| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Show correct default values or show none
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this PR, the podman --help command shows the defaults
as runc and overlay even if the storage.conf and containers.conf
files do not match. This PR changes them to show the actual defaults
and in the case of storage driver, does not show the default at all.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
We should not check if the network supports dns when we create a
container with network aliases. This could be the case for containers
created by docker-compose for example if the dnsname plugin is not
installed or the user uses a macvlan config where we do not support dns.
Fixes #12972
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Fix nil pointer dereference for configmap optional
|
| |
| |
| |
| |
| |
| |
| |
| | |
This PR fixes nil pointer dereference for configmap optional parameter.
When optional parameter is not passed, the code tried to acces the
parameter which caused nil pointer dereference.
Signed-off-by: Ondra Machacek <omachace@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heuristic to initialize TunnelMode/remote podman:
- Podman built with remote tag
- Podman running on darwin or windows GOOS
- CONTAINER_HOST or CONTAINER_CONNECTION set in environment
- --remote flag given on command line
- From containers.conf, Engine.Remote == true and GOOS == linux
Otherwise, podman will run in ABIMode/linked against libpod library.
Fixes #12866
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit includes:
* Handlers for generate systemd unit
with manually defined dependencies such as:
Wants=, After= and Requires=
* The new unit and e2e tests for checking generated systemd units
for container and pod with custom dependencies
* Documented descriptions for custom dependencies options
Signed-off-by: Eugene (Evgenii) Shubin <esendjer@gmail.com>
|
|
|
|
|
|
|
|
| |
Since this option will also be used for netavark we should rename it to
something more generic. It is important that --cni-config-dir still
works otherwise we could break existing container cleanup commands.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Automated for .go files via gomove [1]:
`gomove github.com/containers/podman/v3 github.com/containers/podman/v4`
Remaining files via vgrep [2]:
`vgrep github.com/containers/podman/v3`
[1] https://github.com/KSubedi/gomove
[2] https://github.com/vrothberg/vgrep
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Revamp Libpod state strings for Docker compat
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Improve our compatibility with Docker by better handling the
state strings that we print in `podman ps`. Docker capitalizes
all states in `ps` (we do not) - fix this in our PS code. Also,
stop normalizing ContainerStateConfigured to the "Created" state,
and instead make it always be Created, with the existing Created
state becoming Initialized.
I didn't rename the actual states because I'm somewhat reticent
to make such a large change a day before we leave for break. It's
somewhat confusing that ContainerStateConfigured now returns
Created, but internally and externally we're still consistent.
[NO NEW TESTS NEEDED] existing tests should catch anything that
broke.
I also consider this a breaking change. I will flag appropriately
on Github.
Fixes RHBZ#2010432 and RHBZ#2032561
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \
| |/
|/| |
Use PODMAN_USERNS environment variable when running as a service
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/11350#issuecomment-1011562526
Also add inspect information about the idmappings if they exists.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Use CONTAINERS_CONF cgroups flag for remote API.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also change code to globably be consistent when refering to capatilized
Cgroup.
Fixed: https://github.com/containers/podman/issues/12550
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update method/function signatures use the manifest list name and
images associated with the operation explicitly, in general
func f(ctx context.Context, manifestListName string,
ImageNames []string, options *fOptions)
* Leverage gorilla/mux Subrouters to support API v3.x and v4.x for
manifests
* Make manifest API endpoints more RESTful
* Add PUT /manifest/{id} to update existing manifests
* Add manifests.Annotate to go bindings, uncommented unit test
* Add DELETE /manifest/{Id} to remove existing manifest list, use
PUT /manifest/{id} to remove images from a list
* Deprecated POST /manifest/{id}/add and /manifest/{id}/remove, use
PUT /manifest/{id} instead
* Corrected swagger godoc and updated to cover API changes
* Update podman manifest commands to use registry.Context()
* Expose utils.GetVar() to obtain query parameters by name
* Unexpose server.registerSwaggerHandlers, not sure why this was ever
exposed.
* Refactored code to use http.Header instead of map[string]string when
operating on HTTP headers.
* Add API-Version header support in bindings to allow calling explicate
versions of the API. Header is _NOT_ forwarded to the API service.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
Update use of CDI API
|
| |
| |
| |
| | |
Signed-off-by: Evan Lezar <elezar@nvidia.com>
|
|\ \
| | |
| | | |
Podman Build use absolute filepath
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
podman build always finds the abs path but was never using it for the containerfile path. This
was causing the remote client to be given a relative path that does not exist. Switch to evaluating and using absolute paths only.
resolves #12841
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| |/
|/| |
Prohibit --uid/gid map and --pod for container create/run
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add a check in namespaceOptions() that ensures the user is not setting a new uid/gid map
if entering or creating a pod that has an infra container
resolves #12669
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
use libnetwork from c/common
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The libpod/network packages were moved to c/common so that buildah can
use it as well. To prevent duplication use it in podman as well and
remove it from here.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Podman Pod Create --sysctl support
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added support for pod wide sysctls. The sysctls supported are the same as the continer run controls.
These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl
resolves #12747
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
e.TimeNano contains nanoseconds since epoch, not just the nanoseconds
after e.Time.
time.Unix supports nanoseconds > 999999999 and converts them to seconds,
so just passing e.TimeNano is enough.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove hard code use of the DefaultInfraImage and rely on
getting this from containers.conf.
Fixes: https://github.com/containers/podman/issues/12771
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Don't add env if optional and not found
|
| |/
| |
| |
| |
| |
| |
| |
| | |
If the pod yaml has env from secret and condifg map but they are optional
and the secret cannot be found, don't add the env key as well
as the env value will not be found. Matches behavior with k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|/
|
|
|
|
|
|
| |
Also update the e2e pull test to account for the changes when pulling
from the dir transport. Images pulled via the dir transport are not
tagged anymore; the path is not a reliable source.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Don't rename pod if container has the same name
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We enforce the naming scheme "<podname>-<containername>" here [1].
Therefore we must not rename the pod in case of a naming conflict
between pod name and container name. Not renaming the pod increases the
usability for the user and easies scripting based on the name. Otherwise
a user must set some label to reliable find a pod after creation. Or
have to implement the renaming logic in the script.
[1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140
Fixes #12722
Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this commit fixes two bugs and adds regression tests.
when getting healthcheck values from an image, if the image does not
have a timeout defined, this resulted in a 0 value for timeout. The
default as described in the man pages is 30s.
when inspecting a container with a healthcheck command, a customer
observed that the &, <, and > characters were being converted into a
unicode escape value. It turns out json marshalling will by default
coerce string values to ut8.
Fixes: bz2028408
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
Pod Security Option support and Infra Inheritance changes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added support for pod security options. These are applied to infra and passed down to the
containers as added (unless overridden).
Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit`
This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create
code and pod creation.
resolves #12173
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
Avoid RemoteSocket collisions in e2e tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add lock files and re-generate the UUID if we
are not a known-unique user of the socket path.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Separate the code that determines the directory and file prefix
from the code that chooses and applies a UUID; we will make the
second part more complex in a bit.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \
| | |
| | | |
podman image scp never enter podman user NS
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.
This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component
Signed-off-by: cdoern <cdoern@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers.
The "podman ensure always init containers always run" implicitly assumes
that restarting a pod will take more than 1 second. When this assumption
is not met (because computers are fast!), we get a flake.
The fix (without using sleep) is to print nanoseconds in date output.
This format option (%N) is not supported by date in Alpine Linux, so
switch to Fedora.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit e1443fe05d146def6 added a test case that ran "date +%N" inside
a Fedora container (without actually using its output).
Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem
is, %N is not supported by date in Alpine (it only prints a newline).
To eliminate the ambiguity, replace date with touch.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the --ipv6 flag to podman create/run and pod create. We support the
--network name:ip6=<ip> syntax now but for docker compat we should also
support the --ip6 flag.
Note that there is no validation if the ip is actually a v6 or v4 address
because the backend does not care either.
Fixes #7511
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Error out early if system does not support pre-copy checkpointing
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Warn on use of --kernel-memory
|