aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* pkg/autoupdate: allow updating multiple tasks per unitValentin Rothberg2022-09-05
| | | | | | | | | | | Refactor the auto-update backend to allow for updating multiple tasks/containers per unit. This commit is merely doing the plumbing. The actual integration comes in a following commit. [NO NEW TESTS NEEDED] as behavior should not change and existing tests are expected to continue to pass. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #15618 from mheon/add_group_to_addtlgroupsOpenShift Merge Robot2022-09-05
|\ | | | | Add container GID to additional groups
| * Add container GID to additional groupsMatthew Heon2022-09-02
| | | | | | | | | | | | | | Mitigates a potential permissions issue. Mirrors Buildah PR #4200 and CRI-O PR #6159. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #15582 from dfr/freebsd-bindOpenShift Merge Robot2022-09-04
|\ \ | | | | | | Add support for FreeBSD volume mounts in specgen
| * | specgen: Use platform-specific mount type for volume mountsDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | Merge pull request #15614 from sstosh/fix-swaggerOpenShift Merge Robot2022-09-02
|\ \ \ | | | | | | | | Fix swagger documentation
| * | | Fix swagger documentationToshiki Sonoda2022-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ContainerKillLibpod "signal" query default is SIGKILL. * ContainerListLibpod "namespace" query is failed to show. * SecretListLibpod parameters is duplicated. * SecretList parameters is duplicated. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | | Merge pull request #15599 from umohnani8/gen-kubeOpenShift Merge Robot2022-09-02
|\ \ \ \ | |_|_|/ |/| | | Fix bind-mount-option annotation in gen/play kube
| * | | Fix bind-mount-option annotation in gen/play kubeUrvashi Mohnani2022-09-01
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | The format used for setting the bind-mount-options annotations in the kube yaml was incorrect and caused k8s to throw an error when trying to play the generated kube yaml. Fix the annotation format to match the rules of k8s. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #15404 from arixmkii/win_compat2OpenShift Merge Robot2022-09-02
|\ \ \ | |_|/ |/| | Improved Windows compatibility for machine command
| * | Improved Windows compatibility for machine commandArthur Sengileyev2022-08-29
| | | | | | | | | | | | Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* | | implement podman updateCharlie Doern2022-09-01
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags from podman create/run. The supported flags in crun are: this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where the resource limits are passed inthe request body and follow the OCI resource spec format –memory –cpus –cpuset-cpus –cpuset-mems –memory-swap –memory-reservation –cpu-shares –cpu-quota –cpu-period –blkio-weight –cpu-rt-period –cpu-rt-runtime -device-read-bps -device-write-bps -device-read-iops -device-write-iops -memory-swappiness -blkio-weight-device resolves #15067 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #15360 from m0duspwnens/api_compat_containersOpenShift Merge Robot2022-09-01
|\ \ | | | | | | api: return imageID instead of imageName, for "Image" when Podman api is queried
| * \ Merge branch 'containers:main' into api_compat_containersJason Ertel2022-08-30
| |\ \
| * \ \ Merge remote-tracking branch 'upstream/main' into api_compat_containersJosh Patterson2022-08-29
| |\ \ \ | | | |/ | | |/|
| * | | api: return imageID instead of imageName, for "Image" when Podman API is queriedJosh Patterson2022-08-17
| | | | | | | | | | | | | | | | Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
* | | | Merge pull request #15560 from dfr/freebsd-specgenOpenShift Merge Robot2022-09-01
|\ \ \ \ | | | | | | | | | | Add FreeBSD support for pkg/specgen/generate
| * | | | specgen/generate: Add support for FreeBSDDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | specgen/generate: Move specConfigNamespaces to namespace_linux.go and add stubsDoug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Everthing except for hostname management is linux-specific. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | specgen/generate: Move SpecGenToOCI, WeightDevices to oci_linux.go and add ↵Doug Rabson2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | stubs. Almost all of SpecGenToOCI deals with linux-specific aspects of the runtime spec. Rather than try to factor this out piecemeal, I think it is cleaner to move the whole function along with its implementation helper functions. This also meams we don't need non-linux stubs for functions called from oci_linux.go [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
| * | | | specgen/generate: Move security.go to security_linux.go and add stubsDoug Rabson2022-08-29
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The security features (selinux, apparmor, capabilities) are linux specific. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | | Merge pull request #15473 from umohnani8/empty-dirOpenShift Merge Robot2022-08-31
|\ \ \ \ | | | | | | | | | | Add emptyDir volume support to kube play
| * | | | Add emptyDir volume support to kube playUrvashi Mohnani2022-08-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a kube yaml has a volume set as empty dir, podman will create an anonymous volume with the empty dir name and attach it to the containers running in the pod. When the pod is removed, the empy dir volume created is also removed. Add tests and docs for this as well. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #15411 from arixmkii/override_default_usernameOpenShift Merge Robot2022-08-31
|\ \ \ \ | | | | | | | | | | Allow to override default username via command line
| * | | | Allow to override default username via command lineArthur Sengileyev2022-08-30
| | |_|/ | |/| | | | | | | | | | Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* | | | Merge pull request #15389 from giuseppe/userns-map-userOpenShift Merge Robot2022-08-31
|\ \ \ \ | | | | | | | | | | podman: add uid and gid options to keep-id
| * | | | podman: add uid and gid options to keep-idGiuseppe Scrivano2022-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add two new options to the keep-id user namespace option: - uid: allow to override the UID used inside the container. - gid: allow to override the GID used inside the container. For example, the following command will map the rootless user (that has UID=0 inside the rootless user namespace) to the UID=11 inside the container user namespace: $ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map 0 1 11 11 0 1 12 12 65525 Closes: https://github.com/containers/podman/issues/15294 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | infra: remove dead codeGiuseppe Scrivano2022-08-30
| |/ / / | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #15491 from marshall-lee/bindings-schema-ignoreOpenShift Merge Robot2022-08-31
|\ \ \ \ | |_|/ / |/| | | Mark some of the option fields as ignored in pkg/bindings
| * | | Mark some of the option fields as ignored in pkg/bindingsVladimir Kochnev2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I realized that `params.Del("SkipTLSVerify")` doesn't have any effect because keys are always lowercased. So it should really be `params.Del("skiptlsverify")`. There's also a little bug introduced by 3bf52aa and b1d1248: if one passes `ProgressWriter` object having `Stringer` interface i.e. `bytes.Buffer` it ends up been serialized in query with `util.ToParams()`. To circumvent both problems I propose to mark non-serializable parameters with `schema:"-"` so there's no need to delete them from resulting `url.Values`. Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
* | | | Merge pull request #15517 from tyler92/remove-libnetwork-depOpenShift Merge Robot2022-08-30
|\ \ \ \ | |_|/ / |/| | | remove github.com/docker/libnetwork dependency
| * | | remove github.com/docker/libnetwork dependencyMikhail Khachayants2022-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Code from this dependency was replaced with a simple version. As a result Podman's memory consumption has been reduced by ~10%. [NO NEW TESTS NEEDED] Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
* | | | pkg/domain: Add terminal support for FreeBSDDoug Rabson2022-08-27
|/ / / | | | | | | | | | | | | | | | | | | | | | This just moves the code to files which can be shared with freebsd. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson <dfr@rabson.org>
* | | remote: fix implementation of build with --userns=auto for APIAditya R2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman-remote` and Libpod API does not supports build with `--userns=auto` since `IDMappingOptions` were not implemented for API and bindings, following PR implements passing `IDMappingOptions` via bindings to API. Closes: https://github.com/containers/podman/issues/15476 Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #15490 from rhatdan/codespellOpenShift Merge Robot2022-08-26
|\ \ \ | | | | | | | | Run codespell
| * | | Run codespellDaniel J Walsh2022-08-25
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #15487 from mheon/image_delete_eventOpenShift Merge Robot2022-08-26
|\ \ \ | |/ / |/| | Compat API image remove events now have 'delete' status
| * | Compat API image remove events now have 'delete' statusMatthew Heon2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | Change only the compat API, so we don't force a breaking change on Libpod API users. Partial fix for #15485 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #15466 from mtrmac/image-trust-sigstoreDaniel J Walsh2022-08-25
|\ \ \ | |/ / |/| | podman image trust overhaul, incl. sigstore
| * | Preserve all unknown PolicyRequirement fields on (podman image trust set)Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are unmarshaling and re-marshaling JSON, which can _silently_ drop data with the Go design decision.data. Try harder, by using json.RawMessage at least for the data we care about. Alternatively, this could use json.Decoder.DisallowUnknownFields. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Reorganize the types in policy.go a bitMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | ... to go from top to bottom. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Add support for showing keyPaths in (podman image trust show)Miloslav Trmač2022-08-25
| | | | | | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Support (image trust show) for sigstoreSigned entriesMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | sigstoreSigned does not have GPG IDs, so we add N/A in that column. NOTE: this does not show the use-sigstore-attachments value from registries.d. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | BREAKING CHANGE: Change how (podman image trust show) represents multiple ↵Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | requirements Currently - the output uses the first entry's type, even if the requirements are different (notably signedBy + sigstoreSIgned) - all public keys IDs are collected to a single line, even if some of them are interchangeable, and some are required (e.g. two signedBy requirements could require an image to be signed by (redhatProd OR redhatBeta) AND (vendor1 OR vendor2) So, stop collapsing the requirements, and return a separate entry for each one. Multiple GPG IDs on a single line used to mean AND or OR, now they always mean AND. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Reorganize descriptionsOfPolicyRequirements a bitMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | Do the registries.d lookup once, separately from building an entry, so that we can share it across entries. Also prepare a separate res to allow adding multiple entries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Use the full descriptionsOfPolicyRequirements for the default scopeMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | ... instead of taking a shortcut, e.g. not listing any keys if they are required. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Rename haveMatchRegistry to registriesDConfigurationForScopeMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just so that we don't have a boolean-named function returning a struct. Also reorder the parameters to have the container first, and the lookup key second. Shoud not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Rename tempTrustShowOutput to entryMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | Now that it is the primary return value of a small function, the long name only makes reading harder. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Split descriptionsOfPolicyRequirements out of getPolicyShowOutputMiloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will evetually allow us to use it for the default scope as well, which currently uses a simplified version. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Recognize the new lookaside names for simple signing sigstoreMiloslav Trmač2022-08-25
| | | | | | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>