summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-16
| | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-16
| | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* [CI:DOCS] Update swagger definition of inspect manifestJhon Honce2021-04-16
| | | | | | | | | | * Changed reference in swagger to correct struture that was being returned. * Added summary to ManifestAddLibpod to clean up generated web site * Added serve target to Makefile, to aid in debugging generated web site Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-16
| | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Adjust libpod API Container Wait documentation to the codePablo Correa Gómez2021-04-16
| | | | | | Closes #9960 Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* Add missing returnJhon Honce2021-04-16
| | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-16
| | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-16
| | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Reflect current state of prune implementation in docsJakub Guzik2021-04-16
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* pkg/errorhandling.JoinErrors: don't throw away context for lone errorsNalin Dahyabhai2021-04-16
| | | | | | | | When our multierror contains just one error, don't extract its text only to rewrap it, because doing so discards any stack trace information that might have been added closer to where the error actually originated. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-16
| | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-16
| | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix flake on failed podman-remote buildDaniel J Walsh2021-04-16
| | | | | | | | | | | | | | We have a race condition where podman build can fail but still return an exit code of 0. This PR ensures that as soon as the build fails, the failed flag is set eliminating the race. Fixes: https://github.com/containers/podman/issues/10029 [NO TESTS NEEDED] Tests of failed builds are already in place, and the elimination of the race should be enough. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [NO TESTS NEEDED] Turn on podman-remote build --isolationDaniel J Walsh2021-03-29
| | | | | | | | | | Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix containers list/prune http api filter behaviourJakub Guzik2021-03-29
| | | | | | | | | | The problem described in #9711 and followed by #9758 affects containers as well. When user provides wrong filter input, error message should occur, not fallback to full list/prune command. This change fixes the issue. Additionally, there are error message fixes for docker http api compat. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Unification of until filter across list/prune endpointsJakub Guzik2021-03-29
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Unification of label filter across list/prune endpointsJakub Guzik2021-03-29
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* fixupMatej Vasek2021-03-29
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* fix: build endpoint for compat APIMatej Vasek2021-03-29
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Support multi doc yaml for generate/play kubeEduardo Vega2021-03-29
| | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Correct json field nameJhon Honce2021-03-29
| | | | | | | | | [NO TESTS NEEDED] * When using the Namespace type, the field Value was json encoded with the name "string" vs "value". Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Fix filters in image http compat/libpod api endpointsJakub Guzik2021-03-29
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* podman generate systemd --new do not duplicate paramsPaul Holzinger2021-03-29
| | | | | | | | | | | | | | | | | podman generate systemd --new inserts extra idfile arguments. The generated unit can break when the user did provide their own idfile arguments as they overwrite the arguments added by generate systemd. This also happens when a user tries to generate the systemd unit on a container already create with a --new unit. This should now create a identical unit. The solution is to remove all user provided idfile arguments. This commit also ensures that we do not remove arguments that are part off the containers entrypoint. Fixes #9776 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Fix podman build --pull-neverDaniel J Walsh2021-03-29
| | | | | | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflict> Signed-off-by: Matthew Heon <mheon@redhat.com>
* [NO TESTS NEEDED] Use same function podman-remote rmi as podmanDaniel J Walsh2021-03-29
| | | | | | | | | | Make sure fixes that go into local podman commands also work in podman-remote, by using the same function. Since this is just a rewrite of existing code, existing tests should handle it. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add problematic volume name to kube play error messagesJordan Christiansen2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When kube play fails to create a volume, it should say which volume had the problem so the user doesn't have to guess. For the following pod spec: apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - name: myfrontend image: nginx volumeMounts: - mountPath: "/var/www/html" name: mypd volumes: - name: mypd hostPath: path: /var/blah podman will now report: Error: failed to create volume "mypd": error in parsing HostPath in YAML: error checking path "/var/blah": stat /var/blah: no such file or directory Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Fix list pods filter handling in libpod apiJakub Guzik2021-03-29
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Remove resize race conditionDaniel J Walsh2021-03-29
| | | | | | | | | | | | | | | | | | | | Since podman-remote resize requests can come in at random times, this generates a real potential for race conditions. We should only be attempting to resize TTY on running containers, but the containers can go from running to stopped at any time, and returning an error to the caller is just causing noice. This change will basically ignore requests to resize terminals if the container is not running and return the caller to success. All other callers will still return failure. Fixes: https://github.com/containers/podman/issues/9831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add RequiresMountsFor= to systemd generateRobb Manes2021-03-29
| | | | | | | | | | | | | | | It is rare but possible that storage locations for the graphroot and the runroot are not mounted at boot time, and therefore might race when doing container operations. An example we've seen in the wild is that a slow tmpfs mount for the runroot would suddenly mount over /run, causing the container to lose all currently-running data, requiring a system refresh to get it back. This patch adds RequiresMountsFor= to the systemd.unit header to ensure the paths for both the graphroot and runroot are mounted prior to starting any generated unit files. Signed-off-by: Robb Manes <rmanes@redhat.com>
* Fix swapped dimensions from terminal.GetSizeAnders F Björklund2021-03-29
| | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #9757 from jwhonce/wip/loadOpenShift Merge Robot2021-03-22
|\ | | | | Cleanup /libpod/images/load handler
| * Cleanup /libpod/images/load handlerJhon Honce2021-03-19
| | | | | | | | | | | | | | | | | | * Remove orphaned code * Add meaningful error from LoadImageFromSingleImageArchive() when heuristic fails to determine payload format * Correct swagger to output correct types and headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | security: use the bounding caps with --privilegedGiuseppe Scrivano2021-03-19
|/ | | | | | | | | when --privileged is used, make sure to not request more capabilities than currently available in the current context. [NO TESTS NEEDED] since it fixes existing tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix volumes and networks list/prune filters in http apiJakub Guzik2021-03-19
| | | | | | | | | | | This is the continuation work started in #9711. It turns out that list/prune commands for volumes in libpod/compat api have very dangerous error handling when broken filter input is supplied. Problem also affects network list/prune in libpod. This commit unifies filter handling across libpod/compat api and adds sanity apiv2 testcases. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Merge pull request #9710 from jmguzik/network-prune-filters-http-apiOpenShift Merge Robot2021-03-18
|\ | | | | Network prune filters for http api (compat and libpod)
| * network prune filters for http compat and libpod apiJakub Guzik2021-03-18
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | pkg/bindings/images.Build(): fix a race condition in error reportingNalin Dahyabhai2021-03-16
| | | | | | | | | | | | | | | | | | | | | | | | In nTar(), don't return the error value when the goroutine that's populating the error value can continue running long after nTar() returns. Instead, wrap the Close() method of the pipe that we're returning in a function that collects those errors, along with any error we get from closing the pipe, and returns them from Close() wrapper. In Build(), if the Close() method returns an error, at least log it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #9711 from jmguzik/volume-prune-fix-http-compatOpenShift Merge Robot2021-03-16
|\ \ | | | | | | Fix for volumes prune in http compat api when using filters
| * | Fix for volumes prune in http compat apiJakub Guzik2021-03-15
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9695 from jmguzik/array-inspect-network-fixOpenShift Merge Robot2021-03-16
|\ \ | | | | | | Fix array instead of one elem network http api
| * | Fix array instead of one elem network http apiJakub Guzik2021-03-12
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #9589 from troyready/add_compat_auth_endpointOpenShift Merge Robot2021-03-16
|\ \ \ | |_|/ |/| | add /auth for docker compatibility
| * | fix use with localhost (testing)troyready2021-03-12
| | | | | | | | | | | | Signed-off-by: troyready <troy@troyready.com>
| * | add /auth for docker compatibilitytroyready2021-03-12
| | | | | | | | | | | | | | | | | | | | | | | | This endpoint just validates credentials: https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977 Fixes: #9564 Signed-off-by: troyready <troy@troyready.com>
* | | Do not leak libpod package into the remote clientPaul Holzinger2021-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some packages used by the remote client imported the libpod package. This is not wanted because it adds unnecessary bloat to the client and also causes problems with platform specific code(linux only), see #9710. The solution is to move the used functions/variables into extra packages which do not import libpod. This change shrinks the remote client size more than 6MB compared to the current master. [NO TESTS NEEDED] I have no idea how to test this properly but with #9710 the cross compile should fail. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Split libpod/network packagePaul Holzinger2021-03-15
|/ / | | | | | | | | | | | | | | | | | | | | | | The `libpod/network` package should only be used on the backend and not the client. The client used this package only for two functions so move them into a new `pkg/network` package. This is needed so we can put linux only code into `libpod/network`, see #9710. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9703 from jmguzik/endpoint-networksOpenShift Merge Robot2021-03-12
|\ \ | | | | | | [NO TESTS NEEDED] create endpoint for querying libpod networks
| * | create endpoint for querying libpod networksJakub Guzik2021-03-12
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9524 from riyad/apiv3-print-tags-when-buildingOpenShift Merge Robot2021-03-11
|\ \ | |/ |/| [Compat API] Also print successfully tagging images in /build endpoint
| * [Compat API] Also print successfully tagging images in /build endpointRiyad Preukschas2021-02-25
| | | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 21:04:34 +0000