| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Allow to pass additional FDs to the process being executed.
Closes: https://github.com/containers/libpod/issues/2372
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
if any of the mapping tools for setting up the user namespace fail,
then include their output in the error message.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When using a user namespace, we create the mount point under
`mountPrefix` so that the uid != 0 can access that directory.
Change the addFIPSModeSecret code to honor that, and also ensure we
are creating the directories with the right ownership.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
| |
Fixes #2459
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
No reason to do it in util/ anymore. It's always going to be a
subdirectory of c/storage graph root by default, so we can just
set it after the return.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
| |
There are some cases where we might not be properly adjusting the
volume path after setting the storage graph root. Ensure that we
always set volume path to be a child of graph root.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
| |
if there is already a bind mount specified for the target, do not
create a new volume.
Regression introduced by 52df1fa7e054d577e8416d1d46db1741ad324d4a
Closes: https://github.com/containers/libpod/issues/2441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
enable the ability for the remote client to pause, unpause, and
restart pods.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
podman-remote create|ps
|
| |
| |
| |
| |
| |
| |
| | |
enable the podman-remote client to be able to create and list
pods on a remote system.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Fix up handling of user defined network namespaces
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | |/
| |/| |
Enable more podman-remote pod commands
|
| |/
| |
| |
| |
| |
| | |
enable pod start, stop, and kill subcommands for the remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
make remote-client error messaging more robust
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the remote-client is currently weak for carrying error messages
over the varlink interface and displaying something useful to users
and developers for the purposes of debug. this is a starting point
to improve that user experience.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
when joining an existing namespace, we were not maintaining the
current working directory, causing commands like export -o to fail
when they weren't referring to absolute paths.
Closes: https://github.com/containers/libpod/issues/2381
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
enable the remote client to be able to inspect a pod. also, bonus of
enabling the podman pod exists command which returns a 0 or 1 depending
on whether the given pod exists.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
enable the ability to load an image into remote storage
using the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
enable podman-remote pod rm
|
| |
| |
| |
| |
| |
| | |
add the ability to delete a pod from the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
| |
Because the varlink server honors the socket activation protocol,
LISTEN_PID has to be adjusted with the new PID.
https://varlink.org/FAQ.html#how-does-socket-activation-work
Signed-off-by: Harald Hoyer <harald@redhat.com>
|
|
|
|
|
|
|
| |
Add the ability to save an image from the remote-host to the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also add some argument checks to the Varlink function to avoid
referencing nil pointers, and complement the API.md descriptions.
The varlink endpoint can be tested via varlink CLI:
$ varlink call -m unix:/run/podman/io.podman/io.podman.SearchImages \
'{"query": "ruby", "limit": 0, "tlsVerify": false, "filter": {}}'
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Use an `image.SearchFilter` instead of a `[]string` in the SearchImages
API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
Refactor the image-search logic from cmd/podman/search.go to
libpod/image/search.go and update podman-search and the Varlink API to
use it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
| |
Add status for remote users and podman remote-client pull.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
Drop context.Context field from cli.Context
Signed-off-by: Sebastian Jug <sejug@redhat.com>
|
|\
| |
| | |
Add registry name to fields returned by varlink image search
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cockpit team wants to list the registry name where the image was
found.
Also fix up SearchImages code to check if the user specified a registry
in his call to use that rather then all the registries, This matches
podman search command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
or attached.
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
Add tlsVerify bool to SearchImage for varlink
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cockpit wants to be able to search images on systems without
tlsverify turned on.
tlsverify should be an optional parameter, if not set then we default
to the system defaults defined in /etc/containers/registries.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
volume prune
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
allow users to remotely prune volumes.
this is the last volume command for remote enablement. as such,
the volume commands are being folded back into main because they
are supported for both local and remote clients.
also, enable all volume tests that do not use containers
as containers are not enabled for the remote client yet.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
podman-remote build
|
| |
| |
| |
| |
| |
| |
| | |
add the ability to build images using files local to the remote-client
but over a varlink interface to a "remote" server.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Fix manual detach from containers to not wait for exit
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At present, when manually detaching from an attached container
(using the detach hotkeys, default C-p C-q), Podman will still
wait for the container to exit to obtain its exit code (so we can
set Podman's exit code to match). This is correct in the case
where attach finished because the container exited, but very
wrong for the manual detach case.
As a result of this, we can no longer guarantee that the cleanup
and --rm functions will fire at the end of 'podman run' - we may
be exiting before we get that far. Cleanup is easy enough - we
swap to unconditionally using the cleanup processes we've used
for detached and rootless containers all along. To duplicate --rm
we need to also teach 'podman cleanup' to optionally remove
containers instead of cleaning them up.
(There is an argument for just using 'podman rm' instead of
'podman cleanup --rm', but cleanup does have different semantics
given that we only ever expect it to run when the container has
just exited. I think it might be useful to keep the two separate
for things like 'podman events'...)
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
add the ability to list and inspect volumes using the remote
client and varlink
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
enable podman-remote push so that users can push images from a
remote client.
change in push API to deal with the need to see output over the
varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Also rename image result struct to `ImageSearchResult` and make `limit`
parameter optional.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| | |
Container more clearly describes what the type represents.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Image more clearly describes what the type represents.
Also, only include the image name in the `ImageNotFound` error returned
by `GetImage()`, not the full error message.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| | |
Not having the `Version` wrapper type makes it easier for clients to
work with the returned data.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is more consistent and eaiser to parse than the format that
golang's time.String() returns.
Fixes #2260
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
There are other ways for developers to "ensure their varlink setup is
working", for example by calling `GetVersion()` or any call on the
org.varlink.service interface.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|