summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #10081 from sjug/cdi_device_libOpenShift Merge Robot2021-04-26
|\ | | | | Add support for CDI device configuration
| * Add support for CDI device configurationSebastian Jug2021-04-20
| | | | | | | | | | | | | | | | - Persist CDIDevices in container config - Add e2e test - Log HasDevice error and add additional condition for safety Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | Merge pull request #10079 from ↵OpenShift Merge Robot2021-04-26
|\ \ | | | | | | | | | | | | giuseppe/create-userns-for-root-without-CAP_SYS_ADMIN runtime: create userns when CAP_SYS_ADMIN is not present
| * | runtime: create userns when CAP_SYS_ADMIN is not presentGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | when deciding to create a user namespace, check for CAP_SYS_ADMIN instead of looking at the euid. [NO TESTS NEEDED] Needs nested Podman Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: attempt to copy current mappings firstGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when creating a user namespace, attempt to create it first by copying the current mappings and then fallback to the other methods: 1) use newidmap tools and ... 2) create a user namespace with a single user mapped. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: if root is not sub?id raise a debug messageGiuseppe Scrivano2021-04-22
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Fix removal race condition in ListContainersSoMuchForSubtlety2021-04-23
|/ / | | | | | | | | | | | | | | | | | | | | It is possible that a container is removed between fetching the initial list of containers and the second access during conversion. Closes #10120 [NO TESTS NEEDED] Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
* | Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10080 from rhatdan/remoteOpenShift Merge Robot2021-04-21
|\ \ | | | | | | podman-remote should show podman.sock info
| * | podman-remote should show podman.sock infoDaniel J Walsh2021-04-20
| |/ | | | | | | | | | | | | | | Currently podman-remote info does not show socket information. Fixes: https://github.com/containers/podman/issues/10077 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / rmi: don't break when the image is missing a manifestNalin Dahyabhai2021-04-20
|/ | | | | | | | | | | | | | | | | | | | In libpod/image.Image.Remove(), if the attempt to find the image's parent fails for any reason, log a warning and proceed as though it didn't have one instead of failing, which would leave us unable to remove the image without resetting everything. In libpod/Runtime.RemoveImage(), if we can't determine if an image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove all images, if we encounter an error checking if a given image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #10041 from chenk008/add_pidfile_flagOpenShift Merge Robot2021-04-19
|\ | | | | Add flag "--pidfile" for podman create/run
| * add flag "--pidfile" for podman create/runwuhua.ck2021-04-16
| | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* | Merge pull request #10025 from zhangguanzhang/remote-save-dirOpenShift Merge Robot2021-04-19
|\ \ | | | | | | Fixes podman-remote save to directories does not work
| * | Fixes podman-remote save to directories does not workzhangguanzhang2021-04-15
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Ensure mount destination is clean, no trailing slashEduardo Vega2021-04-18
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #10018 from jmguzik/more-network-bindings-testsOpenShift Merge Robot2021-04-17
|\ \ \ | | | | | | | | Add network bindings tests: remove and list
| * | | Add network bindings tests: remove and listJakub Guzik2021-04-15
| | |/ | |/| | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #10043 from Luap99/play-kube-ipOpenShift Merge Robot2021-04-17
|\ \ \ | |/ / |/| | add --ip to podman play kube
| * | add --ip to podman play kubePaul Holzinger2021-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --ip flag to podman play kube. This is used to specify a static IP address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #8442 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10010 from lsm5/GO111MODULE-OFF-fix-buildOpenShift Merge Robot2021-04-15
|\ \ \ | | | | | | | | fix build with with GO111MODULE=off
| * | | Fix build with GO111MODULE=offLokesh Mandvekar2021-04-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Distro builds on Fedora and Kubic projects use GO111MODULE=off by default which are currently failing. This commit fixes it and going forward, podman CI will also indicate failures in rpm builds. The additional LDFLAGS have been removed from the spec file which is not ideal. But, currently we only use the spec file to check if the rpm builds fine. We can fix the LDFLAGS in a later commit when we're working on packit integration. conmon build has also been removed from podman.spec.in because the COPR for which it was provided has been discontinued. [NO TESTS NEEDED] Fixes: #10009 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* / / podman play kube apply correct log driverPaul Holzinger2021-04-15
|/ / | | | | | | | | | | | | | | | | | | The --log-driver flag was silently ignored by podman play kube. This regression got introduced during the play kube rework. Unfortunately the test for this was skipped for no good reason. Fixes #10015 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #10032 from nalind/trace-levelOpenShift Merge Robot2021-04-15
|\ \ | | | | | | Recognize "trace" logging, and use it for lone errors at exit
| * | pkg/errorhandling.JoinErrors: don't throw away context for lone errorsNalin Dahyabhai2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | When our multierror contains just one error, don't extract its text only to rewrap it, because doing so discards any stack trace information that might have been added closer to where the error actually originated. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | | Fix flake on failed podman-remote build : try 2Daniel J Walsh2021-04-14
| |/ |/| | | | | | | | | | | | | | | | | | | This time we are checking if the function actually succeeded, otherwise we will report an error. Also if we did not get the id, report unexpected failure. [NO TESTS NEEDED] Still no good way to test this, but manually. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix flake on failed podman-remote buildDaniel J Walsh2021-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a race condition where podman build can fail but still return an exit code of 0. This PR ensures that as soon as the build fails, the failed flag is set eliminating the race. Fixes: https://github.com/containers/podman/issues/10029 [NO TESTS NEEDED] Tests of failed builds are already in place, and the elimination of the race should be enough. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9945 from rhatdan/runlabelOpenShift Merge Robot2021-04-14
|\ \ | |/ |/| Fix handling of $NAME and $IMAGE in runlabel
| * Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-12
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Remove in-memory state implementationMatthew Heon2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We originally added this in the *very early* days of Podman, before a proper persistent state was written, so we had something to test with. It was retained after the original SQLite state (and current BoltDB state) were written so it could be used for testing Libpod in unit tests with no requirement for on-disk storage. Well, such unit tests never materialized, and if we were to write some now the requirement to have a temporary directory for storing data on disk is not that bad. I can basically guarantee there are no users of this in the wild because, even if you managed to figure out how to configure it when we don't document it, it's completely unusable with Podman since all your containers and pods will disappear every time Podman exits. Given all this, and since it's an ongoing maintenance burden I no longer wish to deal with, let's just remove it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Reflect current state of prune implementation in docsJakub Guzik2021-04-13
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-12
| | | | | | | | | | | | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #9969 from jwhonce/wip/manifestsOpenShift Merge Robot2021-04-12
|\ \ | | | | | | Update manifest API endpoints
| * | Update manifest API endpointsJhon Honce2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add validation for manifest name * Always return an array for manifests even if empty * Add missing return in df handler when returning error. Caused an additional null to be written to client crashing python decoder. When c/image is refactored to include manifests, manifest endpoints should be revisited. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #9988 from jmguzik/prune-filters-bindings-netOpenShift Merge Robot2021-04-12
|\ \ \ | |_|/ |/| | Add network prune filters support to bindings
| * | Add network prune filters support to bindingsJakub Guzik2021-04-10
| |/ | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #9935 from EduardoVega/5788-kube-volumeOpenShift Merge Robot2021-04-12
|\ \ | | | | | | Add support for play/generate kube PersistentVolumeClaims and Podman volumes
| * | Add support for play/generate kube volumesEduardo Vega2021-04-09
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #9950 from Luap99/unshare-rootless-cniOpenShift Merge Robot2021-04-12
|\ \ \ | |_|/ |/| | podman unshare: add --rootless-cni to join the ns
| * | podman unshare: add --rootless-cni to join the nsPaul Holzinger2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --rootless-cni option to podman unshare to also join the rootless-cni network namespace. This is useful if you want to connect to a rootless container via IP address. This is only possible from the rootless-cni namespace and not from the host namespace. This option also helps to debug problems in the rootless-cni namespace. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | cgroups: force 64 bits to ParseUintGiuseppe Scrivano2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] force bitsSize==64 so that the string is always parsed to a uint64 instead of using the native int size, that could be not big enough on 32 bits arches. Closes: https://github.com/containers/podman/issues/9979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #9971 from jwhonce/wip/dfOpenShift Merge Robot2021-04-08
|\ \ \ | | | | | | | | Add missing return
| * | | Add missing returnJhon Honce2021-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #9121 from tmds/swagger_remove_name_wildcardsOpenShift Merge Robot2021-04-08
|\ \ \ \ | | | | | | | | | | [NO TESTS NEEDED] swagger: remove name wildcards
| * | | | swagger: remove name wildcardsTom Deseyn2021-04-07
| | |/ / | |/| | | | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | | | Merge pull request #9968 from pablofsf/fix-libpod-container-wait-docsOpenShift Merge Robot2021-04-08
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Adjust libpod API Container Wait documentation to the code
| * | | | Adjust libpod API Container Wait documentation to the codePablo Correa Gómez2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #9960 Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* | | | | Merge pull request #9958 from jmguzik/limit-prune-filters-for-volumesOpenShift Merge Robot2021-04-07
|\ \ \ \ \ | |_|_|/ / |/| | | | Volumes prune endpoint should use only prune filters
| * | | | Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-07
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>