aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ | | | | Add filepath glob support to --security-opt unmask
| * Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10220 from giuseppe/rm-volatileOpenShift Merge Robot2021-05-05
|\ \ | | | | | | podman: set volatile storage flag for --rm containers
| * | podman: set volatile storage flag for --rm containersGiuseppe Scrivano2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volatile containers are a storage optimization that disables *sync() syscalls for the container rootfs. If a container is created with --rm, then automatically set the volatile storage flag as anyway the container won't persist after a reboot or machine crash. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #10223 from giuseppe/improve-rootless-automatic-range-splitOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | rootless: improve automatic range split
| * | | rootless: improve automatic range splitGiuseppe Scrivano2021-05-05
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | sort.Search returns the smallest index, so provide the available IDs in decreasing order. It fixes an issue when splitting the current mappings over multiple available IDs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | add --mac-address to podman play kube
| * | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #8828 from boaz0/closes_8779OpenShift Merge Robot2021-05-04
|\ \ \ | |/ / |/| | Add --all to podman start
| * | is this a bug?Boaz Shuster2021-05-04
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * | Add --all to podman startBoaz Shuster2021-05-03
| | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Co-authored-by: Ed Santiago <santiago@redhat.com>
* | | compat api: Networks must be empty instead of nullPaul Holzinger2021-05-04
|/ / | | | | | | | | | | | | | | | | The compat endpoint for container inspect must return {} instead of null for NetworkSettings.Networks. Fixes #9837 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #10174 from rhatdan/volumeOpenShift Merge Robot2021-04-30
|\ \ | |/ |/| Remove unused VolumeList* structs
| * Remove unused VolumeList* structsDaniel J Walsh2021-04-29
| | | | | | | | | | | | | | | | [NO TESTS NEEDED] since we are just removing unused code. Replaces: https://github.com/containers/podman/pull/9558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10063 from ParkerVR/autoupdate-localOpenShift Merge Robot2021-04-29
|\ \ | | | | | | Autoupdate Local
| * | TODO completeParker Van Roy2021-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changed struct to policyMapper change "image" to "registry" in multiple locations Updated documentation with registry alias & autoupdate local Added relevant test Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
| * | Autoupdate local label functionalParker Van Roy2021-04-28
| |/ | | | | | | | | | | | | | | | | | | | | | | Digests were used to compare local image and container image Registry alias added for Image Policy Refactored to integrate new feature + change some naming conventions Tested this using a modified version of the docs autoupdate instructions & it worked successfully Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | Merge pull request #10170 from ashley-cui/machineoneOpenShift Merge Robot2021-04-29
|\ \ | | | | | | [NO TESTS NEEDED] Check if another VM is running on machine start
| * | Check if another VM is running on machine startAshley Cui2021-04-28
| | | | | | | | | | | | | | | | | | | | | | | | Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Docker returns 'die' status rather then 'died' statusDaniel J Walsh2021-04-28
| |/ |/| | | | | | | | | | | | | | | | | | | | | In order to be more compatible with Docker, we should return a container die status rather then a "container died", Too late to change this for Podman. Partially fixes: https://github.com/containers/podman/issues/10168 [NO TESTS NEEDED] No easy way to test this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Add podman run --timeout option
| * | Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10149 from rhatdan/volumeOpenShift Merge Robot2021-04-27
|\ \ \ | | | | | | | | Allow docker volume create API to pass without name
| * | | Allow docker volume create API to pass without nameDaniel J Walsh2021-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Docker API does not require Volume name to be specified when creating a volume. Fixes: https://github.com/containers/podman/issues/9803 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | rootless: Tell the user what was led to the error, not just what it isAndrej Shadura2021-04-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Users coming e.g. from Docker do not always read the manual and expect podman to not require sudo or uidmap, for them the default message is not very helpful: Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.: cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH Adding a bit more context to this would help to nudge them into the right direction and tell them what to look for in the documentation: command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> [NO TESTS NEEDED]
* | | Merge pull request #10074 from flouthoc/ancestor-truncate-bugOpenShift Merge Robot2021-04-26
|\ \ \ | | | | | | | | Fix podman ps --filter ancestor to match exact ImageName/ImageID
| * | | Fix podman ps --filter ancestor to match exact ImageName/ImageIDflouthoc2021-04-25
| |/ / | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Merge pull request #10125 from ashley-cui/machenabledOpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | [NO TESTS NEEDED] Add machine-enabled to containers.conf for machine
| * | Add machine-enabled to containers.conf for machineAshley Cui2021-04-23
| |/ | | | | | | | | | | | | | | | | | | | | Add machine-enabled=true into /etc/containers/containers.conf when initing a VM. This field should tell Podman it's being run in a podman-machine and it will be used in future to tell podman to set up other necessary machine stuff such as networking [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10081 from sjug/cdi_device_libOpenShift Merge Robot2021-04-26
|\ \ | | | | | | Add support for CDI device configuration
| * | Add support for CDI device configurationSebastian Jug2021-04-20
| | | | | | | | | | | | | | | | | | | | | | | | - Persist CDIDevices in container config - Add e2e test - Log HasDevice error and add additional condition for safety Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | | Merge pull request #10079 from ↵OpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | | | | | | | giuseppe/create-userns-for-root-without-CAP_SYS_ADMIN runtime: create userns when CAP_SYS_ADMIN is not present
| * | runtime: create userns when CAP_SYS_ADMIN is not presentGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | when deciding to create a user namespace, check for CAP_SYS_ADMIN instead of looking at the euid. [NO TESTS NEEDED] Needs nested Podman Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: attempt to copy current mappings firstGiuseppe Scrivano2021-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when creating a user namespace, attempt to create it first by copying the current mappings and then fallback to the other methods: 1) use newidmap tools and ... 2) create a user namespace with a single user mapped. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | rootless: if root is not sub?id raise a debug messageGiuseppe Scrivano2021-04-22
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Fix removal race condition in ListContainersSoMuchForSubtlety2021-04-23
|/ / | | | | | | | | | | | | | | | | | | | | It is possible that a container is removed between fetching the initial list of containers and the second access during conversion. Closes #10120 [NO TESTS NEEDED] Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
* | Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10080 from rhatdan/remoteOpenShift Merge Robot2021-04-21
|\ \ | | | | | | podman-remote should show podman.sock info
| * | podman-remote should show podman.sock infoDaniel J Walsh2021-04-20
| |/ | | | | | | | | | | | | | | Currently podman-remote info does not show socket information. Fixes: https://github.com/containers/podman/issues/10077 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / rmi: don't break when the image is missing a manifestNalin Dahyabhai2021-04-20
|/ | | | | | | | | | | | | | | | | | | | In libpod/image.Image.Remove(), if the attempt to find the image's parent fails for any reason, log a warning and proceed as though it didn't have one instead of failing, which would leave us unable to remove the image without resetting everything. In libpod/Runtime.RemoveImage(), if we can't determine if an image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove all images, if we encounter an error checking if a given image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #10041 from chenk008/add_pidfile_flagOpenShift Merge Robot2021-04-19
|\ | | | | Add flag "--pidfile" for podman create/run
| * add flag "--pidfile" for podman create/runwuhua.ck2021-04-16
| | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* | Merge pull request #10025 from zhangguanzhang/remote-save-dirOpenShift Merge Robot2021-04-19
|\ \ | | | | | | Fixes podman-remote save to directories does not work
| * | Fixes podman-remote save to directories does not workzhangguanzhang2021-04-15
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Ensure mount destination is clean, no trailing slashEduardo Vega2021-04-18
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #10018 from jmguzik/more-network-bindings-testsOpenShift Merge Robot2021-04-17
|\ \ \ | | | | | | | | Add network bindings tests: remove and list
| * | | Add network bindings tests: remove and listJakub Guzik2021-04-15
| | |/ | |/| | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #10043 from Luap99/play-kube-ipOpenShift Merge Robot2021-04-17
|\ \ \ | |/ / |/| | add --ip to podman play kube
| * | add --ip to podman play kubePaul Holzinger2021-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --ip flag to podman play kube. This is used to specify a static IP address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #8442 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>