summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Podman-remote build is getting ID twiceDaniel J Walsh2020-11-14
| | | | | | | | | This PR eliminates the second sending of the image id to the podman-remote client. Fixes: https://github.com/containers/podman/issues/8332 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8295 from baude/issue8294OpenShift Merge Robot2020-11-11
|\ | | | | Set default network driver for APIv2 networks
| * Set default network driver for APIv2 networksbaude2020-11-10
| | | | | | | | | | | | | | | | | | | | Recent changes in networking require that the cni network driver be set. If the user provides no driver, we set the driver to the defaultnetworkdriver which currently is "bridge". Fixes: #8294 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8252 from baude/playkubetospecgenOpenShift Merge Robot2020-11-10
|\ \ | |/ |/| migrate play kube to spec gen
| * migrate play kube to spec genbaude2020-11-10
| | | | | | | | | | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ | | | | | | network aliases for container creation
| * | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ \ \ | |_|/ |/| | enable ipv6 networks
| * | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | Merge pull request #8270 from andylibrian/log-driver-option-for-play-kubeOpenShift Merge Robot2020-11-10
|\ \ \ | |/ / |/| | Add --log-driver to play kube
| * | Add --log-driver to play kubeAndy Librian2020-11-08
| | | | | | | | | | | | | | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #8236 from jwhonce/jira/run-976OpenShift Merge Robot2020-11-09
|\ \ \ | |_|/ |/| | Update CI tests to run python docker library against API
| * | Update CI tests to run python docker library against APIJhon Honce2020-11-09
| |/ | | | | | | | | | | | | | | | | | | | | * Update reference to docker-py to docker to reflect change in library name * Update tests to create storage sandbox * Enable all tests that endpoints support * Refactor containers/{id}/rename to return 404 not 500 * Refactor tests to use quay.io vs. docker.io Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8282 from jwhonce/issues/7942OpenShift Merge Robot2020-11-09
|\ \ | | | | | | Stop binding layer from changing line endings
| * | Stop binding layer from changing line endingsJhon Honce2020-11-09
| |/ | | | | | | | | | | | | The binding layer attempted to help the CLI, which just made things worse. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8245 from baude/rootlesscreatecompatOpenShift Merge Robot2020-11-09
|\ \ | |/ |/| rootless container creation settings
| * rootless container creation settingsbaude2020-11-05
| | | | | | | | | | | | | | | | when running container creation as rootless on the compatibility layer, we need to make sure settings are not being done for memory and memory swappiness. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8241 from rhatdan/tmpfileOpenShift Merge Robot2020-11-06
|\ \ | |/ |/| Use /tmp/podman-run-* for backup XDG_RUNTIME_DIR
| * Use /tmp/podman-run-* for backup XDG_RUNTIME_DIRDaniel J Walsh2020-11-04
| | | | | | | | | | | | | | We need to block systemd from cleaning up this directory by dropping a /usr/lib/tmpfiles.d/podman.conf file in place. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add support for mounting external containersDaniel J Walsh2020-11-04
|/ | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8209 from mwhahaha/issue-8208OpenShift Merge Robot2020-11-03
|\ | | | | Change http ConnState actions between new and active
| * Change http ConnState actions between new and activeAlex Schultz2020-10-31
| | | | | | | | | | | | | | | | | | | | | | | | Currently it double counts connections because it's incrementing the total for both the new and active states. Based on the comments, we should only count new connections for the total count and perform the timer stop actions when the connection has transitioned to an active state. Closes #8208 Signed-off-by: Alex Schultz <aschultz@redhat.com>
* | Merge pull request #8217 from giuseppe/caps-ambientOpenShift Merge Robot2020-11-03
|\ \ | | | | | | specgen: add support for ambient capabilities
| * | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
| |/ | | | | | | | | | | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8166 from rhatdan/unbindableOpenShift Merge Robot2020-11-02
|\ \ | | | | | | Allow users to mount with unbindable flag
| * | Add better support for unbindable volume mountsDaniel J Walsh2020-11-02
| |/ | | | | | | | | | | | | | | Allow users to specify unbindable on volume command line Switch internal mounts to rprivate to help prevent leaks. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Centralize cores and period/quota conversion codeJordan Christiansen2020-10-31
|/ | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* Merge pull request #8197 from giuseppe/check-cgroupv2-swap-enabledOpenShift Merge Robot2020-10-31
|\ | | | | specgen, cgroup2: check whether memory swap is enabled
| * specgen, cgroup2: check whether memory swap is enabledGiuseppe Scrivano2020-10-30
| | | | | | | | | | | | add a similar check to what we do on cgroup v1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * specgen: split cgroup v1 and cgroup v2 codeGiuseppe Scrivano2020-10-30
| | | | | | | | | | | | refactor function into two separate ones. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Stop excessive wrapping of errors
| * | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8200 from haircommander/parse-segfaultOpenShift Merge Robot2020-10-30
|\ \ | | | | | | spec: protect against segfault
| * | spec: protect against segfaultPeter Hunt2020-10-30
| |/ | | | | | | | | | | when the user passes in "/dev/null::w" Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #8196 from giuseppe/specgen-swap-limit-err-messageOpenShift Merge Robot2020-10-30
|\ \ | | | | | | specgen: fix error message
| * | specgen: fix error messageGiuseppe Scrivano2020-10-30
| |/ | | | | | | | | | | drop spurious comma. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8191 from mheon/no_error_on_sigproxy_stoppedOpenShift Merge Robot2020-10-30
|\ \ | | | | | | When container stops, drop sig-proxy errors to infos
| * | When container stops, drop sig-proxy errors to infosMatthew Heon2020-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sig-proxy code is set up to error on failing to forward signals to a container. This is reasonable in cases where the container is running, but something strange went wrong - but when the Kill fails because the container is stopped, we shouldn't bother with aggressive Error logging since this is an expected part of the container lifecycle - it stops, and then `podman run` also stops, but there is a timing window in between where signals will fail to be proxied, and we should not print angry errors during that. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | new "image" mount type
| * | new "image" mount typeValentin Rothberg2020-10-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Move from docker.io
| * | move from docker.ioEd Santiago2020-10-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | NewFromLocal can return multiple images
| * | NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| |/ | | | | | | | | | | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8173 from giuseppe/improve-cannot-reexec-errorOpenShift Merge Robot2020-10-29
|\ \ | | | | | | rootless: improve error message if cannot join namespaces