| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
If we select "unconfined" as AppArmor profile, then we should not error
even if the host does not support it at all. This behavior has been
fixed and a corresponding e2e test has been added as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for generating systemd units
via the api and podman-remote.
Change the GenerateSystemdReport type to return the
units as map[string]string with the unit name as key.
Add `--format` flag to `podman generate systemd`
to allow the output to be formatted as json.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
|
|
|
|
| |
Fixes #7509. There is no need to create a ~/.config directory now that
~/.config/containers/storage.conf is not created automatically. Podman
has no use for it if it does not exist already.
Signed-off-by: jjzmajic <uros.m.perisic@gmail.com>
|
|\
| |
| | |
bindings: reenable flaky(?) pause/unpause test
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reference: #6518, a very-frequently-flaking CI test, disabled
a month ago (#7143) because it was triggering so often in CI.
Unfortunately, that seems to have simply swept the problem
under the rug. AFAICT nobody has bothered to look at the
root bug, so let's just reenable. If the problem persists,
I'll let annoyed developers squeaky-wheel 6158 so there's
some incentive to fix it. If the problem has miraculously
gone away in the last month, that's a win too.
(This test failure does not reproduce on my laptop, nor
does it lend itself to devising a simple reproducer on
a test VM.)
Also: since #5325 appears to have been closed as fixed,
remove a 'Skip' that references it. Unfortunately this
also requires removing a lot of other cruft. This was
an incidental oh-by-the-way addition that I thought
would be trivial but ended up causing a much larger diff.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\
| |
| | |
play kube: handle Socket HostPath type
|
| |
| |
| |
| |
| |
| | |
as well as add test cases for it and the other HostPath types we currently support
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \
| |/
|/| |
Add support for image pull overrides
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Use environment from containers.conf
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman needs to use the environment settings in containers.conf
when setting up the containers.
Also host environment variables should be relative to server side
not the client.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Ensure pod REST API endpoints include ctr errors
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The APIv2 pod endpoints that operate on multiple containers, such
as Start, Kill, Pause, Unpause, do not report errors encountered
by individual containers, because they incorrectly assume that
any error is fatal. The documentation for the Libpod API calls
notes, however, that ErrPodPartialFail will *always* be returned
if any container failed; so we need to ignore that error and
continue to collating and returning container errors.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] fix swagger api docs
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Separate the volume endpoints into compat and libpod,
as it is done for the other endpoints.
Move the libpod image push endpoint to images.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \
| |_|_|/
|/| | | |
Fix up some error messages
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have a lot of 'cannot stat %s' errors in our codebase. These
are terrible and confusing and utterly useless without context.
Add some context to a few of them so we actually know what part
of the code is failing.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| | | |
| | | | |
abi: trim init command
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
without it the systemd detection fails.
Closes: https://github.com/containers/podman/issues/7441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| | |
The seccomp/containers-golang library is not maintained any more and we
should stick to containers/common.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
Send HTTP Hijack headers after successful attach
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Our previous flow was to perform a hijack before passing a
connection into Libpod, and then Libpod would attach to the
container's attach socket and begin forwarding traffic.
A problem emerges: we write the attach header as soon as the
attach complete. As soon as we write the header, the client
assumes that all is ready, and sends a Start request. This Start
may be processed *before* we successfully finish attaching,
causing us to lose output.
The solution is to handle hijacking inside Libpod. Unfortunately,
this requires a downright extensive refactor of the Attach and
HTTP Exec StartAndAttach code. I think the result is an
improvement in some places (a lot more errors will be handled
with a proper HTTP error code, before the hijack occurs) but
other parts, like the relocation of printing container logs, are
just *bad*. Still, we need this fixed now to get CI back into
good shape...
Fixes #7195
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
zhangguanzhang/apiv2-create-ctr-with-invalid-entrypoint
fix apiv2 will create containers with incorrect commands
|
| | |/
| |/|
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
podman: add option --cgroup-conf
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
it allows to manually tweak the configuration for cgroup v2.
we will expose some of the options in future as single
options (e.g. the new memory knobs), but for now add the more generic
--cgroup-conf mechanism for maximum control on the cgroup
configuration.
OCI specs change: https://github.com/opencontainers/runtime-spec/pull/1040
Requires: https://github.com/containers/crun/pull/459
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
In podman 1.* regression on --cap-add
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In podman 1.0 if you executed a command like:
podman run --user dwalsh --cap-add net_bind_service alpine nc -l 80
It would work, and the user dwalsh would get the capability, in
podman 2.0, only root and the binding set gets the capability.
This change restores us back to the way podman 1.0 worked.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
error when adding container to pod with network information
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes:
* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\
| |
| | |
generate systemd: quote arguments with whitespace
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that arguments with whitespace are properly quoted so they are
interpreted as one (and not multiple ones) by systemd.
Now `-e tz="america/new york"` will be generated as `-e "tz=america/new york"`.
The quotes are moving but the argument is still correct.
Fixes: #7285
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
| |
When we rewrote Podman's pkg/spec, one of the things that was
lost was our use of a set of default environment variables, that
ensure all containers have at least $PATH and $TERM set.
While we're in the process of re-adding it, change it from a
variable to a function, so we can ensure the Join function does
not overwrite it and corrupt the defaults.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
abi: fix detection for systemd
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
create a scope everytime we don't own the current cgroup and we are
running on systemd.
Closes: https://github.com/containers/podman/issues/6734
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
Add better error message when using `--pod` and `--hostname`.
Improve the docs to better explain the uts hostname relation.
Add more valid options for the `--uts` flag.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Wait for reexec to finish when fileOutput is nil
|
| |
| |
| |
| |
| |
| |
| | |
Currently, we're not cleanup up after ourselves when fileOutput is nil.
This patch fixes that.
Signed-off-by: Jonathan Dieter <jonathan.dieter@spearline.com>
|
|\ \
| | |
| | | |
Ensure pod infra containers have an exit command
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This should help alleviate races where the pod is not fully
cleaned up before subsequent API calls happen.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most Libpod containers are made via `pkg/specgen/generate` which
includes code to generate an appropriate exit command which will
handle unmounting the container's storage, cleaning up the
container's network, etc. There is one notable exception: pod
infra containers, which are made entirely within Libpod and do
not touch pkg/specgen. As such, no cleanup process, network never
cleaned up, bad things can happen.
There is good news, though - it's not that difficult to add this,
and it's done in this PR. Generally speaking, we don't allow
passing options directly to the infra container at create time,
but we do (optionally) proxy a pre-approved set of options into
it when we create it. Add ExitCommand to these options, and set
it at time of pod creation using the same code we use to generate
exit commands for normal containers.
Fixes #7103
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
IPv6 default route
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman containers using IPv6 were missing the default route, breaking
deployments trying to use them.
The problem is that the default route was hardcoded to IPv4, this
takes into consideration the podman subnet IP family to generate
the corresponding default route.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman.service: use sdnotify
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 2b6dd3fb4384 set the killmode of the podman.service to the
systemd default which ultimately lead to the problem that systemd
will kill *all* processes inside the unit's cgroup and hence kill
all containers whenever the service is stopped.
Fix it by setting the type to sdnotify and the killmode to process.
`podman system service` will send the necessary notify messages
when the NOTIFY_SOCKET is set and unset it right after to prevent
the backend and container runtimes from jumping in between and send
messages as well.
Fixes: #7294
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
run, create: add new security-opt proc-opts
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix hang when `path` doesn't exist
|