| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
make 9p security model configurable; document
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This addresses:
Symlinks don't work on podman machine on macOS Monterey when using volumes feature #13784
This change does NOT exactly fix the bug, but it does allow the user to
work around it via 'podman init' option, e.g.:
podman machine init -v "$HOME/git:$HOME/git:ro:security_model=none"
If the default security model were to be changed to 'none', then that
would fix the bug, at the possible cost of breaking any use cases that
depend on 'mapped-xattr'.
The documentation of the purpose and behavior of the different security
models seems to be rather light:
https://wiki.qemu.org/Documentation/9psetup#Starting_the_Guest_directly
From testing, it appears that the mapped-xattr security model intends to
manage symlinks such that the guest can see the symlinks but the host
only sees regular files (with extended attributes). As far as I can
tell, this behavior only makes sense when the guest is the only thing
that ever needs to create and read symlinks. Otherwise, symlinks created
on the host are unusable on the guest, and vice versa.
As per the original commit: 8e7eeaa4dd14621bda15e396fcd7b9187bc500c5
[NO NEW TESTS NEEDED]
Also document existing ro and rw options.
Also remove misleading statement about /mnt. By my observation, this
line is incorrect. If the intended meaning is different, then I don't
understand.
The default volume is mounted read/write and is not within /mnt.
[core@localhost ~]$ mount | grep 9p
vol0 on /Users/chickey type 9p (rw,relatime,sync,dirsync,access=client,trans=virtio)
Signed-off-by: Corey Hickey <chickey@tagged.com>
|
| |\ \
| | |
| | | |
fix namespace reporting
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
somehow, #14501 got through CI even though the remote tests fail. The testa are failing
due to the PodSpecGenerator not containing the UTSNs entitiy and infra's spec is not yet allowed to be accessed remotely
[NO NEW TESTS NEEDED]
resolves #14847
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Podman machine info
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Add podman machine info command, which displays infor about the machine
host as well as version info.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Fix streaming for libpod/pods/stats endpoint
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit fixes libpod/pods/stats endpoint which should stream the data.
Additional option param is added to disable streaming and the delay value
to choose the desired delay between streamed messages (default 5s).
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fix network inspect compat API discrepancy
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- containerInspect compat API expects field value PrefixLen
instead of PrefixLength for type Address for SecondaryIPAddresses
- Add tests for network part of containerInspect compat api
Closes: containers#14674
Signed-off-by: 🤓 Mostafa Emami <mustafaemami@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
use c/common code for resize and CopyDetachable
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since conmon-rs also uses this code we moved it to c/common. Now podman
should has this also to prevent duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix qemu machine startHostNetworking always failing
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Issue introduced in #14828
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
podman pod create --uts support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add support for the --uts flag in pod create, allowing users to avoid
issues with default values in containers.conf.
uts follows the same format as other namespace flags:
--uts=private (default), --uts=host, --uts=ns:PATH
resolves #13714
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix podman pod unpause TODO
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update the podman pod unpause to only show the paused
containers with autocomplete.
Fix a typo in the help command.
Update the unpause function to only attempt an unpause
on pasued pods instead of all the pods.
Update the tests accordingly.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
libpod: switch to golang native error wrapping
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Implement proxy support for Windows
|
| | | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Docker-compose disable healthcheck properly handled
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Previously, if a container had healthchecks disabled in the
docker-compose.yml file and the user did a `podman inspect <container>`,
they would have an incorrect output:
```
"Healthcheck":{
"Test":[
"CMD-SHELL",
"NONE"
],
"Interval":30000000000,
"Timeout":30000000000,
"Retries":3
}
```
After a quick change, the correct output is now the result:
```
"Healthcheck":{
"Test":[
"NONE"
]
}
```
Additionally, I extracted the hard-coded strings that were used for
comparisons into constants in `libpod/define` to prevent a similar issue
from recurring.
Closes: #14493
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
(rootful) docker-compose now updates network MTU
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Previously, the following network block did not update using
docker-compose:
```
networks:
default:
driver: bridge
driver_opts:
mtu: 9000
```
In the API, the network options were previously not being handled when the
network was being created. I translated the docker options into podman
options, and added the options to the network.
When doing `podman network inspect <network>`, the results now contain
`"mtu": "9000"`
Fixes: #14482
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Silence setlocale warnings from `podman machine ssh`
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Connecting with `podman machine ssh` can results in the following
warning:
```
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
/usr/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_CA.UTF-8)
```
Best would probably be to remove `LC_ALL` (and other locale and lang
env vars) from `/etc/ssh/sshd_config.d/50-redhat.conf` in the CoreOS
image, but I'm not terribly sure how, so this is a quick alternative.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
envVarValueResourceFieldRef: use int64 for value
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Machine can only run on amd64 and arm64 platforms so we need to make
sure the test are only run on those platforms. We do not have CI checks
for this but it fails in debian build infra since debian supports many
other architectures as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
assert.Equal() already follows to pointer and compares by value so we
can just directly pass the values. This will make errors much more
obvious. Also remove the fmt.Println() since the error now contains the
values.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
int can be 32 or 64 bit depending on the architecture.
The total memory is int64 so we have to use int64 for the value as
well otherwise we get an overflow on 32 bit systems.
Fixes #14819
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
specgen,run: support running container from valid manifest list using `--platform`
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Following PR adds support for running containers from a manifest list
present on localstorage. Before this PR podman only supports running
containers from valid images but not from manifest list.
So `podman run -it --platform <some> <manifest-list> command` should
become functional now and users should be able to resolve images on the
bases of provided `--platform` string.
Example
```
podman manifest create test
podman build --platform linux/amd64,linux/arm64 --manifest test .
podman run --rm --platform linux/arm64/v8 test uname -a
```
Closes: https://github.com/containers/podman/issues/14773
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
libpod/runtime: switch to golang native error wrapping
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
| | |_|/ /
|/| | |
| | | |
| | | | |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
overlay,mount: convert source to absolute path for `overlay` mounts of paths
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When mounting paths as overlay mounts we end up passing source as is to
lowerdir options, resolve all relative paths in such cases for overlay
mounts.
Closes: https://github.com/containers/podman/issues/14797
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
specgen: fix parsing of cgroup devices rule
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix the parse for the cgroup devices rule to correctly handle the
wildcard syntax for the device major.
Also make sure the device major and minor are not negative numbers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
podman volume create --opt=o=timeout...
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
add an option to configure the driver timeout when creating a volume.
The default is 5 seconds but this value is too small for some custom drivers.
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
reveal machine error, ignore false state
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This PR covers two edge cases discovered by fiddling with machine
manually. It is possible (like after a manual cleanup of a machine)
that a leftover qemu socket file can indicate the prescense of a machine
running.
Also, reveal the error of a Exec.Command by wrapping the generic error
around what was in stderr.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
ImagesBatchRemoval and ImageRemoval now honors and accepts
`LookupManifest` parameter which further tells libimage to resolve to
manifest list if it exists instead of actual image.
Following PR also makes `podman-remote manifest rm` functional which was
broken till now.
Closes: https://github.com/containers/podman/issues/14763
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
bindings: Add support for `Delete` for deleting manifest list from local storage.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bindings already support `Remove` which removes a manifest from the list
following function adds support for removing entire manifest for local
storage.
Similar functionality can be also used indirectly by using `Remove` defined in
image bindings
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Make `podman machine stop` wait for qemu to exit
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- New `VMPidFilePath` field in MachineVM config holds the path for the
qemu PID file
- qemu is now started with the `-pidfile` argument set to `VMPidFilePath`
- Machines created before this won't have the VM PID file configured,
stopping these VMs will revert back to waiting on the state to change
away from `Running`, plus an added 2s sleep to give time for the VM to
exit and to avoid potential issues
- Machines created after this will have a VM PID file configured and
stopping the machine will wait indefinitely for the VM to exit
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
|
