| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Only allow Rootless runs of Podman Machine
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
fix volume reporting in system df
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
currently, podman system df incorrectly calculates the reclaimable storage for
volumes, using a cumulative reclaimable variable that is incremented and placed into each
report entry causing values to rise above 100%.
Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does.
resolves #13516
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \
| | |
| | | |
Fix runtime check during restore
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Runtime verification test for container checkpoint with export
used the default runtime for test which causes test to always
pass. Problem rises when using non-default runtime, then doing
a restore. This test forcse using a non-default runtime during
container creation.
Edge case:
1. Default runtime is crun
2. Container is created with runc
3. Checkpoint without setting --runtime into archive
4. Restore without setting --runtime from archive
It should be expected that podman identifies runtime from the
checkpoint archive.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
|
| |\ \ \
| | | |
| | | | |
podman image scp remote support & podman image scp tagging
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
volume: add two new options copy and nocopy
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add two new options to the volume create command: copy and nocopy.
When nocopy is specified, the files from the container image are not
copied up to the volume.
Closes: https://github.com/containers/podman/issues/14722
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |\ \ \
| | | |
| | | | |
add podman volume reload to sync volume plugins
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Libpod requires that all volumes are stored in the libpod db. Because
volume plugins can be created outside of podman, it will not show all
available plugins. This podman volume reload command allows users to
sync the libpod db with their external volume plugins. All new volumes
from the plugin are also created in the libpod db and when a volume from
the db no longer exists it will be removed if possible.
There are some problems:
- naming conflicts, in this case we only use the first volume we found.
This is not deterministic.
- race conditions, we have no control over the volume plugins. It is
possible that the volumes changed while we run this command.
Fixes #14207
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Show Health Status events
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, health status events were not being generated at all. Both
the API and `podman events` will generate health_status events.
```
{"status":"health_status","id":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","from":"localhost/healthcheck-demo:latest","Type":"container","Action":"health_status","Actor":{"ID":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","Attributes":{"containerExitCode":"0","image":"localhost/healthcheck-demo:latest","io.buildah.version":"1.26.1","maintainer":"NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e","name":"healthcheck-demo"}},"scope":"local","time":1656082205,"timeNano":1656082205882271276,"HealthStatus":"healthy"}
```
```
2022-06-24 11:06:04.886238493 -0400 EDT container health_status ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63 (image=localhost/healthcheck-demo:latest, name=healthcheck-demo, health_status=healthy, io.buildah.version=1.26.1, maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>)
```
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
podman run/create -v relative filepath support
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
podman currently does not support relative volume paths. Add parsing for relative paths in specgen, converting
whatever volume was given to an absolute path.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
fix system connection and scp testing
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman image scp and podman system connection tests were querying an existing website during testing.
Change to a URL that will never exist given an improper domain extension
also just generally clean up a few things in both scp and connection testing
resolves #14699
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since it may be a while before we get a true fix: add a
workaround for podman-remote checkpoint tests, in which
we pause until the 'run --rm' container is truly truly gone.
I've tried to make it as easy as possible to clean up
the workaround code once the bug is fixed.
Oh, also, remove "-it" from a podman-run. It makes no sense
and only results in nasty orange warning messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |\ \
| | |
| | | |
bindings: manifest should follow `es_model` naming convention while marshalling `OSVersion` and `OSFeatures`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
and OSFeatures
It seems API needs json names for OSVersion and OSFeatures in es_model
ref: https://github.com/containers/podman/blob/main/pkg/domain/entities/manifest.go#L42
So at bindings end ensure that we honor es_model naming convention when
we perform marshalling otherwise API will ignore these fields
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
allow filter networks by dangling status
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add the ability to filter networks by their dangling status via:
`network ls --filter dangling=true/false`
Fixes: #14595
Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
podman pod create --shm-size
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
expose the --shm-size flag to podman pod create and add proper handling and inheritance
for the option.
resolves #14609
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
podman system prune support prune unused networks
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is an enhancement for the podman system prune feature.
In this issue, it is mentioned that 'network prune' should be
wired into 'podman system prune'
https://github.com/containers/podman/issues/8673
Therefore, I add the function to remove unused networks.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
implement podman pod clone
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
implement podman pod clone, a command to create an exact copy of a pod while changing
certain config elements
current supported flags are:
--name change the pod name
--destroy remove the original pod
--start run the new pod on creation
and all infra-container related flags from podman pod create (namespaces etc)
resolves #12843
Signed-off-by: cdoern <cdoern@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update to the latest golangci-lint version. v1.46 added new linters.
I disabled nonamedreturns and exhaustruct since they enforce a certain
code style and using them would require big changes to the code base.
The nosprintfhostport is new and I fixed one problem in the tests. While
the test itself is fine because it uses ipv4 only the linter still looks
good because the sprintf use will fail for ipv6 addresses.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Commit 5fa6f686db added a regression which was fixed in eb71712626f9.
Apply the same fix again to prevent a panic and return a proper error
instead.
To not regress again I added a e2e test which makes sure we do not panic.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
golangci-lint: enable nolintlint
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
container: do not create .containerenv with -v SRC:/run
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
if /run is on a volume do not create the file /run/.containerenv as it
would leak outside of the container.
Closes: https://github.com/containers/podman/issues/14577
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
Non-running containers now report statistics via the `podman stats`
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
command
Previously, if a container was not running, and the user ran the `podman
stats` command, an error would be reported: `Error: container state
improper`.
Podman now reports stats as the fields' default values for their
respective type if the container is not running:
```
$ podman stats --no-stream demo
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00%
```
Closes: #14498
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I don't see a reason why we don't support --remove-signatures
from remote push, so adding support.
Fixes: https://github.com/containers/podman/issues/14558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Fix Remote filtering embedded directory test
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #14184
Docs: https://onsi.github.io/gomega/#making-asynchronous-assertions
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
patch for pod host networking & other host namespace handling
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
this patch included additonal host namespace checks when creating a ctr as well
as fixing of the tests to check /proc/self/ns/net
see #14461
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
use resolvconf package from c/common/libnetwork
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Using `To(BeTrue()/BeFalse())` provides very bas error messages. It is not
clear to a log reader what went wrong. Using ContainsSubstring() make
the error message much more useful.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
jakecorrenti/restart-privelaged-containers-after-host-device-change
Privileged containers can now restart if the host devices change
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a privileged container is running, stops, and the devices on the host
change, such as a USB device is unplugged, then a container would no
longer start. Previously, the devices from the host were only being
added to the container once: when the container was created. Now, this
happens every time the container starts.
I did this by adding a boolean to the container config that indicates
whether to mount all of the devices or not, which can be set via an option.
During spec generation, if the `MountAllDevices` option is set in the
container config, all host devices are added to the container.
Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go`
were moved into `pkg/util/utils_linux.go` as they were needed in
multiple packages.
Closes #13899
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
infra was overriding options that it should be appending rather than resetting.
fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling
resolves #14454
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
overlay-volumes: add support for non-volatile `upperdir`,`workdir` for `overlay` volumes
|
