| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have race conditions where a container can be removed
by two different processes when running podman --remove rm.
It can be cleaned up in the API or by the conmon executing
podman container cleanup.
When we fail to remove a container that does not exists we should
not be printing errors or warnings, we should just debug the fact.
[NO TESTS NEEDED] Since this is a race condition it is difficult to
test.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
[NO TESTS NEEDED]
* Log the routing table output at Trace vs. Debug level. Reduce noise
in debugging output.
* Tweak SDNotify message to report Warn when it fails. Previously
failures were silent.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
update c/common
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update containers common to the latest HEAD. Some bug fixes in libimage
forced us to have a clearer separation between ordinary images and
manifest lists. Hence, when looking up manifest lists without recursing
into any of their instances, we need to use `LookupManifestList()`.
Also account for some other changes in c/common (e.g., the changed order
in the security labels).
Further vendor the latest HEAD from Buildah which is required to get the
bud tests to pass.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
| |
This is mainly to match command line of Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
fix: response of containers wait endpoint
|
| | |
| |
| |
| |
| |
| |
| | |
The `Error` part of response must be nil (or omitted) if no error occurred.
Before this commit a zero value for the struct was returned.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \
| |/
|/| |
Fix formatting and indentation in network http api docs
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \
| | |
| | | |
Support automatic labeling of kube volumes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow users to specify options on the volume mount path.
This will trigger relabels of user specifies :z,:Z
Also will handle User Relabels if the user specifies :U
Fixes: https://github.com/containers/podman/issues/9371
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Support uid,gid,mode options for secrets
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \
| | | |
| | | | |
image prune: remove unused images only with `--all`
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| |/
|/| |
[NO TESTS NEEDED] Print "extracting" only on compressed file
|
| | |
| |
| |
| |
| |
| |
| | |
We should only print "extracting compressed file" when the file is
actually compressed
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
fix: improved "containers/{name}/wait" endpoint
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Using event API to detect changes to container instead of polling.
Polling was unreliable, sometime change of a state might have been
missed.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
In process of debugging added request channel check and logging message
to build loop. Unable to recreate build drop issue after this. 68k build
iterations without fail.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
Add envars to the generated systemd unit
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The with --new generated systemd unit loses the environment variables
when the create command only contains the key without the value. Since
podman tries to lookup those values from the environment the unit can
fail.
This commits ensures that we will add the environment variables to the
unit file when this is the case. The container environment variables are
looked up in the container spec.
Fixes #10101
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
Fix podman-remote build --rm=false ...
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/9869
[NO TESTS NEEDED] Since the podman-remote buildah tests will test this,
and this is clearly correct.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Kube like pods should share ipc,net,uts by default
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \
| | |
| | | |
fix: compat API "images/get" for multiple images
|
| | |/
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \
| |/
|/| |
Report Download complete in Compatibility mode
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/10258
[NO TESTS NEEDED] Difficult to create tests for this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
fix: docker APIv2 `images/get`
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \
| | |
| | | |
Add support to preserve auto-update labels in play / generate kube
|
| | | |
| | |
| | |
| | |
| | |
| | | |
In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
Add support for environment variable secrets
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \
| | | |
| | | | |
add restart-policy to container filters & --filter to podman start
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
channel: simplify implementation
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
do not use recover() to prevent writing to a closed channel. There is
already a lock, use it as well for Close and let Write check if the
channel is still active.
[NO TESTS NEEDED] it is a refactoring
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
improve the regex to match only at the beginning of the line.
It prevents matching "Copying %s $CHECKSUM" messages returned by the
containers/image copy process.
Closes: https://github.com/containers/podman/issues/10233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Fix handling of runlabel IMAGE and NAME
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/10192
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Add filepath glob support to --security-opt unmask
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman: set volatile storage flag for --rm containers
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
volatile containers are a storage optimization that disables *sync()
syscalls for the container rootfs.
If a container is created with --rm, then automatically set the
volatile storage flag as anyway the container won't persist after a
reboot or machine crash.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
