| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
oci_conmon: do not create a cgroup under systemd
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
it allows to disable cgroups creation only for the conmon process.
A new cgroup is created for the container payload.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
rootless: set C variables also on shortcut
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
make sure the rootless env variables are set also when we are joining
directly the user+mount namespace without creating a new process.
It is required by pkg/unshare in containers/common.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add service endpoint for the new API. Also supports the varlink
implementation.
Signed-off-by: baude <bbaude@redhat.com>
Refactor to allow developer more control of API server
* Add api.NewServerWithSettings() to create an API server with custom
settings
* Add api.ListenUnix() to create a UDS net.Listener and setup UDS
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
More service completion
Add podman service command that allows users to run either a RESTful or
varlink protocol API service.
Addition of docs and RESTful listening.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Tackling the first comments in the review pass. More to come.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
Add statement to the info section stating this is experimental only for now. Also add the podman logo to the right-hand navigation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| |/
|/| |
Add an API for Attach over HTTP API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new APIv2 branch provides an HTTP-based remote API to Podman.
The requirements of this are, unfortunately, incompatible with
the existing Attach API. For non-terminal attach, we need append
a header to what was copied from the container, to multiplex
STDOUT and STDERR; to do this with the old API, we'd need to copy
into an intermediate buffer first, to handle the headers.
To avoid this, provide a new API to handle all aspects of
terminal and non-terminal attach, including closing the hijacked
HTTP connection. This might be a bit too specific, but for now,
it seems to be the simplest approach.
At the same time, add a Resize endpoint. This needs to be a
separate endpoint, so our existing channel approach does not work
here.
I wanted to rework the rest of attach at the same time (some
parts of it, particularly how we start the Attach session and how
we do resizing, are (in my opinion) handled much better here.
That may still be on the table, but I wanted to avoid breaking
existing APIs in this already massive change.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --ignore flag lets Podman ignore errors when a specified container
does not exist (anymore). That's a nice addition to generic services
generated via the --new flag. Those services create new containers and
can hence allows user to manually remove a container; may it only be by
accident.
The important part of using the --ignore flag is that Podman will exit 0
which plays nicer with most restart policies; a non-zero exit may yield
systemd to restart the entire service which is arguably wrong if the
user manually deletes the container.
If desired, users can still alter the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
| |
Include the service into make binaries such that we're it's being build
in the CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
v2 api: top improvements
|
| | |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a hanlder to figure out if the specified http request came through
a libpod endpoint. A first user is the top endpoint which has a
different default value for `ps_args` depending if the request came
through the docker or libpod endpoint.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Move the top logic from pkg/adapter into the (*libpod.Container).Top().
This way, we drop the dependency from pkg/api on pkg/adapters and have
a clearer separation of concerns.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Let's not mix apples and oranges and give stderr a dedicated pipe. This
way, we don't return conmon log messages if run in debug mode.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Use `pkg/adapter` to increase code reuse and reduce code redundancy.
* Extend swagger docs to mention AIX descriptors.
* Document the libpod endpoint which shares the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
add a static tags file so we can dictate the left-hand navigation. in
doing so we now override the tag in the swagger:operation. we now have
images and images (compat) as a way to differentiate.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| |/
|/| |
[CI:DOCS] Add APIv2 CLI example POC
|
| | |
| |
| |
| |
| |
| |
| | |
* Add ReadMe, CLI and unit files to support socket activation, both for
system and rootless
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also remove the redundant stats handler in libpod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The docker and libpod endpoints provide the same functionality, so
we can use the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also expect the container to be running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Also add some comments.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
We must check all errors and handle them properly. Otherwise, we can run
into nil dereferences ultimately killing the service.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
`NumProcs` and `StorageStats` are windows specific and are not
popoulated on Linux. Hence, we can safely remove them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
policy for seccomp-profile selection
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement a policy for selecting a seccomp profile. In addition to the
default behaviour (default profile unless --security-opt seccomp is set)
add a second policy doing a lookup in the image annotation.
If the image has the "io.containers.seccomp.profile" set its value will be
interpreted as a seccomp profile. The policy can be selected via the
new --seccomp-policy CLI flag.
Once the containers.conf support is merged into libpod, we can add an
option there as well.
Note that this feature is marked as experimental and may change in the
future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
make lint: extend checks
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Include the unit tests (i.e., _test.go files) for linting to make the
tests more robust and enforce the linters' coding styles etc.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
swagger documentation updates
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
adhere closer to the spec by using description and summary fields and
also ensuring that the id is unique to avoid collision between generic
and libpod endpoints.
also, make swagger output work with redoc which seems to display our
information better for our needs.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
clarify cont
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the --force parameter should only be used for the CLI and should only
dictate whether to prompt the user for confirmation.
Fixes: #4844
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix linting
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Add codespell to validate spelling mistakes in code.
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix all errors found by codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add history names to image inspect data
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
During writing the tests I found it would be probably useful to have the
tag history part of the inspect data.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
podman-generate-systemd --new
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a --new flag to podman-generate-systemd to create a new container
via podman-run instead of starting an existing container.
Creating a new container presents the challenge to find a reverse
mapping from a container to the CLI flags it can be created with. We
are doing this via `(Container).Config.CreateCommand` field, which
includes a copy of the process' command from procFS at creating time.
This field may not be useful when the container was not created via the
Podman CLI (e.g., via a Python script). Hence, we do not guarantee the
correctness of the generated files.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
log: support --log-opt tag=
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
support a custom tag to add to each log for the container.
It is currently supported only by the journald backend.
Closes: https://github.com/containers/libpod/issues/3653
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when creating a keep-id namespace, we split the original user
namespace in:
inner ns | outer ns | size:
0 | 1 | ID
ID | 0 | 1
ID+1 | ID+1 | availableIds - ID
When the user ID is bigger than the number of available
subuids/subgids we fail to create the user namespace because the first
slice is bigger than the available number of IDs and the third one has
a negative size.
Fix it by not using more than the available number of IDs in the first
slice and creating the third one only if there are other IDs left.
When the user ID is bigger than the number of additional IDs, there
will be a gap between the two mappings so the IDs between the maximum
additional ID and the user ID won't be present inside of the
namespace.
Closes: https://github.com/containers/libpod/issues/4838
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
