summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Set default rule at the head of device configurationHironori Shiina2022-03-07
| | | | | | | | The default rule should be set at the head of device configuration. Otherwise, rules for user devices are overridden by the default rule so that any access to the user devices are denied. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* Merge pull request #13409 from baude/virtfsdarwinOpenShift Merge Robot2022-03-07
|\ | | | | MacOS improvements
| * MacOS improvementsBrent Baude2022-03-07
| | | | | | | | | | | | | | | | * Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu. * Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #13414 from rvandernoort/exec_delayOpenShift Merge Robot2022-03-07
|\ \ | |/ |/| Add ExitCommandDelay configuration use in API exec handler
| * Add ExitCommandDelay configuration use in API exec handlerRover van der Noort2022-03-04
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Rover van der Noort <s.r.vandernoort@student.tudelft.nl>
* | Merge pull request #13442 from tricktron/rm-mounted-host-socket-on-macosOpenShift Merge Robot2022-03-07
|\ \ | | | | | | `podman machine rm` removes the mounted socket file on macOS
| * | Fixes: #13301 ("machine rm removes the mounted socket file on macos")Thibault Gagnaux2022-03-06
| |/ | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
* / Throw an error if kube yaml has duplicate ctr namesUrvashi Mohnani2022-03-04
|/ | | | | | | Error out if the kube yaml passed to play kube has more than one container or init container with the same name. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Revert "use GetRuntimeDir() from c/common"Brent Baude2022-03-01
| | | | | | | | This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add podman volume mount supportDaniel J Walsh2022-02-28
| | | | | | Fixes: https://github.com/containers/podman/issues/12768 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13325 from xordspar0/configmap-error-msgOpenShift Merge Robot2022-02-24
|\ | | | | Improve the error message for usused configMaps
| * Improve the error message for usused configMapsJordan Christiansen2022-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you run `podman play kube` on a yaml file that only contains configMaps, podman will fail with the error: Error: YAML document does not contain any supported kube kind This is not strictly true; configMaps are a supported kube kind. The problem is that configMaps aren't a standalone entity. They have to be used in a container somewhere, otherwise they don't do anything. This change adds a new message in the case when there only configMaps resources. It would be helpful if podman reported which configMaps are unused on every invocation of kube play. However, even if that feedback were added, this new error messages still helpfully explains the reason that podman is not creating any resources. [NO NEW TESTS NEEDED] Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #13157 from ydayagi/mainOpenShift Merge Robot2022-02-23
|\ \ | | | | | | play kube: set defaults to container resources
| * | play kube: set defaults to container resourcesYaron Dayagi2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this fixes https://github.com/containers/podman/issues/13115 the change tries to immitate k8s behavior. when limits are not set the container's limits are all CPU and all RAM when requests are missing then they are equal to limits Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* | | Merge pull request #13314 from flouthoc/container-commit-squashOpenShift Merge Robot2022-02-23
|\ \ \ | |_|/ |/| | container-commit: support `--squash` to squash layers into one if users want.
| * | container-commit: support --squash to squash layers into oneAditya R2022-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to commit containers into a single layer. Usage ```bash podman container commit --squash <name> ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | kube: honor mount propagation modeGiuseppe Scrivano2022-02-23
| |/ |/| | | | | | | | | | | convert the propagation mode specified for the mount to the expected Linux mount option. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ \ | |/ |/| Implement Podman Container Clone
| * Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #13286 from flouthoc/kube-build-false-defaultOpenShift Merge Robot2022-02-21
|\ \ | | | | | | kube: honor `--build=false` if specified.
| * | kube: honor --build=false and make --build=true by defaultAditya R2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* | | use GetRuntimeDir() from c/commonPaul Holzinger2022-02-21
|/ / | | | | | | | | | | | | | | | | To prevent duplication and potential bugs we should use the same GetRuntimeDir function that is used in c/common. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13228 from giuseppe/idmap-optionsOpenShift Merge Robot2022-02-17
|\ \ | | | | | | pkg: support passing down options for idmap
| * | pkg: support passing down options for idmapGiuseppe Scrivano2022-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] the feature is still being worked in crun: https://github.com/containers/crun/pull/874 also needs: https://github.com/containers/common/pull/927 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Calculate device major/minor using bitshiftRobb Manes2022-02-16
| |/ |/| | | | | | | | | | | | | | | | | Previously, devices with a major/minor number >256 would fail to be detected. Switch to using bitwise conversion (similar to sys/sysmacros in C). [NO NEW TESTS NEEDED] Signed-off-by: Robb Manes <robbmanes@protonmail.com>
* | Update to podman4 copr streamJason T. Greene2022-02-16
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Introduce podman machine init --root=t|f and podman machine set --root=t|fJason T. Greene2022-02-16
| | | | | | | | | | | | Switch default to rootless for mac and windows Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Initial implementation of mac forwarding using a privileged docker sock ↵Jason T. Greene2022-02-16
|/ | | | | | claim helper Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* Merge pull request #13209 from esendjer/mainOpenShift Merge Robot2022-02-14
|\ | | | | ignition: propagate proxy settings from a host into a vm
| * ignition: propagate proxy settings from a host into a vmesendjer2022-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
* | Merge pull request #13220 from baude/podman4fcosOpenShift Merge Robot2022-02-14
|\ \ | | | | | | Temporarily pull machine images from side repo
| * | Temporarily pull machine images from side repoBrent Baude2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Until podman4 is in the fcos trees, we need to pull the machine images from a side repository. There is a hard coded bit that forces the side repo download right now. Simple comment or removal of the bit will revert to normal download behavior. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13214 from adrianreber/2022-02-11-fix-testsOpenShift Merge Robot2022-02-11
|\ \ \ | | | | | | | | Fix checkpoint/restore pod tests
| * | | Fix checkpoint/restore pod testsAdrian Reber2022-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #13210 from rhatdan/buildOpenShift Merge Robot2022-02-11
|\ \ \ \ | |_|/ / |/| | | Make sure building with relative paths work correctly.
| * | | Make sure building with relative paths work correctly.Daniel J Walsh2022-02-10
| |/ / | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / Add 409 response to swagger godocJhon Honce2022-02-10
|/ / | | | | | | | | | | | | | | | | When attempting to create a network with a name that already exists, a 409 status code will be returned [NO NEW TESTS NEEDED] Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Add version guard to libpod API endpointsJhon Honce2022-02-09
|/ | | | | | | | | * Ensure meaningful behaviour when called with /v3.x.x semantics * Change return code to 409 from 500 when client attempts to use an existing network name * Update API bats test runner to support /v4.0.0 endpoints by default Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13142 from tmds/ImageCreate_200_schemaOpenShift Merge Robot2022-02-09
|\ | | | | [CI:DOCS] Add schema for ImageCreate 200 response.
| * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.Tom Deseyn2022-02-09
| | | | | | | | Signed-off-by: Tom Deseyn <tom.deseyn@gmail.com>
* | idmap should be able to be specified along with other optionsDaniel J Walsh2022-02-08
| | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] crun is not available everywhere to test idmap. Kernel might not be recent enough and not all file systems support idmap option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | compat: endpoint /build must set header content type as application/json in ↵Aditya R2022-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | reponse Lot of clients are expecting proper `Content-type: application/json` configured in response headers of `/build` compat api. Following commit fixes that. Fixes issues where code is setting header field after writing header which is wrong. We must set `content-type` before we write and flush http header. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #12930 from cdoern/podCgroupOpenShift Merge Robot2022-02-04
|\ \ | |/ |/| Podman pod create --share-parent vs --share=cgroup
| * Podman pod create --share-parent vs --share=cgroupcdoern2022-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | separated cgroupNS sharing from setting the pod as the cgroup parent, made a new flag --share-parent which sets the pod as the cgroup parent for all containers entering the pod remove cgroup from the default kernel namespaces since we want the same default behavior as before which is just the cgroup parent. resolves #12765 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #13117 from Luap99/resolvOpenShift Merge Robot2022-02-03
|\ \ | | | | | | Revert "Move each search dns to its own line"
| * | Revert "Move each search dns to its own line"Paul Holzinger2022-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a1bc8cb52cefd49e8cc54ae14d1864b8a1ec216e. Please see resolv.conf(5) search domains must be on the same line. If you use multiple seach key words only the last one is used. I tested this with alpine and it works correctly when they are on the same line so I am not sure what issues Dan had with it but this is not correct. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13121 from ydayagi/resourcefieldrefOpenShift Merge Robot2022-02-03
|\ \ \ | | | | | | | | play kube envVar.valueFrom.resourceFieldRef
| * | | play kube envVar.valueFrom.resourceFieldRefYaron Dayagi2022-02-02
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | add support for env vars values from container resources see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core relates to issue https://github.com/containers/podman/issues/12756 Signed-off-by: Yaron Dayagi <ydayagi@redhat.com>
* / / pkg/bindings/images.Build(): slashify "dockerfile" values, tooNalin Dahyabhai2022-02-02
|/ / | | | | | | | | | | | | | | | | | | | | When the Dockerfile isn't in the root directory of the build context, the client supplies its pathname to the server, but it needs to do so using "/" as the path separator, not the client OS's path separator. CI can't test Windows clients, so [NO NEW TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>