aboutsummaryrefslogtreecommitdiff
path: root/pkg
Commit message (Collapse)AuthorAge
* Vendor in new opencontainers/selinuxDaniel J Walsh2022-04-08
| | | | | | | | Also update vendor of containers/common,buildah,storage,image Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2069586 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13798 from n1hility/fix-docker-sockOpenShift Merge Robot2022-04-07
|\ | | | | Fix mac docker socket handling
| * Fix docker socket handlingJason T. Greene2022-04-06
| | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | Prevent set command from updating a running instanceJason T. Greene2022-04-06
|/ | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* machine refactor 3: add symlinks for socketsBrent Baude2022-04-05
| | | | | | | | | | | | | to avoid errors on macos, we use symlinks to long socket names. Fixes: #12751 Fixes: #13609 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13490 from gcalin/13266OpenShift Merge Robot2022-04-04
|\ | | | | pod logs enhancements: option to color logs
| * Add option for pod logs to display different colors per container.gcalin2022-03-29
| | | | | | | | | | Signed-off-by: Krzysztof Baran <krysbaran@gmail.com> Signed-off-by: gcalin <caling@protonmail.com>
* | Merge pull request #13765 from giuseppe/do-not-set-oom-score-adjOpenShift Merge Robot2022-04-04
|\ \ | | | | | | specgen: do not set OOMScoreAdj by default
| * | specgen: do not set OOMScoreAdj by defaultGiuseppe Scrivano2022-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | do not force a value of OOMScoreAdj=0 if it is wasn't specified by the user. Closes: https://github.com/containers/podman/issues/13731 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #13757 from andrewaylett/anonymous_volumesOpenShift Merge Robot2022-04-04
|\ \ \ | | | | | | | | Allow creating anonymous volumes with --mount
| * | | Allow creating anonymous volumes with --mountAndrew Aylett2022-04-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #13756. All the mechanics to create anonymous volumes is already present, but there's still a validation preventing that path from being taken. We remove the validation, which allows the volume to be created successfully. Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
* | | | Merge pull request #13655 from n1hility/dual-pipesOpenShift Merge Robot2022-04-04
|\ \ \ \ | |/ / / |/| | | Prefer registering both machine and global pipe on Win
| * | | Prefer registering both machine and global pipeJason T. Greene2022-03-29
| | |/ | |/| | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #13665 from jwhonce/issues/13535OpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | Add build test for .containerignore tar file
| * | | Add build test for .containerignore tar fileJhon Honce2022-03-31
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure a directory added to .containerignore on client is not included in tar sent to remote podman API service * Clean up podman invocations to not include duplicate --remote and --url flags * Use pkill vs. pgrep when cleaning up podman API service in tests * Add exit code when logging error when testing Closes #13535 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #13594 from cdoern/podVolumesOpenShift Merge Robot2022-04-01
|\ \ \ | | | | | | | | fix pod volume passing and alter infra inheritance
| * | | fix pod volume passing and alter infra inheritancecdoern2022-03-29
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the infra Inherit function was not properly passing pod volume information to new containers alter the inherit function and struct to use the new `ConfigToSpec` function used in clone pick and choose the proper entities from a temp spec and validate them on the spegen side rather than passing directly to a config resolves #13548 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | specgen: permit --privileged and --cap-addGiuseppe Scrivano2022-04-01
| |/ |/| | | | | | | | | | | | | | | --cap-add is useful when running a privileged container with UID != 0, so that individual capabilities can be added to the container process. Closes: https://github.com/containers/podman/issues/13449 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | kube: configmap volume should be reused if already existsAditya R2022-03-31
| | | | | | | | | | | | | | | | `podman play kube` creates a new volume for configmap, if same configmap is applied again volume can be re-used, there is no need to remove and re-create the volume again Signed-off-by: Aditya R <arajan@redhat.com>
* | Machine refactor part 2Brent Baude2022-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR further implements a more structured approach to handling the files needed by machine. More files are now made as MachineFile which can then have a symlink (using a shorter path) to them. Also added Set and Get methods for many of the files. The next part of the refactor will implement the use of symlinks on MacOS. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add 'Os' to be queried via 'version' outputJohn Matthews2022-03-29
|/ | | | Signed-off-by: John Matthews <jwmatthews@gmail.com>
* Merge pull request #13619 from rhatdan/systemdOpenShift Merge Robot2022-03-29
|\ | | | | Set systemd mode if entrypoint begins with /bin/sh -c
| * Set systemd mode if entrypoint begins with /bin/sh -cDaniel J Walsh2022-03-28
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13324 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Migrate machine configsBrent Baude2022-03-28
|/ | | | | | | | | If podman detects a Machinev1 config, it will automatically migrate it to the new format. Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED]
* Machine refactor - part 1Brent Baude2022-03-28
| | | | | | | | | | | | | | | | the way machine was written was very adjunct and as such is in dire need of refactoring to better structures and structure methods where appropriate. the weekest part is specifically around all the files that machine requires and how some are just dynamically built on the fly. this pr defines a new machinefile type which allows us to work with the file and also takes into account the use of symlinks which are going to be needed on macos due to its relatively short file length restriction. also, added unit tests for new methods as well as anywhere else I saw a need. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13668 from rhatdan/walkOpenShift Merge Robot2022-03-28
|\ | | | | Switch all calls to filepath.Walk to filepath.WalkDir
| * Switch all calls to filepath.Walk to filepath.WalkDirDaniel J Walsh2022-03-27
| | | | | | | | | | | | | | | | | | WalkDir should be faster the Walk, since we often do not need to stat files. [NO NEW TESTS NEEDED] Existing tests should find errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13611 from rvandernoort/vendor_filtersOpenShift Merge Robot2022-03-28
|\ \ | |/ |/| Vendor c/common for filters
| * Vendor commonrvandernoort2022-03-27
| | | | | | | | | | | | | | | | Added patch provided by rhatdan to add support for shareable [NO NEW TESTS NEEDED] Signed-off-by: rvandernoort <s.r.vandernoort@student.tudelft.nl>
* | Merge pull request #13653 from jmontleon/fix-manifest-push-headerOpenShift Merge Robot2022-03-27
|\ \ | | | | | | Resolves #13629 Add RegistryAuthHeader to manifest push
| * | Resolves #13629 Add RegistryAuthHeader to manifest pushjason2022-03-26
| | | | | | | | | | | | Signed-off-by: Jason Montleon <jmontleo@redhat.com>
* | | Merge pull request #13660 from rhatdan/errorOpenShift Merge Robot2022-03-27
|\ \ \ | | | | | | | | Remove error stutter
| * | | Remove error stutterDaniel J Walsh2022-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When podman gets an error it prints out "Error: " before printing the error string. If the error message starts with error, we end up with Error: error ... This PR Removes all of these stutters. logrus.Error() also prints out that this is an error, so no need for the error stutter. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Run codespell to cleanup typosDaniel J Walsh2022-03-25
|/ / / | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13531 from cdoern/buildOpenShift Merge Robot2022-03-24
|\ \ \ | | | | | | | | Add Context Directory to tar
| * | | add contextDir to tar on remotecdoern2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman build fails on remote build when using a relative context directory. This is because the context dir was not being added to the tar, so when remote the compat build function would not be able to stat the contextDir. resolves #13293 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | Merge pull request #13274 from jwhonce/wip/manifest_4_mainOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | Fix manifest 4.0 endpoints
| * | | | Fix manifest 4.0 endpointsJhon Honce2022-03-23
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] * Branch forced 4.0 only endpoints, which broke bindings * Fix lint error, in new code Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #13620 from Luap99/qemu-pathOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | podman machine start: lookup qemu path again if not found
| * | | | fix podman machine start log level detectionPaul Holzinger2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use logrus.IsLevelEnabled because this will cover all levels below it as well. Currently this condition would fail for the trace log level. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | | podman machine start: lookup qemu path again if not foundPaul Holzinger2022-03-23
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We store the full path to qemu in the machine config. When the path changes on the host the machine can longer be started. To fix it we get the path again when we fail to start the machine due the missing binary. We want to store and use the full path first because otherwise existing machines can break when the qemu version changed. [NO NEW TESTS NEEDED] We still have no machine tests. Fixes #13394 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13587 from giuseppe/clone-to-podOpenShift Merge Robot2022-03-24
|\ \ \ \ | | | | | | | | | | container: allow clone to an existing pod
| * | | | container: allow clone to an existing podGiuseppe Scrivano2022-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/3979 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | specgen: fix typoGiuseppe Scrivano2022-03-24
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | Merge pull request from GHSA-qvf8-p83w-v58jGiuseppe Scrivano2022-03-24
|\ \ \ \ \ | |_|_|_|/ |/| | | | do not set the inheritable capabilities
| * | | | do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | play: kube: use in-memory kubefile and remove tempfileChristian Stewart2022-03-24
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PlayKube and PlayKubeDown commands accepted a "path" argument to a YAML file to play. This requires the caller to write the YAML to a file path. The downside of this is apparent in the HTTP handlers which have to use a temporary file on disk to store the YAML file. The file is opened & used as the body of the HTTP request. It's possible to instead pass a io.Reader and use a fully in-memory request body. Add backwards-compatible changes to bindings to allow passing either a filepath or a io.Reader body. Refactor the podman bindings to use a io.Reader instead of a filepath. Simplify the HTTP handlers for PlayKube by removing the now unneeded tempfile. [NO NEW TESTS NEEDED] Signed-off-by: Christian Stewart <christian@paral.in>
* | | | Merge pull request #13597 from Luap99/statsOpenShift Merge Robot2022-03-23
|\ \ \ \ | | | | | | | | | | podman stats: calc CPU percentage correctly
| * | | | podman stats: calc CPU percentage correctlyPaul Holzinger2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you run podman stats, the first interval always shows the wrong cpu usage. To calculate cpu percentage we get the cpu time from the cgroup and compare this against the system time between two stats. Since the first time we do not have a previous stats an empty struct is used instead. Thus we do not use the actual running time of the container but the current unix timestamp (time since Jan 1 1970). To fix this we make sure that the previous stats time is set to the container start time, when it is empty. [NO NEW TESTS NEEDED] No idea how I could create a test which would have a predictable cpu usage. See the linked bugzilla for a reproducer. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2066145 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | Explicitly use IPv4 to check if podman-machine VM is listeningBurt Holzman2022-03-23
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting a VM that has been configured with volume mounts, the podman client attempts to connect via TCP to localhost, which runs gvproxy to proxy an ephemeral port to the VM's ssh port. Previously, gvproxy was listening on all interfaces and IP addresses, but this behavior has changed to listening only on the IPv4 loopback address. Without this change, if a newer build of gvproxy is used, a podman machine configured with volume mounts will hang forever after "podman machine start" with "Waiting for VM ...". [NO NEW TESTS NEEDED] Signed-off-by: Burt Holzman <burt@fnal.gov>