| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
v2, podman: fix and enable all run_userns_test.go tests
|
| | |
| |
| |
| |
| |
| |
| | |
if some mappings are specified, assume there is a private user
namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
add missing implementation for userns=keep-id and enable the user
namespaces tests.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
[v2] containers, init: skip invalid state errors with --all
|
| | |/
| |
| |
| |
| |
| | |
reintroduce the same check that exists in v1.9.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
v2, tests: fix various run_test.go failures
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the check is correct but the error message was stating the opposite.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
| |
| |
| |
| |
| | |
validate the configuration only after we set the default namespaces.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We do not want to join pod namespaces if no infra container is
present. A pod may claim it shares namespaces without an infra
container (I'll take an action item to fix that - it really
should not be allowed), which was tripping up our default
namespace code and forcing us to try and join the namespaces of
the nonexistant infra container.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
| |
Since functions are now in an selinux subpackage, they should not start with
SELinux
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
podman, v2: handle namespaces specified on the CLI
|
| | |
| |
| |
| |
| |
| |
| | |
and handle differently the user namespace as it supports additional
options.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| |/
|/| |
V2 restore libpod.Shutdown() when exiting podman commands
|
| | |
| |
| |
| | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
manifest create,add,inspect
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Implememts manifest subcommands create, add, inspect.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The length and size of our error messages on failure to pull
is huge. This patch at least eliminates some of the wrapping.
But I think eventually we need to look at containers/image
and see if we can modify the error messages to something a little
more human friendly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Introduced define.ErrImageInUse to assist in determining the exit code
without resorting string searches.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Enable basic volumes support in Podmanv2
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables the --volume, --mount, and --tmpfs flags in
Podmanv2. It does not enable init-related flags, image volumes,
and --volumes-from.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| |_|/
|/| | |
Move selinux labeling support from pkg/util to pkg/selinux
|
| | |/
| |
| |
| |
| |
| |
| | |
The goal here is to make the package less heavy and not overload
the pkg/util.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Instrumentation to answer #5765
|
| | |/
| |
| |
| |
| |
| | |
* currently wired to localhost:8888 to prevent access from off machine
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
| |
Signed-off-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
v2, podman: plug --userns=auto
|
| | |
| |
| |
| |
| |
| | |
--userns=auto tests pass now.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Namespaces have now been changed to properly handle all cases.
Spec handling code for namespaces was consolidated in a single
function.
Still missing:
- Image ports
- Pod namespaces likely still broken in Podmanv2
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
podmanv2 cp
|
| | | |
| | |
| | |
| | |
| | |
| | | |
enable podman to copy files between container and host, local mode only. this is a straight port of v1 code to v2.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
add entrypoint from image where needed
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if the image specifies both the image and entrypoint, we need to account for that and preprend the entrypoint to the command. this only happens if no user command and entrypoint were supplied.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
v2, pkg: implement rlimits
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
|/|
| |
| |
| |
| | |
add port command to podman.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
More fixes for podman create tests
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Update podmanV2 to use containers.conf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add more default options parsing
Switch to using --time as opposed to --timeout to better match Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Cleanup network option parsing
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We were not handling the parsing of --ip. This pr adds validation
checks and now will support the flag.
Move validation to the actual parsing of the network flags.
We should only parse the dns flags if the user changed them. We don't
want to pass default options if set in containers.conf to the server.
Potential for duplicating defaults.
Add support for --dns-opt flag passing
Begin handling of --network flag, although we don't have a way right now
to translate a string into a specgen.Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While this commit was initially meant to fix #5847, it has turned into a
bigger refactoring which I did not manage to break into smaller pieces:
* Fix #5847 by refactoring the image-removal logic.
* Make the api handler for image-removal use the ABI code. This way,
both (i.e., ABI and Tunnel) end up using the same code. Achieving
this code share required to move some code around to prevent circular
dependencies.
* Everything in pkg/api (excluding pkg/api/types) must now only be
accessed from code using `ABISupport`.
* Avoid imports from entities on handlers to prevent circular
dependencies.
* Move `podman system service` logic into `cmd` to prevent circular
dependencies - it depends on pkg/api.
* Also remove the build header from infra/abi files. It will otherwise
confuse swagger and other tools; errors we cannot fix as go doesn't
expose a build-tag env variable.
Fixes: #5847
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Return labes in API (fixes #5882)
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
|
| |\ \ \
| | | |
| | | | |
Fix up handling of image data as well as setting Linux Capabilties correctly
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman inspect has a breaking change in that it dropped
--latest and --size options.
This PR adds these back. Lots of tests rely on
podman inspect -l.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If user sets capabilities list we need handle minimal capabilities.
Also handle seccomp-policy being passed in.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
