| Commit message (Collapse) | Author | Age |
|\
| |
| | |
podman load/save: support multi-image docker archive
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Support loading and saving tarballs with more than one image.
Add a new `/libpod/images/export` endpoint to the rest API to
allow for exporting/saving multiple images into an archive.
Note that a non-release version of containers/image is vendored.
A release version must be vendored before cutting a new Podman
release. We force the containers/image version via a replace in
the go.mod file; this way go won't try to match the versions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Update VM images for new crun; adapt Cap tests to work with new kernel
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(This is an adoption of #7533 because Brent is on PTO).
Pick up new crun and crio-runc.
Also: renames from useful fedora-32 and -31 to less-useful
names; presumably this is needed by something-something in
the new VM setup.
Also: tweak two e2e tests to more properly handle a kernel
(5.8.4) with a greater set of capabilities than what we
or crun can yet handle.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
If we select "unconfined" as AppArmor profile, then we should not error
even if the host does not support it at all. This behavior has been
fixed and a corresponding e2e test has been added as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| |/
|/| |
APIv2 add generate systemd endpoint
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for generating systemd units
via the api and podman-remote.
Change the GenerateSystemdReport type to return the
units as map[string]string with the unit name as key.
Add `--format` flag to `podman generate systemd`
to allow the output to be formatted as json.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/
|
|
|
|
|
| |
The system defaults /run to "exec" mode, and we default --read-only
mounts on /run to "exec", so --systemd should follow suit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to modify /etc/passwd to add an entry for the user in
question, but at the same time we don't want to require the
container provide a /etc/passwd (a container with a single,
statically linked binary and nothing else is perfectly fine and
should be allowed, for example). We could create the passwd file
if it does not exist, but if the container doesn't provide one,
it's probably better not to make one at all. Gate changes to
/etc/passwd behind a stat() of the file in the container
returning cleanly.
Fixes #7515
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\
| |
| | |
play kube: handle Socket HostPath type
|
| |
| |
| |
| |
| |
| | |
as well as add test cases for it and the other HostPath types we currently support
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \
| |/
|/| |
fix podman generate kube with HostAliases
|
| |
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|/
|
|
|
|
|
|
|
|
| |
With previous versions of Podman (like v1.9.2) it was always possible to
specify the log level in any case, for example `INFO`. This behavior has
silently changed, where the `--log-level` flag only accepts lower case
levels. This commit re-enables the old behavior and adds an e2e test for
it.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\
| |
| | |
error when adding container to pod with network information
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes:
* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax")
Commit 4c75fe3f70ed passes all net options to the pod but forgot
to unset the options for the container creation. This leads to
erros when using flags like `--ip` since we tried setting
the ip on the pod and container which obviously fails.
I didn't notice the bug because we don't throw an error when
specifing port bindings on a container which joins the pods
network namespace. (#7373)
Also allow the use of `--hostname` and pass that option to the
pod and unset it for the container. The container has to use
the pods hostname anyway. This would error otherwise.
Added tests to prevent regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
e2e tests: use actual temp dirs, not "/tmp/dir"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the --iidfile tests was flaking:
Error: failed to write image ID to file "/tmp/dir/idFile": open /tmp/dir/idFile: no such file or directory
Root cause: test was actually not mkdir'ing /tmp/dir. Test was
mostly passing because _other_ tests in the suite were mkdir'ing
it, but once in a while this test ran before the others.
Solution: fixed this test to use CreateTempDirInTempDir(). And,
since hardcoded tempdirs are bad practice, grepped for '"dir"'
and fixed all other instances too.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
The output of 'podman image trust' is in random order; but
its e2e test was assuming a specific one. This caused flakes.
Fixes: #6764
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
IPv6 default route
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman containers using IPv6 were missing the default route, breaking
deployments trying to use them.
The problem is that the default route was hardcoded to IPv4, this
takes into consideration the podman subnet IP family to generate
the corresponding default route.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
|/
|
|
|
|
|
| |
it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
| |
This adds support for the --cidr parameter that is supported
by slirp4netns since v0.3.0. This allows the user to change
the ip range that is used for the network inside the container.
Signed-off-by: Adis Hamzić <adis@hamzadis.com>
|
|\
| |
| | |
Allow specifying seccomp profiles for privileged containers
|
| |
| |
| |
| |
| |
| |
| | |
To sync the behavior between AppArmor and seccomp it is now possible to
also specify seccomp profiles for privileged containers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
Fix handling of working dir
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Buildah and podman build can create images without a working dir.
FROM fedora
WORKDIR /test
If you build this image with caching twice, the second time the image
will not have a working dir.
Similarly if you execute
podman run --workdir /foobar fedora
It blows up since the workingdir is not created automatically.
Finally there was duplicated code for getting the workingdir
out of an image, that this PR removes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| |_|/
|/| | |
Do not use image CMD if user gave ENTRYPOINT
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This matches Docker behavior, and seems to make sense - the CMD
may have been specific to the original entrypoint and probably
does not make sense if it was changed.
While we're in here, greatly simplify the logic for populating
the SpecGen's Command. We create the full command when making the
OCI spec, so the client should not be doing any more than setting
it to the Command the user passed in, and completely ignoring
ENTRYPOINT.
Fixes #7115
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Fix a bug in the error handling which returned nil instead of an error
and ultimately lead to nil dereferences in the client. To prevent
future regressions, add a test and check for the error message.
Fixes: #7271
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
support outbound-addr
|
| |
| |
| |
| |
| |
| | |
Fixes #6064
Signed-off-by: Bohumil Cervenka <5eraph@protonmail.com>
|
|\ \
| | |
| | | |
fix podman logs --tail when log is bigger than pagesize
|
| | |
| | |
| | |
| | | |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
Ensure that exec errors write exit codes to the DB
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In local Podman, the frontend interprets the error and exit code
given by the Exec API to determine the appropriate exit code to
set for Podman itself; special cases like a missing executable
receive special exit codes.
Exec for the remote API, however, has to do this inside Libpod
itself, as Libpod will be directly queried (via the Inspect API
for exec sessions) to get the exit code. This was done correctly
when the exec session started properly, but we did not properly
handle cases where the OCI runtime fails before the exec session
can properly start. Making two error returns that would otherwise
not set exit code actually do so should resolve the issue.
Fixes #6893
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| |_|/ /
|/| | | |
Ensure WORKDIR from images is created
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A recent crun change stopped the creation of the container's
working directory if it does not exist. This is arguably correct
for user-specified directories, to protect against typos; it is
definitely not correct for image WORKDIR, where the image author
definitely intended for the directory to be used.
This makes Podman create the working directory and chown it to
container root, if it does not already exist, and only if it was
specified by an image, not the user.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
validate fds --preserve-fds
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
validate file descriptors passed from podman run and podman exec --preserve-fds.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- fix the bud podman not using specified --directory as signature storage.
- use manifest and image referce to set repo@digest.
close #6994
close #6993
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman: support --mount type=devpts
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow to create a devpts mount.
This is useful for containers that bind mount /dev/ from the host but
at the same time want to create a terminal.
It can be used as:
podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ...
Closes: https://github.com/containers/podman/issues/6804
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Docker and CNI have very different ideas of what 0.0.0.0 means.
Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4
address on the host. CNI (and, thus, root Podman) take it to mean
the literal IP 0.0.0.0. Instead, CNI interprets the empty string
("") as "bind to all IPs".
We could ask CNI to change, but given this is established
behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and
turn it into "" when we parse ports.
Fixes #7014
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
implement the exitcode when start a container with attach
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|