summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Ensure that we make a netns for CNI non-default netsMatthew Heon2019-03-28
| | | | | | | | | | | | | | | | | We accidentally patched this out trying to enable ns:/path/to/ns This should restore the ability to configure nondefault CNI networks with Podman, by ensuring that they request creation of a network namespace. Completely remove the WithNetNS() call when we do use an explicit namespace from a path. We use that call to indicate that a netns is going to be created - there should not be any question about whether it actually does. Fixes #2795 Signed-off-by: Matthew Heon <mheon@redhat.com>
* vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
| | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Resolve review commentsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add for --dns=none to disable creation of resolv.confMatthew Heon2019-03-27
| | | | | | | Support in libpod was added in the previous commit. Wire it into the frontend here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* size is optional for container inspectionbaude2019-03-26
| | | | | | | | | | on the remote client, if a user wants to know the rootfs size of a container, a -s should be passed. this corrects a behavior where size was shown by default. Fixes #2765 Signed-off-by: baude <bbaude@redhat.com>
* Add "died" eventbaude2019-03-25
| | | | | | | | | | We have a new event for container 'Exited' which has been renamed to 'died'. also removed the stream bool from the varlink endpoint for events because it can be determined by the varlink more value. Signed-off-by: baude <bbaude@redhat.com>
* Need to pass the true paramater with --syslog in cobraDaniel J Walsh2019-03-20
| | | | | | | | | Currently cobra can not handle a boolean option without a vailue. This change fixes an issue if you want syslog information to show up based on the cleanup call. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Export ConmonPidFile in 'podman inspect' for containersDebarshi Ray2019-03-18
| | | | | | | | | This can help scripts provide a more meaningful message when coming across issues [1] which require the container to be re-created. [1] eg., https://github.com/containers/libpod/issues/2673 Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Merge pull request #2670 from giuseppe/runtime-write-rootless-conf-before-reloadOpenShift Merge Robot2019-03-18
|\ | | | | rootless: write the custom config file before reload
| * utils: split generation and writing of storage.confGiuseppe Scrivano2019-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | split the generation for the default storage.conf and when we write it if not existing for a rootless user. This is necessary because during the startup we might be overriding the default configuration through --storage-driver and --storage-opt, that would not be written down to the storage.conf file we generated. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: avoid too long tmp directoryGiuseppe Scrivano2019-03-16
| | | | | | | | | | | | or we will easily pass the 108 chars limits for unix paths. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | display logs for multiple containers at the same timebaude2019-03-15
|/ | | | | | | | | | | | | | add the ability for users to specify more than one container at a time while using podman logs. If more than one container is being displayed, podman will also prepend a shortened container id of the container on the log line. also, enabled the podman-remote logs command during the refactoring of the above ability. fixes issue #2219 Signed-off-by: baude <bbaude@redhat.com>
* rootless: use Geteuid instead of GetuidGiuseppe Scrivano2019-03-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use /tmp/libpod-rundir-$EUID for fallbackGiuseppe Scrivano2019-03-15
| | | | | | | | | | | | when the fallback is in place, the first user creating /tmp/user/$EUID prevents other users for creating other directories since /tmp/user is created with mode 0700. Since there is no way for an unprivileged user to initialize the /tmp/user directory correctly (we would need it to be owned by root with the sticky bit set), let's just use /tmp/libpod-rundir-$EUID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2622 from baude/protectdarwinOpenShift Merge Robot2019-03-13
|\ | | | | Add gating tasks
| * Add gating tasksbaude2019-03-13
| | | | | | | | | | | | | | | | | | | | | | to protect against regressions, we need to add a few gating tasks: * build with varlink * build podman-remote * build podman-remote-darwin we already have a gating task for building without varlink Signed-off-by: baude <bbaude@redhat.com>
* | Vendor docker/docker, fsouza and more #2TomSweeneyRedHat2019-03-13
|/ | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Vendors in fsouza/docker-client, docker/docker and a few more related. Of particular note, changes to the TweakCapabilities() function from docker/docker along with the parse.IDMappingOptions() function from Buildah. Please pay particular attention to the related changes in the call from libpod to those functions during the review. Passes baseline tests.
* Update vendor of Buildah and imagebuilderDaniel J Walsh2019-03-13
| | | | | | Fixes the testing issues we are hitting. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2562 from baude/healtcheckphase2OpenShift Merge Robot2019-03-12
|\ | | | | healthcheck phase 2
| * healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2527 from baude/eventsOpenShift Merge Robot2019-03-11
|\ \ | | | | | | Add event logging to libpod, even display to podman
| * | Add event logging to libpod, even display to podmanbaude2019-03-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In lipod, we now log major events that occurr. These events can be displayed using the `podman events` command. Each event contains: * Type (container, image, volume, pod...) * Status (create, rm, stop, kill, ....) * Timestamp in RFC3339Nano format * Name (if applicable) * Image (if applicable) The format of the event and the varlink endpoint are to not be considered stable until cockpit has done its enablement. Signed-off-by: baude <bbaude@redhat.com>
* / Fix SELinux on host shared systems in usernsDaniel J Walsh2019-03-11
|/ | | | | | | | | | | | | Currently if you turn on --net=host on a rootless container and have selinux-policy installed in the image, tools running with SELinux will see that the system is SELinux enabled in rootless mode. This patch mounts a tmpfs over /sys/fs/selinux blocking this behaviour. This patch also fixes the fact that if you shared --pid=host we were not masking over certin /proc paths. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2583 from giuseppe/rootless-fix-pod-rmOpenShift Merge Robot2019-03-11
|\ | | | | rootless: fix stop and rm when the container is running with uid != 0
| * rootless: fix pod stop|rm if uid in the container != 0Giuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | | | join the user namespace where the pod is running, so that we can both manage the storage and correctly send the kill signal to a process which is not running as root in the namespace. Closes: https://github.com/containers/libpod/issues/2577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * rootless: support a custom arg to the new processGiuseppe Scrivano2019-03-11
| | | | | | | | | | | | | | | | | | let the process running as euid != 0 pass down an argument to the process running in the user namespace. This will be useful for commands like rm -a that needs to join different namespaces, so that we can re-exec separately for each of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2597 from jwhonce/issue/2016OpenShift Merge Robot2019-03-11
|\ \ | | | | | | Initialize field in InfoHost struct
| * | Initialize field in InfoHost structJhon Honce2019-03-11
| |/ | | | | | | | | | | Fixes #2016 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / rootless: allow single mappingsGiuseppe Scrivano2019-03-11
|/ | | | | | | | | | | | | | | | | | | | | | we were playing safe and not allowed any container to have less than 65536 mappings. There are a couple of reasons to change it: - it blocked libpod to work in an environment where newuidmap/newgidmap are not available, or not configured. - not allowed to use different partitions of subuids, where each user has less than 65536 ids available. Hopefully this change in containers/storage: https://github.com/containers/storage/pull/303 will make error clearers if there are not enough IDs for the image that is being used. Closes: https://github.com/containers/libpod/issues/1651 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Move secrets package to buildahDaniel J Walsh2019-03-08
| | | | | | | | Trying to remove circular dependencies between libpod and buildah. First step to move pkg content from libpod to buildah. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless: propagate errors from infoGiuseppe Scrivano2019-03-08
| | | | | | | | | we use "podman info" to reconfigure the runtime after a reboot, but we don't propagate the error message back if something goes wrong. Closes: https://github.com/containers/libpod/issues/2584 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2534 from jwhonce/wip/remote_waitOpenShift Merge Robot2019-03-06
|\ | | | | Implement podman-remote wait command and container subcommand
| * Implement podman-remote wait command and container subcommandJhon Honce2019-03-06
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #2442 from baude/remotepodtopOpenShift Merge Robot2019-03-06
|\ \ | | | | | | podman-remote pod top|stats
| * | podman-remote pod top|statsbaude2019-03-06
| | | | | | | | | | | | | | | | | | | | | this is the final enablement for the pod subcommand. it includes the ability to run podman-remote pod top and stats. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2412 from QiWang19/iss2380OpenShift Merge Robot2019-03-06
|\ \ \ | |_|/ |/| | Enable specifying directory as device on container with --device
| * | fix bug --device enable specifying directory as deviceQi Wang2019-03-06
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2491 from baude/healtcheckphase1OpenShift Merge Robot2019-03-06
|\ \ | |/ |/| podman healthcheck run (phase 1)
| * podman healthcheck run (phase 1)baude2019-03-05
| | | | | | | | | | | | | | | | | | Add the ability to manually run a container's healthcheck command. This is only the first phase of implementing the healthcheck. Subsequent pull requests will deal with the exposing the results and history of healthchecks as well as the scheduling. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2543 from giuseppe/fix-rootless-s390x-crisOpenShift Merge Robot2019-03-06
|\ \ | | | | | | rootless: fix clone syscall on s390 and cris archs
| * | rootless: fix clone syscall on s390 and cris archsGiuseppe Scrivano2019-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the clone man page: On the cris and s390 architectures, the order of the first two arguments is reversed: long clone(void *child_stack, unsigned long flags, int *ptid, int *ctid, unsigned long newtls); Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1672714 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2519 from jwhonce/wip/remote_killOpenShift Merge Robot2019-03-05
|\ \ \ | |_|/ |/| | Support podman-remote kill container(s)
| * | Support podman-remote kill container(s)Jhon Honce2019-03-04
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #2426 from giuseppe/exec-preserve-fdsOpenShift Merge Robot2019-03-05
|\ \ \ | |_|/ |/| | exec: support --preserve-fds
| * | exec: support --preserve-fdsGiuseppe Scrivano2019-03-02
| | | | | | | | | | | | | | | | | | | | | | | | Allow to pass additional FDs to the process being executed. Closes: https://github.com/containers/libpod/issues/2372 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2522 from mheon/fix_timestamp_format_logsOpenShift Merge Robot2019-03-04
|\ \ \ | | | | | | | | Change timestamp format for podman logs
| * | | Change timestamp format for podman logsMatthew Heon2019-03-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Golang standard library implementation of RFC3339Nano will trim trailing 0s from the nanoseconds portion of timestamps. This is undesirable for lining everything up nicely during terminal output. As the Golang developers have not seen fit to give us a better way, use the one that was proposed on the issue tracker but rejected. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #2523 from jwhonce/bug/2521OpenShift Merge Robot2019-03-04
|\ \ \ | | | | | | | | Fix #2521