aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #14803 from bugfood/volumesopenshift-ci[bot]2022-07-07
|\ | | | | make 9p security model configurable; document
| * podman machine: make 9p security model configurable; adjust docsCorey Hickey2022-07-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This addresses: Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784 This change does NOT exactly fix the bug, but it does allow the user to work around it via 'podman init' option, e.g.: podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none" If the default security model were to be changed to 'none', then that would fix the bug, at the possible cost of breaking any use cases that depend on 'mapped-xattr'. The documentation of the purpose and behavior of the different security models seems to be rather light: https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly From testing, it appears that the mapped-xattr security model intends to manage symlinks such that the guest can see the symlinks but the host only sees regular files (with extended attributes). As far as I can tell, this behavior only makes sense when the guest is the only thing that ever needs to create and read symlinks. Otherwise, symlinks created on the host are unusable on the guest, and vice versa. As per the original commit: 8e7eeaa4dd14621bda15e396fcd7b9187bc500c5 [NO NEW TESTS NEEDED] Also document existing ro and rw options. Also remove misleading statement about /mnt. By my observation, this line is incorrect. If the intended meaning is different, then I don't understand. The default volume is mounted read/write and is not within /mnt. [core@localhost ~]$ mount | grep 9p vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio) Signed-off-by: Corey Hickey <chickey@tagged.com>
* | Merge pull request #14852 from cdoern/podUTSEd Santiago2022-07-07
|\ \ | | | | | | fix namespace reporting
| * | fix namespace reportingCharlie Doern2022-07-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | somehow, #14501 got through CI even though the remote tests fail. The testa are failing due to the PodSpecGenerator not containing the UTSNs entitiy and infra's spec is not yet allowed to be accessed remotely [NO NEW TESTS NEEDED] resolves #14847 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #14762 from ashley-cui/machinfoopenshift-ci[bot]2022-07-07
|\ \ \ | | | | | | | | Podman machine info
| * | | Podman machine infoAshley Cui2022-07-05
| | |/ | |/| | | | | | | | | | | | | | | | Add podman machine info command, which displays infor about the machine host as well as version info. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #14825 from jmguzik/fix_streaming_pod_statsopenshift-ci[bot]2022-07-07
|\ \ \ | |_|/ |/| | Fix streaming for libpod/pods/stats endpoint
| * | Fix streaming for libpod/pods/stats endpointJakub Guzik2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | This commit fixes libpod/pods/stats endpoint which should stream the data. Additional option param is added to disable streaming and the delay value to choose the desired delay between streamed messages (default 5s). Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* | | Merge pull request #14673 from idleroamer/fix-network-inspect-mainopenshift-ci[bot]2022-07-07
|\ \ \ | | | | | | | | Fix network inspect compat API discrepancy
| * | | Fix network inspect compat API discrepancy🤓 Mostafa Emami2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - containerInspect compat API expects field value PrefixLen instead of PrefixLength for type Address for SecondaryIPAddresses - Add tests for network part of containerInspect compat api Closes: containers#14674 Signed-off-by: 🤓 Mostafa Emami <mustafaemami@gmail.com>
* | | | Merge pull request #14841 from Luap99/common-codeopenshift-ci[bot]2022-07-07
|\ \ \ \ | | | | | | | | | | use c/common code for resize and CopyDetachable
| * | | | use c/common code for resize and CopyDetachablePaul Holzinger2022-07-06
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since conmon-rs also uses this code we moved it to c/common. Now podman should has this also to prevent duplication. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14844 from shanesmith/fix-qemu-machine-gvproxy-always-failsopenshift-ci[bot]2022-07-06
|\ \ \ \ | | | | | | | | | | Fix qemu machine startHostNetworking always failing
| * | | | Fix qemu machine startHostNetworking always failingShane Smith2022-07-06
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue introduced in #14828 [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | Merge pull request #14501 from cdoern/podUTSopenshift-ci[bot]2022-07-06
|\ \ \ \ | |/ / / |/| | | podman pod create --uts support
| * | | podman pod create --uts supportcdoern2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for the --uts flag in pod create, allowing users to avoid issues with default values in containers.conf. uts follows the same format as other namespace flags: --uts=private (default), --uts=host, --uts=ns:PATH resolves #13714 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | | Merge pull request #14370 from umohnani8/todoopenshift-ci[bot]2022-07-05
|\ \ \ \ | | | | | | | | | | Fix podman pod unpause TODO
| * | | | Fix podman pod unpaue TODOUrvashi Mohnani2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the podman pod unpause to only show the paused containers with autocomplete. Fix a typo in the help command. Update the unpause function to only attempt an unpause on pasued pods instead of all the pods. Update the tests accordingly. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | | Merge pull request #14828 from saschagrunert/errors-libpodopenshift-ci[bot]2022-07-05
|\ \ \ \ \ | |/ / / / |/| | | | libpod: switch to golang native error wrapping
| * | | | libpod: switch to golang native error wrappingSascha Grunert2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | | Merge pull request #14806 from n1hility/win-proxyopenshift-ci[bot]2022-07-05
|\ \ \ \ \ | |/ / / / |/| | | | Implement proxy support for Windows
| * | | | Implement proxy support for WindowsJason T. Greene2022-07-01
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | | Merge pull request #14626 from jakecorrenti/disable-docker-compose-health-checkopenshift-ci[bot]2022-07-05
|\ \ \ \ | | | | | | | | | | Docker-compose disable healthcheck properly handled
| * | | | Docker-compose disable healthcheck properly handledJake Correnti2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if a container had healthchecks disabled in the docker-compose.yml file and the user did a `podman inspect <container>`, they would have an incorrect output: ``` "Healthcheck":{ "Test":[ "CMD-SHELL", "NONE" ], "Interval":30000000000, "Timeout":30000000000, "Retries":3 } ``` After a quick change, the correct output is now the result: ``` "Healthcheck":{ "Test":[ "NONE" ] } ``` Additionally, I extracted the hard-coded strings that were used for comparisons into constants in `libpod/define` to prevent a similar issue from recurring. Closes: #14493 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | Merge pull request #14534 from jakecorrenti/docker-compose-update-network-mtuopenshift-ci[bot]2022-07-05
|\ \ \ \ \ | | | | | | | | | | | | (rootful) docker-compose now updates network MTU
| * | | | | (rootful) docker-compose now updates network MTUJake Correnti2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the following network block did not update using docker-compose: ``` networks: default: driver: bridge driver_opts: mtu: 9000 ``` In the API, the network options were previously not being handled when the network was being created. I translated the docker options into podman options, and added the options to the network. When doing `podman network inspect <network>`, the results now contain `"mtu": "9000"` Fixes: #14482 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | | | Merge pull request #14824 from shanesmith/silence-machine-ssh-locale-warningopenshift-ci[bot]2022-07-05
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Silence setlocale warnings from `podman machine ssh`
| * | | | | Silence setlocale warnings from `podman machine ssh`Shane Smith2022-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Connecting with `podman machine ssh` can results in the following warning: ``` /usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8) /usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8) /usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8) /usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8) ``` Best would probably be to remove `LC_ALL` (and other locale and lang env vars) from `/etc/ssh/sshd_config.d/50-redhat.conf` in the CoreOS image, but I'm not terribly sure how, so this is a quick alternative. [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>
* | | | | | Merge pull request #14823 from Luap99/debian-unit-testsopenshift-ci[bot]2022-07-05
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | envVarValueResourceFieldRef: use int64 for value
| * | | | | pkg/machine: add missing build tags to testsPaul Holzinger2022-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Machine can only run on amd64 and arm64 platforms so we need to make sure the test are only run on those platforms. We do not have CI checks for this but it fails in debian build infra since debian supports many other architectures as well. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | TestEnvVarValue: fix assertionPaul Holzinger2022-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | assert.Equal() already follows to pointer and compares by value so we can just directly pass the values. This will make errors much more obvious. Also remove the fmt.Println() since the error now contains the values. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | | envVarValueResourceFieldRef: use int64 for valuePaul Holzinger2022-07-04
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | int can be 32 or 64 bit depending on the architecture. The total memory is int64 so we have to use int64 for the value as well otherwise we get an overflow on 32 bit systems. Fixes #14819 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Merge pull request #14827 from flouthoc/specgen-run-support-manifestopenshift-ci[bot]2022-07-05
|\ \ \ \ \ | | | | | | | | | | | | specgen,run: support running container from valid manifest list using `--platform`
| * | | | | specgen,run: support running container from valid manifest listAditya R2022-07-05
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds support for running containers from a manifest list present on localstorage. Before this PR podman only supports running containers from valid images but not from manifest list. So `podman run -it --platform <some> <manifest-list> command` should become functional now and users should be able to resolve images on the bases of provided `--platform` string. Example ``` podman manifest create test podman build --platform linux/amd64,linux/arm64 --manifest test . podman run --rm --platform linux/arm64/v8 test uname -a ``` Closes: https://github.com/containers/podman/issues/14773 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14789 from saschagrunert/libpod-errorsopenshift-ci[bot]2022-07-05
|\ \ \ \ \ | |/ / / / |/| | | | libpod/runtime: switch to golang native error wrapping
| * | | | libpod/runtime: switch to golang native error wrappingSascha Grunert2022-07-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | | | Fix spelling "read only" -> "read-only"Erik Sjölund2022-07-02
| |_|/ / |/| | | | | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Merge pull request #14798 from flouthoc/overlay-mount-path-absopenshift-ci[bot]2022-07-01
|\ \ \ \ | | | | | | | | | | overlay,mount: convert source to absolute path for `overlay` mounts of paths
| * | | | overlay,mount: convert lowerdir to absolute path for overlay mounts of pathAditya R2022-07-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When mounting paths as overlay mounts we end up passing source as is to lowerdir options, resolve all relative paths in such cases for overlay mounts. Closes: https://github.com/containers/podman/issues/14797 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14795 from giuseppe/fix-wildcard-major-device-cgroupopenshift-ci[bot]2022-07-01
|\ \ \ \ \ | | | | | | | | | | | | specgen: fix parsing of cgroup devices rule
| * | | | | specgen: fix parsing of cgroup devices ruleGiuseppe Scrivano2022-07-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | Merge pull request #14449 from cdoern/podVolumesopenshift-ci[bot]2022-07-01
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | podman volume create --opt=o=timeout...
| * | | | | podman volume create --opt=o=timeout...cdoern2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add an option to configure the driver timeout when creating a volume. The default is 5 seconds but this value is too small for some custom drivers. Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | | Merge pull request #14704 from baude/machinestoppedopenshift-ci[bot]2022-06-30
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | reveal machine error, ignore false state
| * | | | | reveal machine error, ignore false stateBrent Baude2022-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR covers two edge cases discovered by fiddling with machine manually. It is possible (like after a manual cleanup of a machine) that a leftover qemu socket file can indicate the prescense of a machine running. Also, reveal the error of a Exec.Command by wrapping the generic error around what was in stderr. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | | | | api,images: add support for LookupManifest to Image remove APIAditya R2022-06-30
| |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ImagesBatchRemoval and ImageRemoval now honors and accepts `LookupManifest` parameter which further tells libimage to resolve to manifest list if it exists instead of actual image. Following PR also makes `podman-remote manifest rm` functional which was broken till now. Closes: https://github.com/containers/podman/issues/14763 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #14740 from flouthoc/bindings-remove-manifestopenshift-ci[bot]2022-06-29
|\ \ \ \ \ | | | | | | | | | | | | bindings: Add support for `Delete` for deleting manifest list from local storage.
| * | | | | bindings: Add support for Delete in pkg/bingings/manifestAditya R2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bindings already support `Remove` which removes a manifest from the list following function adds support for removing entire manifest for local storage. Similar functionality can be also used indirectly by using `Remove` defined in image bindings Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | Merge pull request #14666 from shanesmith/machine-pidfileopenshift-ci[bot]2022-06-29
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make `podman machine stop` wait for qemu to exit
| * | | | | | Make `podman machine stop` wait for qemu to exitShane Smith2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - New `VMPidFilePath` field in MachineVM config holds the path for the qemu PID file - qemu is now started with the `-pidfile` argument set to `VMPidFilePath` - Machines created before this won't have the VM PID file configured, stopping these VMs will revert back to waiting on the state to change away from `Running`, plus an added 2s sleep to give time for the VM to exit and to avoid potential issues - Machines created after this will have a VM PID file configured and stopping the machine will wait indefinitely for the VM to exit [NO NEW TESTS NEEDED] Signed-off-by: Shane Smith <shane.smith@shopify.com>