| Commit message (Collapse) | Author | Age |
|\
| |
| | |
podman build: pass runtime to buildah
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that Podman's default OCI runtime is passed to Buildah in
`podman build`. In theory, Podman and Buildah should use the same
defaults but the projects move at different speeds and it turns out
we caused a regression in v3.0.
Fixes: #9365
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Docker [APIv2] create container: handle empty host port
|
| |/
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Currently podman is always chowning the WORKDIR to root:root
This PR will return if the WORKDIR already exists.
Fixes: https://github.com/containers/podman/issues/9387
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
ubuntu's dns seems a little odd and requires a fq name in its tests.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The logic in the e2e test for multiple network aliases is indicating the
test should wait for the containerized nginx to be ready. As this may
take some time, the test does an exponential backoff starting at 2050ms.
Fix the logic by removing the `Expect(...)` call during the exponential
backoff. Otherwise, the test errors immediately.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
The timestamps of some images must have changed changing the number of
expected filtered images. The test conditions seem fragile but for now
it's more important to get CI back.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
apiv2: handle docker-java clients pulling
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When docker-java calls images/create?fromImage=x, it expects two things
for a successful response: that both "error" and "errorDetail" are not
set, and that the "progress" message contains one of five hard-coded
strings ("Download complete" being one of them).
Signed-off-by: Igor Korolev <missterr@gmail.com>
|
|\ \
| | |
| | | |
utils: takes the longest path on cgroup v1
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
now getCgroupProcess takes the longest path on cgroup v1, instead of
complaining if the paths are different.
This should help when --cgroups=split is used on cgroup v1 and the
process cgroups look like:
$ cat /proc/self/cgroup
11:pids:/user.slice/user-0.slice/session-4.scope
10:blkio:/
9:cpuset:/
8:devices:/user.slice
7:freezer:/
6:memory:/user.slice/user-0.slice/session-4.scope
5:net_cls,net_prio:/
4:hugetlb:/
3:cpu,cpuacct:/
2:perf_event:/
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when printing out json format, we mistakenly changed the Created field
output to be a time.time in a different commit. This allows for
override of the Created field to be a unix ts as type int64.
Fixes: #9315
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Correct compat network prune response
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Correcting the structure of the compat network prune response. They
should follow {"NetworksDeleted": [<network_name>",...]}
Fixes: #9310
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Rewrite copy-up to use buildah Copier
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The old copy-up implementation was very unhappy with symlinks,
which could cause containers to fail to start for unclear reasons
when a directory we wanted to copy-up contained one. Rewrite to
use the Buildah Copier, which is more recent and should be both
safer and less likely to blow up over links.
At the same time, fix a deadlock in copy-up for volumes requiring
mounting - the Mountpoint() function tried to take the
already-acquired volume lock.
Fixes #6003
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When doing a container inspect on a container with unlimited ulimits,
the value should be -1. But because the OCI spec requires the ulimit
value to be uint64, we were displaying the inspect values as a uint64 as
well. Simple change to display as an int64.
Fixes: #9303
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add shell completion tests for secrets
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
Add the SECRET keyword to the shell completion test. Also update the
use line for podman secret create to use `NAME` instead of `SECRET`.
This matches the other commands such as network/volume create.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| |/ /
|/| | |
Docker [APIv2] push sends digest in response body
|
| | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix compat networks endpoint for a empty result
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
The networks list compat api endpoint must return `[]`
and not `null` if no networks are found.
Fixes #9293
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | | |
Support annotations from containers.conf
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Service needs to be restarted in order to read the CONTAINERS_CONF file.
Not resetting this can lead to lots of flakes, since the test will use
whatever the host system has to be set in it's containers.conf.
Fixes: https://github.com/containers/podman/issues/9286
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| | |
Currently podman does not use the annotations specified in the
containers.conf. This PR fixes this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
apiv2 test fixes
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's been a while since I last looked at these; some cruft
has crept in, generating noise and hence unreadable test
results. Clean it up:
* remove pushd/popd in one subtest, replace with 'tar -C'.
(Also remove confusing quotation marks). This removes
spurious directory names from output.
* in like(), show only first line of actual output.
Some commands ('tree', 'generate kube') produce
voluminous multi-line output, which is super useless
and distracting when reading a test run.
* Recognize that some queries will not generate output,
e.g. HEAD requests and some POSTs. Deal with that.
This fixes "curl.result.out: no such file" and "parse
error" warnings.
* In cleanup, 'podman rm -a' and 'rmi -af'; this gets
rid of errors when deleting $WORKDIR. (EBUSY error
when root, EPERM when rootless).
And, the original reason for poking in here: refactor the
wait-for-port part of start_server() into its own helper
function, so we can use it when starting a local registry
in 12-imagesMore. (Ref: #9270)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\| |
| | |
| | | |
Fix Docker APIv2 push endpoint
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Docker doesn't have the destination parameter as libpod does,
the "image name" path parameter is supposed to be the destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \ \
| |_|/
|/| | |
generate kube: do not set caps with --privileged
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not play with capabilities for privileged containers where all
capabilities will be set implicitly.
Also, avoid the device check when running privileged since all of /dev/*
will be mounted in any case.
Fixes: #8897
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Implement Secrets
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fix handling of --iidfile to happen on the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Implement missing arguments for podman build
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Buildah bud passes a bunch more flags then podman build.
We need to implement hook up all of these flags to get full functionality.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
make `podman rmi` more robust
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The c/storage library is subject to TOCTOUs as the central container and
image storage may be shared by many instances of many tools. As shown
in #6510, it's fairly easy to have multiple instances of Podman running
in parallel and yield image-lookup errors when removing them.
The underlying issue is the TOCTOU of removal being split into multiple
stages of first reading the local images and then removing them. Some
images may already have been removed in between the two stages. To make
image removal more robust, handle errors at stage two when a given image
is not present (anymore) in the storage.
Fixes: #6510
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
add network prune
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
play kube selinux label issue
|
| |
| |
| |
| |
| |
| | |
added skip to test case where selinux not enabled
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| | |
fixed typo in the label comparison
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
| |
| |
| |
| |
| |
| |
| | |
test case added to e2e test suite to validate process label being correctly set
on play kube
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
|
|\ \
| | |
| | | |
fix logic when not creating a workdir
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When resolving the workdir of a container, we may need to create unless
the user set it explicitly on the command line. Otherwise, we just do a
presence check. Unfortunately, there was a missing return that lead us
to fall through into attempting to create and chown the workdir. That
caused a regression when running on a read-only root fs.
Fixes: #9230
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix Docker APIv2 container wait endpoint
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|