summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #4228 from giuseppe/detect-no-systemd-sessionOpenShift Merge Robot2019-10-24
|\ | | | | rootless: detect no system session with --cgroup-manager=systemd
| * rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| | | | | | | | | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4329 from mheon/no_noexec_image_volumeOpenShift Merge Robot2019-10-24
|\ \ | | | | | | Image volumes should not be mounted noexec
| * | Image volumes should not be mounted noexecMatthew Heon2019-10-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker more closely, but retains the more important protections of nosuid/nodev. Fixes #4318 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
|/ / | | | | | | | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4287 from mheon/anonymous_volumesOpenShift Merge Robot2019-10-22
|\ \ | | | | | | Add support for anonymous volumes to `podman run -v`
| * | Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4284 from mheon/fix_vol_inspectOpenShift Merge Robot2019-10-21
|\ \ \ | | | | | | | | Show volume options in 'volume inspect'
| * | | Rewrite backend for remote 'volume inspect'Matthew Heon2019-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to use the new Inspect() endpoint instead of trying to JSON the actual volume structs. Currently, the output seems completely nonsensical; it seems like we're JSONing the struct for the Varlink connection itself? This should restore sanity and match the format of remote and local inspect on volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4309 from giuseppe/write-storage-overridesOpenShift Merge Robot2019-10-21
|\ \ \ \ | |_|_|/ |/| | | rootless: write storage overrides to the conf file
| * | | rootless: write storage overrides to the conf fileGiuseppe Scrivano2019-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make sure the user overrides are stored in the configuration file when first created. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4125 from baude/remotestdinOpenShift Merge Robot2019-10-20
|\ \ \ \ | | | | | | | | | | Add ability to redirect bash for run -i
| * | | | Add ability to redirect bash for run -ibaude2019-10-15
| | | | | | | | | | | | | | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | | | | rootless: do not enable lingering modeGiuseppe Scrivano2019-10-17
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | do not automatically enable lingering mode. Closes: https://github.com/containers/libpod/issues/4224 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #4271 from tylarb/stdin_attachOpenShift Merge Robot2019-10-17
|\ \ \ \ | |_|_|/ |/| | | Attach to container if it was created with --interactive
| * | | Attach stdin to container at start if it was created with --interactiveTyler Ramer2019-10-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Check to see if the container's start config includes the interactive flag when determining to attach or ignore stdin stream. This is in line with behavior of Docker CLI and engine Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
* | | Merge pull request #4279 from giuseppe/rootless-drop-dep-dockerOpenShift Merge Robot2019-10-17
|\ \ \ | |_|/ |/| | rootless: drop dependency on docker
| * | rootless: drop dependency on dockerGiuseppe Scrivano2019-10-16
| |/ | | | | | | | | | | use the definition from "golang.org/x/sys/unix". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / start: print full container IDbklimenko2019-10-16
|/ | | | | | | Now the "podman start" command prints the full ID and has the same behaviour as other commands. Signed-off-by: Boris Klimenko <2@borisklimenko.ru>
* Fix sample's JSON syntax error in oci-hooks.5.mdKenta Tada2019-10-14
| | | | Signed-off-by: Kenta Tada <Kenta.Tada@sony.com>
* Merge pull request #4233 from mheon/fix_ccOpenShift Merge Robot2019-10-12
|\ | | | | Allow giving path to Podman for cleanup command
| * Allow giving path to Podman for cleanup commandMatthew Heon2019-10-11
| | | | | | | | | | | | | | | | For non-Podman users of Libpod, we don't want to force the exit command to use ARGV[0], which probably does not support a cleanup command. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4220 from mheon/null_runtimeOpenShift Merge Robot2019-10-11
|\ \ | | | | | | Move OCI runtime implementation behind an interface
| * | Move OCI runtime implementation behind an interfaceMatthew Heon2019-10-10
| |/ | | | | | | | | | | | | | | | | | | | | | | For future work, we need multiple implementations of the OCI runtime, not just a Conmon-wrapped runtime matching the runc CLI. As part of this, do some refactoring on the interface for exec (move to a struct, not a massive list of arguments). Also, add 'all' support to Kill and Stop (supported by runc and used a bit internally for removing containers). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4235 from giuseppe/no-pids-cgroupfsOpenShift Merge Robot2019-10-11
|\ \ | | | | | | rootless: do not set PIDs limit if --cgroup-manager=cgroupfs
| * | rootless: do not set PIDs limit if --cgroup-manager=cgroupfsGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | | | | even if the system is using cgroups v2, rootless is not able to setup limits when the cgroup-manager is not systemd. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4223 from QiWang19/uidmapOpenShift Merge Robot2019-10-10
|\ \ \ | | | | | | | | show uid_map in podman info
| * | | show uid_map in podman infoQi Wang2019-10-09
| | |/ | |/| | | | | | | | | | | | | show uid_map gid_map in podman info Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #4206 from giuseppe/systemd-mode-look-full-pathOpenShift Merge Robot2019-10-10
|\ \ \ | |/ / |/| | systemd: expect full path /usr/sbin/init
| * | systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| |/ | | | | | | | | | | | | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | rootless: automatically recreate the pause.pid fileGiuseppe Scrivano2019-10-09
| | | | | | | | | | | | | | if the pause process cannot be joined, remove the pause.pid while keeping a lock on it, and try to recreate it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | rootless: do not close files twiceGiuseppe Scrivano2019-10-09
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4032 from rhatdan/pids-limitOpenShift Merge Robot2019-10-07
|\ | | | | Setup a reasonable default for pids-limit 4096
| * Setup a reasonable default for pids-limit 4096Daniel J Walsh2019-10-04
| | | | | | | | | | | | | | | | | | | | | | CRI-O defaults to 1024 for the maximum pids in a container. Podman should have a similar limit. Once we have a containers.conf, we can set the limit in this file, and have it easily customizable. Currently the documentation says that -1 sets pids-limit=max, but -1 fails. This patch allows -1, but also indicates that 0 also sets the max pids limit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
|/ | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #3549 from marcov/evict-containerOpenShift Merge Robot2019-10-04
|\ | | | | Add ability to evict a container
| * rm: add containers eviction with `rm --force`Marco Vedovati2019-09-25
| | | | | | | | | | | | | | | | | | Add ability to evict a container when it becomes unusable. This may happen when the host setup changes after a container creation, making it impossible for that container to be used or removed. Evicting a container is done using the `rm --force` command. Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* | Merge pull request #4161 from afbjorklund/machine-envOpenShift Merge Robot2019-10-03
|\ \ | | | | | | Handle environment variables from podman-machine
| * | Apply changes also to the windows implementationAnders F Björklund2019-10-02
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Avoid hard-coding path to varlink and podmanAnders F Björklund2019-10-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
| * | Allow changing IdentityFile and to IgnoreHostsAnders F Björklund2019-10-01
| | | | | | | | | | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | rootless: allow cgroupfs manager on cgroups v2Giuseppe Scrivano2019-10-02
|/ / | | | | | | | | | | | | if there are no resources specified, make sure the OCI resources block is empty so that the OCI runtime won't complain. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | network: hide EPERM warning when rootlessGiuseppe Scrivano2019-10-01
| | | | | | | | | | | | | | | | | | | | if running rootless do not print a warning message when podman cannot rejoin the initial network namespace. The first network namespace is owned by root on the host, a rootless user cannot re-join it once it moves to a new network namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4001 from kunalkushwaha/podman-import-fixOpenShift Merge Robot2019-09-30
|\ \ | | | | | | podman import syntax fix
| * | syntax updated for podman import --changeKunal Kushwaha2019-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | currently, podman import change do not support syntax like - KEY val - KEY ["val"] This adds support for both of these syntax along with KEY=val Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
* | | Merge pull request #4124 from mheon/set_log_level_earlyOpenShift Merge Robot2019-09-27
|\ \ \ | | | | | | | | Set log-level immediately, before rootless setup
| * | | Set log-level immediately, before rootless setupMatthew Heon2019-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we don't do this, we print WARN level messages that we should not be printing by default. Up one WARN message to ERROR so it still shows up by default. Fixes: #4115 Fixes: #4012 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #4117 from mheon/pod_no_nameOpenShift Merge Robot2019-09-26
|\ \ \ \ | |/ / / |/| | | Add an error for pods without a name
| * | | Add an error for pods without a nameMatthew Heon2019-09-26
| | |/ | |/| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #4102 from baude/remotestdinOpenShift Merge Robot2019-09-25
|\ \ \ | | | | | | | | conditionally send stdin on remote run