| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Check to see if we are recording the version of buildah
used to build the image as a label in the image.
Also we should make sure the filter "since" works.
We are only testing "after", which we don't document.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Ensure we do not double-lock the same volume in create
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When making containers, we want to lock all named volumes we are
adding the container to, to ensure they aren't removed from under
us while we are working. Unfortunately, this code did not account
for a container having the same volume mounted in multiple places
so it could deadlock. Add a map to ensure that we don't lock the
same name more than once to resolve this.
Fixes #8221
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Test podman-remote logs works the same as podman logs
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/7942
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
migrate play kube to spec gen
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
we need to migrate play kube away from using the old container creation
method. the new approach is specgen and this aligns play kube with
container creation in the rest of podman.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
network aliases for container creation
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
podman can now support adding network aliases when running containers
(--network-alias). It requires an updated dnsname plugin as well as an
updated ocicni to work properly.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
enable ipv6 networks
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The IPv6 e2e tests on the CI for rootles mode fails because
it needs the ip6tables modules loaded.
Example error:
stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n"
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add e2e test that checks that is not possible to create
different networks with the same subnet, in IPv6 neither
in IPv4
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
enable the ipv6 flag in podman network to be able to create
dual-stack networks for containers.
This is required to be compatible with docker, where --ipv6
really means dual stack.
podman, unlike docker, support IPv6 only containers since
07e3f1bba9674c0cb93a0fa260930bfebbf75728.
Signed-off-by: Antonio Ojea <aojea@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add --log-driver to play kube
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
addresses #6604
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
ed identified that the dnsname integration test does not use a unique
name and therefore cannot be cleaned up. this was made worse by a
improper defer statement to remove the network should the test fail.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
| |
Fixes #8274
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Use regex for "pod ps" name filter to match "ps" behavior
|
| |
| |
| |
| | |
Signed-off-by: Joel Smith <joelsmith@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As of this commit, in Fedora 33, without without `CAP_NET_ADMIN` and
`CAP_NET_RAW`, require setting `net.ipv3.ping_group_range` in order for
the `ping` command to work inside a container. However, not all images
`ping` are created equal. For whatever reason, the busybox version in
the busybox container image, does not function. Switch to the Alpine
image's busybox ping, which seems to work fine.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
debarshiray/wip/rishi/exec_test-use-containsubstring
Improve error messages from failing tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Using a function like ContainSubstring or Equal is better because if
the test fails it will log a descriptive error that includes the
actual string generated during the test. This is more helpful than a
function like BeTrue that will only indicate that an assertion failed
without giving further details of the failure.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
|\ \
| |/
|/| |
Make volume filters inclusive
|
| |
| |
| |
| |
| |
| |
| |
| | |
When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters.
This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint
Closes #6765
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \
| | |
| | | |
fedora rootless cpu settings
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fedora does not have the the ability in rootless to set cpu limits.
this requires a simple fix for fedora 33 to pass ci tests.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME
Test $HOME when it's parent is bind mounted with --userns=keep-id
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When --userns=keep-id is used, Podman is supposed to set up the home
directory of the user inside the container to match that on the host
as long as the home directory or any of its parents are marked as
volumes to be bind mounted into the container.
Currently, the test only considers the case where the home directory
itself is bind mounted into the container. It doesn't cover the Podman
code that walks through all the bind mounts looking for ancestors in
case the home directory itself wasn't specified as a bind mount.
Therefore, this improves the existing test added in commit
6ca8067956128585 ("Setup HOME environment when using --userns=keep-id")
Note that this test can't be run as root. The home directory of the
root user is /root, and it's parent is /. Bind mounting the entire /
from the host into the container prevents it from starting:
Error: openat2 ``: No such file or directory: OCI not found
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
if --userns=keep-id is specified and not --user is specified, take the
unprivileged capabilities code path so that ambient capabilities are
honored in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
if the username is specified in the USER:GROUP form, make sure we only
check for USER.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
if the kernel supports ambient capabilities (Linux 4.3+), also set
them when running with euid != 0.
This is different that what Moby does, as ambient capabilities are
never set.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fix dnsname when joining a different network namespace in a pod
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a container in a pod the podname was always set as
the dns entry. This is incorrect when the container is not part
of the pods network namespace. This happend both rootful and
rootless. To fix this check if we are part of the pods network
namespace and if not use the container name as dns entry.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | | |
manifest list inspect single image
|
| |/
| |
| |
| |
| |
| | |
If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Remove search limit since pagination support
|
| |/
| |
| |
| |
| |
| | |
Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Containers that share IPC Namespaces share each others
/dev/shm, which means a private /dev/shm needs to be setup
for the infra container.
Added a system test and an e2e test to make sure the
/dev/shm is shared.
Fixes: https://github.com/containers/podman/issues/8181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Move from docker.io
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Followon to #7965 (mirror registry). mirror.gcr.io doesn't
cache all the images we need, and I can't find a way to
add to its cache, so let's just use quay.io for those
images that it can't serve.
Tools used:
skopeo copy --all docker://docker.io/library/alpine:3.10.2 \
docker://quay.io/libpod/alpine:3.10.2
...and also:
docker.io/library/alpine:3.2
docker.io/library/busybox:latest
docker.io/library/busybox:glibc
docker.io/library/busybox:1.30.1
docker.io/library/redis:alpine
docker.io/libpod/alpine-with-bogus-seccomp:label
docker.io/libpod/alpine-with-seccomp:label
docker.io/libpod/alpine_healthcheck:latest
docker.io/libpod/badhealthcheck:latest
Since most of those were new quay.io/libpod images, they required
going in through the quay.io GUI, image, settings, Make Public.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| |/
|/| |
Add a Degraded state to pods
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make a distinction between pods that are completely running (all
containers running) and those that have some containers going,
but not all, by introducing an intermediate state between Stopped
and Running called Degraded. A Degraded pod has at least one, but
not all, containers running; a Running pod has all containers
running.
First step to a solution for #7213.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add pod, volume, network to inspect package
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality
If the inspect type is not specified using --type, the order of inspection is:
containers
images
volumes
networks
pods
meaning if container that has the same name as an image, podman inspect would return the container inspect.
To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple)
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](containers/common@v0.26.0...v0.26.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| | |
| | | |
podman create doesn't support creating detached containers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
replace net_raw with setuid
|