| Commit message (Collapse) | Author | Age |
|\
| |
| | |
userns: support --userns=auto
|
| |
| |
| |
| |
| |
| |
| | |
automatically pick an empty range and create an user namespace for the
container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
| |
the current implementation of info, while typed, is very loosely done so. we need stronger types for our apiv2 implmentation and bindings.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
Prepare for crun checkpoint support
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman was checking if the runtime support checkpointing by running
'runtime checkpoint -h'. That works for runc.
crun, however, does not use '-h, --help' for help output but, '-?,
--help'.
This commit switches both checkpoint support detection from
'runtime checkpoint -h'
to
'runtime checkpoint --help'.
Podman can now correctly detect if 'crun' also support checkpointing.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \
| |/
|/| |
test/e2e/run_volume_test nitpicks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For volume and bind mount tests, use the in-container mount point path
that has no common ancestor with any host path (except for root).
This might help to uncover bugs like [1]. Even if not, it seems
lile a good cleanup regardless.
[1] https://github.com/containers/libpod/pull/5676
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Move declaration of a dockerfile closer to its use.
Since it is used only once, there's no sense in having it declared
globally.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove repeated mountPath directory creation.
* For the first two hunks it is the same dir ("secrets") that was
already created before.
* For the last hunk ("scratchpad") it is not used at all.
Add an empty line after Mkdir for cases where dir is used more than once.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
|/
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
if the control path file is deleted, libpod hangs waiting for a reader
to open it. Attempt to open it as non blocking until it returns an
error different than EINTR or EAGAIN.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
V2 Move varlink home
|
| |
| |
| |
| |
| |
| |
| |
| | |
* move cmd/podman/varlink/* to pkg/varlink to support podmanV2 refactor
* update Makefile
* reformatted all impacted code
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
| |
We need to consistently use --time rather then --timeout throughout the code.
Fix locations where timeout defaults are not set correctly as well.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
API v2 tests: usability improvements
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Allow for descriptive comment in 't' invocations, making it
easier to distinguish similar requests
* Include test file basename (eg 40-pods) in 'ok/not ok' line
* Always symlink $TMPDIR/test-apiv2.log to latest YYMMDDetc file
* Include test result ('ok', 'not ok') in said log
* When curl results are JSON, filter them through jq into log
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/
|
|
|
|
|
| |
vendor in c/common config pkg for containers.conf
Signed-off-by: Qi Wang qiwan@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
podmanv2 pod create using podspecgen
|
| |
| |
| |
| |
| |
| |
| |
| | |
using the factory approach similar to container, we now create pods based on a pod spec generator. wired up the podmanv2 pod create command, podcreatewithspec binding, simple binding test, and apiv2 endpoint.
also included some code refactoring as it introduced as easy circular import.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Support label filters for podman pod ps
|
| |
| |
| |
| |
| |
| |
| |
| | |
Update the podman pod ps command to support filtering by labels.
This brings the command in line with the documentation as well as
the functionality by the containers equivalent podman ps.
Signed-off-by: Stefano Pogliani <stefano@spogliani.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `pause:3.1` has wrong configs for non-amd64 images as they all claim
to be for amd64. The issue has now been fixed in the latest
`pause:3.2`.
[1] https://github.com/kubernetes/kubernetes/issues/87325
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
| |
add ability to inspect a container
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
add pod kill, pause, restart, rm, start, stop, and unpause
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\
| |
| | |
container prune remove state created, configured
|
| |
| |
| |
| |
| |
| | |
podman container prune should remove containers with state Created, Configured to be compatible with docker
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Improved readability in image json output
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes made in json output to improve readability of
podman images output.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
when removing networks in integration tests, we should should force; otherwise if the network has containers associated with it, it will fail to remove.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Implemented --iidfile for podman commit
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Added flag to Write the image ID to the file with podman commit command.
Fix to issue #5461
Signed-off-by: Sujil02 <sushah@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
* Add second go routine for when a Timer is not needed.
* goimports updated some project files
Fixes #5531
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \
| | |
| | | |
systemd generator: force run container detached if CreateCommand has no detach param
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the podman generated systemd service file has `Type=forking` service,
so the command after `ExecStart=` should not run in front.
if someone created a container and has the detach(`-d`) param missing
like this
```
podman create --name ngxdemo -P nginxdemos/hello
```
and generate the file with `--new` param:
```
podman generate systemd --name --new ngxdemo
```
because `podman run xxx` has no `-d` param,
so the container is not run in background and nerver exit.
and systemd will fail to start the service:
```
sudo systemctl start container-ngxdemo.service
Job for container-ngxdemo.service failed because a timeout was exceeded.
See "systemctl status container-ngxdemo.service" and "journalctl -xe" for details.
```
Signed-off-by: 荒野無燈 <ttys3@outlook.com>
|
|\ \
| | |
| | | |
run --rmi test: make it work
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The recently-added 'run --rmi' test was not actually doing
what it thinks it was doing: for one, 'run_podman | grep'
is never going to work; also, the test was leaving behind
stray images.
Rework to do what I believe the intention was; and, combine
into one test (down from two) for readability.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
when building images, we can now add the os and arch of the image using overrides from the commandline. the commandline options set sane defaults so we use those as well.
Fixes: #5503
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
fix security-opt generate kube
|
| |
| |
| |
| |
| |
| |
| | |
fix #4950
add selinux options from --security-opt of the container to generate kube result
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove leading slashes from the run-dir paths. It was meant to make it
explicit that we're dealing with an absolute path but user feedback has
shown that most are aware. It also cleans up the path in the systemctl
status output.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add the rmi flag to podman-run to delete container image
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The --rmi flag will delete the container image after its execution
unless that image is already been used by another container(s).
This is useful when one wants to execute a container once and remove
any resources attached to it.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \ \
| | | |
| | | | |
CI: format cirrus logs
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This introduces a new cirrus helper script, logformatter.
Usage is:
[commands...] | logformatter TEST-NAME
It reformats its input into a readable, highlighed, linkable
form. Some features:
- boring stuff (timestamps, standard podman options) is
deemphasized
- important stuff (warnings, errors) is emphasized
- in-page links to the actual failures
- active links to source files
- jumps to bottom of page on load, because that's where
the errors are. (All errors are linked)
Add it to select test commands (integration, system) and
add a new artifacts_html, run in the 'always' block, which
uploads generated *.log.html into Cirrus; from there we
generate a live URL that can be viewed in browser.
Unfortunately, due to security concerns in Cirrus, it is
not currently possible to make the link a live one.
Kludge: add a line of dashes after Restoring images; without this,
the first test ("systemd PID 1") has no dashes before it, so
logformatter doesn't see it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
APIv2 tests: add tests for stop
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
...and allow status 'stopped' in addition to 'exited'.
Fixes: #5336
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Allow devs to set labels in container images for default capabilities.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
tells podman that the contained image should work fine with just these two
capabilties, instead of running with the default capabilities, podman will
launch the container with just these capabilties.
If the user or image specified capabilities that are not in the default set,
the container will print an error message and will continue to run with the
default capabilities.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
API v2 has been quiet for a few days, and the test script is
actually passing. Let's take advantage of this opportunity
to get them running in CI.
Requires adding a check for cgroupsv2
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
|
|
| |
This corrects a regression from Podman 1.4.x where container exec
sessions inherited supplemental groups from the container, iff
the exec session did not specify a user.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|