| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should be sharing cgroups namespace by default in pods
uts namespace sharing was broken in pods.
Create a new libpod/pkg/namespaces for handling of namespace fields
in containers
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1418
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
This bash script is meant to compliment the podman baseline
test script. It primarily focuses on exercising the common
actions of pods.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1421
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
This tests fails a lot, I think because of a race condition. Changing to
just make sure the inode of the /dev/shm on the host is the same as inside
the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1420
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1416
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
Small amount of clean up on the baseline script to handle failing
on error. I also added an option to not use docker at all for platoforms
where docker cannot be installed.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1411
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
When running podman rm -a on a storage where no images exist,
the exit code should NOT be non-zero.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1402
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
change the tests to use chroot to set a numeric UID/GID.
Go syscall.Credential doesn't change the effective UID/GID of the
process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
also refactor the rootless_test.go to facilitate running a test in a
rootless context.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1372
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1352
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1360
Approved by: vrothberg
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker expects multiple filters to be passed with multiple uses
of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d)
and not a single comma-separated list of filters as we expected.
Convert to the Docker format, and make some small cleanups to our
handling of filters along the way.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1345
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
| |
Default mount propagation inside of containes should be private
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1305
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OCI runtime might use the cgroups to see what PIDs
are inside the container, but that doesn't work with rootless
containers.
Closes: https://github.com/containers/libpod/issues/1337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manage the case where the main process of the container creates and
joins a new user namespace.
In this case we want to join only the first child in the new
hierarchy, which is the user namespace that was used to create the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We cannot re-exec into a new user namespace to gain privileges and
access an existing as the new namespace is not the owner of the
existing container.
"unshare" is used to join the user namespace of the target container.
The current implementation assumes that the main process of the
container didn't create a new user namespace.
Since in the setup phase we are not running with euid=0, we must skip
the setup for containers/storage.
Closes: https://github.com/containers/libpod/issues/1329
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1331
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #1346
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
When in rootless mode it's not possible to load profiles or
check which profiles are loaded.
Added a few baseline tests to check all possible cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1250
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
Also it fix the issue of exposing both tc/udp port even if
only one proto specified.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Closes: #1325
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
We need a useradd binary in the container for this test, so swap
from Alpine to fedora-minimal.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1323
Approved by: umohnani8
|
|
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1306
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1307
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Devices are supposed to be able to be passed in via the form of
--device /dev/foo
--device /dev/foo:/dev/bar
--device /dev/foo:rwm
--device /dev/foo:/dev/bar:rwm
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1299
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not set any hostname value in the OCI configuration when --uts=host
is used and the user didn't specify any value. This prevents an error
from the OCI runtime as it cannot set the hostname without a new UTS
namespace.
Differently, the HOSTNAME environment variable is always set. When
--uts=host is used, HOSTNAME gets the value from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1280
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
add the ability to monitor container statistics in a pod.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1265
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Hostname should be set to the hosts hostname when network is none.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1274
Approved by: giuseppe
|
|
|
|
|
|
|
|
|
|
|
| |
these commands do not require to be root in an userns
Closes: https://github.com/containers/libpod/issues/1263
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1268
Approved by: vrothberg
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
| |
TODO: Change this to only force cgroupfs if if we are in a
container.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
|
|
|
|
|
|
|
| |
first pass of podman pod inspect
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1236
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
...and some naming decisions.
This change ensures podman save doesn't incorrectly prepend localhost when saving an image.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1140
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1227
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for Dockerfile.in and fixes some limits
issues on docker build
Also adds support for podman build to read Dockerfile from stdin.
cat Dockerfile | podman build -f - .
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1209
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1205
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should not be using the test systems registries.conf file for integration
tests. We should always use a constructed file created specifically for the
integration tests or we stand to have unpredictable results. The beforeTest
function now sets an environment variable pointing to a registries.conf file
in the test's tempdir. That file will container docker.io as a default.
The afterTest function then clears the environment variable.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1197
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Third round of speed improvements to the integration tests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1193
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
This is the second round of performance improvements for out
integration tests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1190
Approved by: rhatdan
|