| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
avoid checking for EINTR for every syscall that could block.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
after we read from the pause PID file, NUL terminate the buffer to
avoid reading garbage from the stack.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fix for varlink upgrade connections
|
| |
| |
| |
| |
| |
| |
| |
| | |
Although an upgraded call is requested, the server has to send at least
one reply (can be an error) and the client has to check the reply,
before assuming an upgraded connection.
Signed-off-by: Harald Hoyer <harald@redhat.com>
|
|\ \
| | |
| | | |
Do not set tmpcopyup on /dev
|
| |/
| |
| |
| |
| |
| | |
Fixes #3229
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add libpod journald logging
|
| |/
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |
| |
| |
| |
| |
| | |
as it is used only by the rootless package now.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
otherwise the processes we leave around will be killed once the
session terminates.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
move the logic for joining existing namespaces down to the rootless
package. In main_local we still retrieve the list of conmon pid files
and use it from the rootless package.
In addition, create a temporary user namespace for reading these
files, as the unprivileged user might not have enough privileges for
reading the conmon pid file, for example when running with a different
uidmap and root in the container is different than the rootless user.
Closes: https://github.com/containers/libpod/issues/3187
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
| |
block signals for the pause process, so it can't be killed by
mistake.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
| |
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fixup Flags
|
| |
| |
| |
| |
| |
| |
| |
| | |
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
make remote resize channel buffered
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when doing any sort of attach to a container, a sigwinch is sent
followed by a resize event. this is fine for the local client but when
doing things over the varlink, the first sigwinch is wiped out by the
immediate resize event and is therefore lost. by making the channel
buffered, both events are processed after the varlink connection is
established.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
When superceding mounts, check for opposite types
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we supercede low-priority mounts and volumes (image volumes,
and volumes sourced from --volumes-from) with higher-priority
ones (the --volume and --mount flags), we always replaced
lower-priority mounts of the same type (e.g. a user mount to
/tmp/test1 would supercede a volumes-from mount to the same
destination). However, we did not supercede the opposite type - a
named volume from image volumes at /tmp/test1 would be allowed to
remain and create a conflict, preventing container creation.
Solve this by destroying opposite types before merging (we can't
do it in the same loop, as then named volumes, which go second,
might trample changes made by mounts).
Fixes #3174
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
rootless: use a pause process to keep namespaces alive
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add a shortcut for joining immediately the namespace so we don't need
to re-exec Podman.
With the pause process simplificaton, we can now attempt to join the
namespaces as soon as Podman starts (and before the Go runtime kicks
in), so that we don't need to re-exec and use just one process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Update vendor of buildah and containers/images
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
force the resources block to be empty instead of having default
values.
Regression introduced by 8e88461511e81d2327e4c1a1315bb58fda1827ca
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add connection information to podman-remote info
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor client code to break out building connection string from
making the connection.
Example:
client:
Connection: unix:/run/podman/io.podman
Connection Type: DirectConnection
.
:
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/ /
|/| |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
move to cri-o/cri-o and build with containers/conmon
|
| | |
| | |
| | |
| | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit bd3154fcf6a48b37cfde5d9b1226900cd863c0d9.
Commit in question may be breaking upstream CI.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Type varlinkapi.VarlinkCall currently only used as receiver for
RequiresUpgrade() future helpers could be added to this type.
RequiresUpgrade() verifies caller has given correct options to the call
for the given operation.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
| |
We were always raising an error when the rootless user attempted to
setup resources, but this is not the case anymore with cgroup v2.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Add information when running `podman version` on client
|
| |
| |
| |
| |
| |
| | |
* Include service version information and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
Do not remove volumes when --rm removes a container
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This duplicates Docker behavior for the `--rm` flag.
Fixes #3071
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
enable integration tests for remote-client
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
first pass at enabling a swath of integration tests for the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
the namespace for the remote client was being incorrectly derived from
the "remote" client.
fixes: #2938
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
| |
it looks like i forgot to add the unit tests for generate systemd
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add restart policy for containers
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The on-failure restart option supports restarting only a given
number of times. To do this, we need one additional field in the
DB to track restart count (which conveniently fills a field in
Inspect we weren't populating), plus some plumbing logic.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
This initial version does not support restart count, but it works
as advertised otherwise.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| |/
|/| |
change from sysregistries to sysregistriesv2
|
| |
| |
| |
| |
| |
| |
| |
| | |
We want to start supporting the registries.conf format.
Also start showing blocked registries in podman info
Fix sorting so all registries are listed together in podman info.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
top: fallback to execing ps(1)
|