summaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Fix unconfined AppArmor profile usage for unsupported systemsSascha Grunert2020-09-07
| | | | | | | | If we select "unconfined" as AppArmor profile, then we should not error even if the host does not support it at all. This behavior has been fixed and a corresponding e2e test has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* APIv2 add generate systemd endpointPaul Holzinger2020-09-02
| | | | | | | | | | | | | Add support for generating systemd units via the api and podman-remote. Change the GenerateSystemdReport type to return the units as map[string]string with the unit name as key. Add `--format` flag to `podman generate systemd` to allow the output to be formatted as json. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Don't create ~/.config after removing storage.confjjzmajic2020-09-02
| | | | | | | | Fixes #7509. There is no need to create a ~/.config directory now that ~/.config/containers/storage.conf is not created automatically. Podman has no use for it if it does not exist already. Signed-off-by: jjzmajic <uros.m.perisic@gmail.com>
* Merge pull request #7514 from edsantiago/reenable_flaky_bindings_testOpenShift Merge Robot2020-08-31
|\ | | | | bindings: reenable flaky(?) pause/unpause test
| * bindings: reenable flaky(?) pause/unpause testEd Santiago2020-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reference: #6518, a very-frequently-flaking CI test, disabled a month ago (#7143) because it was triggering so often in CI. Unfortunately, that seems to have simply swept the problem under the rug. AFAICT nobody has bothered to look at the root bug, so let's just reenable. If the problem persists, I'll let annoyed developers squeaky-wheel 6158 so there's some incentive to fix it. If the problem has miraculously gone away in the last month, that's a win too. (This test failure does not reproduce on my laptop, nor does it lend itself to devising a simple reproducer on a test VM.) Also: since #5325 appears to have been closed as fixed, remove a 'Skip' that references it. Unfortunately this also requires removing a lot of other cruft. This was an incidental oh-by-the-way addition that I thought would be trivial but ended up causing a much larger diff. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ | | | | play kube: handle Socket HostPath type
| * play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7436 from rhatdan/variantOpenShift Merge Robot2020-08-28
|\ \ | |/ |/| Add support for image pull overrides
| * Add support for variant when pulling imagesDaniel J Walsh2020-08-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7355 from rhatdan/envOpenShift Merge Robot2020-08-28
|\ \ | | | | | | Use environment from containers.conf
| * | Use environment from containers.confDaniel J Walsh2020-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman needs to use the environment settings in containers.conf when setting up the containers. Also host environment variables should be relative to server side not the client. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7428 from mheon/apiv2_container_pod_errorsOpenShift Merge Robot2020-08-28
|\ \ \ | |_|/ |/| | Ensure pod REST API endpoints include ctr errors
| * | Ensure pod REST API endpoints include ctr errorsMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The APIv2 pod endpoints that operate on multiple containers, such as Start, Kill, Pause, Unpause, do not report errors encountered by individual containers, because they incorrectly assume that any error is fatal. The documentation for the Libpod API calls notes, however, that ErrPodPartialFail will *always* be returned if any container failed; so we need to ignore that error and continue to collating and returning container errors. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7416 from Luap99/fix-swagger-docOpenShift Merge Robot2020-08-28
|\ \ \ | | | | | | | | [CI:DOCS] fix swagger api docs
| * | | [CI:DOCS] fix swagger api docsPaul Holzinger2020-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate the volume endpoints into compat and libpod, as it is done for the other endpoints. Move the libpod image push endpoint to images. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7427 from mheon/update_error_messagesOpenShift Merge Robot2020-08-28
|\ \ \ \ | |_|_|/ |/| | | Fix up some error messages
| * | | Fix up some error messagesMatthew Heon2020-08-27
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | We have a lot of 'cannot stat %s' errors in our codebase. These are terrible and confusing and utterly useless without context. Add some context to a few of them so we actually know what part of the code is failing. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7455 from giuseppe/trim-init-commandOpenShift Merge Robot2020-08-28
|\ \ \ | | | | | | | | abi: trim init command
| * | | abi: trim init commandGiuseppe Scrivano2020-08-28
| |/ / | | | | | | | | | | | | | | | | | | | | | without it the systemd detection fails. Closes: https://github.com/containers/podman/issues/7441 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / / Switch to containers/common for seccompSascha Grunert2020-08-27
|/ / | | | | | | | | | | | | The seccomp/containers-golang library is not maintained any more and we should stick to containers/common. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7451 from mheon/fix_7195Ed Santiago2020-08-27
|\ \ | | | | | | Send HTTP Hijack headers after successful attach
| * | Send HTTP Hijack headers after successful attachMatthew Heon2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our previous flow was to perform a hijack before passing a connection into Libpod, and then Libpod would attach to the container's attach socket and begin forwarding traffic. A problem emerges: we write the attach header as soon as the attach complete. As soon as we write the header, the client assumes that all is ready, and sends a Start request. This Start may be processed *before* we successfully finish attaching, causing us to lose output. The solution is to handle hijacking inside Libpod. Unfortunately, this requires a downright extensive refactor of the Attach and HTTP Exec StartAndAttach code. I think the result is an improvement in some places (a lot more errors will be handled with a proper HTTP error code, before the hijack occurs) but other parts, like the relocation of printing container logs, are just *bad*. Still, we need this fixed now to get CI back into good shape... Fixes #7195 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7409 from ↵OpenShift Merge Robot2020-08-26
|\ \ \ | | | | | | | | | | | | | | | | zhangguanzhang/apiv2-create-ctr-with-invalid-entrypoint fix apiv2 will create containers with incorrect commands
| * | | fix apiv2 will create containers with incorrect commandszhangguanzhang2020-08-24
| | |/ | |/| | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7372 from giuseppe/add-unified-configurationOpenShift Merge Robot2020-08-24
|\ \ \ | | | | | | | | podman: add option --cgroup-conf
| * | | podman: add option --cgroup-confGiuseppe Scrivano2020-08-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it allows to manually tweak the configuration for cgroup v2. we will expose some of the options in future as single options (e.g. the new memory knobs), but for now add the more generic --cgroup-conf mechanism for maximum control on the cgroup configuration. OCI specs change: https://github.com/opencontainers/runtime-spec/pull/1040 Requires: https://github.com/containers/crun/pull/459 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #7274 from rhatdan/capsOpenShift Merge Robot2020-08-23
|\ \ \ | |/ / |/| | In podman 1.* regression on --cap-add
| * | In podman 1.* regression on --cap-addDaniel J Walsh2020-08-21
| |/ | | | | | | | | | | | | | | | | | | | | | | In podman 1.0 if you executed a command like: podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80 It would work, and the user dwalsh would get the capability, in podman 2.0, only root and the binding set gets the capability. This change restores us back to the way podman 1.0 worked. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7390 from baude/podnetOpenShift Merge Robot2020-08-21
|\ \ | | | | | | error when adding container to pod with network information
| * | error when adding container to pod with network informationBrent Baude2020-08-21
| |/ | | | | | | | | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com>
* / fix /libpod/pods/json returns null when there are no podszhangguanzhang2020-08-21
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7350 from vrothberg/fix-7285OpenShift Merge Robot2020-08-19
|\ | | | | generate systemd: quote arguments with whitespace
| * generate systemd: quote arguments with whitespaceValentin Rothberg2020-08-19
| | | | | | | | | | | | | | | | | | | | | | Make sure that arguments with whitespace are properly quoted so they are interpreted as one (and not multiple ones) by systemd. Now `-e tz="america/new york"` will be generated as `-e "tz=america/new york"`. The quotes are moving but the argument is still correct. Fixes: #7285 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Ensure DefaultEnvVariables is used in SpecgenMatthew Heon2020-08-18
|/ | | | | | | | | | | | When we rewrote Podman's pkg/spec, one of the things that was lost was our use of a set of default environment variables, that ensure all containers have at least $PATH and $TERM set. While we're in the process of re-adding it, change it from a variable to a function, so we can ensure the Join function does not overwrite it and corrupt the defaults. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7339 from giuseppe/change-systemd-detectionOpenShift Merge Robot2020-08-18
|\ | | | | abi: fix detection for systemd
| * abi: fix detection for systemdGiuseppe Scrivano2020-08-18
| | | | | | | | | | | | | | | | | | create a scope everytime we don't own the current cgroup and we are running on systemd. Closes: https://github.com/containers/podman/issues/6734 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | fix podman create/run UTS NS docsPaul Holzinger2020-08-18
|/ | | | | | | | Add better error message when using `--pod` and `--hostname`. Improve the docs to better explain the uts hostname relation. Add more valid options for the `--uts` flag. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7292 from spearlineltd/cleanupzombieOpenShift Merge Robot2020-08-18
|\ | | | | Wait for reexec to finish when fileOutput is nil
| * Wait for reexec to finish when fileOutput is nilJonathan Dieter2020-08-15
| | | | | | | | | | | | | | Currently, we're not cleanup up after ourselves when fileOutput is nil. This patch fixes that. Signed-off-by: Jonathan Dieter <jonathan.dieter@spearline.com>
* | Merge pull request #7283 from mheon/pod_infra_has_exit_cmdOpenShift Merge Robot2020-08-17
|\ \ | | | | | | Ensure pod infra containers have an exit command
| * | Clean up pods before returning from Pod Stop API callMatthew Heon2020-08-17
| | | | | | | | | | | | | | | | | | | | | This should help alleviate races where the pod is not fully cleaned up before subsequent API calls happen. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * | Ensure pod infra containers have an exit commandMatthew Heon2020-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most Libpod containers are made via `pkg/specgen/generate` which includes code to generate an appropriate exit command which will handle unmounting the container's storage, cleaning up the container's network, etc. There is one notable exception: pod infra containers, which are made entirely within Libpod and do not touch pkg/specgen. As such, no cleanup process, network never cleaned up, bad things can happen. There is good news, though - it's not that difficult to add this, and it's done in this PR. Generally speaking, we don't allow passing options directly to the infra container at create time, but we do (optionally) proxy a pre-approved set of options into it when we create it. Add ExitCommand to these options, and set it at time of pod creation using the same code we use to generate exit commands for normal containers. Fixes #7103 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7314 from aojea/ipv6_default_gwOpenShift Merge Robot2020-08-16
|\ \ \ | |_|/ |/| | IPv6 default route
| * | podman support for IPv6 networksAntonio Ojea2020-08-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | Merge pull request #7312 from vrothberg/fix-7294OpenShift Merge Robot2020-08-13
|\ \ \ | | | | | | | | podman.service: use sdnotify
| * | | podman.service: use sdnotiyValentin Rothberg2020-08-13
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 2b6dd3fb4384 set the killmode of the podman.service to the systemd default which ultimately lead to the problem that systemd will kill *all* processes inside the unit's cgroup and hence kill all containers whenever the service is stopped. Fix it by setting the type to sdnotify and the killmode to process. `podman system service` will send the necessary notify messages when the NOTIFY_SOCKET is set and unset it right after to prevent the backend and container runtimes from jumping in between and send messages as well. Fixes: #7294 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7227 from giuseppe/procfs-optsOpenShift Merge Robot2020-08-13
|\ \ \ | | | | | | | | run, create: add new security-opt proc-opts
| * | | run, create: add new security-opt proc-optsGiuseppe Scrivano2020-08-12
| |/ / | | | | | | | | | | | | | | | | | | it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #7293 from spearlineltd/fixhangOpenShift Merge Robot2020-08-13
|\ \ \ | |/ / |/| | Fix hang when `path` doesn't exist