summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* rootless: avoid zombie process on first launchGiuseppe Scrivano2021-07-29
| | | | | | | | | | | | | | avoid a zombie process if on the first launch Podman creates a long living process, such as "podman system service -t 0". The `r` variable was overriden thus causing the waitpid to fail and not clean up the intermediate process. Closes: https://github.com/containers/podman/issues/10575 [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #11056 from giuseppe/warning-root-no-sharedOpenShift Merge Robot2021-07-28
|\ | | | | rootless: check that / is mounted as shared
| * rootless: check that / is mounted as sharedGiuseppe Scrivano2021-07-28
| | | | | | | | | | | | | | | | | | | | | | | | if the root mount '/' is not mounted as MS_SHARED, print a warning, otherwise new mounts that are created in the host won't be propagated to the rootless mount namespace. Closes: https://github.com/containers/podman/issues/10946 [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #10910 from ↵OpenShift Merge Robot2021-07-28
|\ \ | | | | | | | | | | | | adrianreber/2021-07-12-checkpoint-restore-into-pod Add support for checkpoint/restore into and out of pods
| * | Support checkpoint/restore with podsAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support to checkpoint containers out of pods and restore container into pods. It is only possible to restore a container into a pod if it has been checkpointed out of pod. It is also not possible to restore a non pod container into a pod. The main reason this does not work is the PID namespace. If a non pod container is being restored in a pod with a shared PID namespace, at least one process in the restored container uses PID 1 which is already in use by the infrastructure container. If someone tries to restore container from a pod with a shared PID namespace without a shared PID namespace it will also fail because the resulting PID namespace will not have a PID 1. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Vendor in go-criu v5.1.0 for Pod checkpoint/restore supportAdrian Reber2021-07-27
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Prepare CRIU version check to work with multiple versionsAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | The upcoming commit to support checkpointing out of Pods requires CRIU 3.16. This changes the CRIU version check to support checking for different versions. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #11049 from vrothberg/fix-7370OpenShift Merge Robot2021-07-27
|\ \ \ | | | | | | | | support container to container copy
| * | | support container to container copyMehul Arora2021-07-27
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Implement container to container copy. Previously data could only be copied from/to the host. Fixes: #7370 Co-authored-by: Mehul Arora <aroram18@mcmaster.ca> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #11061 from giuseppe/migrate-no-move-to-cgroupOpenShift Merge Robot2021-07-27
|\ \ \ | |/ / |/| | command: migrate doesn't move process to cgroup
| * | command: migrate doesn't move process to cgroupGiuseppe Scrivano2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a new annotation for the "system migrate" command to not move the pause process to a separate cgroup. The operation is not needed since "system migrate" destroys the pause process, so there won't be any process left to move to a cgroup. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: do not overwrite err variableGiuseppe Scrivano2021-07-27
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / exec: fix cleanupValentin Rothberg2021-07-27
|/ | | | | | | | | | | | | Commit 341e6a1 made sure that all exec sessions are getting cleaned up. But it also came with a peformance penalty. Fix that penalty by spawning the cleanup process to really only cleanup the exec session without attempting to remove the container. [NO TESTS NEEDED] since we have no means to test such performance issues in CI. Fixes: #10701 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10983 from vrothberg/fix-danglingOpenShift Merge Robot2021-07-27
|\ | | | | refine dangling checks
| * refine dangling checksValentin Rothberg2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | By proxy by vendoring containers/common. Previously, a "dangling" image was an untagged image; just a described in the Docker docs. The definition of dangling has now been refined to an untagged image without children to be compatible with Docker. Further update a redundant image-prune test. Fixes: #10998 Fixes: #10832 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #11036 from caarlos0/fix-podman-manifest-pushOpenShift Merge Robot2021-07-26
|\ \ | | | | | | fix: podman manifest push respect --tls-verify flag
| * | fix: podman manifest push respect --tls-verify flagCarlos Alexandro Becker2021-07-26
| |/ | | | | | | | | | | [NO TESTS NEEDED] Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* / play kube: support capitalized pull policyValentin Rothberg2021-07-26
|/ | | | | | | | Pull policies in K8s yaml may be capitalized, so lower them before parsing. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1985905 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10895 from rhatdan/devicesOpenShift Merge Robot2021-07-24
|\ | | | | Support DeviceCgroupRules to actually get added.
| * Support DeviceCgroupRules to actually get added.Daniel J Walsh2021-07-21
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10302 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10996 from cdoern/untilLogOpenShift Merge Robot2021-07-24
|\ \ | | | | | | Implemented --until flag for Libpod's Container Logs
| * | Implemented --until flag for libpod's container logscdoern2021-07-22
| | | | | | | | | | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. This led me to implement the until param for libpod's container logs as well. Added e2e tests. Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #11015 from jmguzik/until-list-volumeOpenShift Merge Robot2021-07-22
|\ \ \ | |_|/ |/| | Add until filter to volume ls filters list
| * | Add until filter to volume ls filters listJakub Guzik2021-07-22
| | | | | | | | | | | | | | | | | | | | | As a conclusion of a discussion in #10861, until filter is added by this commit to volume ls filters. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #11008 from dpward/mainOpenShift Merge Robot2021-07-21
|\ \ \ | | | | | | | | [CI:DOCS] Fix GitHub URL to Podman logo
| * | | [CI:DOCS] Fix GitHub URL to Podman logoDavid Ward2021-07-21
| | | | | | | | | | | | | | | | | | | | | | | | The Podman logo is not rendered on docs.podman.io with the current URL. Signed-off-by: David Ward <david.ward@ll.mit.edu>
* | | | Merge pull request #10992 from rhatdan/playOpenShift Merge Robot2021-07-21
|\ \ \ \ | |/ / / |/| | | Fix handling of selinux labels in podman play kube
| * | | Fix handling of selinux labels in podman play kubeDaniel J Walsh2021-07-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10969 [NO TESTS NEEDED] We added tests for this, but they don't seem to be running. If I run the local system tests, they fail with the current Podman and work with this version. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10999 from rhatdan/quota1OpenShift Merge Robot2021-07-21
|\ \ \ | | | | | | | | Drop support for the --storage-opt container flag
| * | | Drop podman create --storage-opt container flagDaniel J Walsh2021-07-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The global flag will work in either location, and this flag just breaks users expectations, and is basically a noop. Also fix global storage-opt so that podman-remote can use it. [NO TESTS NEEDED] Since it would be difficult to test in ci/cd. Fixes: https://github.com/containers/podman/issues/10264 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10970 from vikas-goel/prepare-volumeOpenShift Merge Robot2021-07-21
|\ \ \ | |/ / |/| | Copy the content from the underlying image into the newly created volume
| * | Copy the content from the underlying image into the newly created volume.Vikas Goel2021-07-20
| |/ | | | | | | | | | | Fixes: #10262 Signed-off-by: Vikas Goel <vikas.goel@gmail.com>
* | Merge pull request #10979 from vrothberg/fix-10977OpenShift Merge Robot2021-07-20
|\ \ | | | | | | compat: image create: handle platform correctly
| * | compat: image create: handle platform correctlyValentin Rothberg2021-07-20
| |/ | | | | | | | | | | | | | | | | Handle the platform parameter correctly. The parameter was only parsed in presence of credentials and the code was a bit complex. Also add a regression test. Fixes: #10977 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10956 from flouthoc/kube-liveness-probe-systemdOpenShift Merge Robot2021-07-19
|\ \ | |/ |/| Kube: Add liveness probe for containers backed by native (systemd) healthchecks instead of kubelet.
| * Kube: Add liveness probe for containers.flouthoc2021-07-17
| | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #10962 from vrothberg/fix-10655OpenShift Merge Robot2021-07-16
|\ \ | | | | | | systemd: require network*-online*.target
| * | systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10848 from vrothberg/update-libimageOpenShift Merge Robot2021-07-16
|\ \ \ | |/ / |/| | vendor containers/common@main
| * | vendor containers/common@mainValentin Rothberg2021-07-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | The `IgnorePlatform` options has been removed from the `LookupImageOptions` in libimage to properly support multi-arch images. Skip one buildah-bud test which requires updated CI images. This is currently being done in github.com/containers/podman/pull/10829 but we need to unblock merging common and buildah into podman. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10820 from jvanz/indfra-container-name-issue-10794OpenShift Merge Robot2021-07-16
|\ \ | | | | | | --infra-name command line argument
| * | --infra-name command line argumentJosé Guilherme Vanz2021-07-15
| |/ | | | | | | | | | | | | | | | | Adds the new --infra-name command line argument allowing users to define the name of the infra container Issue #10794 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
* / podman start: remove containers configured for auto removalValentin Rothberg2021-07-16
|/ | | | | | | | | Make sure that containers configured for auto removal (e.g., via `podman create --rm`) are removed in `podman start` if starting the container failed. Fixes: #10935 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10894 from cdoern/pidPodOpenShift Merge Robot2021-07-15
|\ | | | | podman pod create --pid flag
| * podman pod create --pid flagcdoern2021-07-15
| | | | | | | | | | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #10939 from Luap99/rootless-cniOpenShift Merge Robot2021-07-15
|\ \ | | | | | | Fix race conditions in rootless cni setup
| * | Fix race conditions in rootless cni setupPaul Holzinger2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was an race condition when calling `GetRootlessCNINetNs()`. It created the rootless cni directory before it got locked. Therefore another process could have called cleanup and removed this directory before it was used resulting in errors. The lockfile got moved into the XDG_RUNTIME_DIR directory to prevent a panic when the parent dir was removed by cleanup. Fixes #10930 Fixes #10922 To make this even more robust `GetRootlessCNINetNs()` will now return locked. This guarantees that we can run `Do()` after `GetRootlessCNINetNs()` before another process could have called `Cleanup()` in between. [NO TESTS NEEDED] CI is flaking, hopefully this will fix it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #10937 from vrothberg/auto-updateOpenShift Merge Robot2021-07-15
|\ \ \ | | | | | | | | auto-update: add --dry-run
| * | | auto-update: add --dry-runValentin Rothberg2021-07-15
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --dry-run flag to `podman auto-update` which will look for new images but won't perform any pull or restart any service or container. The "UPDATED" column will now indicate the availability of a newer image via "pending". ``` $ podman auto-update --dry-run UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Fixes: #9949 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10913 from rhatdan/buildOpenShift Merge Robot2021-07-15
|\ \ \ | |/ / |/| | podman-remote build use .containerignore over .dockerignore