summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Rework port parsing to support --expose and -PMatthew Heon2020-05-04
| | | | | | | | | | | | | | | | | | | | | As part of this, make a major change to the type we use to represent port mappings in SpecGen (from using existing OCICNI structs to using our own custom one). This struct has the advantage of supporting ranges, massively reducing traffic over the wire for Podman commands using them (for example, the `podman run -p 5000-6000` command will now send only one struct instead of 1000). This struct also allows us to easily validate which ports are in use, and which are not, which is necessary for --expose. Once we have parsed the ports from the new struct, we can produce an accurate map including all currently requested ports, and use that to determine what ports need to be exposed (some requested exposed ports may already be included in a mapping from --publish and will be ignored) and what open ports on the host we can map them to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6051 from rhatdan/containers.confOpenShift Merge Robot2020-05-04
|\ | | | | Fixes for test/e2e/containers_conf_test.go
| * Fix errors found in coverity scanDaniel J Walsh2020-05-01
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * cgroupsns was not following containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | Implement ParseCgroupsNamespace to handle defaults. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Properly handle default capabilities listed in containers.confDaniel J Walsh2020-05-01
| | | | | | | | | | | | | | If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Properly handle containers.conf devicesDaniel J Walsh2020-05-01
| | | | | | | | | | | | We need to add the default devices listed in containers.conf Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6058 from rhatdan/coverityOpenShift Merge Robot2020-05-01
|\ \ | | | | | | Fix errors found in coverity scan
| * | Fix errors found in coverity scanDaniel J Walsh2020-05-01
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6060 from sujil02/systemprune-v2OpenShift Merge Robot2020-05-01
|\ \ | | | | | | And system prune feature for v2.
| * | And system prune feature for v2.Sujil022020-05-01
| | | | | | | | | | | | | | | | | | | | | | | | Adds podman system prune for v2. Refactoring for code reuse from pods containers images and volume prune. Adds and enables testcases to support the added feature. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | Merge pull request #6062 from jwhonce/wip/docsOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | [CI:DOC] Bring README.md up to date
| * | [CI:DOCS] Bring README.md up to dateJhon Honce2020-05-01
| |/ | | | | | | | | | | | | * Add notes on helper functions * Update example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6057 from baude/v2networkingOpenShift Merge Robot2020-05-01
|\ \ | | | | | | v2networking enable commands
| * | v2networking enable commandsbaude2020-04-30
| |/ | | | | | | | | | | Enable the networking commands for v2. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #6004 from rhatdan/ulimitsOpenShift Merge Robot2020-05-01
|\ \ | | | | | | Set up ulimits for rootless containers.
| * | Set up ulimits for rootless containers.Daniel J Walsh2020-04-28
| | | | | | | | | | | | | | | | | | | | | Currently we are setting the maximum limits for rootful podman containers, no reason not to set them by default for rootless users as well Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6016 from giuseppe/fix-createOpenShift Merge Robot2020-05-01
|\ \ \ | |_|/ |/| | v2, podman: fix create and entrypoint tests
| * | podman, start: propagate back the raw inputGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | | | | | | | | | | this is necessary as we expect "podman start $ID_NAME" to print the same arguments the user passed in instead of the full ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | cmd, podman: do not override entrypoint if unsetGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | cmd, podman: handle --pod new:PODGiuseppe Scrivano2020-04-30
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | testv2: enable attach testQi Wang2020-04-29
|/ / | | | | | | | | | | testv2: enable attach test Signed-off-by: Qi Wang <qiwan@redhat.com>
* | V2 Restore images list testsJhon Honce2020-04-29
| | | | | | | | | | | | | | | | * Fix history --quiet formatting * Fix image inspect --format=json * Fix image list --sort Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | pull/search options: tls verify -> skipValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | Change the logic in the options from tls-verify to skipping verification. It require a constant brain yoga to translate from doing verification (CLI logic) to skipping it (c/image logic). As the code is using c/image, let's make it consistent. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6037 from vrothberg/enable-push-testsOpenShift Merge Robot2020-04-29
|\ \ | | | | | | Enable push tests
| * | login system test: enable "push ok"Valentin Rothberg2020-04-29
| | | | | | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | push: fix --tls-verifyValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | Fix --tls-verify parsing and make the associated options reflect the correct logic. Other commands are affected as well but will be fixed later. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6036 from giuseppe/fix-rootlessport-panicOpenShift Merge Robot2020-04-29
|\ \ \ | | | | | | | | rootlessport: use two different channels
| * | | rootlessport: use two different channelsGiuseppe Scrivano2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same channel is written to by two different goroutines. Use a different channel for each of them so to avoid writing to a closed channel. Closes: https://github.com/containers/libpod/issues/6018 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | specgen: honor slirp4netnsGiuseppe Scrivano2020-04-29
| |/ / | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6035 from giuseppe/move-rootless-open-before-forkOpenShift Merge Robot2020-04-29
|\ \ \ | |/ / |/| | rootless: move ns open before fork
| * | rootless: move ns open before forkGiuseppe Scrivano2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 788fdc685b00dee5ccb594bef845204250c4c123 introduced a race where the target process dies before the child process opens the namespace files. Move the open before the fork so if it fails the parent process can attempt to join a different container instead of failing. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #6022 from vrothberg/enable-inspect-testsOpenShift Merge Robot2020-04-29
|\ \ \ | | | | | | | | enable inspect tests
| * | | enable inspect testsValentin Rothberg2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A surprisingly big change. A core problem was that `podman inspect` allows for passing containers AND images with the default `--type=all`. This only worked partially as the data was processed in isolation which caused various issues (e.g., two separate outputs instead of one) but it also caused issues regarding error handling. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #5998 from vrothberg/generate-systemdOpenShift Merge Robot2020-04-29
|\ \ \ \ | |_|/ / |/| | | generate systemd
| * | | generate systemdValentin Rothberg2020-04-29
| |/ / | | | | | | | | | | | | | | | | | | Implement `podman generate systemd` for Podman v2 and enable associated tests. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6029 from rhatdan/envOpenShift Merge Robot2020-04-29
|\ \ \ | |/ / |/| | User specified environment happen after other environments are set
| * | User specified environment happen after other environments are setDaniel J Walsh2020-04-28
| |/ | | | | | | | | | | | | When using varlink we want to make sure that user specified environment variables take precedence over http-proxy environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6026 from baude/v2forcesystemtestsOpenShift Merge Robot2020-04-28
|\ \ | | | | | | system tests must pass
| * | system tests must passBrent Baude2020-04-28
| | | | | | | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5991 from sujil02/pod-rm-testOpenShift Merge Robot2020-04-28
|\ \ \ | |/ / |/| | Fix typos in messages pod rm
| * | Fix typos in rm messagesSujil022020-04-28
| | | | | | | | | | | | | | | | | | Fix typos in pod rm messages Signed-off-by: Sujil02 <sushah@redhat.com>
* | | Merge pull request #6024 from baude/v2checkmediatypewOpenShift Merge Robot2020-04-28
|\ \ \ | | | | | | | | check image media/manifest type for healthchecks
| * | | check image media/manifest type for healthchecksBrent Baude2020-04-28
| | |/ | |/| | | | | | | | | | | | | before looking up a healthcheck in an image, check to make sure it is a dockerv2schema image. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6020 from giuseppe/fix-execOpenShift Merge Robot2020-04-28
|\ \ \ | | | | | | | | v2, podman: fix create tests
| * | | pkg, specgen: do not hardcode user=0 in the config if not specifiedGiuseppe Scrivano2020-04-28
| |/ / | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5907 from sujil02/systemprune-v2OpenShift Merge Robot2020-04-28
|\ \ \ | |/ / |/| | Adding system prune for podman v2
| * | Adding system prune for podman v2Sujil022020-04-24
| | | | | | | | | | | | | | | | | | | | | Register system prune route, handler to support system prune, Adds testcase to validate the system prune flow. Signed-off-by: Sujil02 <sushah@redhat.com>
* | | Merge pull request #6000 from mheon/volume_backend_flagsOpenShift Merge Robot2020-04-27
|\ \ \ | | | | | | | | Add support for volumes-from, image volumes, init
| * | | Improve Entrypoint and Command supportMatthew Heon2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should not be overwriting the Specgen's Command and Entrypoint when building the final command to pass in the OCI spec. Both of these will be provided to Libpod for use in `podman inspect` and committing containers, and both must be set to the user's input, not overwritten by the image if unset. Fix this by moving command generation into OCI spec generation and not modifying the SpecGenerator when we do so. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>