| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allow a container to run in a new cgroup namespace.
When running in a new cgroup namespace, the current cgroup appears to
be the root, so that there is no way for the container to access
cgroups outside of its own subtree.
By default it uses --cgroup=host to keep the previous behavior.
To create a new namespace, --cgroup=private must be provided.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Move the HostConfig portion of Inspect inside libpod
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we first began writing Podman, we ran into a major issue
when implementing Inspect. Libpod deliberately does not tie its
internal data structures to Docker, and stores most information
about containers encoded within the OCI spec. However, Podman
must present a CLI compatible with Docker, which means it must
expose all the information in 'docker inspect' - most of which is
not contained in the OCI spec or libpod's Config struct.
Our solution at the time was the create artifact. We JSON'd the
complete CreateConfig (a parsed form of the CLI arguments to
'podman run') and stored it with the container, restoring it when
we needed to run commands that required the extra info.
Over the past month, I've been looking more at Inspect, and
refactored large portions of it into Libpod - generating them
from what we know about the OCI config and libpod's (now much
expanded, versus previously) container configuration. This path
comes close to completing the process, moving the last part of
inspect into libpod and removing the need for the create
artifact.
This improves libpod's compatability with non-Podman containers.
We no longer require an arbitrarily-formatted JSON blob to be
present to run inspect.
Fixes: #3500
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
| |
Before, play kube wasn't properly setting the command. Fix this
Also, begin a dedicated test suite for play kube to catch regressions like this in the future
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker CLI calls the healthcheck flags "--health-*", instead of
"--healthcheck-*".
Introduce the former, in order to keep compatibility, and alias
the later, in order to avoid breaking current usage.
Change "--healthcheck-*" to "--health-*" in the docs and tests.
Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Docker CLI compatibility issue: the "--healthcheck-command" option
value should not be split but instead be passed as single string to
"CMD-SHELL", i.e. "/bin/sh -c <opt>".
On the other hand implement the same extension as is already available
for "--entrypoint", i.e. allow the option value to be a JSON array of
strings. This will make life easier for tools like podman-compose.
Updated "--healthcheck-command" option values in tests accordingly.
Continuation of #3455 & #3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
|
|\
| |
| | |
Add support for --env-host
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This flag passes the host environment into the container. The basic idea is to
leak all environment variables from the host into the container.
Environment variables from the image, and passed in via --env and --env-file
will override the host environment.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
podman: add --ulimit host
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add a simple way to copy ulimit values from the host.
if --ulimit host is used then the current ulimits in place are copied
to the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Update the testing documentation with system tests.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add Bats installation procedure.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
be sure to load all the existing handlers, so that they can also be
freed in addition to the handlers we treat differently.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Randomize IP addresses during checkpoint/restore tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This tries to reduce CI errors which might happen due to parallel CI
runs which all are using the same IP addresses. Using random addresses
should reduce the possibility of parallel tests using the same IP address.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Restart failed containers in tests
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we're waiting for a container to come up with healthchecks,
and it's not even running, there's no point to waiting further.
Instead, let's restart the container and continue waiting.
This may fix some flakes we're seeing with 'podman port' tests.
Then again, all the tests there seem to fail, not just a single
test flaking - so I bet there's some other underlying cause.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
Use conmon pidfile in generated systemd unit as PIDFile.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There is no meaning of performing setup/teardown for these tests
when we even can not work with systemd.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Systemd manager drops non-existent directories from the units search
path during initialization, thus, creation of UNIT_DIR, if it did not
exist before, requres reloading the daemon.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
By default, podman points PIDFile in generated unit file to non-existent
location. As a result, the unit file, generated by podman, is broken:
an attempt to start this unit without prior modification results in a crash,
because systemd can not find the pidfile of service's main process.
Fix the value of "PIDFile" and add a system test for this case.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
|
|\ \ \ \
| |_|/ /
|/| | | |
speed up rootless tests
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when running integrations tests as rootless, several tests still
unnecessarily pull images which is costly in terms of time.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Set correct SELinux label on restored containers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A container restored from a checkpoint archive used to have the root
file-system mounted with a wrong (new) SELinux label. This made it, for
example, impossible to use 'podman exec' on a restored container.
This test tests exactly this. 'podman exec' after 'podman container restore'.
Unfortunately this test does not fail, even without the patch that fixes
it as the test seems to run in an environment where the SELinux label of
the container root file-system is not relevant. Somehow.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Add RUN priv'd test for build
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman 1.4.1 had problems with builds with a
RUN command that tried to to a privliged command.
This adds a gating test for that situation.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
attempts to correct three of our flakey integration tests
Signed-off-by: baude <bbaude@redhat.com>
|
| |_|/
|/| |
| | |
| | | |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Handle images which contain no layers
|
| | |
| | |
| | |
| | | |
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Remove refs to crio/conmon
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Conmon has moved out of cri-o and into it's own dedicated repository.
This commit updates configuration and definitions which referenced
the old cri-o based paths.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| |/
|/| |
Only include ports in one container in Kube YAML
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OutputToString() was mangling newlines, which made YAML parsers
very, very angry. But not angry enough to actually error, that
would be too easy. Just angry enough to silently not decode
anything.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| |
| |
| |
| | |
We need to verify that valid YAML was produced - Marshal will
just pack the generated YAML even further.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Fix inspect --format '{{.Mounts}}.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This provides backwards compatability with 1.4.0-1.4.2 releases
which name .Source and .Destination as .Src and .Dst - useful for
not breaking toolbox.
Also add a test.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
fix bug creats directory copying file
|
| | |
| | |
| | |
| | |
| | |
| | | |
close #3384
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix a segfault in 'podman ps --sync'
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We weren't properly populating the container's OCI Runtime in
Batch(), causing segfaults on attempting to access it. Add a test
to make sure we actually catch cases like this in the future.
Fixes #3411
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ /
| |
| |
| |
| |
| | |
Closes: https://github.com/containers/libpod/issues/3405
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
The man page of 'podman diff' claims that the diff sub-command knows
about --latest, -l. This adds support, as described in the man-page, to
the diff sub-command for --latest, -l.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|\
| |
| | |
Add support for cached, delegated mounts
|