| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.
This is a backport from the master branch to v1.9 branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Fix EOM for SendFile
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To terminate a connection of varlink, say after sending a file, we need to send a message containing a delimiter of ':' so the client knows to hang up.
Fixes: #6237
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There exists a chance for a node to be booted in v1, but have reminents of v2. An example is this CRI-O ci run: https://deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gcs/origin-federated-results/pr-logs/pull/cri-o_cri-o/3565/test_pull_request_crio_critest_fedora/11243/
We fail because we are incorrectly writing to the unified path, because we are v1. We should not write to the unified path if we are v1
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
This may resolve some issues with routing traffic between
containers using the host's IP.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Currently we are setting the maximum limits for rootful podman containers,
no reason not to set them by default for rootless users as well
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
User specified environment after other environments are set
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Users can not currently override the environment variables set by
--http-proxy
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 788fdc685b00dee5ccb594bef845204250c4c123 introduced a race
where the target process dies before the child process opens the
namespace files. Move the open before the fork so if it fails the
parent process can attempt to join a different container instead of
failing.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 89d4940a3787ccc871c92950a79347efc0d5c58c)
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The same channel is written to by two different goroutines.
Use a different channel for each of them so to avoid writing to a
closed channel.
Closes: https://github.com/containers/libpod/issues/6018
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 6d545bb2f773ff996ce28e0b6608380206835004)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
open the namespace file descriptors inside of the child process.
Closes: https://github.com/containers/libpod/issues/5873
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 788fdc685b00dee5ccb594bef845204250c4c123)
|
| |/
|
|
|
|
|
|
|
| |
since we join directly the conmon user namespace, there is no need to
look up its parent user namespace, as we can safely assume it is the
init namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 8360fcf82cc17ef55a00870d7e950079a51f2083)
|
| |
|
|
|
|
|
| |
The goal here is to make the package less heavy and not overload
the pkg/util.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
v2specgen prune libpod
|
| | |
| |
| |
| |
| |
| | |
use libpod only in the specgen/generate package so that the remote clients do not inherit libpod bloat.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fix more regressions between v1 and v2
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
| |
Note: This PR doesn't provide full rootless support that will be
addressed in a future PR
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
v2podman ps revert structure changes
|
| | |
| |
| |
| |
| |
| | |
reverting name changes to the listcontainer structure because it negatively impacted the direct consumption of the restful API. instead we now use a local structure in the CLI to modify the output as needed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
podmanv2 mount and umount
|
| | |/
| |
| |
| |
| |
| | |
add the ability to mount and unmount containers for the local client only
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Fix invalid container path comparison for pid cgroup
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes the behavior to return nil for the PIDs cgroup if the
container path is empty.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \ \
| | | |
| | | | |
Improve APIv2 support for Attach
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A few major fixes here:
- Support for attaching to Configured containers, to match Docker
behavior.
- Support for stream parameter has been improved (we now properly
handle cases where it is not set).
- Initial support for logs parameter has been added.
- Setting attach streams when the container has a terminal is now
supported.
- Errors are properly reported once the hijack has begun.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
podmanV2: implement search
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also implement a new libpod endpoint to add more parameters and to
prevent us from converting between slices and maps and make use of
the filter parsing in the image backend.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | | |
add the ability to init a container both local and remote
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fixes for load and other system tests
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Refactor service idle support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Move connection tracking into APIServer using ConnState()
* Remove Connection counters from CLI code
* Update events handler to support client not closing connection
* Improve logging messages
Fixes #5599
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
podmanv2 history and image remove templates
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
remove the use of template functions images and history to allow for straight-forward user experience. instead of templates we use structs and struct methods.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
rootless: use snprintf
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use directly snprintf instead of strlen+strcpy.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add the ability to clean up after a container has attempted to run. this is also important for podman run --rm --rmi.
also included are fixes and tweaks to various code bits to correct regressions on output.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
v2podman ps alter formats
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
in order to get the go templating to work for custom input, we now use structure methods instead of template map funcs. this requires some manipulation of fields so that the funcs can have the proper names.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
V2 podman system service
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Added support for system service
* Enabled linting on the varlinkapi source, needed to support V2
service command
* Added support for PODMAN_SOCKET
Skip linting deprecated code
Rather than introduce bugs by correcting deprecated code, linting the
code is being skipped. Code that is being ported into V2 is being
checked.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Implement the `podman {container} logs` for the v2 client. The remote
client does not yet support it. There's some more work needed for the
rest api; some options are missing (e.g., printing names) while others
are broken (e.g., the until http parameter).
The remote parts will be tackled in a future change.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \
| | |
| | | |
V2 Podman diff(changes) support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Ported CLI command
* Added API endpoint
* Added bindings
* Updated swagger (TODO: n endpoints, one handler)
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
podmanv2 info
|
| | |/
| |
| |
| |
| |
| | |
add ability to run info for v2
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| |/
|/| |
Do not error on pids.current stats if ctr.path is empty
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the ctr.path is empty, then we do not try to access
`/sys/fs/cgroup/pids/pids.current` any more because this path will be
wrong in any case. We now return and do not set the PIDs stats.
Refers to https://github.com/cri-o/cri-o/issues/3522
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \
| | |
| | | |
v2podman run
|
