| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
podman events allow future time for --until
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The podman events aren't read until the given timestamp if the
timestamp is in the future. It just reads all events until now
and exits afterwards.
This does not make sense and does not match docker. The correct
behavior is to read all events until the given time is reached.
This fixes a bug where the wrong event log file path was used
when running first time with a new storage location.
Fixes #8694
This also fixes the events api endpoint which only exited when
an error occurred. Otherwise it just hung after reading all events.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
podman: drop checking valid rootless UID
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
do not check whether the specified ID is valid in the user namespace.
crun handles this case[1], so the check in Podman prevents to get to
the OCI runtime at all.
$ podman run --user 10:0 --uidmap 0:0:1 --rm -ti fedora:33 sh -c 'id; cat /proc/self/uid_map'
uid=10(10) gid=0(root) groups=0(root),65534(nobody)
10 0 1
[1] https://github.com/containers/crun/pull/556
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add volume prune --filter support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Sign multi-arch images
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman image sign handles muti-arch images.
--all option to create signature for each manifest from the image manifest list.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Refine public key usage when remote
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Move all public key handling into one AuthMethod. Prioritize ssh-agent
keys over identity files.
* Cache server connection when tunneling, saves one RoundTrip on ssh
handshake
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Handle --rm when starting a container
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman start should follow the same behaviour as podman run when removing a
container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
podman logs honor stderr correctly
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Make the ContainerLogsOptions support two io.Writers,
one for stdout and the other for stderr. The logline already
includes the information to which Writer it has to be written.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix Wrong img name used when creating a container from an image which had multi names
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
multiple tags
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Network create could panic when used with a json body like this:
`{"Name":"net","IPAM":{"Config":[]}}`
The network scope for list and inspect should not be empty. It can
be swarm, global or local. We only support local networks so
hardcode this field to local.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
Bindings refactor
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
this is step one of refactoring our golang binaries. we will no be
using structs to pass optional options. required options will still
arguments to the binding itself.
the structs then have a generator to create helper functions which
should then be added to the git repo.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Add --filter to podman system prune
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Also document the allowable filters in podman system prune, podman image prune
and podman container prune.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The libpod images exists endpoint panics when called with
a non existing image and therefore returns 500 as status
code instead of the expected 404.
A test is added to ensure it is working.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| |_|_|/
|/| | | |
Do not pull if image domain is localhost
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With podman play kube, podman would always attempt to
pull if the image has the :latest tag. But this would
fail if the image was built locally and given latest
as the tag. Images build with podman and buildah have
localhost as the domain, so check if the domain is localhost.
If that is the case, then don't attempt a pull.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Properly handle --cap-add all when running with a --user flag
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Handle the ALL Flag when running with an account as a user.
Currently we throw an error when the user specifies
podman run --user bin --cap-add all fedora echo hello
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
security: honor systempaths=unconfined for ro paths
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
we must honor systempaths=unconfined also for read-only paths, as
Docker does:
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Honor the --layers flag
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS
environment variable being set is observed.
Fixes: https://github.com/containers/podman/issues/8643
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
archive endpoint massaging
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Introduce a `Copier` object to separate the copy-rule enforcement from
copying. That allows for a better error reporting of the REST API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Move handling the stat header into `pkg/copy`. All copy-related should
ideally be located in this package to increase locality and reduce
scattering where possible.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add an API for parsing user input into a possibly specified container
and path. This allows for sharing the parsing code between the local
and the remote client (and bindings) in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Fix spelling mistakes
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Repeat system pruning until there is nothing removed
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
fixes #8608.
Signed-off-by: Christopher J. Ruwe <cjr@cruwe.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The existing logic (Range > 0) always triggered, because range is
guaranteed to be at least 1 (a single port has a range of 1, a
two port range (e.g. 80-81) has a range of 2, and so on). As such
this could cause ports that had a host port assigned to them by
the user to randomly assign one instead.
Fixes #8650
Fixes #8651
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Implement pod-network-reload
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| |_|/
|/| | |
generate kube on multiple containers
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \
| | | |
| | | | |
image sign using per user registries.d
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Support per user ~/.config/containers/registries.d to allow rootless image sign configurations.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Do not mount sysfs as rootless in more cases
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We can't mount sysfs as rootless unless we manage the network
namespace. Problem: slirp4netns is now creating and managing a
network namespace separate from the OCI runtime, so we can't
mount sysfs in many circumstances. The `crun` OCI runtime will
automatically handle this by falling back to a bind mount, but
`runc` will not, so we didn't notice until RHEL gating tests ran
on the new branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Docker compat API - containers create ignores the name
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
/containers/create compat endpoint does not set the name correctly (#7857)
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
