| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
this is a straight port to add the podman image sign command. no improvements or refactoring done
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
bindings tests for container remove and inspect
|
| |
| |
| |
| | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \
| | |
| | | |
V2 Implement tunnelled podman version
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Add remaining annotations for `podman inspect`
|
| |/
| |
| |
| |
| |
| | |
This should finish support for `podman inspect` in APIv2.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
|
|
|
| |
add unshare command
add cp and init to container sub-command
allow mount to run as rootless
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
We were accidentally setting incorrect defaults for the network
namespace for rootless `pod create` when infra containers were
not being created. This should resolve that issue.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
set binding tests to required
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
some small fix ups for binding tests and then make them required.
update containers-common
V2 bindings tests were failing because of changes introduced in commit
a2ad5bb.
Fix some typos.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
abi: do not attempt to setup rootless if euid==0
|
| | |
| | |
| | |
| | |
| | |
| | | |
if the process has already euid==0 do not attempt to setup rootless.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix parsing of --network for `podman pod create`
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Interpreting CNI networks was a bit broken, and it was causing
rootless `podman pod create` to fail. Also, we were missing the
`--net` alias for `--network`, so add that.
Fixes #6119
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
auto-update
|
| |/
| |
| |
| |
| |
| |
| | |
Add the `podman auto-update` command. There have been no tests in v1, so
there are no in v2 either ... for now :)
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
container runlabel
|
| |
| |
| |
| |
| |
| | |
Implement container runlabel for v2. Local client only.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are three different priorities for applying env variables:
1) environment/config file environment variables
2) image's config
3) user overrides (--env)
The third kind are known to the client, while the default config and image's
config is handled by the backend.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Manifest remove, push
|
| | |
| | |
| | |
| | |
| | |
| | | |
Implements podman manifest remove and podman manifest push.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
add podman image trust set and show
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the `podman generate kube` and `podman play kube` command. The code
has largely been copied from Podman v1 but restructured to not leak the
K8s core API into the (remote) client.
Both commands are added in the same commit to allow for enabling the
tests at the same time.
Move some exports from `cmd/podman/common` to the appropriate places in
the backend to avoid circular dependencies.
Move definitions of label annotations to `libpod/define` and set the
security-opt labels in the frontend to make kube tests pass.
Implement rest endpoints, bindings and the tunnel interface.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Add small fixes for 'podman run' from diffing inspect
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To try and identify differences between Podman v1.9 and master,
I ran a series of `podman run` commands with various flags
through each, then inspecting the resulting containers and diffed
the inspect JSON between each. This identified a number of issues
which are fixed in this PR.
In order of discovery:
- Podman v2 gave short names for images, where Podman v1 gave the
fully-qualified name. Simple enough fix (get image tags and use
the first one if they're available)
- The --restart flag was not being parsed correctly when a number
of retries was specified. Parsing has been corrected.
- The -m flag was not setting the swap limit (simple fix to set
swap in that case if it's not explicitly set by the user)
- The --cpus flag was completely nonfunctional (wired in its
logic)
Tests have been added for all of these to catch future
regressions.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
manifest annotate
|
| |/
| |
| |
| | |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| |/
|/| |
v2 system subcommand
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add system df, info, load, renumber, and migrate
Refactor for specialized libpod engines
add the ability to prune images, volumes, containers, and pods
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
v2 podman stats
|
| | |
| | |
| | |
| | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
image removal: refactor part 2
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Continue the refactoring of image removal. I didn't manage to break all
the following changes into smaller and easier to digest commits due to
time constraints:
* Return an error slice instead of a single error. Use multierror only
in the client/frontend. Reflect that in the types.
* Use the batch image removal in the client while preserving the more
rest-idiomatic single-image removal endpoint.
* Add a new handler for the single-image removal endpoint to make it
share the same code as the batch endpoint.
* Expose bindings for the single and batch endpoints, so we can
properly test them.
* Add several convenience functions for error handling to
pkg/errorhandling.
* Set the correct error type in libpod to set the exit code to 2 when
one or more containers are using an image.
* Massage the bindings tests a bit and tackle compilation errors.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As part of this, make a major change to the type we use to
represent port mappings in SpecGen (from using existing OCICNI
structs to using our own custom one). This struct has the
advantage of supporting ranges, massively reducing traffic over
the wire for Podman commands using them (for example, the
`podman run -p 5000-6000` command will now send only one struct
instead of 1000). This struct also allows us to easily validate
which ports are in use, and which are not, which is necessary for
--expose.
Once we have parsed the ports from the new struct, we can produce
an accurate map including all currently requested ports, and use
that to determine what ports need to be exposed (some requested
exposed ports may already be included in a mapping from --publish
and will be ignored) and what open ports on the host we can map
them to.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fixes for test/e2e/containers_conf_test.go
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Implement ParseCgroupsNamespace to handle defaults.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If user/admin specifies a different list of default capabilties
we need to honor these.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
We need to add the default devices listed in containers.conf
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix errors found in coverity scan
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
And system prune feature for v2.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds podman system prune for v2.
Refactoring for code reuse from pods containers images and volume prune.
Adds and enables testcases to support the added feature.
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
[CI:DOC] Bring README.md up to date
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
* Add notes on helper functions
* Update example
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |_|/
|/| | |
v2networking enable commands
|
| |/
| |
| |
| |
| |
| | |
Enable the networking commands for v2.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Set up ulimits for rootless containers.
|