| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add filepath glob support to --security-opt unmask
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
podman: set volatile storage flag for --rm containers
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
volatile containers are a storage optimization that disables *sync()
syscalls for the container rootfs.
If a container is created with --rm, then automatically set the
volatile storage flag as anyway the container won't persist after a
reboot or machine crash.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
rootless: improve automatic range split
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sort.Search returns the smallest index, so provide the available IDs
in decreasing order.
It fixes an issue when splitting the current mappings over multiple
available IDs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
add --mac-address to podman play kube
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add --all to podman start
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The compat endpoint for container inspect must return {} instead of null
for NetworkSettings.Networks.
Fixes #9837
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| |/
|/| |
Remove unused VolumeList* structs
|
| | |
| |
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED] since we are just removing unused code.
Replaces: https://github.com/containers/podman/pull/9558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Autoupdate Local
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
changed struct to policyMapper
change "image" to "registry" in multiple locations
Updated documentation with registry alias & autoupdate local
Added relevant test
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Digests were used to compare local image and container image
Registry alias added for Image Policy
Refactored to integrate new feature + change some naming conventions
Tested this using a modified version of the docs autoupdate instructions & it worked successfully
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
| |\ \
| | |
| | | |
[NO TESTS NEEDED] Check if another VM is running on machine start
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to be more compatible with Docker, we should return a
container die status rather then a "container died", Too late to
change this for Podman.
Partially fixes: https://github.com/containers/podman/issues/10168
[NO TESTS NEEDED] No easy way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add podman run --timeout option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Allow docker volume create API to pass without name
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The Docker API does not require Volume name to be specified when
creating a volume.
Fixes: https://github.com/containers/podman/issues/9803
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Users coming e.g. from Docker do not always read the manual and
expect podman to not require sudo or uidmap, for them the default
message is not very helpful:
Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.:
cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH
Adding a bit more context to this would help to nudge them into the
right direction and tell them what to look for in the documentation:
command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
[NO TESTS NEEDED]
|
| |\ \ \
| | | |
| | | | |
Fix podman ps --filter ancestor to match exact ImageName/ImageID
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
[NO TESTS NEEDED] Add machine-enabled to containers.conf for machine
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add machine-enabled=true into /etc/containers/containers.conf when
initing a VM. This field should tell Podman it's being run in a
podman-machine and it will be used in future to tell podman to set up
other necessary machine stuff such as networking
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Add support for CDI device configuration
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Persist CDIDevices in container config
- Add e2e test
- Log HasDevice error and add additional condition for safety
Signed-off-by: Sebastian Jug <seb@stianj.ug>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
giuseppe/create-userns-for-root-without-CAP_SYS_ADMIN
runtime: create userns when CAP_SYS_ADMIN is not present
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when deciding to create a user namespace, check for CAP_SYS_ADMIN
instead of looking at the euid.
[NO TESTS NEEDED] Needs nested Podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when creating a user namespace, attempt to create it first by copying
the current mappings and then fallback to the other methods:
1) use newidmap tools and ...
2) create a user namespace with a single user mapped.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It is possible that a container is removed between fetching the
initial list of containers and the second access during conversion.
Closes #10120
[NO TESTS NEEDED]
Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
podman-remote should show podman.sock info
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Currently podman-remote info does not show socket information.
Fixes: https://github.com/containers/podman/issues/10077
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In libpod/image.Image.Remove(), if the attempt to find the image's
parent fails for any reason, log a warning and proceed as though it
didn't have one instead of failing, which would leave us unable to
remove the image without resetting everything.
In libpod/Runtime.RemoveImage(), if we can't determine if an image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove
all images, if we encounter an error checking if a given image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\
| |
| | |
Add flag "--pidfile" for podman create/run
|
| | |
| |
| |
| | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| |\ \
| | |
| | | |
Fixes podman-remote save to directories does not work
|
| | | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Add network bindings tests: remove and list
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
add --ip to podman play kube
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
