summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #9958 from jmguzik/limit-prune-filters-for-volumesOpenShift Merge Robot2021-04-07
|\ | | | | Volumes prune endpoint should use only prune filters
| * Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-07
| | | | | | | | | | | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9966 from jwhonce/wip/operation_idOpenShift Merge Robot2021-04-07
|\ \ | | | | | | [CI:DOCS] Update swagger definition of inspect manifest
| * | [CI:DOCS] Update swagger definition of inspect manifestJhon Honce2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Changed reference in swagger to correct struture that was being returned. * Added summary to ManifestAddLibpod to clean up generated web site * Added serve target to Makefile, to aid in debugging generated web site Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Handle podman-remote --arch, --platform, --osDaniel J Walsh2021-04-07
| |/ |/| | | | | | | | | | | | | | | Podman remote should be able to handle remote specification of arches. Requires: https://github.com/containers/buildah/pull/3116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ \ | | | | | | Add --requires flag to podman run/create
| * | Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #9953 from jwhonce/wip/operation_idOpenShift Merge Robot2021-04-06
|\ \ \ | | |/ | |/| [CI:DOCS] Polish swagger OperationIDs
| * | [CI:DOCS] Polish swagger OpertionIDsJhon Honce2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | Renamed 4 IDs to be consistent with other endpoints. Fixes #9951 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9942 from mheon/fix_9919OpenShift Merge Robot2021-04-06
|\ \ \ | |/ / |/| | Ensure that `--userns=keep-id` sets user in config
| * | Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | [CI:DOCS] Set all operation id to be compatibileJhon Honce2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod operation id's changed to better match compatibile id Builds on https://github.com/containers/podman/pull/9123 and corrects a duplicated ID. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Move operationIds to swagger:operation lineTom Deseyn2021-04-05
| | | | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | swagger: add operationIds that match with dockerTom Deseyn2021-04-05
| | | | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | Merge pull request #9938 from jmguzik/network-bindings-initial-testsOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | Initial network bindings tests
| * | | Initial network bindings testsJakub Guzik2021-04-05
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-05
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9423 from Luap99/rootless-cni-no-infraOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | rootless cni without infra container
| * | | Fix pod infra container cni network setupPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For rootless users the infra container used the slirp4netns net mode even when bridge was requested. We can support bridge networking for rootless users so we have allow this. The default is not changed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Add rootless support for cni and --uidmapPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | This is supported with the new rootless cni logic. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | rootless cni without infra containerPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of creating an extra container create a network and mount namespace inside the podman user namespace. This ns is used to for rootless cni operations. This helps to align the rootless and rootful network code path. If we run as rootless we just have to set up a extra net ns and initialize slirp4netns in it. The ocicni lib will be called in that net ns. This design allows allows easier maintenance, no extra container with pause processes, support for rootless cni with --uidmap and possibly more. The biggest problem is backwards compatibility. I don't think live migration can be possible. If the user reboots or restart all cni containers everything should work as expected again. The user is left with the rootless-cni-infa container and image but this can safely be removed. To make the existing cni configs work we need execute the cni plugins in a extra mount namespace. This ensures that we can safely mount over /run and /var which have to be writeable for the cni plugins without removing access to these files by the main podman process. One caveat is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns` accessible. `XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`. To ensure that we keep the netns directory we bind mount this relative to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns before we mount the run directory. The run directory is mounted recursive, this makes the netns directory at the same path accessible as before. This also allows iptables-legacy to work because /run/xtables.lock is now writeable. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9928 from pendulm/fix_rootless_socket_activationOpenShift Merge Robot2021-04-05
|\ \ \ \ | | | | | | | | | | Fix rootless socket activation
| * | | | Move socket activation check into init() and set global condition.pendulm2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So rootless setup could use this condition in parent and child, child podman should adjust LISTEN_PID to its self PID. Add system test for systemd socket activation Signed-off-by: pendulm <lonependulm@gmail.com>
* | | | | Fix missing podman-remote build optionsDaniel J Walsh2021-04-02
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9912 from jmguzik/recreate-prune-until-tests-for-containersOpenShift Merge Robot2021-04-02
|\ \ \ \ | | | | | | | | | | Recreate until container prune tests for bindings
| * | | | Recreate until container prune tests for bindingsJakub Guzik2021-04-01
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | | Merge pull request #9920 from ashley-cui/rootyOpenShift Merge Robot2021-04-02
|\ \ \ \ \ | |_|/ / / |/| | | | [NO TESTS NEEDED] Add ssh connection to root user
| * | | | Add ssh connection to root userAshley Cui2021-04-01
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initing a VM, create two add connections - one to user, one to root. podman machine remove removes both connections as well. [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #9899 from kellen-dunham/fix_9698OpenShift Merge Robot2021-04-01
|\ \ \ \ | |/ / / |/| | | Fix #9698 Updated reference to network
| * | | Fixed podman-remote --network flagKellen Dunham2021-03-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updated reference to network [NO TESTS NEEDED] Signed-off-by: Kellen Dunham <kellen@oneaib.com>
* | | | Remove --execute from podman machine sshbaude2021-03-31
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --execute flag ended up serving no purpose. It was removed and documentation was updated. Fixed a panic when no VM name was provided. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9903 from rhatdan/rusageOpenShift Merge Robot2021-03-31
|\ \ \ | | | | | | | | Fix handling of remote --log-rusage param
| * | | Fix handling of remove --log-rusage paramDaniel J Walsh2021-03-31
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9889 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9902 from jmguzik/fix-containers-flaky-bindings-prune-testOpenShift Merge Robot2021-03-31
|\ \ \ \ | | | | | | | | | | Fix bindings prune containers flaky test
| * | | | Fix bindings prune containers flaky testJakub Guzik2021-03-31
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | In #9863 prune containers filter params were narrowed to support only those required by http API. name filter in bindings was replaced by until filter, which is not a good match, as until filters are causing tests to be flaky. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9888 from baude/machineignOpenShift Merge Robot2021-03-31
|\ \ \ \ | |/ / / |/| | | podman machine init --ignition-path
| * | | podman machine init --ignition-pathbaude2021-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow for the user to provide an alternate ignition-file rather than the auto-generated one. updated docs to describe ramifications of providing an alterate ignition file. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #9885 from ashley-cui/machinelsOpenShift Merge Robot2021-03-30
|\ \ \ \ | | | | | | | | | | Add podman machine ls
| * | | | Add podman machine listAshley Cui2021-03-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman machine list lists all virtual machines & indicates the default VM connection, if it exists. it also can take a --format flag arg as a go template. [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #9892 from jwhonce/wip/topOpenShift Merge Robot2021-03-30
|\ \ \ \ | | | | | | | | | | Trim white space from /top endpoint results
| * | | | Trim white space from /top endpoint resultsJhon Honce2021-03-30
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Versions of the ps command have additional spaces between fields, this manifests as the container asking to run "top" and API reporting "top " as a process. Endpoint and tests updated to check that "top" is reported. There is no libpod specialized endpoint to update. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #9863 from jmguzik/fix-prune-filter-funcsOpenShift Merge Robot2021-03-30
|\ \ \ \ | | | | | | | | | | Containers prune endpoint should use only prune filters
| * | | | Containers prune endpoint should use only prune filtersJakub Guzik2021-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of libpod and compat API does not allow that. This commit aligns code with the documentation. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | | Merge pull request #9878 from jwhonce/wip/versionOpenShift Merge Robot2021-03-30
|\ \ \ \ \ | |_|/ / / |/| | | | [NO TESTS NEEDED] Remove semantic version suffices from API calls
| * | | | Remove semantic version suffices from API callsJhon Honce2021-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using the bindings do not include the pre-release or build metadata in the URL for the service. This breaks older services, while not providing that much additional functionality. [NO TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | | Merge pull request #9873 from baude/correctaarch64OpenShift Merge Robot2021-03-30
|\ \ \ \ \ | |_|_|/ / |/| | | | resolve proper aarch64 image names
| * | | | resolve proper aarch64 image namesbaude2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when automatically downloading fcos for the Apple M1, we needed to replace a statically defined URL with the dynamically determined one. also, it appears boolean qemu options `server` and `onwait` are not defined as `server=on` and `wait=off`. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #9872 from baude/vmaltimageOpenShift Merge Robot2021-03-30
|\ \ \ \ \ | |/ / / / |/| | | | podman machine init user input
| * | | | podman machine init user inputbaude2021-03-29
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | users may now provide a fully qualified local file path or a URL to seed the disk-image to be used in the VM. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* / / / Add machine support for qemu-system-aarch64Anders F Björklund2021-03-29
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Build machine also for podman-linux-arm64 - Add default machine type for linux arm64 - Add the required qemu-uefi bios parameter - Remove hardcoded outdated path and show url Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>