aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* rootless: do not block SIGTSTPGiuseppe Scrivano2019-04-12
| | | | | | | | | we were previously proxying all the signals, but doing that for SIGTSTP prevented the main process to be stopped by the tty. Closes: https://github.com/containers/libpod/issues/2775 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: set controlling terminal for podman in the usernsGiuseppe Scrivano2019-04-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #2902 from baude/remoteattachfixesOpenShift Merge Robot2019-04-11
|\ | | | | Fixes for podman-remote run and attach
| * Fixes for podman-remote run and attachbaude2019-04-11
| | | | | | | | | | | | | | | | Fixes the ability to run (create,start) a container and attach to its console correctly. We can now also exit from the console without hanging the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | spec: mask /sys/kernel when bind mounting /sysGiuseppe Scrivano2019-04-11
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | oci: add /sys/kernel to the masked pathsGiuseppe Scrivano2019-04-11
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add the ability to attach remotely to a containerbaude2019-04-10
| | | | | | | | | | | | | | | | | | | | | Also, you can now podman-remote run -it. There are some bugs that need to be ironed out but I would prefer to merge this so we can make both progress on start and exec as well as the bugs. * when doing podman-remote run -it foo /bin/bash, you have to press enter to get the prompt to display. with the localized podman, we had to teach it connect to the console first and then start the container so we did not miss anything. * when executing "exit" in the console, we get a hard lockup likely because nobody knows what to do. * custom detach keys are not supported * podman-remote run -it alpine ls does not currently work. only dropping to a shell works. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2882 from baude/remotepsOpenShift Merge Robot2019-04-10
|\ | | | | podman-remote ps
| * podman-remote psbaude2019-04-09
| | | | | | | | | | | | add the ability to run ps on containers using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | Implement podman-remote rmJhon Honce2019-04-09
|/ | | | | | | | | * refactor command output to use one function * Add new worker pool parallel operations * Implement podman-remote umount * Refactored podman wait to use printCmdOutput() Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #2861 from baude/varlinkimagepanicOpenShift Merge Robot2019-04-08
|\ | | | | Correct varlink pull panic
| * Correct varlink pull panicbaude2019-04-08
| | | | | | | | | | | | | | | | | | | | when pulling a non-existent image via varlink, we had a panic because when we detected a pull error we sent the error over a channel but still tried to deduce the image id on a nil object. Fixes: #2860 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2746 from baude/remotecreateOpenShift Merge Robot2019-04-08
|\ \ | | | | | | podman-remote create|run
| * | podman-remote create|runbaude2019-04-08
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability to create and run containers via the podman-remote client. we now create an intermediate layer from the the create/run cli flags. the intermediate layer can be converted into a createconfig or into a varlink struct. Once transported, the varlink struct can be converted back to an intermediate layer and then to a createconfig. remote terminals are not supported yet. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2841 from openSUSE/ginkgo-unitOpenShift Merge Robot2019-04-08
|\ \ | |/ |/| Update registrar unit tests to match them of cri-o
| * Update registrar unit tests to match them of cri-oSascha Grunert2019-04-04
| | | | | | | | | | | | | | - Add the test framework abstraction - Update the unit tests to run with ginkgo Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #2831 from baude/remotetreeOpenShift Merge Robot2019-04-04
|\ \ | | | | | | podman-remote image tree
| * | podman-remote image treebaude2019-04-04
| | | | | | | | | | | | | | | | | | | | | add the ability for the podman-remote client to be able to print an image tree. Signed-off-by: baude <bbaude@redhat.com>
* | | Drop LocalVolumes from our the databaseMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | We were never using it. It's actually a potentially quite sizable field (very expensive to decode an array of structs!). Removing it should do no harm. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Add handling for new named volumes code in pkg/specMatthew Heon2019-04-04
|/ / | | | | | | | | | | | | | | | | Now that named volumes must be explicitly enumerated rather than passed in with all other volumes, we need to split normal and named volumes up before passing them into libpod. This PR does this. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2706 from giuseppe/rootless-single-usernamespaceOpenShift Merge Robot2019-04-04
|\ \ | | | | | | rootless: single user namespace
| * | rootless: use a single user namespaceGiuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | simplify the rootless implementation to use a single user namespace for all the running containers. This makes the rootless implementation behave more like root Podman, where each container is created in the host environment. There are multiple advantages to it: 1) much simpler implementation as there is only one namespace to join. 2) we can join namespaces owned by different containers. 3) commands like ps won't be limited to what container they can access as previously we either had access to the storage from a new namespace or access to /proc when running from the host. 4) rootless varlink works. 5) there are only two ways to enter in a namespace, either by creating a new one if no containers are running or joining the existing one from any container. Containers created by older Podman versions must be restarted. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: remove SkipStorageSetup()Giuseppe Scrivano2019-04-01
| | | | | | | | | | | | | | | | | | | | | | | | in the few places where we care about skipping the storage initialization, we can simply use the process effective UID, instead of relying on a global boolean flag. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2819 from openSUSE/cri-o-annotationsOpenShift Merge Robot2019-04-04
|\ \ \ | |_|/ |/| | Update cri-o annotations
| * | Update cri-o annotationsSascha Grunert2019-04-01
| |/ | | | | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* / add remote-client diffbaude2019-04-03
|/ | | | | | | the remote client now can run the diff command to report changes, modifications, and deletions in an image or container. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2797 from giuseppe/rootless-set-stickyOpenShift Merge Robot2019-03-29
|\ | | | | rootless: set sticky bit on rundir
| * utils: call GetRootlessRuntimeDir onceGiuseppe Scrivano2019-03-29
| | | | | | | | | | | | | | use a sync.Once to potentially avoid multiple system calls everytime the function is called. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2796 from mheon/fix_cni_multinetworkOpenShift Merge Robot2019-03-29
|\ \ | |/ |/| Ensure that we make a netns for CNI non-default nets
| * Fix lintMatthew Heon2019-03-28
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Ensure that we make a netns for CNI non-default netsMatthew Heon2019-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We accidentally patched this out trying to enable ns:/path/to/ns This should restore the ability to configure nondefault CNI networks with Podman, by ensuring that they request creation of a network namespace. Completely remove the WithNetNS() call when we do use an explicit namespace from a path. We use that call to indicate that a netns is going to be created - there should not be any question about whether it actually does. Fixes #2795 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #2786 from giuseppe/change-rootless-env-namesOpenShift Merge Robot2019-03-28
|\ \ | | | | | | rootless: change env prefix
| * | rootless: change env prefixGiuseppe Scrivano2019-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from _LIBPOD to _CONTAINERS. The same change was done in buildah unshare. This is necessary for podman to detect we are running in a rootless environment and work properly from a "buildah unshare" session. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #2784 from QiWang19/digestOpenShift Merge Robot2019-03-28
|\ \ \ | |_|/ |/| | fix bug remote-podman images --digests
| * | fix bug remote-podman images --digestsQi Wang2019-03-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add `digest` field to Image struct and update API.md Show image digests when using --digests in podman-remote. ``` $ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB ``` Signed-off-by: Qi Wang <qiwan@redhat.com>
* | vendor buildah, image, storage, cniValentin Rothberg2019-03-28
| | | | | | | | Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Remove ulele/deepcopier in favor of JSON deep copyMatthew Heon2019-03-27
|/ | | | | | | | | | | | | We have a very high performance JSON library that doesn't need to perform code generation. Let's use it instead of our questionably performant, reflection-dependent deep copy library. Most changes because some functions can now return errors. Also converts cmd/podman to use jsoniter, instead of pkg/json, for increased performance. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Resolve review commentsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add --no-hosts flag to disable management of /etc/hostsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add for --dns=none to disable creation of resolv.confMatthew Heon2019-03-27
| | | | | | | Support in libpod was added in the previous commit. Wire it into the frontend here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* size is optional for container inspectionbaude2019-03-26
| | | | | | | | | | on the remote client, if a user wants to know the rootfs size of a container, a -s should be passed. this corrects a behavior where size was shown by default. Fixes #2765 Signed-off-by: baude <bbaude@redhat.com>
* Add "died" eventbaude2019-03-25
| | | | | | | | | | We have a new event for container 'Exited' which has been renamed to 'died'. also removed the stream bool from the varlink endpoint for events because it can be determined by the varlink more value. Signed-off-by: baude <bbaude@redhat.com>
* Need to pass the true paramater with --syslog in cobraDaniel J Walsh2019-03-20
| | | | | | | | | Currently cobra can not handle a boolean option without a vailue. This change fixes an issue if you want syslog information to show up based on the cleanup call. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Export ConmonPidFile in 'podman inspect' for containersDebarshi Ray2019-03-18
| | | | | | | | | This can help scripts provide a more meaningful message when coming across issues [1] which require the container to be re-created. [1] eg., https://github.com/containers/libpod/issues/2673 Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Merge pull request #2670 from giuseppe/runtime-write-rootless-conf-before-reloadOpenShift Merge Robot2019-03-18
|\ | | | | rootless: write the custom config file before reload
| * utils: split generation and writing of storage.confGiuseppe Scrivano2019-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | split the generation for the default storage.conf and when we write it if not existing for a rootless user. This is necessary because during the startup we might be overriding the default configuration through --storage-driver and --storage-opt, that would not be written down to the storage.conf file we generated. Closes: https://github.com/containers/libpod/issues/2659 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * utils: avoid too long tmp directoryGiuseppe Scrivano2019-03-16
| | | | | | | | | | | | or we will easily pass the 108 chars limits for unix paths. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | display logs for multiple containers at the same timebaude2019-03-15
|/ | | | | | | | | | | | | | add the ability for users to specify more than one container at a time while using podman logs. If more than one container is being displayed, podman will also prepend a shortened container id of the container on the log line. also, enabled the podman-remote logs command during the refactoring of the above ability. fixes issue #2219 Signed-off-by: baude <bbaude@redhat.com>
* rootless: use Geteuid instead of GetuidGiuseppe Scrivano2019-03-15
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>