summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Fix SELinux labels of volumesDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | If we attempt to label a volume and the file system does not support labeling, then just warn. SELinux may or may not work, on the volume. There is no way to setup a private label on a newly created volume without using the container mountlabel. If we don't have a mount label at the time of creation of the volume, the only option we have is to create a shared label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #5190 from baude/apiv2cockpit3OpenShift Merge Robot2020-02-14
|\ | | | | filtering behavior correction
| * filtering behavior correctionBrent Baude2020-02-12
| | | | | | | | | | | | when filtering containers, if a status= is provided as an input filter, then we should override the all to always be true. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5074 from jwhonce/wip/swagger_endpointOpenShift Merge Robot2020-02-14
|\ \ | | | | | | Add /swagger/ endpoint to serve swagger yaml to clients
| * | Add /swagger/ endpoint to serve swagger yaml to clientsJhon Honce2020-02-04
| | | | | | | | | | | | | | | | | | The provided yaml file will describe the current Podman REST API. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #5172 from giuseppe/api-fix-cpu-statsOpenShift Merge Robot2020-02-13
|\ \ \ | | | | | | | | api: fix the CPU stats reported
| * | | stats: add SystemUsageGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | api: fix the CPU stats reportedGiuseppe Scrivano2020-02-11
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Fix up play kube to use image dataDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #5183 from giuseppe/rootlessport-avoid-hangOpenShift Merge Robot2020-02-13
|\ \ \ \ | | | | | | | | | | rootlessport: fix potential hang
| * | | | rootlessport: drop Pdeathsig in favor of KillGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | there is a race condition where the child process is immediately killed: [pid 2576752] arch_prctl(0x3001 /* ARCH_??? */, 0x7ffdf612f170) = -1 EINVAL (Invalid argument) [pid 2576752] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [pid 2576752] --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER, si_pid=2576742, si_uid=0} --- [pid 2576752] +++ killed by SIGTERM +++ this happens because the parent process here really means the "parent thread". Since there is no way of running it on the main thread, let's skip this functionality altogether and use kill(2). Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | rootlessport: fix potential hangGiuseppe Scrivano2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | write to the error pipe only in case of an error. Otherwise we may end up in a race condition in the select statement below as the read from errChan happens before initComplete and the function returns immediately nil. Closes: https://github.com/containers/libpod/issues/5182 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request #5152 from QiWang19/device-cgroup-ruleOpenShift Merge Robot2020-02-13
|\ \ \ \ \ | |_|_|_|/ |/| | | | support device-cgroup-rule
| * | | | support device-cgroup-ruleQi Wang2020-02-12
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #5171 from baude/apiv2cockpit2OpenShift Merge Robot2020-02-12
|\ \ \ \ | | | | | | | | | | Fix container filters
| * | | | Fix container filtersBrent Baude2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | container filters were being double encoded (maybe triple) which resulted in the wrong encoding representation of filters being sent by the go-bindings. Also, on the server side, Filter needed to be changed to Filter to decode properly. Finally, due to the changed return type of List Containers, the go bindings return values needed to be changed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | Merge pull request #5187 from vrothberg/pkg-seccompOpenShift Merge Robot2020-02-12
|\ \ \ \ \ | | | | | | | | | | | | add pkg/seccomp
| * | | | | add pkg/seccompValentin Rothberg2020-02-12
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add pkg/seccomp to consolidate all seccomp-policy related code which is currently scattered across multiple packages and complicating the creatconfig refactoring. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / | | | api: pull: fix reference parsingValentin Rothberg2020-02-12
|/ / / / | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5175 from baude/apiv2eventsOpenShift Merge Robot2020-02-12
|\ \ \ \ | | | | | | | | | | apiv2 stream events
| * | | | apiv2 stream eventsBrent Baude2020-02-11
| |/ / / | | | | | | | | | | | | | | | | | | | | the events endpoint should be stream-based. it also needed to be registered to answer and not produce 404s. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | / / HTTP 304 (NotModified) is not an error!Ed Santiago2020-02-11
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even after #5169, my test logs kept showing: ERRO[0004] unable to write json: "http: request method or response status code does not allow body" Cause: overly-helpful code trying to treat condition as an error and include a diagnostic message. This is forbidden per rfc2616. This PR fixes the faulty response, as well as three others found via: $ ack 'Error.*NotMod' (4 hits total) $ ack 'Error.*NoCont' (no hits) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #5169 from edsantiago/apiv2_pod_status_codesOpenShift Merge Robot2020-02-11
|\ \ \ | | | | | | | | API v2: pods: fix two incorrect return codes
| * | | API v2: pods: fix two incorrect return codesEd Santiago2020-02-11
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) /pods/<X>/exists - is documented to return 204, and that's the correct value, but until now it has been returning 200. 2) /pods/create - return 409 (conflict), not 500, when pod already exists Also: in WriteResponse(), if code is 204 (No Content) or 304 (Not Modified), emit the status code only but no content-type headers nor content. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #5083 from vrothberg/v2-libpod-image-endpointsOpenShift Merge Robot2020-02-11
|\ \ \ | | | | | | | | v2 api: /libpod/images/{import,load,pull}
| * | | swagger: fix /libpod/images/{import,load,pull}Valentin Rothberg2020-02-11
| | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | v2 api: /libpod/images/importValentin Rothberg2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/import endpoint Tested manually with curl: curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar" Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | v2 api: /libpod/images/loadValentin Rothberg2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/load endpoint. Tested manually with curl: curl -X POST --data-binary "@image.tar" --header "Content-Type: application/x-tar" Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | v2 api: /libpod/images/pullValentin Rothberg2020-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the /libpod/images/pull endpoint and correct the swagger docs. The reference parameter is mandatory and must either be a c/image/docker/reference or a reference to the "docker://" transport as the pull endpoint is meant to only support pulling images from a registry. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5132 from sujil02/testOpenShift Merge Robot2020-02-11
|\ \ \ \ | |_|/ / |/| | | Add test cases to validate remove and list images api.
| * | | Add test cases to validate remove and list images api.Sujil022020-02-10
| |/ / | | | | | | | | | | | | | | | | | | Includes testcase to validate list image api count as we create and delete images Include testcase to validate remove image api responses with container instance, etc. Signed-off-by: Sujil02 <sushah@redhat.com>
* / / Rewire ListContainers for APIv2 libpodBrent Baude2020-02-11
|/ / | | | | | | | | | | | | | | | | | | consumers of the api remarked how they would prefer a more strongly typed data structure from list containers oon the libpod side of things. for example, events should be consumable and consistent timestamps. also, for the sake of compatibility, it is helpful to have the json named atttributes for Id to not be ID. listcontainers on the libpod side no longer strongly uses the the ps cli to obtain information but we do benefit from turning on the ability to list the last X containers, something CLI does not have yet. we also flipped the bit on defaulting to truncated output in the return. thanks to the efforts of the cockpit team to help us here. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | LibpodAPI.BuildImage: don't require a name for the new imageNalin Dahyabhai2020-02-06
| | | | | | | | | | | | | | | | | | | | When we finish building an image, we try to look up its ID by looking up the image using the name that we were asked to assign to the image. If we weren't asked to assign a name to the image, that would produce an error. The BuildImage() API we're using returns the image's ID anyway, so we can skip the lookup and just return the ID directly. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | fix swagger docs and make sure docs validation runsBrent Baude2020-02-05
|/ | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5082 from baude/specOpenShift Merge Robot2020-02-04
|\ | | | | [CI:DOCS] Spec proposal
| * [CI:DOCS]addition of specgen packageBrent Baude2020-02-04
| | | | | | | | | | | | | | | | | | | | warning: the naming of this might change as well as the location. this is a build on a PR from mheon from last year that proposes a shift from our current approach of creating containers based on the arbitrarily made createconfig. the new approach would be to have a specification that is detached from the podman cli. the spec could then be generated and used to make a container. this theoretically is the beginning of a long-needed refactor involving how we get from the cli -> libpod | apiv2 -> libpod with code re-use and less duplication. the intent is to build the apiv2 container creation based on this approach only. wiring to the podman cli will happen after the fact. Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Initial implementation of a spec generator packageMatthew Heon2020-02-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current Libpod pkg/spec has become a victim of the better part of three years of development that tied it extremely closely to the current Podman CLI. Defaults are spread across multiple places, there is no easy way to produce a CreateConfig that will actually produce a valid container, and the logic for generating configs has sprawled across at least three packages. This is an initial pass at a package that generates OCI specs that will supersede large parts of the current pkg/spec. The CreateConfig will still exist, but will effectively turn into a parsed CLI. This will be compiled down into the new SpecGenerator struct, which will generate the OCI spec and Libpod create options. The preferred integration point for plugging into Podman's Go API to create containers will be the new CreateConfig, as it's less tied to Podman's command line. CRI-O, for example, will likely tie in here. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #5033 from sujil02/new-testOpenShift Merge Robot2020-02-04
|\ \ | | | | | | Adding test to check Tag and list images endpoints in apis.
| * | Add a binding test to check image tag and list commands.Sujil022020-02-03
| | | | | | | | | | | | | | | | | | | | | | | | Include testcase to validate tag api responses and check if all the image instaces are shown list command. Also, Update the binding process and the response Signed-off-by: Sujil02 <sushah@redhat.com>
* | | swagger: v2: libpod/images/{import,load,pull}Valentin Rothberg2020-02-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note: this commit is merely adding swagger documentation and the golang stubs and types for the proposed endpoints. The implementation will follow in separate individual changes in the future. The ultimate goal is to prevent the libpod API from exposing the rather complex /images/create endpoint from Docker and split it into easier to implement, use and comprehend endpoints with a more narrow focus. # Import Add the v2 swagger documentation for the libpod/images/import endpoint. Note that we have intend to have separate backend and not mix it up with load since import allows for specifying a URL instead of a local tarball. # Load Complete the v2 swagger documentation for the libpod/images/load endpoint. Note that we are accounting for future plans to be able to load multiple images from one oci/docker archive by returning an array of image-load responses. Also move the (incomplete) implementation of the generic endpoint to the corresponding package and create a stub for the libpod handler, which will be implemented once there's an agreement on the proposed API. # Pull Add the v2 swagger documentation for the libpod/images/pull endpoint. Similar to the load endpoint, we return an array since more than one image can be pulled when the `all-tags` parameter is set. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #5061 from baude/apiv2swaggerexecOpenShift Merge Robot2020-02-04
|\ \ \ | |_|/ |/| | [CI:DOCS]add apiv2 endpoints for exec
| * | [CI:DOCS]add apiv2 endpoints for execBrent Baude2020-02-03
| |/ | | | | | | | | | | | | | | add the openapi/swagger documentation for exec. The subcommands added are create, inspect, resize, and start. at the time of this writing, no structure is declared for the inspect response. once the libpod work for this is complete, we can inherit and swaggerize it. Signed-off-by: Brent Baude <bbaude@redhat.com>
* / Update /_ping supportJhon Honce2020-02-03
|/ | | | | | | | | | | | | | | | | | | | | * Add swagger support and documentation * Promote handler as there can only ever be one * Update swagger tags Between verbs and paths there are four endpoints for /_ping. I've attempted to document them well without four copies of the details. Time will tell. Clients will use the headers `Libpod-API-Version` and `Libpod-Buildha-Version` to determine if they are connecting to a Podman service or some other compatible engine. Client calls GET(/_ping): * VARLINK engines will fail with error message * Compatible engines will return 200 without Libpod headers * Podman engines will return 200 and Libpod headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #5036 from vrothberg/fix-5034OpenShift Merge Robot2020-01-31
|\ | | | | sigproxy: return after closing the channel
| * sigproxy: return after closing the channelValentin Rothberg2020-01-31
| | | | | | | | | | | | | | | | | | | | When stopping signal handling (e.g., to properly handle ^C) we are also closing the signal channel. We should really return from the go-routine instead of continuing and risking double-closing the channel which leads to a panic. Fixes: #5034 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | fix longname handling for bindingsBrent Baude2020-01-31
|/ | | | | | the api needs to account for image input where the image is encoded as a fqd image name. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5020 from baude/bindingtestrootlessOpenShift Merge Robot2020-01-30
|\ | | | | Bindingtestrootless
| * rootless: enable shortcut only for podmanGiuseppe Scrivano2020-01-29
| | | | | | | | | | | | | | disable joining automatically the user namespace if the process is not podman. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * test: honor TEMPDIR variableGiuseppe Scrivano2020-01-29
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5022 from ssbarnea/fix/validateOpenShift Merge Robot2020-01-30
|\ \ | | | | | | Assure validate includes lint