summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* rootless: not close more FDs than neededGiuseppe Scrivano2019-04-18
| | | | | | | | | | | | we were previously closing as many FDs as they were open when we first started Podman in the range (3-MAX-FD). This would cause issues if there were empty intervals, as these FDs are later on used by the Golang runtime. Store exactly what FDs were first open in a fd_set, so that we can close exactly the FDs that were open at startup. Closes: https://github.com/containers/libpod/issues/2964 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2917 from baude/remotestartOpenShift Merge Robot2019-04-17
|\ | | | | podman-remote start
| * podman-remote startbaude2019-04-17
| | | | | | | | | | | | | | enable the ability to start containers from the remote-client. also, enable start integration tests for remote testing. Signed-off-by: baude <bbaude@redhat.com>
* | Added remote pod prunePeter Hunt2019-04-16
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Add podman pod prunePeter Hunt2019-04-16
|/ | | | | | | podman system prune would leave pods be, and not prune them if they were stopped. Fix this by adding a `podman pod prune` command that prunes stopped pods similarly to containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* cmd, pkg: drop commented codeGiuseppe Scrivano2019-04-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2927 from giuseppe/fix-tty-rootlessOpenShift Merge Robot2019-04-14
|\ | | | | Revert "rootless: set controlling terminal for podman in the userns"
| * Revert "rootless: set controlling terminal for podman in the userns"Giuseppe Scrivano2019-04-14
| | | | | | | | | | | | | | | | This reverts commit 531514e8231e7f42efb7e7992d62e516f9577363. Closes: https://github.com/containers/libpod/issues/2926 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2501 from mtrmac/fixed-hook-orderOpenShift Merge Robot2019-04-14
|\ \ | |/ |/| RFC: Make hooks sort order locale-independent
| * Potentially breaking: Make hooks sort order locale-independentMiloslav Trmač2019-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't sort OCI hooks using the locale collation order; it does not make sense for the same system-wide directory to be interpreted differently depending on the user's LC_COLLATE setting, and the language-specific collation order can even change over time. Besides, the current collation order determination code has never worked with the most common LC_COLLATE values like en_US.UTF-8. Ideally, we would like to just order based on Unicode code points to be reliably stable, but the existing implementation is case-insensitive, so we are forced to rely on the unicode case mapping tables at least. (This gives up on canonicalization and width-insensitivity, potentially breaking users who rely on these previously documented properties.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Merge pull request #2830 from baude/remotecheckpointOpenShift Merge Robot2019-04-13
|\ \ | | | | | | remote-client checkpoint/restore
| * | remote-client checkpoint/restorebaude2019-04-11
| | | | | | | | | | | | | | | | | | | | | add the ability for the remote client to be able to checkpoint and restore containers. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2915 from giuseppe/rootless-do-not-block-sigtstpOpenShift Merge Robot2019-04-13
|\ \ \ | | | | | | | | rootless: do not block SIGTSTP
| * | | rootless: do not block SIGTSTPGiuseppe Scrivano2019-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | we were previously proxying all the signals, but doing that for SIGTSTP prevented the main process to be stopped by the tty. Closes: https://github.com/containers/libpod/issues/2775 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | rootless: set controlling terminal for podman in the usernsGiuseppe Scrivano2019-04-12
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2910 from giuseppe/fix-create-2-containersOpenShift Merge Robot2019-04-13
|\ \ \ \ | | | | | | | | | | create: fix segfault if container name already exists
| * | | | create: fix segfault if container name already existsGiuseppe Scrivano2019-04-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | do not try to use ctr if there was an error. It fixes a segfault when there is already a container with the same name. regression introduced by: ba65301c955454e47c3893ca548f18a845a4c4a9 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #2903 from baude/remotegenkubeOpenShift Merge Robot2019-04-12
|\ \ \ \ | |/ / / |/| | | podman-remote generate kube
| * | | podman-remote generate kubebaude2019-04-12
| |/ / | | | | | | | | | | | | | | | Allow the ability to generate kube YAML from the podman remote-client. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #2902 from baude/remoteattachfixesOpenShift Merge Robot2019-04-11
|\ \ \ | | | | | | | | Fixes for podman-remote run and attach
| * | | Fixes for podman-remote run and attachbaude2019-04-11
| |/ / | | | | | | | | | | | | | | | | | | | | | Fixes the ability to run (create,start) a container and attach to its console correctly. We can now also exit from the console without hanging the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | | spec: mask /sys/kernel when bind mounting /sysGiuseppe Scrivano2019-04-11
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | oci: add /sys/kernel to the masked pathsGiuseppe Scrivano2019-04-11
|/ / | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Add the ability to attach remotely to a containerbaude2019-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, you can now podman-remote run -it. There are some bugs that need to be ironed out but I would prefer to merge this so we can make both progress on start and exec as well as the bugs. * when doing podman-remote run -it foo /bin/bash, you have to press enter to get the prompt to display. with the localized podman, we had to teach it connect to the console first and then start the container so we did not miss anything. * when executing "exit" in the console, we get a hard lockup likely because nobody knows what to do. * custom detach keys are not supported * podman-remote run -it alpine ls does not currently work. only dropping to a shell works. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2882 from baude/remotepsOpenShift Merge Robot2019-04-10
|\ \ | | | | | | podman-remote ps
| * | podman-remote psbaude2019-04-09
| |/ | | | | | | | | | | add the ability to run ps on containers using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* / Implement podman-remote rmJhon Honce2019-04-09
|/ | | | | | | | | * refactor command output to use one function * Add new worker pool parallel operations * Implement podman-remote umount * Refactored podman wait to use printCmdOutput() Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #2861 from baude/varlinkimagepanicOpenShift Merge Robot2019-04-08
|\ | | | | Correct varlink pull panic
| * Correct varlink pull panicbaude2019-04-08
| | | | | | | | | | | | | | | | | | | | when pulling a non-existent image via varlink, we had a panic because when we detected a pull error we sent the error over a channel but still tried to deduce the image id on a nil object. Fixes: #2860 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2746 from baude/remotecreateOpenShift Merge Robot2019-04-08
|\ \ | | | | | | podman-remote create|run
| * | podman-remote create|runbaude2019-04-08
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to create and run containers via the podman-remote client. we now create an intermediate layer from the the create/run cli flags. the intermediate layer can be converted into a createconfig or into a varlink struct. Once transported, the varlink struct can be converted back to an intermediate layer and then to a createconfig. remote terminals are not supported yet. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2841 from openSUSE/ginkgo-unitOpenShift Merge Robot2019-04-08
|\ \ | |/ |/| Update registrar unit tests to match them of cri-o
| * Update registrar unit tests to match them of cri-oSascha Grunert2019-04-04
| | | | | | | | | | | | | | - Add the test framework abstraction - Update the unit tests to run with ginkgo Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #2831 from baude/remotetreeOpenShift Merge Robot2019-04-04
|\ \ | | | | | | podman-remote image tree
| * | podman-remote image treebaude2019-04-04
| | | | | | | | | | | | | | | | | | | | | add the ability for the podman-remote client to be able to print an image tree. Signed-off-by: baude <bbaude@redhat.com>
* | | Drop LocalVolumes from our the databaseMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Add handling for new named volumes code in pkg/specMatthew Heon2019-04-04
|/ / | | | | | | | | | | | | | | | | Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2706 from giuseppe/rootless-single-usernamespaceOpenShift Merge Robot2019-04-04
|\ \ | | | | | | rootless: single user namespace
| * | rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2819 from openSUSE/cri-o-annotationsOpenShift Merge Robot2019-04-04
|\ \ \ | |_|/ |/| | Update cri-o annotations
| * | Update cri-o annotationsSascha Grunert2019-04-01
| |/ | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* / add remote-client diffbaude2019-04-03
|/ | | | | | | the remote client now can run the diff command to report changes, modifications, and deletions in an image or container. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2797 from giuseppe/rootless-set-stickyOpenShift Merge Robot2019-03-29
|\ | | | | rootless: set sticky bit on rundir
| * utils: call GetRootlessRuntimeDir onceGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | use a sync.Once to potentially avoid multiple system calls everytime the function is called. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2796 from mheon/fix_cni_multinetworkOpenShift Merge Robot2019-03-29
|\ \ | |/ |/| Ensure that we make a netns for CNI non-default nets
| * Fix lintMatthew Heon2019-03-28
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Ensure that we make a netns for CNI non-default netsMatthew Heon2019-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We accidentally patched this out trying to enable ns:/path/to/ns This should restore the ability to configure nondefault CNI networks with Podman, by ensuring that they request creation of a network namespace. Completely remove the WithNetNS() call when we do use an explicit namespace from a path. We use that call to indicate that a netns is going to be created - there should not be any question about whether it actually does. Fixes #2795 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2786 from giuseppe/change-rootless-env-namesOpenShift Merge Robot2019-03-28
|\ \ | | | | | | rootless: change env prefix