summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #8200 from haircommander/parse-segfaultOpenShift Merge Robot2020-10-30
|\ | | | | spec: protect against segfault
| * spec: protect against segfaultPeter Hunt2020-10-30
| | | | | | | | | | | | when the user passes in "/dev/null::w" Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #8196 from giuseppe/specgen-swap-limit-err-messageOpenShift Merge Robot2020-10-30
|\ \ | | | | | | specgen: fix error message
| * | specgen: fix error messageGiuseppe Scrivano2020-10-30
| |/ | | | | | | | | | | drop spurious comma. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8191 from mheon/no_error_on_sigproxy_stoppedOpenShift Merge Robot2020-10-30
|\ \ | | | | | | When container stops, drop sig-proxy errors to infos
| * | When container stops, drop sig-proxy errors to infosMatthew Heon2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sig-proxy code is set up to error on failing to forward signals to a container. This is reasonable in cases where the container is running, but something strange went wrong - but when the Kill fails because the container is stopped, we shouldn't bother with aggressive Error logging since this is an expected part of the container lifecycle - it stops, and then `podman run` also stops, but there is a timing window in between where signals will fail to be proxied, and we should not print angry errors during that. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | new "image" mount type
| * | new "image" mount typeValentin Rothberg2020-10-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Move from docker.io
| * | move from docker.ioEd Santiago2020-10-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | NewFromLocal can return multiple images
| * | NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| |/ | | | | | | | | | | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8173 from giuseppe/improve-cannot-reexec-errorOpenShift Merge Robot2020-10-29
|\ \ | | | | | | rootless: improve error message if cannot join namespaces
| * | rootless: improve error message if cannot join namespacesGiuseppe Scrivano2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | if podman failed to join the rootless namespaces, give users a better errror message and possible solution. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1891220 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8161 from afbjorklund/podman-remote-host-hashOpenShift Merge Robot2020-10-29
|\ \ \ | |_|/ |/| | Support hashed hostnames in the known_hosts file
| * | Support hashed hostnames in the known_hosts fileAnders F Björklund2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | Some systems have "HashKnownHosts yes" in their ssh_config This causes entries in the ssh known_hosts to be hashed (|) Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ \ | | | | | | | | Add pod, volume, network to inspect package
| * | | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #8141 from afbjorklund/podman-remote-host-port-masterOpenShift Merge Robot2020-10-27
|\ \ \ \ | | | | | | | | | | Add support for host keys for non-22 ports
| * | | | Add support for host keys for non-22 portsAnders F Björklund2020-10-25
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | When not using the standard SSH port (22), the port is appended to the hostname (in brackets) like so: "host" -> "[host]:1234" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> (cherry picked from commit 8794e8db1ce3088d633911454d6d36c4e939e126)
* | | | Merge pull request #8151 from vrothberg/fix-8148OpenShift Merge Robot2020-10-27
|\ \ \ \ | |_|/ / |/| | | image list: check for all errors
| * | | image list: check for all errorsValentin Rothberg2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For unknown historical reasons, some errors were ignored when listing images. I assume that the basic assumption was that if we can properly list images, we can also successfully compute their sizes which turned out to be wrong. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | The cidfile should be created when the container is createdDaniel J Walsh2020-10-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you run an interactive session of podman run and specifiy the --cidfile option, the cidfile will not get created until the container finishes running. If you run a detached container, it will get created right away. This Patch creates the cidfile as soon as the container is created. This could allow other tools to use the cidefile on all running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
|/ / | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8109 from matejvasek/inspect-apiv2-rootfsOpenShift Merge Robot2020-10-23
|\ \ | | | | | | fix: /image/{name or id}/json returns RootFS layers
| * | src: nil checkMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | src: add nil checksMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | fix: /image/{name}/json returns RootFS layersMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #8078 from baude/networkdisconnectOpenShift Merge Robot2020-10-22
|\ \ \ | |/ / |/| | APIv2 compatibility network connect|disconnect
| * | APIv2 compatibility network connect|disconnectbaude2020-10-22
| | | | | | | | | | | | | | | | | | Add endpoints for the compat layer for network connect and disconnect. As of now, these two endpoints do nothing to change the network state of a container. They do some basic data verification and return the proper 200 response. This at least allows for scripts to work on the compatibility layer instead of getting 404s. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8098 from vrothberg/fix-8082OpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | container create: record correct image name
| * | | container create: record correct image nameValentin Rothberg2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the correct image name when creating a container by using the resolved image name if present. Otherwise, default to using the first available name or an empty string in which case the image must have been referenced by ID. Fixes: #8082 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | Allow save image remove-signatures
| * | | | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #8104 from baude/setnetworkdriverdefaultOpenShift Merge Robot2020-10-22
|\ \ \ \ \ | |_|_|/ / |/| | | | set compat network driver default
| * | | | set compat network driver defaultbaude2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the compatibility endpoint for creating a network, if the driver is not provided, we need to set it to the default network driver ... which is bridge. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #7772 from TomSweeneyRedHat/dev/tsweeney/splitnOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | |/ / / / |/| | | | Convert Split() calls with an equal sign to SplitN()
| * | | | Convert Split() calls with an equal sign to SplitN()TomSweeneyRedHat2020-10-13
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After seeing #7759, I decided to look at the calls in Podman and Buildah to see if we had issues with strings.Split() calls where an "=" (equals) sign was in play and we expected to split on only the first one. There were only one or two that I found in here that I think might have been troubling, the remainder are just adding some extra safety. I also had another half dozen or so that were checking length expectations appropriately, those I left alone. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #8083 from crunchtime-ali/add-eol-to-compat-logOpenShift Merge Robot2020-10-21
|\ \ \ \ | |_|_|/ |/| | | Add EOL to compat container logs
| * | | Add EOL to compat container logsAlexander Zigelski2020-10-21
| | |/ | |/| | | | | | | Signed-off-by: Alexander Zigelski <ali@crunchtime.dev>
* | | Merge pull request #8022 from baude/compatapitospecgenOpenShift Merge Robot2020-10-21
|\ \ \ | |/ / |/| | refactor api compatibility container creation to specgen
| * | refactor api compatibility container creation to specgenbaude2020-10-20
| | | | | | | | | | | | | | | | | | when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8042 from rhatdan/tlsverifyOpenShift Merge Robot2020-10-20
|\ \ \ | | | | | | | | --tls-verify and --authfile should work for all remote commands
| * | | --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8067 from mheon/net_host_hostsOpenShift Merge Robot2020-10-20
|\ \ \ \ | | | | | | | | | | Ensure that hostname is added to hosts with net=host
| * | | | Ensure that hostname is added to hosts with net=hostMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container uses --net=host the default hostname is set to the host's hostname. However, we were not creating any entries in `/etc/hosts` despite having a hostname, which is incorrect. This hostname, for Docker compat, will always be the hostname of the host system, not the container, and will be assigned to IP 127.0.1.1 (not the standard localhost address). Also, when `--hostname` and `--net=host` are both passed, still use the hostname from `--hostname`, not the host's hostname (we still use the host's hostname by default in this case if the `--hostname` flag is not passed). Fixes #8054 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7999 from mheon/signal_handlerOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | |_|_|/ / |/| | | | Add a shutdown signal handler
| * | | | Enforce LIFO ordering for shutdown handlersMatthew Heon2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to run both the Libpod and Server handlers at the same time without unregistering one. Also, pass the signal that killed us into the handlers, in case they want to use it to determine what to do (e.g. what exit code to set). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>