| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reason: to catch errors before they surface in RHEL.
One of the Ubuntus is specially crafted to run with cgroups v1
and runc. Although this isn't quite the same as RHEL, it's as
close as we can come in our CI environment, and I suspect it
would have caught #10234 (a regression).
Sorry, team.
Also: play kube limits test: skip on all rootless, not just
rootless+fedora. There was a complicated and unnecessary
check in there for Fedora.
Also: workaround for bug #10248, a spurious error message on
the first invocation of rootless podman on Ubuntu.Old
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED] This is just running codespell on podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add filepath glob support to --security-opt unmask
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
add --mac-address to podman play kube
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
if --cgroup-parent is specified, always honor it without doing any
detection whether cgroups are supported or not.
Closes: https://github.com/containers/podman/issues/10173
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
| |
Edits `podman info` to provide the default seccomp profile
detected in the output
Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
|
| |\
| |
| | |
Add podman run --timeout option
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the
distro. skip this test if the required cgroup node doesn't exist.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| | |
| | | |
Fixes generate kube incorrect when bind-mounting "/" and "/root"
|
| | |/
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |\ \
| | |
| | | |
Fix podman ps --filter ancestor to match exact ImageName/ImageID
|
| | |/
| |
| |
| | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |\ \
| |/
|/| |
Add support for CDI device configuration
|
| | |
| |
| |
| |
| |
| |
| |
| | |
- Persist CDIDevices in container config
- Add e2e test
- Log HasDevice error and add additional condition for safety
Signed-off-by: Sebastian Jug <seb@stianj.ug>
|
| |\ \
| | |
| | | |
podman-remote should show podman.sock info
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Currently podman-remote info does not show socket information.
Fixes: https://github.com/containers/podman/issues/10077
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Use full attach path, rather than a symlink
|
| | |
| |
| |
| | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\ \
| | |
| | | |
Add flag "--pidfile" for podman create/run
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: chenkang <kongchen28@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Fixes podman-remote save to directories does not work
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
add --ip to podman play kube
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| |_|/
|/| | |
Fix invalid expression in save command
|
| | |/
| |
| |
| | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| |/
|
|
|
|
|
|
|
|
| |
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes #10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Add support for play/generate kube PersistentVolumeClaims and Podman volumes
|
| | |
| |
| |
| | |
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
| |\ \
| | |
| | | |
podman unshare: add --rootless-cni to join the ns
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new --rootless-cni option to podman unshare to also join the
rootless-cni network namespace. This is useful if you want to connect
to a rootless container via IP address. This is only possible from the
rootless-cni namespace and not from the host namespace. This option also
helps to debug problems in the rootless-cni namespace.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
now that ci uses cached images, putting the large toolbox image into
cache should help speed up tests.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Podman remote should be able to handle remote specification of
arches.
Requires: https://github.com/containers/buildah/pull/3116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add --requires flag to podman run/create
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman has, for a long time, had an internal concept of
dependency management, used mainly to ensure that pod infra
containers are started before any other container in the pod. We
also have the ability to recursively start these dependencies,
which we use to ensure that `podman start` on a container in a
pod will not fail because the infra container is stopped. We have
not, however, exposed these via the command line until now.
Add a `--requires` flag to `podman run` and `podman create` to
allow users to manually specify dependency containers. These
containers must be running before the container will start. Also,
make recursive starting with `podman start` default so we can
start these containers and their dependencies easily.
Fixes #9250
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the side-effects of the `--userns=keep-id` command is
switching the default user of the container to the UID of the
user running Podman (though this can still be overridden by the
`--user` flag). However, it did this by setting the UID and GID
in the OCI spec, and not by informing Libpod of its intention to
switch users via the `WithUser()` option. Because of this, a lot
of the code that should have triggered when the container ran
with a non-root user was not triggering. In the case of the issue
that this fixed, the code to remove capabilities from non-root
users was not triggering. Adjust the keep-id code to properly
inform Libpod of our intention to use a non-root user to fix
this.
Also, fix an annoying race around short-running exec sessions
where Podman would always print a warning that the exec session
had already stopped.
Fixes #9919
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| |
| | |
With the new rootless cni supporting network connect/disconnect is easy.
Combine common setps into extra functions to prevent code duplication.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| | |
This is supported with the new rootless cni logic.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9889
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
