| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
These only conflict when joining more than one network. We can
still set a single CNI network and set a static IP and/or static
MAC.
Fixes #4500
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add an --ignore flag to podman rm and stop. When specified, Podman will
ignore "no such {container,pod}" errors that occur when a specified
container/pod is not present in the store (anymore). The motivation
behind adding this flag is to write more robust systemd services using
Podman. A user might have manually decided to remove a container/pod
which would lead to a failure during the `ExecStop` directive of a
systemd service referencing that container/pod.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
e2e/prune: run two top containers
|
| | |
| |
| |
| |
| |
| |
| |
| | |
In hope to make the prune tests more robust, run two top containers and
stop one explicitly to reduce the risk of a race condition.
Fixes: #4452
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
image prune command fixed as per docker image prune.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
filter option accepts two filters.
- label
- until
label supports "label=value" or "label=key=value" format
until supports all golang compatible time/duration formats.
Signed-off-by: Kunal Kushwaha <kunal.kushwaha@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
Handle seccomp annotations in play kube
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add handling of seccomp annotations to play kube at both container and pod levels.
also add a test
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add new test suite for build
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most build testing should be done in Buildah's test
suites, but we should have a minimal amount of tests,
especially testing the parts that are different like
layers and squash. Also the CLI argument handling
of things like the context directory that we've had
issues reported.
This first chunk does a basic test and then checks for
context directory being a file and squash iterations.
More to be added as time goes by.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman rm/stop --cidfile
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a --cidfile flag to podman rm/stop to pass a container ID via a
file. Podman run already provides the functionaly to store the ID
in a specified file which we now complete with rm/stop. This allows
for a better life-cycle management in systemd services. Note that
--cdifile can be specified multiple times to rm/stop.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
history: rewrite mappings
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rewrite the backend for displaying the history of an image to simplify
the code and be closer to docker's behaviour. Instead of driving
index-based heuristics, create a reverse mapping from top-layers to the
corresponding image IDs and lookup the layers on-demand. Also use the
uncompressed layer size to be closer to Docker's behaviour.
Note that intermediate images from local builds are not considered for
the ID lookups anymore.
Fixes: #3359
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
| |
the pull all tags test can frequently timeout when trying to pull all
alpine tags. using the pause image, which is smaller, should provide
some relief.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\
| |
| | |
Fixed issue #4391; podman info --format '{{ json . }}'
|
| | |
| |
| |
| | |
Signed-off-by: Jimmy Crumpler <slimjim2234@gmail.com>
|
| |\ \
| | |
| | | |
fix bug check nonexist authfile
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use GetDefaultAuthFile() from buildah.
For podman command(except login), if authfile does not exist returns error.
close #4328
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
mount: add new options nocopyup|copyup for tmpfs
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
add a way to disable tmpcopyup for tmpfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman: add support for specifying MAC
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I basically copied and adapted the statements for setting IP.
Closes #1136
Signed-off-by: Jakub Filak <jakub.filak@sap.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup
options in the yaml file. This patch fixes this.
This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if
they are specified in the yaml file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Set SELinux labels based on the security context in the kube.yaml
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the kube.yaml specifieds the SELinux type or Level, we need the container
to be launched with the correct label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
change the default on cgroups v2 and create a new cgroup namespace.
When a cgroup namespace is used, processes inside the namespace are
only able to see cgroup paths relative to the cgroup namespace root
and not have full visibility on all the cgroups present on the
system.
The previous behaviour is maintained on a cgroups v1 host, where a
cgroup namespace is not created by default.
Closes: https://github.com/containers/libpod/issues/4363
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
change the default to -1, so that we can change the semantic of
"--tail 0" to not print any existing log line.
Closes: https://github.com/containers/libpod/issues/4396
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
container start: fix regression when using name
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When starting a container by using its name as a reference, we should
print the name instead of the ID. We regressed on this behaviour
with commit b4124485ae7e which made it into Podman v1.6.2.
Kudos to openSUSE testing for catching it. To prevent future
regressions, extend the e2e tests to check the printed container
name/ID.
Reported-by: @sysrich
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
| |
We want to make sure that the process label of pid 1 is the same as the process label of a process execed into the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Wait for `mount` command to finish when mounting volume
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
command.Start() just starts the command. That catches some
errors, but the nasty ones - bad options and similar - happen
when the command runs. Use CombinedOutput() instead - it waits
for the command to exit, and thus catches non-0 exit of the
`mount` command (invalid options, for example).
STDERR from the `mount` command is directly used, which isn't
necessarily the best, but we can't really get much more info on
what went wrong.
Fixes #4303
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
build: drop support for ostree
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
it is going to be removed from containers/image as well, so no longer
depend on it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Processes execed into container should match container label
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Processes execed into a container were not being run with the correct label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
goland autocorrections
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
just ran the autocorrect code corrections from goland and it found a few
nits.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Test that when we pull using tag or digest references from locations
that are manifest lists, that we can inspect using the references that
we used for pulling, that the tags show up in the RepoTag list when we
inspect an image that was pulled using a tag, and that the list and
instance digests always both show up in the RepoDigest list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |\ \
| |/
|/| |
Fix sig-proxy=false test and use image cache
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Pulling fedora-minimal was potentially causing timeouts, which is
bad. Using the cache avoids that.
Sig-proxy=false test was entirely nonfunctional - I think we
didn't update it when we fixed sig-proxy=true to be less racy.
It was still passing, which is concerning.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Image volumes should not be mounted noexec
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This matches Docker more closely, but retains the more important
protections of nosuid/nodev.
Fixes #4318
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \ \
| |/ /
|/| | |
Add parsing for UID, GID in volume "o" option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Everything else is a flag to mount, but "uid" and "gid" are not.
We need to parse them out of "o" and handle them separately.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Unless specified otherwise by --all, --latest or via arguments, list all
running containers. This matches the behaviour of Docker and is also
illustrated in the man pages where containers and options are marked to
be optional.
Fixes: #4274
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
Add support for anonymous volumes to `podman run -v`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, when `podman run` encountered a volume mount without
separate source and destination (e.g. `-v /run`) we would assume
that both were the same - a bind mount of `/run` on the host to
`/run` in the container. However, this does not match Docker's
behavior - in Docker, this makes an anonymous named volume that
will be mounted at `/run`.
We already have (more limited) support for these anonymous
volumes in the form of image volumes. Extend this support to
allow it to be used with user-created volumes coming in from the
`-v` flag.
This change also affects how named volumes created by the
container but given names are treated by `podman run --rm` and
`podman rm -v`. Previously, they would be removed with the
container in these cases, but this did not match Docker's
behaviour. Docker only removed anonymous volumes. With this patch
we move to that model as well; `podman run -v testvol:/test` will
not have `testvol` survive the container being removed by `podman
rm -v`.
The sum total of these changes let us turn on volume removal in
`--rm` by default.
Fixes: #4276
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
