| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here.
moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations.
Fixes: #7807
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
Docker supports log-opt max_size and so does conmon (ALthough poorly).
Adding support for this allows users to at least make sure their containers
logs do not become a DOS vector.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| |
| |
| | |
andylibrian/kube-generate-support-resource-limits-7855
Add support for resource memory limit to generate kube
|
| |
| |
| |
| |
| |
| | |
addresses #7855
Signed-off-by: Andy Librian <andylibrian@gmail.com>
|
|\ \
| | |
| | | |
Fix podman-remote ps --ns broken
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All containers within a Pod need to run with the same SELinux
label, unless overwritten by the user.
Also added a bunch of SELinux tests to make sure selinux labels
are correct on namespaces.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Restore "table" --format from V1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* --format "table {{.field..." will print fields out in a table with
headings. Table keyword is removed, spaces between fields are
converted to tabs
* Update parse.MatchesJSONFormat()'s regex to be more inclusive
* Add report.Headers(), obtain all the field names to be used as
column headers, a map of field name to column headers may be provided
to override the field names
* Update several commands to use new functions
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| | | |
| | | | |
[podman run] --rm option shold conflicts with --restart
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| |/ /
|/| | |
Fix Podman logs reading journald
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A podman could not read logs written to journald properly, due to a tail config bug.
Added a system test to check this - since e2e tests don't like journald
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \
| | | |
| | | | |
misc fixes for f33 integration tests
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
some small fixes for testing on fedora 33 (non-btrfs)
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix allowing inspect manifest of non-local image
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add support of `podman manifest inspect` returning manifest list of non-local manifest.
Close #https://github.com/containers/podman/issues/7726
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix some flakes in the e2e network tests.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The network test created config files with random filenames
but the network name was static. Since the tests can run in
parallel podman was not able to distinguish the networks.
We need to make sure that each test has its own config file
and network name. This helps to prevent unnecessary flakes.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Attempt to test all Broken SkipIfRootless FIXME
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Fix two e2e tests
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The systemd test was inaccurately being skipped when a userns env. var.
flag was set. At best this is confusing to new developers, and at worse
it actively blocks an otherwise legitimate class of tests. Improve the
accuracy of skip-logic by adding/using a purpose built set of
functions.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Test passes on Fedora because the registry server is one of the
defaults. However it is not typically configured on Ubuntu hosts, and
therefor this test can fail. While specifying the FQIN in the
dockerfile text is not an ideal solution, it cannot negatively
affect other tests which utilize `podmanTest.BuildImage`.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
image look up: consult registries.conf
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When looking up local images, take the unqualified-serach registries of
the registries.conf into account (on top of "localhost/").
Also extend the integration tests to prevent future regressions.
Fixes: #6381
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Use local image if input image is a manifest list
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If run&create image returns error: image contains manifest list, not a runnable image, find the local image that has digest matching the digest from the list and use the image from local storage for the command.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
capabilities: always set ambient and inheritable
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
change capabilities handling to reflect what docker does.
Bounding: set to caplist
Inheritable: set to caplist
Effective: if uid != 0 then clear; else set to caplist
Permitted: if uid != 0 then clear; else set to caplist
Ambient: clear
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Make the e2e test network cleanup more robust.
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We need to handle removal of non existing network.
This allows the `removeCNINetwork` function
always to be called. This is needed by tests which are trying
to remove the network manually in order to prevent flakes.
Fixes #7809
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
fix remote untag
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix the remote client to untag all tags of the specified image.
Instead of querying the image on the client side, support the
case where both, repo and tag, are empty and remove all tags.
Reuse the ABI implementation where possible. In retrospective,
the libpod untag endpoint should support a slice of strings to
batch remove tags rather than reaching out for each tag individually.
Enable the skipped test.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix handling of remove of bogus volumes, networks and Pods
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In podman containers rm and podman images rm, the commands
exit with error code 1 if the object does not exists.
This PR implements similar functionality to volumes, networks, and Pods.
Similarly if volumes or Networks are in use by other containers, and return
exit code 2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| | |
Always use CGROUPV2 rather then reading from system all the time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add support for slirp network for pods
|
| | |
| | |
| | |
| | |
| | |
| | | |
flag --network=slirp4netns[options] for root and rootless pods
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If user sets namespace to host, then default sysctls need to be ignored
that are specific to that namespace.
--net=host ignore sysctls that begin with net.
--ipc=host ignore fs.mqueue
--uts=host ignore kernel.domainname and kernel.hostname
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Remove SkipIfRootless if possible, document other calls
|
| | |
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Properly handle podman run --pull command
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the --pull missing|always|never is ignored
This PR implements this for local API. For remote we
need to default to pullpolicy specified in the containers.conf
file.
Also fixed an issue when images were matching other images names
based on prefix, causing images to always be pulled.
I had named an image myfedora and when ever I pulled fedora, the system
thought that it there were two images named fedora since it was checking
for the name fedora as well as the prefix fedora. I changed it to check
for fedora and the prefix /fedora, to prefent failures like I had.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The podman remote client ignored the force option due a typo.
If an error occured the remote client would panic with an
index out of range error.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/ /
| |
| |
| |
| |
| | |
I added a test to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
| |
| |
| |
| |
| |
| | |
We need to get more tests running in rootless mode. Since cgroupsV2 allows
management of cgroups in rootless environments a lot of more tests can be run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
remote load: check if input is directory
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The remote client does not support loading directories yet. To prevent
confusing error messages and to make the behaviour more explicit, check
if the input points to a directory and throw an error if needed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
remote stats
|