summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Report Download complete in Compatibility modeDaniel J Walsh2021-05-07
| | | | | | | | Fixes: https://github.com/containers/podman/issues/10258 [NO TESTS NEEDED] Difficult to create tests for this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10202 from EduardoVega/9763-kube-auto-updateOpenShift Merge Robot2021-05-07
|\ | | | | Add support to preserve auto-update labels in play / generate kube
| * Adds support to preserve auto update labels in generate and play kubeEduardo Vega2021-05-06
| | | | | | | | | | | | In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | |/ |/| Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #9689 from boaz0/boaz-1OpenShift Merge Robot2021-05-06
|\ \ | | | | | | add restart-policy to container filters & --filter to podman start
| * | Add restart-policy to container filters & --filter to podman startBoaz Shuster2021-05-06
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #10243 from giuseppe/simplify-channelOpenShift Merge Robot2021-05-06
|\ \ \ | | | | | | | | channel: simplify implementation
| * | | channel: simplify implementationGiuseppe Scrivano2021-05-06
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | do not use recover() to prevent writing to a closed channel. There is already a lock, use it as well for Close and let Write check if the channel is still active. [NO TESTS NEEDED] it is a refactoring Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / build: improve regex for iidfileGiuseppe Scrivano2021-05-06
|/ / | | | | | | | | | | | | | | | | | | | | improve the regex to match only at the beginning of the line. It prevents matching "Copying %s $CHECKSUM" messages returned by the containers/image copy process. Closes: https://github.com/containers/podman/issues/10233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #10193 from rhatdan/runlabelOpenShift Merge Robot2021-05-05
|\ \ | | | | | | Fix handling of runlabel IMAGE and NAME
| * | Fix handling of runlabel IMAGE and NAMEDaniel J Walsh2021-05-05
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10192 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ \ \ | |/ / |/| | Add filepath glob support to --security-opt unmask
| * | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10220 from giuseppe/rm-volatileOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | podman: set volatile storage flag for --rm containers
| * | | podman: set volatile storage flag for --rm containersGiuseppe Scrivano2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volatile containers are a storage optimization that disables *sync() syscalls for the container rootfs. If a container is created with --rm, then automatically set the volatile storage flag as anyway the container won't persist after a reboot or machine crash. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #10223 from giuseppe/improve-rootless-automatic-range-splitOpenShift Merge Robot2021-05-05
|\ \ \ \ | | | | | | | | | | rootless: improve automatic range split
| * | | | rootless: improve automatic range splitGiuseppe Scrivano2021-05-05
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sort.Search returns the smallest index, so provide the available IDs in decreasing order. It fixes an issue when splitting the current mappings over multiple available IDs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ \ | | | | | | | | | | add --mac-address to podman play kube
| * | | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #8828 from boaz0/closes_8779OpenShift Merge Robot2021-05-04
|\ \ \ \ | |/ / / |/| | | Add --all to podman start
| * | | is this a bug?Boaz Shuster2021-05-04
| | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | | Add --all to podman startBoaz Shuster2021-05-03
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Co-authored-by: Ed Santiago <santiago@redhat.com>
* | | | compat api: Networks must be empty instead of nullPaul Holzinger2021-05-04
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | The compat endpoint for container inspect must return {} instead of null for NetworkSettings.Networks. Fixes #9837 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10174 from rhatdan/volumeOpenShift Merge Robot2021-04-30
|\ \ \ | |/ / |/| | Remove unused VolumeList* structs
| * | Remove unused VolumeList* structsDaniel J Walsh2021-04-29
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] since we are just removing unused code. Replaces: https://github.com/containers/podman/pull/9558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10063 from ParkerVR/autoupdate-localOpenShift Merge Robot2021-04-29
|\ \ \ | | | | | | | | Autoupdate Local
| * | | TODO completeParker Van Roy2021-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changed struct to policyMapper change "image" to "registry" in multiple locations Updated documentation with registry alias & autoupdate local Added relevant test Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
| * | | Autoupdate local label functionalParker Van Roy2021-04-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Digests were used to compare local image and container image Registry alias added for Image Policy Refactored to integrate new feature + change some naming conventions Tested this using a modified version of the docs autoupdate instructions & it worked successfully Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | | Merge pull request #10170 from ashley-cui/machineoneOpenShift Merge Robot2021-04-29
|\ \ \ | | | | | | | | [NO TESTS NEEDED] Check if another VM is running on machine start
| * | | Check if another VM is running on machine startAshley Cui2021-04-28
| | |/ | |/| | | | | | | | | | | | | | | | | | | Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Docker returns 'die' status rather then 'died' statusDaniel J Walsh2021-04-28
| |/ |/| | | | | | | | | | | | | | | | | | | | | In order to be more compatible with Docker, we should return a container die status rather then a "container died", Too late to change this for Podman. Partially fixes: https://github.com/containers/podman/issues/10168 [NO TESTS NEEDED] No easy way to test this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Add podman run --timeout option
| * | Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10149 from rhatdan/volumeOpenShift Merge Robot2021-04-27
|\ \ \ | | | | | | | | Allow docker volume create API to pass without name
| * | | Allow docker volume create API to pass without nameDaniel J Walsh2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker API does not require Volume name to be specified when creating a volume. Fixes: https://github.com/containers/podman/issues/9803 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | rootless: Tell the user what was led to the error, not just what it isAndrej Shadura2021-04-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Users coming e.g. from Docker do not always read the manual and expect podman to not require sudo or uidmap, for them the default message is not very helpful: Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.: cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH Adding a bit more context to this would help to nudge them into the right direction and tell them what to look for in the documentation: command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> [NO TESTS NEEDED]
* | | Merge pull request #10074 from flouthoc/ancestor-truncate-bugOpenShift Merge Robot2021-04-26
|\ \ \ | | | | | | | | Fix podman ps --filter ancestor to match exact ImageName/ImageID
| * | | Fix podman ps --filter ancestor to match exact ImageName/ImageIDflouthoc2021-04-25
| |/ / | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #10125 from ashley-cui/machenabledOpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | [NO TESTS NEEDED] Add machine-enabled to containers.conf for machine
| * | Add machine-enabled to containers.conf for machineAshley Cui2021-04-23
| |/ | | | | | | | | | | | | | | | | | | | | Add machine-enabled=true into /etc/containers/containers.conf when initing a VM. This field should tell Podman it's being run in a podman-machine and it will be used in future to tell podman to set up other necessary machine stuff such as networking [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10081 from sjug/cdi_device_libOpenShift Merge Robot2021-04-26
|\ \ | | | | | | Add support for CDI device configuration
| * | Add support for CDI device configurationSebastian Jug2021-04-20
| | | | | | | | | | | | | | | | | | | | | | | | - Persist CDIDevices in container config - Add e2e test - Log HasDevice error and add additional condition for safety Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | | Merge pull request #10079 from ↵OpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | | | | | | | giuseppe/create-userns-for-root-without-CAP_SYS_ADMIN runtime: create userns when CAP_SYS_ADMIN is not present
| * | runtime: create userns when CAP_SYS_ADMIN is not presentGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | when deciding to create a user namespace, check for CAP_SYS_ADMIN instead of looking at the euid. [NO TESTS NEEDED] Needs nested Podman Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: attempt to copy current mappings firstGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when creating a user namespace, attempt to create it first by copying the current mappings and then fallback to the other methods: 1) use newidmap tools and ... 2) create a user namespace with a single user mapped. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: if root is not sub?id raise a debug messageGiuseppe Scrivano2021-04-22
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Fix removal race condition in ListContainersSoMuchForSubtlety2021-04-23
|/ / | | | | | | | | | | | | | | | | | | | | It is possible that a container is removed between fetching the initial list of containers and the second access during conversion. Closes #10120 [NO TESTS NEEDED] Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
* | Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>