summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Fix `system service` panic from early hangup in eventsMatthew Heon2020-07-02
| | | | | | | | | | | | We weren't actually halting the goroutine that sent events, so it would continue sending even when the channel closed (the most notable cause being early hangup - e.g. Control-c on a curl session). Use a context to cancel the events goroutine and stop sending events. Fixes #6805 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6747 from giuseppe/fix-user-volumesOpenShift Merge Robot2020-06-30
|\ | | | | container: move volume chown after spec generation
| * container: move volume chown after spec generationGiuseppe Scrivano2020-06-29
| | | | | | | | | | | | | | | | | | move the chown for newly created volumes after the spec generation so the correct UID/GID are known. Closes: https://github.com/containers/libpod/issues/5698 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | fix: Don't override entrypoint if it's `nil`maybe-sybr2020-06-30
| | | | | | | | | | | | | | This change ensures that we only override a container's entrypoint if it is set to something other than `nil`. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ \ | | | | | | Allow empty host port in --publish flag
| * | Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Set console mode for windowsBrent Baude2020-06-29
| | | | | | | | | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6763 from maxm123/masterOpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | Fix error handling problem in APIv2 network remove
| * | | Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound ↵Maximilian Müller2020-06-27
| |/ / | | | | | | | | | | | | | | | instead of nil Signed-off-by: Maximilian Müller <maxm123@techie.com>
* | | Merge pull request #6768 from vrothberg/fix-6766OpenShift Merge Robot2020-06-29
|\ \ \ | | | | | | | | generate systemd: improve pod-flags filter
| * | | generate systemd: improve pod-flags filterValentin Rothberg2020-06-25
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | When generating systemd unit for pods, we need to remove certain pod-related flags from the containers' create commands. Make sure to account for all the syntax including a single argument with key and value being split by `=`. Fixes: #6766 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Ensure umask is set appropriately for 'system service'Matthew Heon2020-06-26
| |/ |/| | | | | | | | | | | | | | | | | | | | | We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | specgen: fix order for setting rlimitsRalf Haferkamp2020-06-26
| | | | | | | | | | | | | | | | | | | | | | | | Also make sure that the limits we set for rootless are not higher than what we'd set for root containers. Rootless containers failed to start when the calling user already had ulimit (e.g. on NOFILE) set. This is basically a cherry-pick of 76f8efc0d0d into specgen Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | Merge pull request #6756 from mheon/add_dangling_filterOpenShift Merge Robot2020-06-26
|\ \ | | | | | | Add support for dangling filter to volumes
| * | Add support for dangling filter to volumesMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | The dangling filter determine whether a volume is dangling - IE, it has no containers attached using it. Unlike our other filters, this one is a boolean - must be true or false, not arbitrary values. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6761 from mheon/fix_ps_portmappingsOpenShift Merge Robot2020-06-25
|\ \ \ | | | | | | | | Print port mappings in `ps` for ctrs sharing network
| * | | Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | / systemd generate: allow manual restart of container units in podsValentin Rothberg2020-06-25
| |/ |/| | | | | | | | | | | | | Allow manual restarts of container units that are part of a pod. This allows for configuring these containers for auto updates. Fixes: #6770 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6713 from mheon/debug_levelOpenShift Merge Robot2020-06-25
|\ \ | |/ |/| Set syslog for exit commands on log-level=debug
| * Set syslog for exit commands on log-level=debugMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a flag, --syslog, for telling logrus to log to syslog as well as to the terminal. Previously, this flag also set the exit command for containers to use `--syslog` (otherwise all output from exit commands is lost). I attempted to replicate this with Podman v2.0, but quickly ran into circular import hell (the flag is defined in cmd/podman, I needed it in cmd/podman/containers, cmd/podman imports cmd/podman/containers already, etc). Instead, let's just set the syslog flag automatically on `--log-level=debug` so we log exit commands automatically when debug-level logs are requested. This is consistent with Conmon and seems to make sense. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | utils: drop default mapping when running uid!=0Giuseppe Scrivano2020-06-24
|/ | | | | | | | | | this is a leftover from the first implementation of rootless. This code is never hit by podman rootless anymore as podman automatically creates a user namespace now. Fixes an issue with podman remote when used with uid != 0. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6741 from maybe-sybr/maybe/apiv2/fix-volume-create-codeOpenShift Merge Robot2020-06-24
|\ | | | | APIv2: Return `StatusCreated` from volume creation
| * APIv2: Return `StatusCreated` from volume creationmaybe-sybr2020-06-24
| | | | | | | | | | | | | | | | The swagdoc in `register_volumes.go` already correctly notes that a 201 should be returned upon success, so we only need to change the handler to match the spec. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | Merge pull request #6738 from maybe-sybr/maybe/apiv2/fix-network-compat-urlsOpenShift Merge Robot2020-06-24
|\ \ | | | | | | APIv2:fix: Remove `/json` from compat network EPs
| * | APIv2:fix: Remove `/json` from compat network EPsmaybe-sybr2020-06-24
| |/ | | | | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | Merge pull request #6739 from jwhonce/wip/connectionOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Fix ssh-agent support
| * | Fix ssh-agent supportJhon Honce2020-06-23
| |/ | | | | | | | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / APIv2:doc: Fix swagger doc to refer to volumesmaybe-sybr2020-06-24
|/ | | | Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* Merge pull request #6731 from baude/toolboxjsonOpenShift Merge Robot2020-06-23
|\ | | | | Add JSON output field for ps
| * Add JSON output field for psBrent Baude2020-06-23
| | | | | | | | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | V2 podman system connectionJhon Honce2020-06-23
|/ | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6710 from vrothberg/fix-6413OpenShift Merge Robot2020-06-23
|\ | | | | libpod/containers/json: alias last -> limit
| * libpod/containers/json: alias last -> limitValentin Rothberg2020-06-22
| | | | | | | | | | | | | | | | | | | | | | Support both `last` and `limit` for in the containers listing endpoint. We intended to use `limit` which is also mentioned in the docs, but the implementation ended up using `last` as the http parameter; likely being caused by the CLI using `--last`. To avoid any regression, we decided for supporting both and aliasing `last`. Fixes: #6413 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ \ | | | | | | Add --preservefds to podman run
| * | Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Fix conflicts between privileged and other flagsMatthew Heon2020-06-22
| | | | | | | | | | | | | | | | | | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | rootless_linux: improve error messageDouglas Schilling Landgraf2020-06-21
| |/ |/| | | | | | | | | | | Improve the error message for rootless mode. Git-Url: https://github.com/containers/libpod/issues/6572 Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
* | Merge pull request #6621 from vrothberg/bz-1846629OpenShift Merge Robot2020-06-20
|\ \ | | | | | | search: allow wildcards
| * | search: allow wildcardsValentin Rothberg2020-06-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow wildcards in the search term. Note that not all registries support wildcards and it may only work with v1 registries. Note that searching implies figuring out if the specified search term includes a registry. If there's not registry detected, the search term will be used against all configured "unqualified-serach-registries" in the registries.conf. The parsing logic considers a registry to be the substring before the first slash `/`. With these changes we now not only support wildcards but arbitrary input; ultimately it's up to the registries to decide whether they support given input or not. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1846629 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6675 from yhchen0906/masterOpenShift Merge Robot2020-06-20
|\ \ | | | | | | correct the absolute path of `rm` executable
| * | correct the absolute path of `rm` executableYuan-Hao Chen2020-06-19
| |/ | | | | | | Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
* / Correct logic for demux'ing channelsJhon Honce2020-06-19
|/ | | | | | * Move check for requesting output into case statement Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Allow recursive dependency start with Init()Matthew Heon2020-06-18
| | | | | | | | | | | | | | | | | | | | As part of APIv2 Attach, we need to be able to attach to freshly created containers (in ContainerStateConfigured). This isn't something Libpod is interested in supporting, so we use Init() to get the container into ContainerStateCreated, in which attach is possible. Problem: Init() will fail if dependencies are not started, so a fresh container in a fresh pod will fail. The simplest solution is to extend the existing recursive start code from Start() to Init(), allowing dependency containers to be started when we initialize the container (optionally, controlled via bool). Also, update some comments in container_api.go to make it more clear how some of our major API calls work. Fixes #6646 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6654 from rhatdan/keepidOpenShift Merge Robot2020-06-17
|\ | | | | Don't ignore --user flag in rootless --userns keepid
| * Don't ignore --user flag in rootless --userns keepidDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | Currently podman run --userns keep-id --user root:root fedora id The --user flag is ignored. Removing this makes the code work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6620 from jgallucci32/api-logs-separateOpenShift Merge Robot2020-06-17
|\ | | | | Move logs functionality to separate file for APIv2
| * Move logs functionality to separate file for APIv2jgallucci322020-06-17
| | | | | | | | | | | | | | | | This simply moves the function for the log handler for APIv2 to a separate file to be consistent with other parts of the code base. Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | Merge pull request #6634 from baude/v2buildfixesOpenShift Merge Robot2020-06-17
|\ \ | | | | | | fix misc remote build issues
| * | fix misc remote build issuesBrent Baude2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | address problem when multiple -t were sent. and rework remote build's tarball if a context dir is given other than ".". Fixes: #6578 Fixes: #6577 Signed-off-by: Brent Baude <bbaude@redhat.com>