summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* podman: fix --uts=hostGiuseppe Scrivano2018-08-17
| | | | | | | | | | | | | | | Do not set any hostname value in the OCI configuration when --uts=host is used and the user didn't specify any value. This prevents an error from the OCI runtime as it cannot set the hostname without a new UTS namespace. Differently, the HOSTNAME environment variable is always set. When --uts=host is used, HOSTNAME gets the value from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1280 Approved by: baude
* Added helper function for libpod pod api callshaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* CreatePod args now PodCreate structurehaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Added reason to PodContainerErrorhaircommander2018-08-16
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Change batchcontainer to sharedhaircommander2018-08-16
| | | | | | | | | To better reflect it's usage: to share functions between podman and varlink. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* Add Pod API to varlink.haircommander2018-08-16
| | | | | | | | | Including: GetPod, StartPod, StopPod, RestartPod, KillPod, PausePod, UnpausePod, CreatePod, RemovePod, and InspectPod Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1275 Approved by: mheon
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Revert "spec: bind mount /sys only for rootless containers"Giuseppe Scrivano2018-08-16
| | | | | | | | | It breaks "podman run --net=host --uidmap=0:1:70000 --gidmap=0:20000:70000 busybox echo hi" Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1285 Approved by: rhatdan
* Suport format param for varlink CommitQi Wang2018-08-16
| | | | | | | | | We need to pass the image format OCI or docker in the varlink commit command. Signed-off-by: Qi Wang <qiwan@redhat.com> Closes: #1281 Approved by: mheon
* spec: bind mount /sys only for rootless containersGiuseppe Scrivano2018-08-15
| | | | | | | | | root can always mount a new instance. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1279 Approved by: rhatdan
* Fix handling of hostname in --net=hostDaniel J Walsh2018-08-15
| | | | | | | | | Hostname should be set to the hosts hostname when network is none. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1274 Approved by: giuseppe
* pkg/apparmor: use a pipe instead of a tmp fileValentin Rothberg2018-08-14
| | | | | | | | | | Use a pipe instead of a temporary file to load the apparmor profile. This change has a measurable speed improvement for apparmor users. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1262 Approved by: mheon
* pkg/apparmor: move data under Linux/apparmor buildtagsValentin Rothberg2018-08-14
| | | | | | | | | | Move all Linux-related data under the corresponding buildtags to reduce the memory footprint and speed up compilation for non-apparmor builds. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1262 Approved by: mheon
* pkg/apparmor: move all linux-code into apparmor_linux*Valentin Rothberg2018-08-14
| | | | | | | | | For easier maintenance and clearer structure of the code. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1262 Approved by: mheon
* when searching, survive errors for multiple registriesbaude2018-08-14
| | | | | | | | | | | | | when searching multiple registries for images, if we get an error on one of the searches, we should keep going and complete the search. if there is only one search registry however, we will return an error. Resolves: #1255 Signed-off-by: baude <bbaude@redhat.com> Closes: #1257 Approved by: mheon
* rootless: fix user lookup if USER= is not setGiuseppe Scrivano2018-08-08
| | | | | | | | | | | | Lookup the current username by UID if the USER env variable is not set. Reported in: https://github.com/projectatomic/libpod/issues/1092 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1217 Approved by: rhatdan
* Rename varlink socket and interfacebaude2018-08-06
| | | | | | | | | io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
* Make one runtime for the varlink servicebaude2018-08-05
| | | | | | | | | | | | | Rather than making a runtime each time a client hits a varlink endpoint, we now make a single runtime when the varlink service starts up. This fixes a problem where we hit a max inotify limit from CNI. Resolves: #1211 Signed-off-by: baude <bbaude@redhat.com> Closes: #1215 Approved by: rhatdan
* Check for missing arguments in /proc/self/cmdlineAnders F Björklund2018-08-03
| | | | | Closes: #1206 Approved by: giuseppe
* rootless: do not set setgroups to deny when using newuidmapGiuseppe Scrivano2018-08-02
| | | | | | | | | It is required only when directly configuring the user namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1200 Approved by: rhatdan
* Merge pull request #1201 from giuseppe/fix-segfault-rootlessDaniel J Walsh2018-08-02
|\ | | | | rootless: do not segfault if the parent already died
| * rootless: do not segfault if the parent already diedGiuseppe Scrivano2018-08-02
| | | | | | | | | | | | Closes: https://github.com/projectatomic/libpod/issues/1189 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | RFC: Rename Image.PushImage to Image.PushImageToHeuristicDestinationMiloslav Trmač2018-08-01
|/ | | | | | | | | | | | | | | | | | | | | | The goal is to be very explicit about which functions try to heuristically guess what is the expected format of the string. Not quite "shaming" the users, but making sure they stand out. RFC: - Is this at all acceptable? Desirable? - varlink ExportImage says "destination must have transport type"; should it be using alltransports.ParseImageReference + PushImageToReference, then? (While touching the call in cmd/podman, also remove a commented-out older version of the call.) Should not change behavior (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* network: add support for rootless network with slirp4netnsGiuseppe Scrivano2018-07-31
| | | | | | | | | | | slirp4netns is required to setup the network namespace: https://github.com/rootless-containers/slirp4netns Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1156 Approved by: rhatdan
* varlink ImageRemove should always return image IDbaude2018-07-31
| | | | | | | | | | | | | When removing an image via varlink, we should always return the ID of the image even in the case where the image has multiple repository names and one was only untagged. Reported by jhonce during integration testing. Signed-off-by: baude <bbaude@redhat.com> Closes: #1191 Approved by: jwhonce
* Fix godoc comment in pkg/netnsMatthew Heon2018-07-27
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* Fix handling of Linux network namespacesMatthew Heon2018-07-27
| | | | | | | | | | | | | | | | | | | The CNI plugins upstream removed their network namespace creation code, making it a test package only. Copy it into our repository and slightly modify it for our use (most notably, use MNT_DETACH when unmounting namespaces). This new CNI code splits closing and unmounting network namespaces, which allows us to greatly reduce the number of occasions on which we call teardownNetwork() and make more errors in that function fatal instead of warnings. Instead, we can call Close() and just close the open file descriptor in cases where the namespace has already been cleaned up. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* Clear variables used to store options after parsing for every volumeumohnani82018-07-25
| | | | | | | | | | | | If more than one volume was mounted using the --volume flag in podman run, the second and onwards volumes were picking up options of the previous volume mounts defined. Found out that the options were not be cleared out after every volume was parsed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1142 Approved by: mheon
* Merge pull request #1116 from mheon/namespacesDaniel J Walsh2018-07-25
|\ | | | | Add Pod and Container namespaces
| * Add missing runtime.go lines to set namespaceMatthew Heon2018-07-24
| | | | | | | | | | | | Also add namespace to inspect output to verify its presence Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1153 from jwhonce/bug/psgoMatthew Heon2018-07-24
|\ \ | | | | | | Fix varlink API usage of psgo
| * | Fix varlink API usage of psgoJhon Honce2018-07-24
| |/ | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | podman: allow to specify the IPC namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the UTS namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the PID namespace to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | podman: allow to specify the userns to joinGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | network: support ns: prefix to join existing namespaceGiuseppe Scrivano2018-07-24
| | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* | spec: allow container:NAME network modeGiuseppe Scrivano2018-07-24
|/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1145 Approved by: rhatdan
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* rootless: support a per-user mounts.confGiuseppe Scrivano2018-07-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* secrets: parse only one mounts configuration fileGiuseppe Scrivano2018-07-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: allow a per-user registries.conf fileGiuseppe Scrivano2018-07-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: require subids to be presentGiuseppe Scrivano2018-07-16
| | | | | | | | | | | | | | | | | | Most images won't work without multiple ids/gids. Error out immediately if there are no multiple ids available. The error code when the user is not present in /etc/sub{g,u}id looks like: $ bin/podman run --rm -ti alpine echo hello ERRO[0000] No subuid ranges found for user "gscrivano" Closes: https://github.com/projectatomic/libpod/issues/1087 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1097 Approved by: rhatdan
* Only print container size JSON if --size was requestedMatthew Heon2018-07-13
| | | | | | | To do this, move it into a separate struct, and embed that in the JSON we return. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1091 from giuseppe/rootless-unshare-mount-nsDaniel J Walsh2018-07-13
|\ | | | | rootless: unshare mount namespace
| * rootless: unshare mount namespaceGiuseppe Scrivano2018-07-13
| | | | | | | | | | | | | | | | | | | | | | unshare the mount namespace as well when creating an user namespace so that we are the owner of the mount namespace and we can mount FUSE file systems on Linux 4.18. Tested on Fedora Rawhide: podman --storage-opt overlay.fuse_program=/usr/bin/fuse-overlayfs run alpine echo hello hello Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1075 from giuseppe/rootless-no-symlinks-into-storage-pathDaniel J Walsh2018-07-13
|\ \ | | | | | | rootless: fix usage on Fedora Silverblue/CoreOS
| * | rootless: correctly propagate the exit status from the containerGiuseppe Scrivano2018-07-13
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Added full podman pod ps, with tests and man pagehaircommander2018-07-13
| | | | | | | | | | | | Signed-off-by: haircommander <pehunt@redhat.com>
* | | Podman pod create/rm commands with man page and tests.haircommander2018-07-13
| |/ |/| | | | | | | | | Includes a very stripped down version of podman pod ps, just for testing Signed-off-by: haircommander <pehunt@redhat.com>