| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\
| |
| | |
MacOS improvements
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu.
* Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Add ExitCommandDelay configuration use in API exec handler
|
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Rover van der Noort <s.r.vandernoort@student.tudelft.nl>
|
|\ \
| | |
| | | |
`podman machine rm` removes the mounted socket file on macOS
|
| |/
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
|
|/
|
|
|
|
|
| |
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|
|
|
|
|
|
|
| |
This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/12768
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Improve the error message for usused configMaps
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you run `podman play kube` on a yaml file that only contains
configMaps, podman will fail with the error:
Error: YAML document does not contain any supported kube kind
This is not strictly true; configMaps are a supported kube kind. The
problem is that configMaps aren't a standalone entity. They have to be
used in a container somewhere, otherwise they don't do anything.
This change adds a new message in the case when there only configMaps
resources. It would be helpful if podman reported which configMaps are
unused on every invocation of kube play. However, even if that feedback
were added, this new error messages still helpfully explains the reason
that podman is not creating any resources.
[NO NEW TESTS NEEDED]
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
|\ \
| | |
| | | |
play kube: set defaults to container resources
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
this fixes https://github.com/containers/podman/issues/13115
the change tries to immitate k8s behavior.
when limits are not set the container's limits are all CPU and all RAM
when requests are missing then they are equal to limits
Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
|
|\ \ \
| |_|/
|/| | |
container-commit: support `--squash` to squash layers into one if users want.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow users to commit containers into a single layer.
Usage
```bash
podman container commit --squash <name>
```
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
convert the propagation mode specified for the mount to the expected
Linux mount option.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Implement Podman Container Clone
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman container clone takes the id of an existing continer and creates a specgen from the given container's config
recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options
this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want
into clone over time allowing the user to clone with as much or as little of the original config as they want.
container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's
the current supported flags are:
--destroy (remove the original container)
--name (new ctr name)
--cpus (sets cpu period and quota)
--cpuset-cpus
--cpu-period
--cpu-rt-period
--cpu-rt-runtime
--cpu-shares
--cpuset-mems
--memory
--run
resolves #10875
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
kube: honor `--build=false` if specified.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`podman play kube` tries to build images even if `--build` is set to
false so lets honor that and make `--build` , `true` by default so it
matches the original behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
To prevent duplication and potential bugs we should use the same
GetRuntimeDir function that is used in c/common.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
pkg: support passing down options for idmap
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED] the feature is still being worked in crun:
https://github.com/containers/crun/pull/874
also needs: https://github.com/containers/common/pull/927
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, devices with a major/minor number >256 would fail to be
detected. Switch to using bitwise conversion (similar to
sys/sysmacros in C).
[NO NEW TESTS NEEDED]
Signed-off-by: Robb Manes <robbmanes@protonmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Switch default to rootless for mac and windows
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|/
|
|
|
|
| |
claim helper
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|\
| |
| | |
ignition: propagate proxy settings from a host into a vm
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Set proxy settings (such as `HTTP_PROXY`, and others)
for the whole guest OS with setting up `DefaultEnvironment`
with a `systemd` configuration file `default-env.conf`,
a `profile.d` scenario file - `default-env.sh` and
a `environment.d` configuration file `default-env.conf`
The **actual** environment variables are read by podman
at a start, then they are encrypted with base64 into
a single string and after are provided into a VM through
QEMU Firmware Configuration (fw_cfg) Device
Inside a VM a systemd service `envset-fwcfg.service`
reads the providead encrypted string from fw_cfg, decrypts
and then adds to the files
- `/etc/systemd/system.conf.d/default-env.conf`
- `/etc/profile.d/default-env.sh`
- `/etc/environment.d/default-env.conf`
At the end this service execute `systemctl daemon-reload`
to propagate new variables for systemd manager
[NO NEW TESTS NEEDED]
Closes #13168
Signed-off-by: esendjer <esendjer@gmail.com>
|
|\ \
| | |
| | | |
Temporarily pull machine images from side repo
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Until podman4 is in the fcos trees, we need to pull the machine images
from a side repository. There is a hard coded bit that forces the
side repo download right now. Simple comment or removal of the bit will
revert to normal download behavior.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix checkpoint/restore pod tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Checkpoint/restore pod tests are not running with an older runc and now
that runc 1.1.0 appears in the repositories it was detected that the
tests were failing. This was not detected in CI as CI was not using runc
1.1.0 yet.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Make sure building with relative paths work correctly.
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/12763
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
When attempting to create a network with a name that already exists,
a 409 status code will be returned
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
* Ensure meaningful behaviour when called with /v3.x.x semantics
* Change return code to 409 from 500 when client attempts to use an
existing network name
* Update API bats test runner to support /v4.0.0 endpoints by default
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
[CI:DOCS] Add schema for ImageCreate 200 response.
|
| |
| |
| |
| | |
Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED] crun is not available everywhere to test idmap.
Kernel might not be recent enough and not all file systems support
idmap option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
reponse
Lot of clients are expecting proper `Content-type: application/json`
configured in response headers of `/build` compat api. Following commit
fixes that.
Fixes issues where code is setting header field after writing header
which is wrong. We must set `content-type` before we write and flush
http header.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| |/
|/| |
Podman pod create --share-parent vs --share=cgroup
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
separated cgroupNS sharing from setting the pod as the cgroup parent,
made a new flag --share-parent which sets the pod as the cgroup parent for all
containers entering the pod
remove cgroup from the default kernel namespaces since we want the same default behavior as before which is just the cgroup parent.
resolves #12765
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
Revert "Move each search dns to its own line"
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit a1bc8cb52cefd49e8cc54ae14d1864b8a1ec216e.
Please see resolv.conf(5) search domains must be on the same line. If
you use multiple seach key words only the last one is used. I tested this
with alpine and it works correctly when they are on the same line so I
am not sure what issues Dan had with it but this is not correct.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
play kube envVar.valueFrom.resourceFieldRef
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add support for env vars values from container resources
see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
relates to issue https://github.com/containers/podman/issues/12756
Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the Dockerfile isn't in the root directory of the build context,
the client supplies its pathname to the server, but it needs to do so
using "/" as the path separator, not the client OS's path separator.
CI can't test Windows clients, so
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|