| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add container GID to additional groups
|
| | |
| |
| |
| |
| |
| |
| | |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Update test per comment in #15555
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While backporting a test from main, @edsantiago asked that
the test be adjusted as noted here:
https://github.com/containers/podman/pull/15555#issuecomment-1232791752.
This PR brings those same changes to main for posterity sake.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Fix bind-mount-option annotation in gen/play kube
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
CI: disable flaking test on ubuntu
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See https://github.com/containers/conmon/pull/352
As of a few days ago, Ubuntu still hadn't built a fixed conmon.
Just skip the test until we get a fixed Ubuntu or until we
figure out a better solution to the test-something-RHEL8ish
problem.
UPDATE: WEIRD: this 'skip' triggered a baffling failure
on Ubuntu: the "Kubernetes only allows 63 characters"
warning message stopped appearing, on Ubuntu only, which
then caused the kube-generate tests to fail because they
actually checked for that. The message doesn't appear
because generate-kube is no longer spitting out a line
for org.opencontainers.image.base.digest/CONTAINER.
(Why this line is gone, I don't know, and choose not
to investigate). Solution: stop checking for the kube-63
warning. It's just not that important.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\
| |
| | |
Set enableServiceLinks to false in generated yaml
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Since podman doesn't set/use the needed service env
variable, always set enableServiceLinks to false in
the generated kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| |/
|/| |
api: return imageID instead of imageName, for "Image" when Podman api is queried
|
| | |\ |
|
| | |\ \ |
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add emptyDir volume support to kube play
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a kube yaml has a volume set as empty dir, podman
will create an anonymous volume with the empty dir name and
attach it to the containers running in the pod. When the pod
is removed, the empy dir volume created is also removed.
Add tests and docs for this as well.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
podman rmi: emit untag events
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Emit untag events for each tag when removing an image.
Fixes: #15485
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add two new options to the keep-id user namespace option:
- uid: allow to override the UID used inside the container.
- gid: allow to override the GID used inside the container.
For example, the following command will map the rootless user (that
has UID=0 inside the rootless user namespace) to the UID=11 inside the
container user namespace:
$ podman run --userns=keep-id:uid=11 --rm -ti fedora cat /proc/self/uid_map
0 1 11
11 0 1
12 12 65525
Closes: https://github.com/containers/podman/issues/15294
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
We keep getting flakes in tests that use port 5000. Try to
find and fix, by switching ports where possible, and locking
5000 when not possible (or not easy) to switch.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
APIv2 test cleanup, part 2 of 2
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This finishes the removal of curls and exits.
Please please please, everyone, if you see a 'curl' or 'exit'
in any new PR, reject the PR and tell me immediately so I can
help the developer do it the proper way.
Also, removed some very-very-wrong USER/UID code. Both are
reserved variables in bash. You cannot override them.
Also, added a cleanup to a system-connection test. I wasted
a lot of time because my podman-remote stopped working, all
because I had run this test as part of something unrelated.
Also, found and fixed dangerously-broken timeout code.
Implemented a new mechanism for requiring a timeout.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Handle an already connected network in libpod API
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Compat: Treat already attached networks as a no-op
Applies only to containers in created state. Maintain error in running state.
Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com>
Co-authored-by: Brent Baude <bbaude@redhat.com>
Co-authored-by: Jason T. Greene <jason.greene@redhat.com>
Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com>
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`podman-remote` and Libpod API does not supports build with
`--userns=auto` since `IDMappingOptions` were not implemented for API
and bindings, following PR implements passing `IDMappingOptions` via
bindings to API.
Closes: https://github.com/containers/podman/issues/15476
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Run codespell
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Change only the compat API, so we don't force a breaking change
on Libpod API users.
Partial fix for #15485
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
System test cleanup
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Misspellings, broken code, missing tests
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
APIv2 test cleanup
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Whole slew of bugs that got introduced while I wasn't paying
attention. Most of them are of the form "let's use hand-crafted
curl commands and do our own error checking and exit uncleanly
on error and leave the system in an unstable state". To be
fair, those were done because there was no existing mechanism
for uploading JSON files or somesuch. So, add one.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
using "slave" means that every mount operation on the host that
happens between the mount creation for `/host` and running `findmnt`
will be propagated to the container mount. To prevent new mounts on
the host to appear in the container thus invalidating the test we
have, just create the mount as private and use `/sys` as source as it
has multiple mounts on the top but less likely to get new mounts once
it is configured.
Closes: https://github.com/containers/podman/issues/15241
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
vendor containers/psgo@v1.7.3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add three new capabilities that would otherwise be reported as unknown.
Also add an e2e test making sure that `podman top` knows all
capabilities of the current kernel. I refrained from adding a system
test since this may blow up in gating tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Allow podman to run in an environment with keys containing spaces
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/15251
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
it is not a kernel bug.
Rootless users are not allowed to use non recursive bind mounts,
otherwise they would be able to uncover mounts that were not visible
before to them.
[CI:DOCS] it is just a comment fix.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Fix documentation of use of tcp connections
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/15430
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add support for containers.conf volume timeouts
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \
| | | |
| | | | |
run,create: add support for `--env-merge` for preprocessing default environment variables
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
e2e: Add run --memory-swap test
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
There is not e2e/system test of --memory-swap option.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \
| |/ /
|/| | |
Simplify ImagesPull for when Quiet flag is on
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\ \ \
| | | |
| | | | |
podman kube play/down --read from URL
|
