| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Developers asked for a deterministic field to verify if podman is
running via API or linked directly to libpod library.
$ podman info --format '{{.Host.ServiceIsRemote}}'
false
$ podman-remote info --format '{{.Host.ServiceIsRemote}}'
true
$ podman --remote info --format '{{.Host.ServiceIsRemote}}'
true
* docs/conf.py formatted via black
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\
| |
| | |
Add envars to the generated systemd unit
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The with --new generated systemd unit loses the environment variables
when the create command only contains the key without the value. Since
podman tries to lookup those values from the environment the unit can
fail.
This commits ensures that we will add the environment variables to the
unit file when this is the case. The container environment variables are
looked up in the container spec.
Fixes #10101
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \
| | |
| | | |
Kube like pods should share ipc,net,uts by default
|
| |/
| |
| |
| | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|/
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\
| |
| | |
fix: docker APIv2 `images/get`
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
|\ \
| | |
| | | |
Add support to preserve auto-update labels in play / generate kube
|
| | |
| | |
| | |
| | |
| | |
| | | |
In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands
Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
|
|\ \ \
| | | |
| | | | |
Add support for environment variable secrets
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Env var secrets are env vars that are set inside the container but not
commited to and image. Also support reading from env var when creating a
secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix infinite loop in isPathOnVolume
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
filepath.Dir in some cases returns `.` symbol and calling this function
again returns same result. In such cases this function
never returns and causes some operations to stuck forever.
Closes #10216
Signed-off-by: Slava Bacherikov <slava@bacher09.org>
|
|\ \ \ \
| | | | |
| | | | | |
CI: run rootless tests under ubuntu
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Reason: to catch errors before they surface in RHEL.
One of the Ubuntus is specially crafted to run with cgroups v1
and runc. Although this isn't quite the same as RHEL, it's as
close as we can come in our CI environment, and I suspect it
would have caught #10234 (a regression).
Sorry, team.
Also: play kube limits test: skip on all rootless, not just
rootless+fedora. There was a complicated and unnecessary
check in there for Fedora.
Also: workaround for bug #10248, a spurious error message on
the first invocation of rootless podman on Ubuntu.Old
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Revert : https://github.com/containers/podman/pull/9895
Turns out that if Docker is in --selinux-enabeled, it still relabels if
the user tells the system to, even if running a --privileged container
or if the selinux separation is disabled --security-opt label=disable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
add restart-policy to container filters & --filter to podman start
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Fixes docker-compose cannot set static ip when use ipam
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|/ /
| |
| |
| |
| |
| | |
[NO TESTS NEEDED] This is just running codespell on podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Add filepath glob support to --security-opt unmask
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
add --mac-address to podman play kube
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new --mac-address flag to podman play kube. This is used to specify
a static MAC address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes #9731
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
System tests: honor $OCI_RUNTIME (for CI)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some CI systems set $OCI_RUNTIME as a way to override the
default crun. Integration (e2e) tests honor this, but system
tests were not aware of the convention; this means we haven't
been testing system tests with runc, which means RHEL gating
tests are now failing.
The proper solution would be to edit containers.conf on CI
systems. Sorry, that would involve too much CI-VM work.
Instead, this PR detects $OCI_RUNTIME and creates a dummy
containers.conf file using that runtime.
Add: various skips for tests that don't work with runc.
Refactor: add a helper function so we don't need to do
the complicated 'podman info blah blah .OCIRuntime.blah'
thing in many places.
BUG: we leave a tmp file behind on exit.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add --all to podman start
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
compat api: Networks must be empty instead of null
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The compat endpoint for container inspect must return {} instead of null
for NetworkSettings.Networks.
Fixes #9837
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The RHEL multi-arch team informed me that we were missing
aarch64; add it, using the new name (arm64v8).
(This is from last week, so the image date tag does not
match today's date. I was waiting for confirmation that
things were working).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
if --cgroup-parent is specified, always honor it without doing any
detection whether cgroups are supported or not.
Closes: https://github.com/containers/podman/issues/10173
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Autoupdate Local
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
changed struct to policyMapper
change "image" to "registry" in multiple locations
Updated documentation with registry alias & autoupdate local
Added relevant test
Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
|
|\ \ \
| | | |
| | | | |
Use seccomp_profile as default profile if defined in containers.conf
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Edits `podman info` to provide the default seccomp profile
detected in the output
Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Our current #1 flake; this is a simple one: we can't run 'logs'
on a container run with '-d --rm'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |/ /
|/| | |
System tests: fix two race conditions
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Basically, add 'podman wait' before 'podman rm'. See if this
fixes gating tests run on ppc64le (possibly very very slow hosts)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add podman run --timeout option
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Cirrus: Update Ubuntu images to 21.04
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the
distro. skip this test if the required cgroup node doesn't exist.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Docker API does not require Volume name to be specified when
creating a volume.
Fixes: https://github.com/containers/podman/issues/9803
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|