summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* specgen, cgroup2: check whether memory swap is enabledGiuseppe Scrivano2020-10-30
| | | | | | add a similar check to what we do on cgroup v1. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* specgen: split cgroup v1 and cgroup v2 codeGiuseppe Scrivano2020-10-30
| | | | | | refactor function into two separate ones. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ | | | | new "image" mount type
| * new "image" mount typeValentin Rothberg2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Move from docker.io
| * | move from docker.ioEd Santiago2020-10-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8178 from rhatdan/existsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | NewFromLocal can return multiple images
| * | NewFromLocal can return multiple imagesDaniel J Walsh2020-10-28
| |/ | | | | | | | | | | | | | | | | | | If you use additional stores and pull the same image into writable stores, you can end up with the situation where you have the same image twice. This causes image exists to return the wrong error. It should return true in this situation rather then an error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8173 from giuseppe/improve-cannot-reexec-errorOpenShift Merge Robot2020-10-29
|\ \ | | | | | | rootless: improve error message if cannot join namespaces
| * | rootless: improve error message if cannot join namespacesGiuseppe Scrivano2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | if podman failed to join the rootless namespaces, give users a better errror message and possible solution. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1891220 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8161 from afbjorklund/podman-remote-host-hashOpenShift Merge Robot2020-10-29
|\ \ \ | |_|/ |/| | Support hashed hostnames in the known_hosts file
| * | Support hashed hostnames in the known_hosts fileAnders F Björklund2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | Some systems have "HashKnownHosts yes" in their ssh_config This causes entries in the ssh known_hosts to be hashed (|) Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* | | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ \ | | | | | | | | Add pod, volume, network to inspect package
| * | | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #8141 from afbjorklund/podman-remote-host-port-masterOpenShift Merge Robot2020-10-27
|\ \ \ \ | | | | | | | | | | Add support for host keys for non-22 ports
| * | | | Add support for host keys for non-22 portsAnders F Björklund2020-10-25
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | When not using the standard SSH port (22), the port is appended to the hostname (in brackets) like so: "host" -> "[host]:1234" Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com> (cherry picked from commit 8794e8db1ce3088d633911454d6d36c4e939e126)
* | | | Merge pull request #8151 from vrothberg/fix-8148OpenShift Merge Robot2020-10-27
|\ \ \ \ | |_|/ / |/| | | image list: check for all errors
| * | | image list: check for all errorsValentin Rothberg2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For unknown historical reasons, some errors were ignored when listing images. I assume that the basic assumption was that if we can properly list images, we can also successfully compute their sizes which turned out to be wrong. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | The cidfile should be created when the container is createdDaniel J Walsh2020-10-26
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you run an interactive session of podman run and specifiy the --cidfile option, the cidfile will not get created until the container finishes running. If you run a detached container, it will get created right away. This Patch creates the cidfile as soon as the container is created. This could allow other tools to use the cidefile on all running containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
|/ / | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8109 from matejvasek/inspect-apiv2-rootfsOpenShift Merge Robot2020-10-23
|\ \ | | | | | | fix: /image/{name or id}/json returns RootFS layers
| * | src: nil checkMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | src: add nil checksMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
| * | fix: /image/{name}/json returns RootFS layersMatej Vasek2020-10-22
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #8078 from baude/networkdisconnectOpenShift Merge Robot2020-10-22
|\ \ \ | |/ / |/| | APIv2 compatibility network connect|disconnect
| * | APIv2 compatibility network connect|disconnectbaude2020-10-22
| | | | | | | | | | | | | | | | | | Add endpoints for the compat layer for network connect and disconnect. As of now, these two endpoints do nothing to change the network state of a container. They do some basic data verification and return the proper 200 response. This at least allows for scripts to work on the compatibility layer instead of getting 404s. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8098 from vrothberg/fix-8082OpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | container create: record correct image name
| * | | container create: record correct image nameValentin Rothberg2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the correct image name when creating a container by using the resolved image name if present. Otherwise, default to using the first available name or an empty string in which case the image must have been referenced by ID. Fixes: #8082 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | Allow save image remove-signatures
| * | | | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #8104 from baude/setnetworkdriverdefaultOpenShift Merge Robot2020-10-22
|\ \ \ \ \ | |_|_|/ / |/| | | | set compat network driver default
| * | | | set compat network driver defaultbaude2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the compatibility endpoint for creating a network, if the driver is not provided, we need to set it to the default network driver ... which is bridge. Signed-off-by: baude <bbaude@redhat.com>
* | | | | Merge pull request #7772 from TomSweeneyRedHat/dev/tsweeney/splitnOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | |/ / / / |/| | | | Convert Split() calls with an equal sign to SplitN()
| * | | | Convert Split() calls with an equal sign to SplitN()TomSweeneyRedHat2020-10-13
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After seeing #7759, I decided to look at the calls in Podman and Buildah to see if we had issues with strings.Split() calls where an "=" (equals) sign was in play and we expected to split on only the first one. There were only one or two that I found in here that I think might have been troubling, the remainder are just adding some extra safety. I also had another half dozen or so that were checking length expectations appropriately, those I left alone. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | | Merge pull request #8083 from crunchtime-ali/add-eol-to-compat-logOpenShift Merge Robot2020-10-21
|\ \ \ \ | |_|_|/ |/| | | Add EOL to compat container logs
| * | | Add EOL to compat container logsAlexander Zigelski2020-10-21
| | |/ | |/| | | | | | | Signed-off-by: Alexander Zigelski <ali@crunchtime.dev>
* | | Merge pull request #8022 from baude/compatapitospecgenOpenShift Merge Robot2020-10-21
|\ \ \ | |/ / |/| | refactor api compatibility container creation to specgen
| * | refactor api compatibility container creation to specgenbaude2020-10-20
| | | | | | | | | | | | | | | | | | when using the compatibility layer to create containers, it used code paths to the pkg/spec which is the old implementation of containers. it is error prone and no longer being maintained. rather that fixing things in spec, migrating to specgen usage seems to make the most sense. furthermore, any fixes to the compat create will not need to be ported later. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8042 from rhatdan/tlsverifyOpenShift Merge Robot2020-10-20
|\ \ \ | | | | | | | | --tls-verify and --authfile should work for all remote commands
| * | | --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8067 from mheon/net_host_hostsOpenShift Merge Robot2020-10-20
|\ \ \ \ | | | | | | | | | | Ensure that hostname is added to hosts with net=host
| * | | | Ensure that hostname is added to hosts with net=hostMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container uses --net=host the default hostname is set to the host's hostname. However, we were not creating any entries in `/etc/hosts` despite having a hostname, which is incorrect. This hostname, for Docker compat, will always be the hostname of the host system, not the container, and will be assigned to IP 127.0.1.1 (not the standard localhost address). Also, when `--hostname` and `--net=host` are both passed, still use the hostname from `--hostname`, not the host's hostname (we still use the host's hostname by default in this case if the `--hostname` flag is not passed). Fixes #8054 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | | Merge pull request #7999 from mheon/signal_handlerOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | |_|_|/ / |/| | | | Add a shutdown signal handler
| * | | | Enforce LIFO ordering for shutdown handlersMatthew Heon2020-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows us to run both the Libpod and Server handlers at the same time without unregistering one. Also, pass the signal that killed us into the handlers, in case they want to use it to determine what to do (e.g. what exit code to set). Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Enable masking stop signals within container creationMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the use of the Shutdown package such that we now use it to handle signals any time we run Libpod. From there, add code to container creation to use the Inhibit function to prevent a shutdown from occuring during the critical parts of container creation. We also need to turn off signal handling when --sig-proxy is invoked - we don't want to catch the signals ourselves then, but instead to forward them into the container via the existing sig-proxy handler. Fixes #7941 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | | | Add a shutdown handler packageMatthew Heon2020-10-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need a unified package for handling signals that shut down Libpod and Podman. We need to be able to do different things on receiving such a signal (`system service` wants to shut down the service gracefully, while most other commands just want to exit) and we need to be able to inhibit this shutdown signal while we are waiting for some critical operations (e.g. creating a container) to finish. This takes the first step by defining the package that will handle this. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | | Merge pull request #8069 from matejvasek/fix-memswapOpenShift Merge Robot2020-10-20
|\ \ \ \ \ | | | | | | | | | | | | fix: neutral value for MemorySwappiness
| * | | | | fix: neutral value for MemorySwappinessMatej Vasek2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | | | | Merge pull request #8043 from saschagrunert/hostport-fixOpenShift Merge Robot2020-10-20
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix host to container port mapping for simple ranges
| * | | | | Fix host to container port mapping for simple rangesSascha Grunert2020-10-19
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the issue that a simple port range should map to a random port range from the host to the container, if no host port range is specified. For example this fails without applying the patch: ``` > podman run -it -p 6000-6066 alpine Error: cannot listen on the TCP port: listen tcp4 :53: bind: address already in use ``` The issue is that only the first port is randomly chosen and all following in the range start by 0 and increment. This is now fixed by tracking the ranges and then incrementing the random port if necessary. Signed-off-by: Sascha Grunert <sgrunert@suse.com>