summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #14324 from anjannath/qemu-testopenshift-ci[bot]2022-06-14
|\ | | | | [macos: podman-machine] look for firmware (edk2-code-fd) based on the path of qemu binary
| * look for firmware based on the path of qemu binaryAnjan Nath2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | this allows users to use a qemu installation that is not in the default /usr/local/bin location a user can configure engine.helper_binaries_dir key or update PATH to include the installation location to find the qemu binary [NO NEW TESTS NEEDED] Signed-off-by: Anjan Nath <kaludios@gmail.com>
* | Merge pull request #14561 from rhatdan/VENDORopenshift-ci[bot]2022-06-14
|\ \ | | | | | | Update vendor of containers/buildah
| * | Update vendor of containers/buildahDaniel J Walsh2022-06-13
| | | | | | | | | | | | | | | | | | | | | | | | Changes since 2022-05-31: - add --omit-history option (buildah PR 4028) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14580 from jakecorrenti/stats-on-non-running-containeropenshift-ci[bot]2022-06-14
|\ \ \ | |/ / |/| | Non-running containers now report statistics via the `podman stats`
| * | Non-running containers now report statistics via the `podman stats`Jake Correnti2022-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command Previously, if a container was not running, and the user ran the `podman stats` command, an error would be reported: `Error: container state improper`. Podman now reports stats as the fields' default values for their respective type if the container is not running: ``` $ podman stats --no-stream demo ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU % 4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00% ``` Closes: #14498 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | Merge pull request #14563 from ashley-cui/qemuopenshift-ci[bot]2022-06-13
|\ \ \ | | | | | | | | Fix M1 QEMU flags
| * | | Fix M1 QEMU flagsAshley Cui2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling QEMU, the CPU arch should be host, and highmem should be on, or else the VM start fails. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #14560 from rhatdan/remoteOpenShift Merge Robot2022-06-13
|\ \ \ \ | | | | | | | | | | podman-remote push --remove-signatures support
| * | | | podman-remote push --remove-signatures supportDaniel J Walsh2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I don't see a reason why we don't support --remove-signatures from remote push, so adding support. Fixes: https://github.com/containers/podman/issues/14558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #14469 from shanesmith/prevent-simultaneous-machine-startsOpenShift Merge Robot2022-06-09
|\ \ \ \ | | | | | | | | | | Prevent simultaneous machine starts
| * | | | Introduce 'Starting' status for machinesShane Smith2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The State() function now returns machine.Starting status instead of an empty string if the VM is in the process of starting. - The `CheckExclusiveActiveVM()` function returns `true` to prevent starting a VM while another is in the process of starting. - `podman machine ls` displays "Currently starting" under "Last Up" for the starting VM - `podman machine ls` supports `{{.Starting}}` boolean field in the format - `podman machine inspect` displays "starting" in the "State" field for the starting VM Signed-off-by: Shane Smith <shane.smith@shopify.com>
| * | | | Prevent simultaneous machine startsShane Smith2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running `podman machine start` twice at the same time in different terminals, for example, will make the second invocation fail and the first one hang. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | Merge pull request #14480 from cdoern/infraOpenShift Merge Robot2022-06-09
|\ \ \ \ \ | |_|/ / / |/| | | | patch for pod host networking & other host namespace handling
| * | | | patch for pod host networking & other host namespace handlingcdoern2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this patch included additonal host namespace checks when creating a ctr as well as fixing of the tests to check /proc/self/ns/net see #14461 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #14549 from Luap99/compat-createOpenShift Merge Robot2022-06-09
|\ \ \ \ \ | | | | | | | | | | | | compat api: fix regressions from "Swagger refactor/cleanup"
| * | | | | compat api: fix regressions from "Swagger refactor/cleanup"Paul Holzinger2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For some reason commit 5b79cf15a022 moved the container create options parsing from cmd/podman/common to pkg/api/handlers. However it did not remove the old code. Unfortunately it moved the code from an outdated version and did not update it before this commit was merged. Therefore a couple of regressions were introduced. I manually compared both versions and found three missing bugfixes. I fixed the network test again that was changed in bce97a3b5dd1. We want bridge as default even as rootless. Sine the test is not run as rootless in CI the regression was not caught. Also the no hosts test never worked since it was missing the import check if the hosts file exists. I don't think we can check for the volume parsing change since this only works on windows/wsl. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | Merge pull request #14542 from hshiina/restore-filelockOpenShift Merge Robot2022-06-09
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Pass '--file-locks' to OCI runtime at restoring
| * | | | | Pass '--file-locks' to OCI runtime at restoringHironori Shiina2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman container restore --file-locks` does not restore file locks because this option is not passed to OCI runtime. This patch fixes this issue. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | | | | Merge pull request #14484 from marshall-lee/test/manifest-pushOpenShift Merge Robot2022-06-08
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Add missing tests for manifests API
| * | | | | Add missing tests for manifests APIVladimir Kochnev2022-06-07
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also: - It fixes a regression in parsing "images" parameter in ManifestAddV3 handler. - Refactors 12-imagesMore.at to use start_registry helper. - Removes some unsafe "exit 1" statements which skip clean up. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | | | | Merge pull request #14220 from Luap99/resolvconfOpenShift Merge Robot2022-06-07
|\ \ \ \ \ | | | | | | | | | | | | use resolvconf package from c/common/libnetwork
| * | | | | use resolvconf package from c/common/libnetworkPaul Holzinger2022-06-07
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman and Buildah should use the same code the generate the resolv.conf file. This mostly moved the podman code into c/common and created a better API for it so buildah can use it as well. [NO NEW TESTS NEEDED] All existing tests should continue to pass. Fixes #13599 (There is no way to test this in CI without breaking the hosts resolv.conf) Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * | | | | Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | | Infra Inheritance patchcdoern2022-06-07
| |/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves #14454 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14453 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | flouthoc/support-additional-build-context-on-remote remote: enable support for additional `--build-context` on macOS and remote
| * | | | | podman-remote: enable support for additional build-context on macOS, remoteAditya R2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Feature of additional build context added here https://github.com/containers/buildah/pull/3978 already exists on `podman` following PR just enables this feature of `podman-remote` and `podman on macOS` setups. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | Merge pull request #14466 from mheon/fix_9075OpenShift Merge Robot2022-06-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | Improve robustness of `podman system reset`
| * | | | | | Improve robustness of `podman system reset`Matthew Heon2022-06-03
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Firstly, reset is now managed by the runtime itself as a part of initialization. This ensures that it can be used even with runtimes that would otherwise fail to be created - most notably, when the user has changed a core path (runroot/root/tmpdir/staticdir). Secondly, we now attempt a best-effort removal even if the store completely fails to be configured. Third, we now hold the alive lock for the entire reset operation. This ensures that no other Podman process can start while we are running a system reset, and removes any possibility of a race where a user tries to create containers or pull images while we are trying to perform a reset. [NO NEW TESTS NEEDED] we do not test reset last I checked. Fixes #9075 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | | Using logDriver instead of query.LogDriver for podman play kubeNiall Crowe2022-06-03
| |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Quick fix in play.go to use logDriver to set the correct log driver rather than overwriting query.LogDriver. [NO NEW TESTS NEEDED] Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | | | Merge pull request #14470 from shanesmith/machine-force-remove-doesnt-stopOpenShift Merge Robot2022-06-03
|\ \ \ \ \ | | | | | | | | | | | | Stop machine before force removing files
| * | | | | Stop machine before force removing filesShane Smith2022-06-02
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In #13466 the ability to force remove a machine while it's running was added but it did not first stop the machine, all files get deleted but the qemu VM would essentially be orphaned. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* / | | | fix pod network handling with a host networkcdoern2022-06-02
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves #13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ \ \ \ | | | | | | | | | | Support setting image_volume_mode in containers.conf
| * | | | Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #14436 from Luap99/net-remote-defaultOpenShift Merge Robot2022-06-02
|\ \ \ \ \ | | | | | | | | | | | | pkg/specgen: parse default network mode on server
| * | | | | pkg/specgen: parse default network mode on serverPaul Holzinger2022-06-01
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman-remote is used we should not resolve the default network mode on the client. Defaults should be set on the server. In this case this is important because we have different defaults for root/rootless. So when the client is rootless and the server is root we must pick the root default. Note that this already worked when --network was set since we did not parsed the flag in this case. To reproduce you need --network=default. Also removed a unused function. [NO NEW TESTS NEEDED] I tested it manually but I am not sure how I can hook a test like this up in CI. The client would need to run as rootless and the server as root or the other way around. Fixes #14368 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14344 from cdoern/podCreateOpenShift Merge Robot2022-06-02
|\ \ \ \ \ | | | | | | | | | | | | podman pod create --uidmap patch
| * | | | | podman pod create --uidmap patchcdoern2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | Merge pull request #14417 from Luap99/machine-sshOpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman machine ssh: set correct exit code
| * | | | | | podman machine ssh: do not print warning everytimePaul Holzinger2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currenlty this ssh warning is printed everytime: `Warning: Permanently added '[localhost]:33915' (ED25519) to the list of known hosts.` Since this is very anoying and makes it harder to capture the actual command output we should silence this. With log level error we will only see the important messages from ssh. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | podman machine ssh: set correct exit codePaul Holzinger2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Forward the ssh exit code to the podman caller. This is useful for scripts. Use the same logic as podman unshare. Fixes #14401 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | | fix bad import path for cmd/podman/utilsPaul Holzinger2022-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod or packages under /pkg should never import from /cmd/... This will quickly result in import cycles and weird code paths. Also there is no reason to use this special code we can just use syscall.SIGHUB as SIGNAL. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | | | Merge pull request #14448 from baude/issue14231OpenShift Merge Robot2022-06-02
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | expose podman.sock in machine inspect
| * | | | | | expose podman.sock in machine inspectBrent Baude2022-06-01
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For consumers of the podman.sock who want a predictable way to find the podman sock, we now include it under 'ConnectionConfig' in podman machine inspect. Fixes: #14231 Signed-off-by: Brent Baude <bbaude@redhat.com>
* / | | | | Removed `imageStream` hardcoded valueJake Correnti2022-06-01
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Removed `imageStream` hardcoded value that was set to testing. Since podman4 is in the fcos trees, it should be removed. The respective comments have also been removed. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* / / / / Podman no-new-privileges formatNiall Crowe2022-05-30
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>