summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Support DeviceCgroupRules to actually get added.Daniel J Walsh2021-07-21
| | | | | | Fixes: https://github.com/containers/podman/issues/10302 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11008 from dpward/mainOpenShift Merge Robot2021-07-21
|\ | | | | [CI:DOCS] Fix GitHub URL to Podman logo
| * [CI:DOCS] Fix GitHub URL to Podman logoDavid Ward2021-07-21
| | | | | | | | | | | | The Podman logo is not rendered on docs.podman.io with the current URL. Signed-off-by: David Ward <david.ward@ll.mit.edu>
* | Merge pull request #10992 from rhatdan/playOpenShift Merge Robot2021-07-21
|\ \ | |/ |/| Fix handling of selinux labels in podman play kube
| * Fix handling of selinux labels in podman play kubeDaniel J Walsh2021-07-20
| | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10969 [NO TESTS NEEDED] We added tests for this, but they don't seem to be running. If I run the local system tests, they fail with the current Podman and work with this version. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10999 from rhatdan/quota1OpenShift Merge Robot2021-07-21
|\ \ | | | | | | Drop support for the --storage-opt container flag
| * | Drop podman create --storage-opt container flagDaniel J Walsh2021-07-20
| |/ | | | | | | | | | | | | | | | | | | | | | | | | The global flag will work in either location, and this flag just breaks users expectations, and is basically a noop. Also fix global storage-opt so that podman-remote can use it. [NO TESTS NEEDED] Since it would be difficult to test in ci/cd. Fixes: https://github.com/containers/podman/issues/10264 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10970 from vikas-goel/prepare-volumeOpenShift Merge Robot2021-07-21
|\ \ | |/ |/| Copy the content from the underlying image into the newly created volume
| * Copy the content from the underlying image into the newly created volume.Vikas Goel2021-07-20
| | | | | | | | | | | | Fixes: #10262 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | Merge pull request #10979 from vrothberg/fix-10977OpenShift Merge Robot2021-07-20
|\ \ | | | | | | compat: image create: handle platform correctly
| * | compat: image create: handle platform correctlyValentin Rothberg2021-07-20
| |/ | | | | | | | | | | | | | | | | Handle the platform parameter correctly. The parameter was only parsed in presence of credentials and the code was a bit complex. Also add a regression test. Fixes: #10977 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10956 from flouthoc/kube-liveness-probe-systemdOpenShift Merge Robot2021-07-19
|\ \ | |/ |/| Kube: Add liveness probe for containers backed by native (systemd) healthchecks instead of kubelet.
| * Kube: Add liveness probe for containers.flouthoc2021-07-17
| | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #10962 from vrothberg/fix-10655OpenShift Merge Robot2021-07-16
|\ \ | | | | | | systemd: require network*-online*.target
| * | systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10848 from vrothberg/update-libimageOpenShift Merge Robot2021-07-16
|\ \ \ | |/ / |/| | vendor containers/common@main
| * | vendor containers/common@mainValentin Rothberg2021-07-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | The `IgnorePlatform` options has been removed from the `LookupImageOptions` in libimage to properly support multi-arch images. Skip one buildah-bud test which requires updated CI images. This is currently being done in github.com/containers/podman/pull/10829 but we need to unblock merging common and buildah into podman. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10820 from jvanz/indfra-container-name-issue-10794OpenShift Merge Robot2021-07-16
|\ \ | | | | | | --infra-name command line argument
| * | --infra-name command line argumentJosé Guilherme Vanz2021-07-15
| |/ | | | | | | | | | | | | | | | | Adds the new --infra-name command line argument allowing users to define the name of the infra container Issue #10794 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
* / podman start: remove containers configured for auto removalValentin Rothberg2021-07-16
|/ | | | | | | | | Make sure that containers configured for auto removal (e.g., via `podman create --rm`) are removed in `podman start` if starting the container failed. Fixes: #10935 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10894 from cdoern/pidPodOpenShift Merge Robot2021-07-15
|\ | | | | podman pod create --pid flag
| * podman pod create --pid flagcdoern2021-07-15
| | | | | | | | | | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #10939 from Luap99/rootless-cniOpenShift Merge Robot2021-07-15
|\ \ | | | | | | Fix race conditions in rootless cni setup
| * | Fix race conditions in rootless cni setupPaul Holzinger2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was an race condition when calling `GetRootlessCNINetNs()`. It created the rootless cni directory before it got locked. Therefore another process could have called cleanup and removed this directory before it was used resulting in errors. The lockfile got moved into the XDG_RUNTIME_DIR directory to prevent a panic when the parent dir was removed by cleanup. Fixes #10930 Fixes #10922 To make this even more robust `GetRootlessCNINetNs()` will now return locked. This guarantees that we can run `Do()` after `GetRootlessCNINetNs()` before another process could have called `Cleanup()` in between. [NO TESTS NEEDED] CI is flaking, hopefully this will fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10937 from vrothberg/auto-updateOpenShift Merge Robot2021-07-15
|\ \ \ | | | | | | | | auto-update: add --dry-run
| * | | auto-update: add --dry-runValentin Rothberg2021-07-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --dry-run flag to `podman auto-update` which will look for new images but won't perform any pull or restart any service or container. The "UPDATED" column will now indicate the availability of a newer image via "pending". ``` $ podman auto-update --dry-run UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Fixes: #9949 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10913 from rhatdan/buildOpenShift Merge Robot2021-07-15
|\ \ \ | |/ / |/| | podman-remote build use .containerignore over .dockerignore
| * | podman-remote build use .containerignore over .dockerignoreDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | $ mkdir zzz;cd zzz $ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile $ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore $ mkdir subdir; touch subdir/sub1.txt $ ../bin/podman-remote build . Should fail, but succeeds because we are not sending over the .dockerignore file to the server side. This PR will send the .dockerignore so the server side and use it. Fixes: #10907 Also if both .containerignore and .dockerignore in the context directory, podman-remote should prefer .containerignore and not use .dockerignore. Fixes: #10908 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10919 from vikas-goel/macvlanOpenShift Merge Robot2021-07-15
|\ \ \ | |/ / |/| | Return macvlan object in /network REST API response
| * | Return macvlan object in /network REST API responseVikas Goel2021-07-14
| | | | | | | | | | | | | | | | | | Fixes: #10266 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | | Merge pull request #10880 from vrothberg/auto-updateOpenShift Merge Robot2021-07-14
|\ \ \ | | | | | | | | auto-update: make output more user friendly
| * | | auto-update: make output more user friendlyValentin Rothberg2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rather raw and scarce output of `podman auto-update` has been a thorn in my eyes for a longer while. So far, Podman would only print updated systemd units, one per line, without further formatting. Motivated by issue #9949 which is asking for some more useful information in combination with a dry-run feature, I sat down and reflected which information may come in handy. Running `podman auto-update` will now look as follows: ``` $ podman auto-update Trying to pull [...] UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Also refactor the spaghetti code in the backend a bit to make it easier to digest and maintain. For easier testing and for the sake of consistency with other commands listing output, add a `--format` flag. The man page will get an overhaul in a follow up commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | auto update: minor style nitsValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | auto update: pass through a contextValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pass a single context.Context through the call stack. If auto-updates will ever be made available for REST calls, the context will help supporting disconnected clients. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | auto-update: use libimage for image checksValentin Rothberg2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `HasDifferentDigest()` method of the image to replace the previous checks if an image needs to be updated. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | auto update: fix authfile detectionValentin Rothberg2021-07-13
| |/ / | | | | | | | | | | | | | | | | | | Fix a bug were an authfile label in a container would mistakenly override the authfile path for all subsequent checks. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10916 from mheon/fix_7360OpenShift Merge Robot2021-07-14
|\ \ \ | |/ / |/| | Perform a one-sided close of HTTP attach conn on EOF
| * | Perform a one-sided close of HTTP attach conn on EOFMatthew Heon2021-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On EOF of STDIN, we need to perform a one-sided close of the attach connection on the client side, to ensure that STDIN finishing will also cause the exec session to terminate, instead of hang. Fixes #7360 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Don't exclude Dockerfile, Containerfiles from tar contentDaniel J Walsh2021-07-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user specifies "*" in a .dockerignore or a .containerignore then podman-remote build should not exclude the Dockerfile or Containerfile or any content pointed to by `-f` in the context directory. We still need these files on the server side to complete the build. Fixes: https://github.com/containers/podman/issues/9867 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10868 from cdoern/untilLogOpenShift Merge Robot2021-07-10
|\ \ \ | | | | | | | | Implemented Until Query Parameter for Containers/logs
| * | | Implemented Until Query Parameter for Containers/logscdoern2021-07-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. fixes #10859 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #10881 from mheon/remove_getstoreOpenShift Merge Robot2021-07-09
|\ \ \ | | | | | | | | Remove GetStore function from Libpod
| * | | Remove GetStore function from LibpodMatthew Heon2021-07-08
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not be exposing the store outside of Libpod. We want to encapsulate it as an internal implementation detail - there's no reason functions outside of Libpod should directly be manipulating container storage. Convert the last use to invoke a method on Libpod instead, and remove the function. [NO TESTS NEEDED] as this is just a refactor. Signed-off-by: Matthew Heon <mheon@redhat.com>
* / | Add container config to compat image inspectBrent Baude2021-07-09
|/ / | | | | | | | | | | | | | | | | | | | | With docker-compose, there is a use case where you can `docker-compose up -d`, then change a file like docker-compose.yml and run up again. This requires a ContainerConfig with at least Volumes be populated in the inspect data. This PR adds just that. Fixes: #10795 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10867 from baude/issue9334OpenShift Merge Robot2021-07-08
|\ \ | |/ |/| Replace old RESTful tutorial with updated README
| * Replace old RESTful tutorial with updated READMEBrent Baude2021-07-07
| | | | | | | | | | | | | | | | | | | | | | Remove outdated information on go bindings. Moved the tips for debugging into the REAME and tidied up relevant links. Fixes: #9334 [CI_DOCS] [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | manifest push --rm: use libimage for removalValentin Rothberg2021-07-07
|/ | | | | | | | | Use libimage for removing the manifest instead of going directly through the store. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10836 from Luap99/diffOpenShift Merge Robot2021-07-03
|\ | | | | podman diff accept two images or containers
| * podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #10851 from Luap99/service-reaperOpenShift Merge Robot2021-07-02
|\ \ | | | | | | podman service reaper