes coming in from the
`-v` flag.
This change also affects how named volumes created by the
container but given names are treated by `podman run --rm` and
`podman rm -v`. Previously, they would be removed with the
container in these cases, but this did not match Docker's
behaviour. Docker only removed anonymous volumes. With this patch
we move to that model as well; `podman run -v testvol:/test` will
not have `testvol` survive the container being removed by `podman
rm -v`.
The sum total of these changes let us turn on volume removal in
`--rm` by default.
Fixes: #4276
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Show volume options in 'volume inspect'
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to use the new Inspect() endpoint instead of trying to
JSON the actual volume structs. Currently, the output seems
completely nonsensical; it seems like we're JSONing the struct
for the Varlink connection itself? This should restore sanity and
match the format of remote and local inspect on volumes.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
rootless: write storage overrides to the conf file
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
make sure the user overrides are stored in the configuration file when
first created.
Closes: https://github.com/containers/libpod/issues/2659
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add ability to redirect bash for run -i
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: baude <bbaude@redhat.com>
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
do not automatically enable lingering mode.
Closes: https://github.com/containers/libpod/issues/4224
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Attach to container if it was created with --interactive
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check to see if the container's start config includes the interactive
flag when determining to attach or ignore stdin stream.
This is in line with behavior of Docker CLI and engine
Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
|
|\ \ \
| |_|/
|/| | |
rootless: drop dependency on docker
|
| |/
| |
| |
| |
| |
| | |
use the definition from "golang.org/x/sys/unix".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
| |
Now the "podman start" command prints the full ID and has the same
behaviour as other commands.
Signed-off-by: Boris Klimenko <2@borisklimenko.ru>
|
|
|
|
| |
Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
|
|\
| |
| | |
Allow giving path to Podman for cleanup command
|
| |
| |
| |
| |
| |
| |
| |
| | |
For non-Podman users of Libpod, we don't want to force the exit
command to use ARGV[0], which probably does not support a cleanup
command.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Move OCI runtime implementation behind an interface
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For future work, we need multiple implementations of the OCI
runtime, not just a Conmon-wrapped runtime matching the runc CLI.
As part of this, do some refactoring on the interface for exec
(move to a struct, not a massive list of arguments). Also, add
'all' support to Kill and Stop (supported by runc and used a bit
internally for removing containers).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
rootless: do not set PIDs limit if --cgroup-manager=cgroupfs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
even if the system is using cgroups v2, rootless is not able to setup
limits when the cgroup-manager is not systemd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
show uid_map in podman info
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
show uid_map gid_map in podman info
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
systemd: expect full path /usr/sbin/init
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"init" is a quite common name for the command executed in a container
image and Podman ends up using the systemd mode also when not
required.
Be stricter on enabling the systemd mode and not enable it
automatically when the basename is "init" but expect the full path
"/usr/sbin/init".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
if the pause process cannot be joined, remove the pause.pid while
keeping a lock on it, and try to recreate it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Setup a reasonable default for pids-limit 4096
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CRI-O defaults to 1024 for the maximum pids in a container. Podman
should have a similar limit. Once we have a containers.conf, we can
set the limit in this file, and have it easily customizable.
Currently the documentation says that -1 sets pids-limit=max, but -1 fails.
This patch allows -1, but also indicates that 0 also sets the max pids limit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
This requires updating all import paths throughout, and a matching
buildah update to interoperate.
I can't figure out the reason for go.mod tracking
github.com/containers/image v3.0.2+incompatible // indirect
((go mod graph) lists it as a direct dependency of libpod, but
(go list -json -m all) lists it as an indirect dependency),
but at least looking at the vendor subdirectory, it doesn't seem
to be actually used in the built binaries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\
| |
| | |
Add ability to evict a container
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ability to evict a container when it becomes unusable. This may
happen when the host setup changes after a container creation, making it
impossible for that container to be used or removed.
Evicting a container is done using the `rm --force` command.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
|
|\ \
| | |
| | | |
Handle environment variables from podman-machine
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
if there are no resources specified, make sure the OCI resources block
is empty so that the OCI runtime won't complain.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
if running rootless do not print a warning message when podman cannot
rejoin the initial network namespace.
The first network namespace is owned by root on the host, a rootless
user cannot re-join it once it moves to a new network namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
podman import syntax fix
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
currently, podman import change do not support syntax like
- KEY val
- KEY ["val"]
This adds support for both of these syntax along with KEY=val
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
|\ \ \
| | | |
| | | | |
Set log-level immediately, before rootless setup
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If we don't do this, we print WARN level messages that we should
not be printing by default.
Up one WARN message to ERROR so it still shows up by default.
Fixes: #4115
Fixes: #4012
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |/ / /
|/| | | |
Add an error for pods without a name
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
conditionally send stdin on remote run
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when running a container remotely, we should only be sending stdin when
running with --interactive; otherwise use nil.
Fixes: #4095
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a named volume is mounted on any of the tmpfs filesystems
created by read-only tmpfs, it caused a conflict that was not
resolved prior to this.
Fixes BZ1755119
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
play kube: Only support pod kind in k8s yaml
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Since we only really support playing pods, and no other kubernetes types
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To 'avoid unknown FS magic on "/run/user/1000/netns/...": 1021994'
make the network namespace bind-mount recursively shared, so the
mount is back-propogated to the host.
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
|