summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* rootless: detect user namespace configuration changesGiuseppe Scrivano2019-09-03
| | | | | | | | | | | detect if the current user namespace doesn't match the configuration in the /etc/subuid and /etc/subgid files. If there is a mismatch, raise a warning and suggest the user to recreate the user namespace with "system migrate", that also restarts the containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* spec: provide custom implementation for getDevicesGiuseppe Scrivano2019-09-02
| | | | | | | | | | | | provide an implementation for getDevices that skip unreadable directories for the current user. Based on the implementation from runc/libcontainer. Closes: https://github.com/containers/libpod/issues/3919 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* spec: do not set devices cgroup when rootlessGiuseppe Scrivano2019-09-02
| | | | | | eBPF requires to be root in the init namespace. Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* rootless: bind mount devices instead of creating themGiuseppe Scrivano2019-09-02
| | | | | | | | | | | when running in rootless mode, --device creates a bind mount from the host instead of specifying the device in the OCI configuration. This is required as an unprivileged user cannot use mknod, even when root in a user namespace. Closes: https://github.com/containers/libpod/issues/3905 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* dont panic when using varlink commit and uppercase image namesbaude2019-08-29
| | | | | | | | | when using an upper case image name for container commit, we observed panics due to a channel closing early. Fixes: #3897 Signed-off-by: baude <bbaude@redhat.com>
* Update varlink doc and codeJhon Honce2019-08-26
| | | | | | | | * Improved error message * Added documentation * Updated messages to include missing data Signed-off-by: Jhon Honce <jhonce@redhat.com>
* clean up after remote buildbaude2019-08-25
| | | | | | | | | | when performing an image build over a varlink connection, we should clean up tmp files that are a result of sending the file to the host and untarring it for the build. Fixes: #3869 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #3800 from vrothberg/generate-podOpenShift Merge Robot2019-08-22
|\ | | | | generate systemd pod
| * generate systemd: support pods and geneartig filesValentin Rothberg2019-08-21
| | | | | | | | | | | | | | | | | | | | | | Support generating systemd unit files for a pod. Podman generates one unit file for the pod including the PID file for the infra container's conmon process and one unit file for each container (excluding the infra container). Note that this change implies refactorings in the `pkg/systemdgen` API. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * generate systemd: drop support for remote clientsValentin Rothberg2019-08-21
| | | | | | | | | | | | | | | | | | | | | | | | Drop the support for remote clients to generate systemd-service files. The generated files are machine-dependent and hence relate only to the a local machine. Furthermore, a proper service management when using a remote-client is not possible as systemd has no access to a process. Dropping the support will also reduce the risk of making users believe that the generated services are usable in a remote scenario. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #3863 from TomSweeneyRedHat/dev/tsweeney/digestfile2OpenShift Merge Robot2019-08-21
|\ \ | | | | | | Add --digestfile option to push
| * | Add --digestfile option to pushTomSweeneyRedHat2019-08-21
| |/ | | | | | | | | | | | | | | | | | | Add the digestfile option to the push command so the digest can be stored away in a file when requested by the user. Also have added a debug statement to show the completion of the push. Emulates Buildah's https://github.com/containers/buildah/pull/1799/files Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2940 from giuseppe/drop-firewallOpenShift Merge Robot2019-08-21
|\ \ | |/ |/| networking: use firewall plugin
| * networking: use firewall pluginGiuseppe Scrivano2019-08-19
| | | | | | | | | | | | | | drop the pkg/firewall module and start using the firewall CNI plugin. It requires an updated package for CNI plugins. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #3569 from rhatdan/cgroupsv1OpenShift Merge Robot2019-08-20
|\ \ | | | | | | Fix error message on podman stats on cgroups v1 rootless environments
| * | Fix error message on podman stats on cgroups v1 rootless environmentsDaniel J Walsh2019-08-19
| | | | | | | | | | | | | | | | | | | | | podman stats does not work in rootless environments with cgroups V1. Fix error message and document this fact. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #3760 from rhatdan/authOpenShift Merge Robot2019-08-19
|\ \ \ | | | | | | | | Use GetRuntimeDir to setup auth.json for login
| * | | Use GetRuntimeDir to setup auth.json for loginDaniel J Walsh2019-08-12
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Implement healthcheck for remote clientAshley Cui2019-08-19
| | | | | | | | | | | | | | | | | | | | | | | | Previously unimplemented. Works the same way the local one does, except its remote. Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | | | Merge pull request #3848 from giuseppe/enable-all-tests-crunOpenShift Merge Robot2019-08-19
|\ \ \ \ | |_|_|/ |/| | | tests: enable all tests for crun
| * | | libpod, pkg: lookup also for crun failuresGiuseppe Scrivano2019-08-19
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | containers, create: debug message on failed deletionGiuseppe Scrivano2019-08-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | if the container failed to be created, don't assume it is still known to the OCI runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3709 from mheon/volume_inspectOpenShift Merge Robot2019-08-19
|\ \ \ \ | |_|_|/ |/| | | Change backend code for 'volume inspect'
| * | | Swap 'volume inspect' frontend to use the new backendMatthew Heon2019-08-02
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Implement backend for 'volume inspect'Matthew Heon2019-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Begin to separate the internal structures and frontend for inspect on volumes. We can't rely on keeping internal data structures for external presentation - separating presentation and internal data format is good practice. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3836 from chenzhiwei/hostnameOpenShift Merge Robot2019-08-19
|\ \ \ \ | |_|/ / |/| | | Allow customizing pod hostname
| * | | Allow customizing pod hostnameChen Zhiwei2019-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * set hostname in pod yaml file * set --hostname in pod create command Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* | | | Merge pull request #3617 from QiWang19/create_pullOpenShift Merge Robot2019-08-17
|\ \ \ \ | |/ / / |/| | | add --pull flag for podman create&run
| * | | add --pull flag for podman create&runQi Wang2019-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393 Added --pull for podman create and pull to match the newly added flag in docker CLI. `missing`: default value, podman will pull the image if it does not exist in the local. `always`: podman will always pull the image. `never`: podman will never pull the image. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #3719 from baude/networklistOpenShift Merge Robot2019-08-16
|\ \ \ \ | | | | | | | | | | inclusion of podman network
| * | | | inclusion of podman networkbaude2019-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | adding podman network and the subcommands inspect, list, and rm. the inspect subcommand displays the raw cni network configuration. the list subcommand displays a summary of the cni networks ala ps. and the rm subcommand removes a cni network. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #3796 from giuseppe/enable-cgroupsv2-crunOpenShift Merge Robot2019-08-16
|\ \ \ \ \ | | | | | | | | | | | | cirrus: enable cgroups v2 tests with crun
| * | | | | runtime: honor --runtime flag to buildGiuseppe Scrivano2019-08-13
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #3805 from ashley-cui/tmpfsOpenShift Merge Robot2019-08-16
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Remove --tmpfs size default
| * | | | | Remove --tmpfs size defaultAshley Cui2019-08-14
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker has unlimited tmpfs size where Podman had it set to 64mb. Should be standard between the two. Remove noexec default Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | | | | Merge pull request #3810 from giuseppe/use-cgroupsOpenShift Merge Robot2019-08-14
|\ \ \ \ \ | | | | | | | | | | | | pkg/cgroups: use DBUS session when rootless
| * | | | | pkg/cgroups: use DBUS session when rootlessGiuseppe Scrivano2019-08-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | use the DBUS user session when running in rootless mode. Closes: https://github.com/containers/libpod/issues/3801 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #3809 from chenzhiwei/fix-play-kubeOpenShift Merge Robot2019-08-14
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix play kube command in pod yaml
| * | | | | Fix play kube command in pod yamlChen Zhiwei2019-08-14
| |/ / / / | | | | | | | | | | | | | | | Signed-off-by: Chen Zhiwei <zhiweik@gmail.com>
* / / / / Running Podman with a nonexistent hooks dir is nonfatalMatthew Heon2019-08-13
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even explicitly defined hooks directories may not exist under some circumstances. It's not worth a hard-fail if we hit an ENOENT in these cases. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #3753 from baude/varlinkrequiresrootOpenShift Merge Robot2019-08-12
|\ \ \ \ | |_|_|/ |/| | | varlink endpoint for containerstats requires root
| * | | varlink endpoint for containerstats requires rootbaude2019-08-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | obtaining containerstats requires the use of cgroups. at present, rootless users do not have privileges to create cgroups. add an error message that catches this for the varlink endpoint and return a proper error. Fixes: #3749 Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #3789 from giuseppe/cirrus-add-crunOpenShift Merge Robot2019-08-12
|\ \ \ \ | | | | | | | | | | cirrus: run tests with crun
| * | | | containers: look also for 'file not found' in the error messageGiuseppe Scrivano2019-08-12
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #3786 from giuseppe/fix-rootless-checksOpenShift Merge Robot2019-08-12
|\ \ \ \ \ | |/ / / / |/| | | | rootless: drop some superflous checks
| * | | | storage: drop unused geteuid checkGiuseppe Scrivano2019-08-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is always running with euid==0 at this point. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | build: use the configured runtimeGiuseppe Scrivano2019-08-11
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now buildah honors the runtime configured with podman. Closes: https://github.com/giuseppe/crun/issues/69 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3782 from eriksjolund/fix_realloc_in_rootless_linux.cOpenShift Merge Robot2019-08-11
|\ \ \ \ | | | | | | | | | | Fix incorrect use of realloc()
| * | | | Fix incorrect use of realloc()Erik Sjölund2019-08-11
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | | Adjust read count so that a newline can be added afterwardsErik Sjölund2019-08-11
|/ / / / | | | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>