summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #13505 from rst0git/checkpoint-image-1OpenShift Merge Robot2022-04-21
|\ | | | | Add support for checkpoint image
| * Add support for checkpoint imageRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement proposal for the checkpoint / restore feature of Podman that enables container migration across multiple systems with standard image distribution infrastructure. A new option `--create-image <image>` has been added to the `podman container checkpoint` command. This option tells Podman to create a container image. This is a standard image with a single layer, tar archive, that that contains all checkpoint files. This is similar to the current approach with checkpoint `--export`/`--import`. This image can be pushed to a container registry and pulled on a different system. It can also be exported locally with `podman image save` and inspected with `podman inspect`. Inspecting the image would display additional information about the host and the versions of Podman, criu, crun/runc, kernel, etc. `podman container restore` has also been extended to support image name or ID as input. Suggested-by: Adrian Reber <areber@redhat.com> Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | systemd socker activation: check listenerPaul Holzinger2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | activation.Listeners() can return an net.Listener array which contains nil entries if it cannot listen on the given fds. This can cause podman to panic so we should check the we have non nil net.Listener first. [NO NEW TESTS NEEDED] No idea how to reproduce this. Fixes #13911 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | system service: remove unnecessary pointer to listnerPaul Holzinger2022-04-21
|/ | | | | | | Since the listener is already an interface there is no reason to use a extra pointer for it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #13928 from flouthoc/healthcheck-defaultsOpenShift Merge Robot2022-04-20
|\ | | | | healthcheck: set default healthcheck `Interval` if not specified in image
| * healthcheck: set default healthcheck Interval if not specified in imageAditya R2022-04-20
| | | | | | | | | | | | | | Set appropriate defaults for `--interval` when processing a Containerfile with build format as docker. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13885 from n1hility/fix-wsl-rootlessOpenShift Merge Robot2022-04-20
|\ \ | |/ |/| Respect "Rootful" when starting WSL API Forwarding
| * Respect "Rootful" when starting WSL API ForwardingJason T. Greene2022-04-15
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Translate Memory Limit to Swap in APIcdoern2022-04-18
| | | | | | | | | | | | | | | | | | in specgen, CLI path uses the given memory limit to define the swap value (if not already specified) add a route to this piece of code from within the api handlers resolves #13145 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #13583 from rhatdan/ipcOpenShift Merge Robot2022-04-16
|\ \ | | | | | | Add support for ipc namespace modes "none, private, sharable"
| * | Add support for ipc namespace modes "none, private, sharable"Daniel J Walsh2022-04-12
| | | | | | | | | | | | | | | | | | Fixes: #13265 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13868 from cdoern/cloneSwapOpenShift Merge Robot2022-04-15
|\ \ \ | |_|/ |/| | Fix Memory Swappiness passing in Container Clone
| * | Fix Memory Swappiness passing in Container Clonecdoern2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | `DefineCreateFlags` was excluding clone from using the memory-swappiness flag leading the value to be zero when our deafult is -1. Rearrange the if/else to give clone these memory related options resolves #13856 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #13616 from giuseppe/passwd-entryOpenShift Merge Robot2022-04-14
|\ \ \ | | | | | | | | run, create: add --passwd-entry
| * | | run, create: add --passwd-entryGiuseppe Scrivano2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It allows to customize the entry that is written to the `/etc/passwd` file when --passwd is used. Closes: https://github.com/containers/podman/issues/13185 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #13872 from vrothberg/revert-sizeOpenShift Merge Robot2022-04-14
|\ \ \ \ | |/ / / |/| | | Revert "images --size"
| * | | Revert "images --size"Valentin Rothberg2022-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit e133a06d2f4a3e94bfbd60b647046f2f515c9c24. @nalind found a proper fix in c/storage [1] to address the performance issue. So we really don't need the flag anymore. Note the flag has never made it into any release. [1] https://github.com/containers/storage/commit/d76b3606fc9ca975bf436379f91105f0fac1555f Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13863 from mheon/stopped_can_attachOpenShift Merge Robot2022-04-14
|\ \ \ \ | | | | | | | | | | Allow HTTP attach to stopped containers
| * | | | Allow HTTP attach to stopped containersMatthew Heon2022-04-13
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's a potential race condition where we attempt to attach to a container immediately after it's been stopped, but before the cleanup process has run on it. The existing code doesn't allow an attach to containers in the Stopped state (cleanup process has not run) but does allow an attach to containers in the Exited state (cleanup process has run). This doesn't make very much sense and there's no technical reason to restrict attach to only Exited containers, so allow attaching to Stopped containers. [NO NEW TESTS NEEDED] Testing this is very racy - we need to get in before the cleanup process runs, which isn't really deterministic when we're invoked from a script - like the CI tests. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #13829 from baude/machineinspectOpenShift Merge Robot2022-04-13
|\ \ \ \ | |/ / / |/| | | Introduce machine inspect
| * | | Introduce machine inspectBrent Baude2022-04-12
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to inspect their podman virtual machines. This will be helpful for debug and development alike, because more details about the machine can be collected. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #13814 from rhatdan/systemdOpenShift Merge Robot2022-04-12
|\ \ \ | | | | | | | | Pretty print systemd services file
| * | | Pretty print systemd services fileAbhijeet Kasurde2022-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: #13337 I added newline only on options IE Begin with "-" [NO NEW TESTS NEEDED] Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13787 from Luap99/nohost-apiOpenShift Merge Robot2022-04-12
|\ \ \ \ | |_|_|/ |/| | | API: use no_hosts from containers.conf
| * | | API: use no_hosts from containers.confPaul Holzinger2022-04-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The API endpoints should properly honour the `no_hosts=true` setting in containers.conf. Fixes #13719 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13788 from flouthoc/support-volume-optsOpenShift Merge Robot2022-04-12
|\ \ \ \ | |_|_|/ |/| | | run, mount: allow setting driver specific option using `volume-opt=`
| * | | run, mount: allow setting driver specific option using volume-optAditya R2022-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `--mount` should allow setting driver specific options using `volume-opt` when `type=volume` is set. This ensures parity with docker's `volume-opt`. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | machine,rm: Ignore ENOENT while cleaning machineAditya R2022-04-12
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certain paths like `../containers/podman/machine/my-test/podman.sock` do not exist when machine is not started, so removing a machine before starting it will result in ENOENT which we should ignore cause these paths do not exists Closes: https://github.com/containers/podman/issues/13834 [NO TESTS NEEDED] [NO NEW TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | | pkg/bindings: document requirements for useSteve Kuznetsov2022-04-11
| |/ |/| | | | | Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* | If newuidmap or newgidmap fail, then check their permissionsDaniel J Walsh2022-04-08
| | | | | | | | | | | | | | | | | | | | Often distributions to not have newuidmap and netgidmap configured to be setuid. If Podman fails to setup the user namespace, check to see if these files doe not have the proper protection and tell the user. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13687 from rhatdan/VENDOROpenShift Merge Robot2022-04-08
|\ \ | | | | | | Vendor in new opencontainers/selinux
| * | Vendor in new opencontainers/selinuxDaniel J Walsh2022-04-08
| | | | | | | | | | | | | | | | | | | | | | | | Also update vendor of containers/common,buildah,storage,image Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2069586 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | images --sizeValentin Rothberg2022-04-08
|/ / | | | | | | | | | | | | | | | | | | Add a --size option to podman images to allow for disabling computing the size of listed images. If listing images is critical to performance, user may chose to turn off size computation to speed things up. Context: #13755 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #13798 from n1hility/fix-docker-sockOpenShift Merge Robot2022-04-07
|\ \ | | | | | | Fix mac docker socket handling
| * | Fix docker socket handlingJason T. Greene2022-04-06
| |/ | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* / Prevent set command from updating a running instanceJason T. Greene2022-04-06
|/ | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* machine refactor 3: add symlinks for socketsBrent Baude2022-04-05
| | | | | | | | | | | | | to avoid errors on macos, we use symlinks to long socket names. Fixes: #12751 Fixes: #13609 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13490 from gcalin/13266OpenShift Merge Robot2022-04-04
|\ | | | | pod logs enhancements: option to color logs
| * Add option for pod logs to display different colors per container.gcalin2022-03-29
| | | | | | | | | | Signed-off-by: Krzysztof Baran <krysbaran@gmail.com> Signed-off-by: gcalin <caling@protonmail.com>
* | Merge pull request #13765 from giuseppe/do-not-set-oom-score-adjOpenShift Merge Robot2022-04-04
|\ \ | | | | | | specgen: do not set OOMScoreAdj by default
| * | specgen: do not set OOMScoreAdj by defaultGiuseppe Scrivano2022-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | do not force a value of OOMScoreAdj=0 if it is wasn't specified by the user. Closes: https://github.com/containers/podman/issues/13731 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13757 from andrewaylett/anonymous_volumesOpenShift Merge Robot2022-04-04
|\ \ \ | | | | | | | | Allow creating anonymous volumes with --mount
| * | | Allow creating anonymous volumes with --mountAndrew Aylett2022-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #13756. All the mechanics to create anonymous volumes is already present, but there's still a validation preventing that path from being taken. We remove the validation, which allows the volume to be created successfully. Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
* | | | Merge pull request #13655 from n1hility/dual-pipesOpenShift Merge Robot2022-04-04
|\ \ \ \ | |/ / / |/| | | Prefer registering both machine and global pipe on Win
| * | | Prefer registering both machine and global pipeJason T. Greene2022-03-29
| | |/ | |/| | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #13665 from jwhonce/issues/13535OpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | Add build test for .containerignore tar file
| * | | Add build test for .containerignore tar fileJhon Honce2022-03-31
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure a directory added to .containerignore on client is not included in tar sent to remote podman API service * Clean up podman invocations to not include duplicate --remote and --url flags * Use pkill vs. pgrep when cleaning up podman API service in tests * Add exit code when logging error when testing Closes #13535 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #13594 from cdoern/podVolumesOpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | fix pod volume passing and alter infra inheritance
| * | | fix pod volume passing and alter infra inheritancecdoern2022-03-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | specgen: permit --privileged and --cap-addGiuseppe Scrivano2022-04-01
| |/ |/| | | | | | | | | | | | | | | --cap-add is useful when running a privileged container with UID != 0, so that individual capabilities can be added to the container process. Closes: https://github.com/containers/podman/issues/13449 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>