| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Bump Buildah to v1.22.0 in preparation for RHEL 8.5 and
RHEL 9.0beta. Also bump c/common to v0.42.1
[NO TESTS NEEDED]
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Use static path for gvproxy
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Given that we do not want to support gvproxy for anything other than
podman machine, we have decided to use a static path of
/usr/lib/podman/gvproxy instead of a lookpath.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Support size options on builtin volumes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO TESTS NEEDED] Since it is difficult to setup xfs quota
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
stats: add a interval parameter to cli and api stats streaming
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Renamed podman pod stats test specs to distinguish them from podman stats tests.
podman stats tests where disabled by a +build flag.
Fix podman stats format test, add negative test.
Fix podman stats cli command, exit non-zero on invalid format string.
Add tests for podman stats interval flag.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman stats polled by default in a 1 sec period.
This can put quite some load on a machine if you run many containers.
The default value is now 5 seconds.
You can change this interval with a new, optional, --interval, -i cli flag.
The api request got also a interval query parameter for the same purpose.
Additionally a unused const was removed.
Api and cli will fail the request if a 0 or negative value is passed in.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Only support containers stats using cgroups v2
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Compat API: Fix healthcheck status and healthcheck config
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes:
- Do not show healthcheck status if not available or if container
status is "created" (Docker behaviour)
- Show healthcheck configuration if present (Config.Healthcheck)
Tests:
- Ensure State.Health is not present if container status is "created"
- Ensure Config.Healthcheck is present and values correct
- Ensure State.Health is present if container started
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]
To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.
Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().
Fixes #10052
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Created image scp feature
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added functionality for image secure copying from local to remote.
Also moved system connection add code around a bit so functions within that file
can be used by scp.
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Remove ReadHeaderTimeout
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Effectively sets timeout to infinity.
This is needed in order to make `podman` work with `pack`.
The `pack` CLI is keeping one connection for prolonged time.
Closing the connection breaks `pack`'s functionality.
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
rootless: avoid zombie process on first launch
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
avoid a zombie process if on the first launch Podman creates a long
living process, such as "podman system service -t 0".
The `r` variable was overriden thus causing the waitpid to fail and
not clean up the intermediate process.
Closes: https://github.com/containers/podman/issues/10575
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
remote build: fix streaming and error handling
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Address a number of issues in the streaming logic in remote build, most
importantly an error in using buffered channels on the server side.
The pattern below does not guarantee that the channel is entirely read
before the context fires.
for {
select {
case <- bufferedChannel:
...
case <- ctx.Done():
...
}
}
Fixes: #10154
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
rootless: check that / is mounted as shared
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
if the root mount '/' is not mounted as MS_SHARED, print a
warning, otherwise new mounts that are created in the host won't be
propagated to the rootless mount namespace.
Closes: https://github.com/containers/podman/issues/10946
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | | |
adrianreber/2021-07-12-checkpoint-restore-into-pod
Add support for checkpoint/restore into and out of pods
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds support to checkpoint containers out of pods and restore
container into pods.
It is only possible to restore a container into a pod if it has been
checkpointed out of pod. It is also not possible to restore a non pod
container into a pod.
The main reason this does not work is the PID namespace. If a non pod
container is being restored in a pod with a shared PID namespace, at
least one process in the restored container uses PID 1 which is already
in use by the infrastructure container. If someone tries to restore
container from a pod with a shared PID namespace without a shared PID
namespace it will also fail because the resulting PID namespace will not
have a PID 1.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The upcoming commit to support checkpointing out of Pods requires CRIU
3.16. This changes the CRIU version check to support checking for
different versions.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
support container to container copy
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Implement container to container copy. Previously data could only be
copied from/to the host.
Fixes: #7370
Co-authored-by: Mehul Arora <aroram18@mcmaster.ca>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
command: migrate doesn't move process to cgroup
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
add a new annotation for the "system migrate" command to not move the
pause process to a separate cgroup.
The operation is not needed since "system migrate" destroys the pause
process, so there won't be any process left to move to a cgroup.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 341e6a1 made sure that all exec sessions are getting cleaned up.
But it also came with a peformance penalty. Fix that penalty by
spawning the cleanup process to really only cleanup the exec session
without attempting to remove the container.
[NO TESTS NEEDED] since we have no means to test such performance
issues in CI.
Fixes: #10701
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
refine dangling checks
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998
Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
fix: podman manifest push respect --tls-verify flag
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO TESTS NEEDED]
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pull policies in K8s yaml may be capitalized, so lower them before
parsing.
Fixes: bugzilla.redhat.com/show_bug.cgi?id=1985905
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Support DeviceCgroupRules to actually get added.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/10302
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Implemented --until flag for Libpod's Container Logs
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Add until filter to volume ls filters list
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \
| | | |
| | | | |
[CI:DOCS] Fix GitHub URL to Podman logo
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The Podman logo is not rendered on docs.podman.io with the current URL.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
|
| |\ \ \ \
| |/ / /
|/| | | |
Fix handling of selinux labels in podman play kube
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/10969
[NO TESTS NEEDED] We added tests for this, but they don't seem to be
running. If I run the local system tests, they fail with the current
Podman and work with this version.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Drop support for the --storage-opt container flag
|
