summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #10519 from matejvasek/use-req-ctxOpenShift Merge Robot2021-06-01
|\ | | | | Use request context instead of background
| * Use request context instead of backgroundMatej Vasek2021-06-01
| | | | | | | | | | | | | | | | | | | | This prevents goroutine leak: If background context were used then push operation would continue even if client aborted request by closing connection. [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #10488 from baude/machinehostnetworkOpenShift Merge Robot2021-06-01
|\ \ | | | | | | Enable port forwarding on host
| * | Enable port forwarding on hostBrent Baude2021-06-01
| |/ | | | | | | | | | | | | | | | | | | | | Using the gvproxy application on the host, we can now port forward from the machine vm on the host. It requires that 'gvproxy' be installed in an executable location. gvproxy can be found in the containers/gvisor-tap-vsock github repo. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10508 from matejvasek/fix-from-imgOpenShift Merge Robot2021-06-01
|\ \ | | | | | | Better error handing for images/create compat api
| * | Better error handing for images/create compat apiMatej Vasek2021-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | If server cannot resolve short name due to enforcing policy send non-2xx status code. [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #10510 from matejvasek/improve-creat-from-imgOpenShift Merge Robot2021-06-01
|\ \ \ | | | | | | | | Use request context instead of background context
| * | | Use request context instead of background contextMatej Vasek2021-06-01
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | This fixes a goroutine leak. Previously if request was cancelled the image pulling goroutine kept running regardless. [NO TESTS NEEDED] Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | / [NO TESTS NEEDED] API list networks should return [] when used with no networkszhangguanzhang2021-06-01
| |/ |/| | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | generate systemd: make mounts portableValentin Rothberg2021-05-31
|/ | | | | | | | | | | | | | | | | | | Commit 748826fc88fc fixed a bug where slow mounting of the runroot was causing issues when the units are started at boot. The fix was to add the container's runroot to the required mounts; the graph root has been added as well. Hard-coding the run- and graphroot to the required mounts, however, breaks the portability of units generated with --now. Those units are intended to be running on any machine as, theoreticaly, any user. Make the mounts portable by using the `%t` macro for the run root. Since the graphroot's location varies across root and ordinary users, drop it from the list of required mounts. The graphroot was not causing issues. Fixes: #10493 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* rootless: fix SIGSEGV ,make LISTEN_FDNAMES optional [Closes #10435].flouthoc2021-05-29
| | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #10383 from rhatdan/kubeOpenShift Merge Robot2021-05-27
|\ | | | | Handle image user and exposed ports in podman play kube
| * Handle image user and exposed ports in podman play kubeDaniel J Walsh2021-05-26
| | | | | | | | | | | | | | | | | | Currently if a user runs an image with a user specified or exposed ports with podman play kube, the fields are ignored. Fixed: https://github.com/containers/podman/issues/9609 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add options to podman machine sshBrent Baude2021-05-27
| | | | | | | | | | | | | | | | | | | | | | Add options to the podman machine ssh command that ignore hostkeychecking and hosts file -o 'UserKnownHostsFile /dev/null' -o 'StrictHostKeyChecking no [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add the option of Rootless CNI networking by defaultMatthew Heon2021-05-26
|/ | | | | | | | | | | | | | | | | | | When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns. If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config). I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Handle hard links in different directoriesDaniel J Walsh2021-05-24
| | | | | | Fixes: https://github.com/containers/podman/issues/10444 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10387 from flouthoc/cgroupv1-v2-infoOpenShift Merge Robot2021-05-24
|\ | | | | Podman info add support for status of standard available cgroup controllers
| * Podman info add support for status of cgroup controllersflouthoc2021-05-24
| | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Handle hard links in remote buildsDaniel J Walsh2021-05-22
|/ | | | | | Fixes: https://github.com/containers/podman/issues/9893 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10365 from jwhonce/issues/9578OpenShift Merge Robot2021-05-21
|\ | | | | Match swagger to "as built" output
| * Match swagger to "as built" outputJhon Honce2021-05-21
| | | | | | | | | | | | | | | | | | | | | | * Remove all Types no longer referenced, they were never used A future API breaking version of Podman API, may restore these Types and push formatting into presentation layer vs. server. Fixes #9578 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #10427 from rhatdan/errorsOpenShift Merge Robot2021-05-21
|\ \ | |/ |/| Drop container does not exist on removal to debugf
| * Drop container does not exist on removal to debugfDaniel J Walsh2021-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have race conditions where a container can be removed by two different processes when running podman --remove rm. It can be cleaned up in the API or by the conmon executing podman container cleanup. When we fail to remove a container that does not exists we should not be printing errors or warnings, we should just debug the fact. [NO TESTS NEEDED] Since this is a race condition it is difficult to test. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10400 from rhatdan/rootOpenShift Merge Robot2021-05-21
|\ \ | |/ |/| Clear the storage-options from the graphdriver if users specifies --root
| * Clear the storage-options from the graphdriver if users specifies --rootDaniel J Walsh2021-05-19
| | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10393 Currently if a user specifies a --root flag to override the location of the container storage, we still enforce the storage-opts from storage.conf. This causes issues with people trying to intereact with the additional stores feature, and then forces them to use the obscure --storage-opt="" option. I belive this should be the default and we already do this when the user specifies the --storage-driver option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Downgrade API service routing table loggingJhon Honce2021-05-20
| | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] * Log the routing table output at Trace vs. Debug level. Reduce noise in debugging output. * Tweak SDNotify message to report Warn when it fails. Previously failures were silent. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #10377 from vrothberg/test-commonOpenShift Merge Robot2021-05-20
|\ \ | | | | | | update c/common
| * | update c/commonValentin Rothberg2021-05-20
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update containers common to the latest HEAD. Some bug fixes in libimage forced us to have a clearer separation between ordinary images and manifest lists. Hence, when looking up manifest lists without recursing into any of their instances, we need to use `LookupManifestList()`. Also account for some other changes in c/common (e.g., the changed order in the security labels). Further vendor the latest HEAD from Buildah which is required to get the bud tests to pass. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / Add support for podman manifest rm commandDaniel J Walsh2021-05-19
|/ | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10371 from matejvasek/fix-wait-compatOpenShift Merge Robot2021-05-19
|\ | | | | fix: response of containers wait endpoint
| * fix: response body of containers wait endpointMatej Vasek2021-05-18
| | | | | | | | | | | | | | The `Error` part of response must be nil (or omitted) if no error occurred. Before this commit a zero value for the struct was returned. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #10369 from jmguzik/network-http-docs-fixesOpenShift Merge Robot2021-05-18
|\ \ | |/ |/| Fix formatting and indentation in network http api docs
| * Fix formatting and indentation in network http api docsJakub Guzik2021-05-17
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10339 from rhatdan/selinuxOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Support automatic labeling of kube volumes
| * | Support automatic labeling of kube volumesDaniel J Walsh2021-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to specify options on the volume mount path. This will trigger relabels of user specifies :z,:Z Also will handle User Relabels if the user specifies :U Fixes: https://github.com/containers/podman/issues/9371 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ \ \ | | | | | | | | Support uid,gid,mode options for secrets
| * | | Support uid,gid,mode options for secretsAshley Cui2021-05-17
| |/ / | | | | | | | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ \ | | | | | | | | image prune: remove unused images only with `--all`
| * | | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / / podman network reload add rootless supportPaul Holzinger2021-05-17
|/ / | | | | | | | | | | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #10324 from containers/uncompressingOpenShift Merge Robot2021-05-12
|\ \ | |/ |/| [NO TESTS NEEDED] Print "extracting" only on compressed file
| * Print "extracting" only on compressed fileAshley Cui2021-05-12
| | | | | | | | | | | | | | We should only print "extracting compressed file" when the file is actually compressed Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10271 from matejvasek/fix-wait-next-exitOpenShift Merge Robot2021-05-10
|\ \ | | | | | | fix: improved "containers/{name}/wait" endpoint
| * | fix: improved "containers/{name}/wait" endpointMatej Vasek2021-05-10
| |/ | | | | | | | | | | | | | | Using event API to detect changes to container instead of polling. Polling was unreliable, sometime change of a state might have been missed. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Add client disconnect to build handler loopJhon Honce2021-05-10
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] In process of debugging added request channel check and logging message to build loop. Unable to recreate build drop issue after this. 68k build iterations without fail. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #10236 from Luap99/generate-systemd-envOpenShift Merge Robot2021-05-10
|\ \ | | | | | | Add envars to the generated systemd unit
| * | Add envars to the generated systemd unitPaul Holzinger2021-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The with --new generated systemd unit loses the environment variables when the create command only contains the key without the value. Since podman tries to lookup those values from the environment the unit can fail. This commits ensures that we will add the environment variables to the unit file when this is the case. The container environment variables are looked up in the container spec. Fixes #10101 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10292 from rhatdan/buildahOpenShift Merge Robot2021-05-10
|\ \ \ | | | | | | | | Fix podman-remote build --rm=false ...
| * | | Fix podman-remote build --rm=false ...Daniel J Walsh2021-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9869 [NO TESTS NEEDED] Since the podman-remote buildah tests will test this, and this is clearly correct. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10268 from flouthoc/kube-default-shared-namespaceOpenShift Merge Robot2021-05-10
|\ \ \ \ | |/ / / |/| | | Kube like pods should share ipc,net,uts by default