| Commit message (Collapse) | Author | Age |
|\
| |
| | |
fix bug podman sign storage path
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- fix the bud podman not using specified --directory as signature storage.
- use manifest and image referce to set repo@digest.
close #6994
close #6993
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/
|
|
|
|
|
|
| |
the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such.
Fixes: #7128
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
Missing return after early exit
|
| |
| |
| |
| |
| |
| |
| |
| | |
the exists code was plagued by a missing return statement meant to trigger an early exit.
Fixes: #7197
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
docker-compose uses application/tar
|
| |/
| |
| |
| |
| |
| |
| |
| | |
even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning.
Fixes: #7185
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
rootless: system service joins immediately the namespaces
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when there is a pause process running, let the "system service" podman
instance join immediately the existing namespaces.
Closes: https://github.com/containers/podman/issues/7180
Closes: https://github.com/containers/podman/issues/6660
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
[CI:DOCS] apiv2 fix volumes not included field
|
| | |
| | |
| | |
| | |
| | |
| | | |
Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
API returns 500 in case network is not found instead of 404
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Handle single character images
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently you can only specify multiple character for image names
when executing podman-remote commit
podman-remote commit a b
Will complete, but will save the image without a name.
podman-remote commit a bb
Works.
This PR fixes and now returns an error if the user doees not specify an
image name to commit to.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add test case for description being present in search result
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The HTTP API for image search was still lacking support of the NoTrunc
parameter.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Basically cherry-picked into the api from
commit cf5c63b5c492e41d72b6e3b6d75b5f39b0a957fd.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add versioned _ping endpoint
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #7008
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When you execute podman create/run with the --pod new:<name> syntax
the pod was created but the namespaces where not shared and
therefore containers could not communicate over localhost.
Add the default namespaces and pass the network options to the
pod create options.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add a check to verify whether the additional IDs also contain the host
ID.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
if the parent process failed to create the user namespace, let the
child exit immediately.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
when setting up the user namespace do not ignore errors from
newuidmap/newgidmap if there are mappings configured.
The single user mapping is a fallback only when there are not mappings
specified for the user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Return NamesHistory when returning remote images
|
| |/
| |
| |
| |
| |
| |
| | |
We are returning bogus data in podman-remote images --format json.
This change will match the same data returned my podman images --format json.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Binding the same container port to >1 host port is OK
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The initial version of the new port code mistakenly restricted
this, so un-restrict it. We still need to maintain the map of
container ports, unfortunately (need to verify if the port in
question is a duplicate, for example).
Fixes #7062
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
The "podman wait to pause|unpause condition" test is failing
several times a day, always a flake. Issue #6518.
Disable it until the cause can be identified and fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
There are many use cases where you want to just mount an image
without creating a container on it. For example you might want
to just examine the content in an image after you pull it for
security analysys. Or you might want to just use the executables
on the image without running it in a container.
The image is mounted readonly since we do not want people changing
images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Switch all references to github.com/containers/libpod -> podman
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
compat/info.go: TrimPrefix(CGroupsVersion, "v")
|
| |
| |
| |
| |
| |
| | |
For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|/
|
|
|
|
|
|
|
|
|
| |
We should default to the user name unmount rather then the internal
name of umount.
Also User namespace was not being handled correctly. We want to inform
the user that if they do a mount when in rootless mode that they have
to be first in the podman unshare state.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Fix an error where an absent "filters" parameter led to JSON parsing
errors.
Fixes: #7078
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html)
lists the API as experimental. Removed that word and reworked the first
paragraph a bit based on verbiage that @mheon put together for the
API intro blog.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|\
| |
| |
| |
| | |
maybe-sybr/maybe/apiv2/fix-container-create-with-volumes
APIv2:fix: Get volumes from `Binds` when creating
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change ensures that we pull volume bind specification strings from
the correct spot in the POSTed data when creating containers. We should
probably canity check that the mapping keys in `Volumes` are a superset
of the binds listed in `HostConfig.Binds` but this cheap change removes
an annoying behaviour where named volumes or host mount would be
silently replaced with newly created anonymous volumes.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| | |
podman play kube didn't set host ip correctly from YAML
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently you can not apply an ApparmorProfile if you specify
--privileged. This patch will allow both to be specified
simultaniosly.
By default Apparmor should be disabled if the user
specifies --privileged, but if the user specifies --security apparmor:PROFILE,
with --privileged, we should do both.
Added e2e run_apparmor_test.go
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add --umask flag for create, run
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
Fix Generate API swagger title/description
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
generate kube title and descritopn was same as play kube for apiv2 docs
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
events endpoint: fix panic and race condition
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|