| Commit message (Collapse) | Author | Age |
|\
| |
| | |
fedora rootless cpu settings
|
| |
| |
| |
| |
| |
| |
| | |
fedora does not have the the ability in rootless to set cpu limits.
this requires a simple fix for fedora 33 to pass ci tests.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/|
| |
| | |
debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME
Test $HOME when it's parent is bind mounted with --userns=keep-id
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When --userns=keep-id is used, Podman is supposed to set up the home
directory of the user inside the container to match that on the host
as long as the home directory or any of its parents are marked as
volumes to be bind mounted into the container.
Currently, the test only considers the case where the home directory
itself is bind mounted into the container. It doesn't cover the Podman
code that walks through all the bind mounts looking for ancestors in
case the home directory itself wasn't specified as a bind mount.
Therefore, this improves the existing test added in commit
6ca8067956128585 ("Setup HOME environment when using --userns=keep-id")
Note that this test can't be run as root. The home directory of the
root user is /root, and it's parent is /. Bind mounting the entire /
from the host into the container prevents it from starting:
Error: openat2 ``: No such file or directory: OCI not found
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
if --userns=keep-id is specified and not --user is specified, take the
unprivileged capabilities code path so that ambient capabilities are
honored in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
if the username is specified in the USER:GROUP form, make sure we only
check for USER.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
if the kernel supports ambient capabilities (Linux 4.3+), also set
them when running with euid != 0.
This is different that what Moby does, as ambient capabilities are
never set.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fix dnsname when joining a different network namespace in a pod
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When creating a container in a pod the podname was always set as
the dns entry. This is incorrect when the container is not part
of the pods network namespace. This happend both rootful and
rootless. To fix this check if we are part of the pods network
namespace and if not use the container name as dns entry.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | | |
manifest list inspect single image
|
| |/
| |
| |
| |
| |
| | |
If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Remove search limit since pagination support
|
| |/
| |
| |
| |
| |
| | |
Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Stop excessive wrapping of errors
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Most of the builtin golang functions like os.Stat and
os.Open report errors including the file system object
path. We should not wrap these errors and put the file path
in a second time, causing stuttering of errors when they
get presented to the user.
This patch tries to cleanup a bunch of these errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Restore --format table header support
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Containers that share IPC Namespaces share each others
/dev/shm, which means a private /dev/shm needs to be setup
for the infra container.
Added a system test and an e2e test to make sure the
/dev/shm is shared.
Fixes: https://github.com/containers/podman/issues/8181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Podman often reports OCI Runtime does not exist, even if it does
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the OCI Runtime tries to set certain settings in cgroups
it can get the error "no such file or directory", the wrapper
ends up reporting a bogus error like:
```
Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error
{"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500}
```
On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting
message":"open io.max: No such file or directory
Which is what we want the user to concentrate on.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |_|/
|/| | |
new "image" mount type
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a new "image" mount type to `--mount`. The source of the mount is
the name or ID of an image. The destination is the path inside the
container. Image mounts further support an optional `rw,readwrite`
parameter which if set to "true" will yield the mount writable inside
the container. Note that no changes are propagated to the image mount
on the host (which in any case is read only).
Mounts are overlay mounts. To support read-only overlay mounts, vendor
a non-release version of Buildah.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| |/
|/| |
Move from docker.io
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Followon to #7965 (mirror registry). mirror.gcr.io doesn't
cache all the images we need, and I can't find a way to
add to its cache, so let's just use quay.io for those
images that it can't serve.
Tools used:
skopeo copy --all docker://docker.io/library/alpine:3.10.2 \
docker://quay.io/libpod/alpine:3.10.2
...and also:
docker.io/library/alpine:3.2
docker.io/library/busybox:latest
docker.io/library/busybox:glibc
docker.io/library/busybox:1.30.1
docker.io/library/redis:alpine
docker.io/libpod/alpine-with-bogus-seccomp:label
docker.io/libpod/alpine-with-seccomp:label
docker.io/libpod/alpine_healthcheck:latest
docker.io/libpod/badhealthcheck:latest
Since most of those were new quay.io/libpod images, they required
going in through the quay.io GUI, image, settings, Make Public.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
Add a Degraded state to pods
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make a distinction between pods that are completely running (all
containers running) and those that have some containers going,
but not all, by introducing an intermediate state between Stopped
and Running called Degraded. A Degraded pod has at least one, but
not all, containers running; a Running pod has all containers
running.
First step to a solution for #7213.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add test cases to cover podman volume
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add test cases to cover below podman volume subcommand:
create
ls
inspect
rm
prune
Signed-off-by: Yuhui Jiang <yujiang@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add pod, volume, network to inspect package
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality
If the inspect type is not specified using --type, the order of inspection is:
containers
images
volumes
networks
pods
meaning if container that has the same name as an image, podman inspect would return the container inspect.
To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple)
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/common-0.26.2
Bump github.com/containers/common from 0.26.0 to 0.26.3
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](containers/common@v0.26.0...v0.26.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- run test: preserve --runtime test: use a random executable
path. And, clean up better.
- run test: "look up correct image name" test: use random
strings; test both without and with a :tag
- events test: use random label strings, add more filter tests
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| | |
| | | |
Tests: Check different log driver can work with podman logs
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a check step in podman run --log-driver test. Prefer to add
it here as it already has a loop to cover all different drivers
in this test.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
adding the ability to filter evens by the container labels. this requires that container labels be added to the events data being recorded and subsequently read.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman create doesn't support creating detached containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
replace net_raw with setuid
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
podman does not allow setting CAP_NET_RAW
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \
| | | | |
| | | | | |
Add hostname to /etc/hosts for --net=none
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This does not match Docker, which does not add hostname in this
case, but it seems harmless enough.
Fixes #8095
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
container create: record correct image name
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Record the correct image name when creating a container by using the
resolved image name if present. Otherwise, default to using the first
available name or an empty string in which case the image must have been
referenced by ID.
Fixes: #8082
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Allow save image remove-signatures
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
remove signatures to podman save since the image formats do not support signatures
Close: #7659
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Switch help messages from using [flags] to [options]
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Want to have man pages match commands, since we have lots of printed
man pages with using Options, we will change the command line to use
Options in --help.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|