| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes #10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |
|
|
|
|
|
|
|
| |
Libpod operation id's changed to better match compatibile id
Builds on https://github.com/containers/podman/pull/9123 and corrects
a duplicated ID.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
|
| |
|
|
| |
Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix handling of SecurityOpts
LabelOpts
SeccompProfilePath
ApparmorProfile
Fix Ulimits
Fixes: https://github.com/containers/podman/issues/9869
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
So rootless setup could use this condition in parent and child, child
podman should adjust LISTEN_PID to its self PID.
Add system test for systemd socket activation
Signed-off-by: pendulm <lonependulm@gmail.com>
|
| |
|
|
|
|
|
| |
since we already have an exported function that does the check,
refactor the code to use it instead of duplicating the logic.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
| |
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Versions of the ps command have additional spaces between fields, this
manifests as the container asking to run "top" and API reporting "top "
as a process.
Endpoint and tests updated to check that "top" is reported.
There is no libpod specialized endpoint to update.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9889
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Updated reference to network
[NO TESTS NEEDED]
Signed-off-by: Kellen Dunham <kellen@oneaib.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We define in the man page that this overrides the default storage
options, but the code was appending to the existing options.
This PR also makes a change to allow users to specify --storage-opt="".
This will turn off all storage options.
https://github.com/containers/podman/issues/9852
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the side-effects of the `--userns=keep-id` command is
switching the default user of the container to the UID of the
user running Podman (though this can still be overridden by the
`--user` flag). However, it did this by setting the UID and GID
in the OCI spec, and not by informing Libpod of its intention to
switch users via the `WithUser()` option. Because of this, a lot
of the code that should have triggered when the container ran
with a non-root user was not triggering. In the case of the issue
that this fixed, the code to remove capabilities from non-root
users was not triggering. Adjust the keep-id code to properly
inform Libpod of our intention to use a non-root user to fix
this.
Also, fix an annoying race around short-running exec sessions
where Podman would always print a warning that the exec session
had already stopped.
Fixes #9919
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
| |
* Changed reference in swagger to correct struture that was being
returned.
* Added summary to ManifestAddLibpod to clean up generated web site
* Added serve target to Makefile, to aid in debugging generated
web site
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Volumes endpoints for HTTP compat and libpod APIs allowed
usage of list HTTP endpoint filter funcs. Documentation in
case of compat API does not allow that. This commit aligns
code with the documentation and also ligns libpod with compat API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
| |
Closes #9960
Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
|
| |
|
|
|
|
|
| |
libpod df handler missing a return after writing error to client. This
caused a null to be appended to JSON and crashed python decoder.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[NO TESTS NEEDED]
force bitsSize==64 so that the string is always parsed to a uint64
instead of using the native int size, that could be not big enough on
32 bits arches.
Closes: https://github.com/containers/podman/issues/9979
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Swagger documentation reported that the API endpoint /pods/create
returned 200 while the as-built code returned 201. 201 is more
correct so documentation updated.
Tests already checked for 201 so no updated needed.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
| |
When our multierror contains just one error, don't extract its text only
to rewrap it, because doing so discards any stack trace information that
might have been added closer to where the error actually originated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9405
Add system runlabel tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This time we are checking if the function actually succeeded,
otherwise we will report an error.
Also if we did not get the id, report unexpected failure.
[NO TESTS NEEDED] Still no good way to test this, but manually.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a race condition where podman build can fail
but still return an exit code of 0. This PR ensures
that as soon as the build fails, the failed flag is set
eliminating the race.
Fixes: https://github.com/containers/podman/issues/10029
[NO TESTS NEEDED] Tests of failed builds are already in place, and
the elimination of the race should be enough.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently podman only works with --isolation chroot. This PR
fixes this by allowing the isolation mode to default to OCI and to
also allow users to pass the isolation mode into the containers.
The current tests for --isolation should cause this code to be tested.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The problem described in #9711 and followed by #9758 affects
containers as well. When user provides wrong filter input, error
message should occur, not fallback to full list/prune command.
This change fixes the issue. Additionally, there are error message
fixes for docker http api compat.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
[NO TESTS NEEDED]
* When using the Namespace type, the field Value was json encoded
with the name "string" vs "value".
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman generate systemd --new inserts extra idfile arguments. The
generated unit can break when the user did provide their own idfile
arguments as they overwrite the arguments added by generate systemd.
This also happens when a user tries to generate the systemd unit on
a container already create with a --new unit. This should now
create a identical unit. The solution is to remove all user provided
idfile arguments.
This commit also ensures that we do not remove arguments that are part
off the containers entrypoint.
Fixes #9776
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently pull policy is set incorrectly when users set --pull-never.
Also pull-policy is not being translated correctly when using
podman-remote.
Fixes: #9573
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflict>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Make sure fixes that go into local podman commands also work in
podman-remote, by using the same function.
Since this is just a rewrite of existing code, existing tests should
handle it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When kube play fails to create a volume, it should say which volume had
the problem so the user doesn't have to guess. For the following pod
spec:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
hostPath:
path: /var/blah
podman will now report:
Error: failed to create volume "mypd": error in parsing HostPath
in YAML: error checking path "/var/blah": stat /var/blah: no such
file or directory
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since podman-remote resize requests can come in at random times, this
generates a real potential for race conditions. We should only be
attempting to resize TTY on running containers, but the containers can
go from running to stopped at any time, and returning an error to the
caller is just causing noice.
This change will basically ignore requests to resize terminals if the
container is not running and return the caller to success. All other
callers will still return failure.
Fixes: https://github.com/containers/podman/issues/9831
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is rare but possible that storage locations for the graphroot and the
runroot are not mounted at boot time, and therefore might race when
doing container operations. An example we've seen in the wild is that a
slow tmpfs mount for the runroot would suddenly mount over /run, causing
the container to lose all currently-running data, requiring a system
refresh to get it back.
This patch adds RequiresMountsFor= to the systemd.unit header to ensure
the paths for both the graphroot and runroot are mounted prior to
starting any generated unit files.
Signed-off-by: Robb Manes <rmanes@redhat.com>
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Cleanup /libpod/images/load handler
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* Remove orphaned code
* Add meaningful error from LoadImageFromSingleImageArchive() when
heuristic fails to determine payload format
* Correct swagger to output correct types and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
when --privileged is used, make sure to not request more capabilities
than currently available in the current context.
[NO TESTS NEEDED] since it fixes existing tests.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is the continuation work started in #9711. It turns out
that list/prune commands for volumes in libpod/compat api have
very dangerous error handling when broken filter input is supplied.
Problem also affects network list/prune in libpod. This commit
unifies filter handling across libpod/compat api and adds sanity
apiv2 testcases.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\
| |
| | |
Network prune filters for http api (compat and libpod)
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
