aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #7176 from mheon/make_entrypointOpenShift Merge Robot2020-08-05
|\ | | | | Ensure WORKDIR from images is created
| * Ensure WORKDIR from images is createdMatthew Heon2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7125 from QiWang19/fd-validateOpenShift Merge Robot2020-08-05
|\ \ | | | | | | validate fds --preserve-fds
| * | validate fds --preserve-fdsQi Wang2020-08-04
| | | | | | | | | | | | | | | | | | validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #7224 from rhatdan/removeOpenShift Merge Robot2020-08-05
|\ \ \ | | | | | | | | Handle podman-remote run --rm
| * | | Handle podman-remote run --rmDaniel J Walsh2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to remove the container after it has exited for podman-remote run --rm commands. If we don't remove this container at this step, we open ourselves up to race conditions. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7081 from QiWang19/sigature-storeOpenShift Merge Robot2020-08-05
|\ \ \ \ | |/ / / |/| | | fix bug podman sign storage path
| * | | fix bug podman sign storage pathQi Wang2020-08-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Signed-off-by: Qi Wang <qiwan@redhat.com>
* / / correct go-binding key for volumesBrent Baude2020-08-04
|/ / | | | | | | | | | | | | | | the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such. Fixes: #7128 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #7204 from baude/issue7197OpenShift Merge Robot2020-08-04
|\ \ | | | | | | Missing return after early exit
| * | Missing return after early exitBrent Baude2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | the exists code was plagued by a missing return statement meant to trigger an early exit. Fixes: #7197 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #7205 from baude/issue7185OpenShift Merge Robot2020-08-04
|\ \ \ | | | | | | | | docker-compose uses application/tar
| * | | docker-compose uses application/tarBrent Baude2020-08-03
| |/ / | | | | | | | | | | | | | | | | | | | | | even though the official documentation suggests that application/x-tar should be used for tar files, it seems docker-compose uses application/tar. we now accept them and issue a warning. Fixes: #7185 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #7192 from giuseppe/system-service-join-ns-immediatelyOpenShift Merge Robot2020-08-04
|\ \ \ | |/ / |/| | rootless: system service joins immediately the namespaces
| * | rootless: system service joins immediately the namespacesGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when there is a pause process running, let the "system service" podman instance join immediately the existing namespaces. Closes: https://github.com/containers/podman/issues/7180 Closes: https://github.com/containers/podman/issues/6660 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #7097 from QiWang19/usagedateOpenShift Merge Robot2020-08-03
|\ \ \ | | | | | | | | [CI:DOCS] apiv2 fix volumes not included field
| * | | [CI:DOCS] apiv2 fix volumes not inculded fieldQi Wang2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | Do not use volume from docker since UsageData field is not need. It's nullable in docker API and expensive to add. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #7188 from zhangguanzhang/network-404OpenShift Merge Robot2020-08-03
|\ \ \ \ | | | | | | | | | | API returns 500 in case network is not found instead of 404
| * | | | API returns 500 in case network is not found instead of 404zhangguanzhang2020-08-02
| | | | | | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | | Merge pull request #7158 from rhatdan/commitOpenShift Merge Robot2020-08-03
|\ \ \ \ \ | |_|_|/ / |/| | | | Handle single character images
| * | | | Handle single character imagesDaniel J Walsh2020-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can only specify multiple character for image names when executing podman-remote commit podman-remote commit a b Will complete, but will save the image without a name. podman-remote commit a bb Works. This PR fixes and now returns an error if the user doees not specify an image name to commit to. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7141 from rhafer/image_descr_testOpenShift Merge Robot2020-08-03
|\ \ \ \ \ | |_|/ / / |/| | | | Add test case for description being present in search result
| * | | | Make `search --no-trunc` work for podman remoteRalf Haferkamp2020-07-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The HTTP API for image search was still lacking support of the NoTrunc parameter. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
| * | | | API: Fix 'podman image search` missing descriptionRalf Haferkamp2020-07-31
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Basically cherry-picked into the api from commit cf5c63b5c492e41d72b6e3b6d75b5f39b0a957fd. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | | | Merge pull request #7165 from jwhonce/issues/7008OpenShift Merge Robot2020-08-01
|\ \ \ \ | | | | | | | | | | Add versioned _ping endpoint
| * | | | Add versioned _ping endpointJhon Honce2020-07-31
| |/ / / | | | | | | | | | | | | | | | | | | | | Fixes #7008 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / / / fix pod creation with "new:" syntaxPaul Holzinger2020-07-31
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you execute podman create/run with the --pod new:<name> syntax the pod was created but the namespaces where not shared and therefore containers could not communicate over localhost. Add the default namespaces and pass the network options to the pod create options. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | rootless: add a check for the host id included in the rangeGiuseppe Scrivano2020-07-30
| | | | | | | | | | | | | | | | | | | | | add a check to verify whether the additional IDs also contain the host ID. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | rootless: child exits immediately on userns errorsGiuseppe Scrivano2020-07-30
| | | | | | | | | | | | | | | | | | | | | if the parent process failed to create the user namespace, let the child exit immediately. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | rootless: do not ignore errors if mappings are specifiedGiuseppe Scrivano2020-07-30
|/ / | | | | | | | | | | | | | | | | | | when setting up the user namespace do not ignore errors from newuidmap/newgidmap if there are mappings configured. The single user mapping is a fallback only when there are not mappings specified for the user. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #7147 from rhatdan/historyOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Return NamesHistory when returning remote images
| * | Return NamesHistory when returning remote imagesDaniel J Walsh2020-07-29
| |/ | | | | | | | | | | | | We are returning bogus data in podman-remote images --format json. This change will match the same data returned my podman images --format json. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7074 from mheon/multi_ctrport_okOpenShift Merge Robot2020-07-29
|\ \ | | | | | | Binding the same container port to >1 host port is OK
| * | Binding the same container port to >1 host port is OKMatthew Heon2020-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | bindings: skip flaky pause/unpause testEd Santiago2020-07-29
| |/ |/| | | | | | | | | | | | | | | The "podman wait to pause|unpause condition" test is failing several times a day, always a flake. Issue #6518. Disable it until the cause can be identified and fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Fix `podman image search` missing descriptionRalf Haferkamp2020-07-29
| | | | | | | | | | | | | | `podman image search` returned wrong results for the image "Description" as it was mapped to the wrong field ("ID") in the search results. Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* | Add podman image mountDaniel J Walsh2020-07-28
|/ | | | | | | | | | | | | There are many use cases where you want to just mount an image without creating a container on it. For example you might want to just examine the content in an image after you pull it for security analysys. Or you might want to just use the executables on the image without running it in a container. The image is mounted readonly since we do not want people changing images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6909 from rhatdan/podmanOpenShift Merge Robot2020-07-28
|\ | | | | Switch all references to github.com/containers/libpod -> podman
| * Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7105 from AkihiroSuda/fix-cgroupversion-stringOpenShift Merge Robot2020-07-28
|\ \ | |/ |/| compat/info.go: TrimPrefix(CGroupsVersion, "v")
| * compat/info.go: TrimPrefix(CGroupsVersion, "v")Akihiro Suda2020-07-28
| | | | | | | | | | | | For compatibility with Docker: https://github.com/moby/moby/blob/846b7e24ba549a972a2672ffdd88b140da688736/api/swagger.yaml#L4528-L4534 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | Cleanup handling of podman mount/unmountDaniel J Walsh2020-07-27
|/ | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* API events: fix parsing errorValentin Rothberg2020-07-27
| | | | | | | | Fix an error where an absent "filters" parameter led to JSON parsing errors. Fixes: #7078 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Remove 'experimental' from API docTomSweeneyRedHat2020-07-25
| | | | | | | | | The v2.0 reference [page](http://docs.podman.io/en/latest/Reference.html) lists the API as experimental. Removed that word and reworked the first paragraph a bit based on verbiage that @mheon put together for the API intro blog. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #6742 from ↵OpenShift Merge Robot2020-07-24
|\ | | | | | | | | maybe-sybr/maybe/apiv2/fix-container-create-with-volumes APIv2:fix: Get volumes from `Binds` when creating
| * APIv2:fix: Get volumes from `Binds` when creatingmaybe-sybr2020-07-09
| | | | | | | | | | | | | | | | | | | | | | This change ensures that we pull volume bind specification strings from the correct spot in the POSTed data when creating containers. We should probably canity check that the mapping keys in `Volumes` are a superset of the binds listed in `HostConfig.Binds` but this cheap change removes an annoying behaviour where named volumes or host mount would be silently replaced with newly created anonymous volumes. Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
* | Publish IP from YAML (podman play kube)Ashley Cui2020-07-22
| | | | | | | | | | | | podman play kube didn't set host ip correctly from YAML Signed-off-by: Ashley Cui <acui@redhat.com>
* | Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ \ | | | | | | Add --umask flag for create, run
| * | Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>