| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Allow users to add host user accounts to /etc/passwd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some containers require certain user account(s) to exist within the
container when they are run. This option will allow callers to add a
bunch of passwd entries from the host to the container even if the
entries are not in the local /etc/passwd file on the host.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Error out early if system does not support pre-copy checkpointing
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| |/
|/| |
Warn on use of --kernel-memory
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It has been deprecated and is no longer supported. Fully remove it and
only print a warning if a user uses it.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
|
| |\ \
| |/
|/| |
Use hosts public ip address in rootless containers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add first non localhost ipv4 of all host interfaces as destination
for host.contaners.internal for rootless containers.
Fixes: https://github.com/containers/podman/issues/12000
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
support hosts without /etc/hosts
|
| | | |
| | |
| | |
| | |
| | | |
Fixes: #12667
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Podman run --passwd
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint
resolves #11805
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
compat: image normalization: handle sha256 prefix
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When normalizing image names on the compat API, make sure to take the
`sha256:` prefix into account when matching against the image ID.
Otherwise, the name will mistakingly be subject to docker.io
normalization.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
specgen: honor userns=auto from containers.conf
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when using the default userns value, make sure its value is parsed so
that userns=auto is parsed and the options for the storage are filled.
Closes: https://github.com/containers/podman/issues/12615
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |/
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The quay.io/libpod/testimage:20210610 is known not to change and to
remain stable over time. While the same should apply for alpine image
on quay.io/libpod, we've seen it flake and return the wrong image.
The reasons for that observation are unknown.
Fixes: #12631
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
fix(generate): fix up podman generate kube missing env field bug
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the logic is: if the process env vars key exists in podman default or in image defined, and the value is equal, skip the env var key.
the typo make it compare to itself -_-
so, here comes the simple fixup.
Signed-off-by: 荒野無燈 <ttys3.rust@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
image rm: allow for force-remove infra images
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Force removal of images will also remove associated containers.
Historically, infra containers have been excluded resulting in
rather annoying errors, for instance, when running `rmi -af`.
Since there is not reasons to exclude infra containers, allow for
removing the entire pod when an infra image is force removed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
Add more checkpoint/restore information to 'inspect'
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This extends one of the checkpoint/restore tests to see if the
newly introduced checkpoint specific fields in 'inspect' work as
intended.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |\ \
| | |
| | | |
build: relay `exitcode` from imagebuildah to registry
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Old build tests were expecting genric error code `125` however another
commit in this PR ensures that we relay exact exit code from build to
registry.
Hence adjusting tests
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman does not relay exit code from buildah instead returns a generic
error code `125`. Following PR allows `podman` to relay exit code from
`imagebuildah` to `registry` as it is.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when a container with healthchecks exits due to stopping or failure, we
need the cleanup process to remove both the timer file and the service
file.
Bz#:2024229
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
oci: configure the devices cgroup with default devices
|
| | |/
| |
| |
| |
| |
| |
| | |
always set the default devices to the devices cgroup when not running
in a user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
|
|
|
| |
Make sure that `kill -a` is printing the IDs of killed containers.
Previously, it was only printing empty lines.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The search endpoint on registry.redhat.io is broken.
Skip one test and update another to avoid hitting it.
Also leave some breadcrumbs to revert once it's back
in a working state.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
APIv2 tests: fail on syntax/logic errors
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(i.e. not test failures, but actual programming bugs).
We've had a number of syntax errors creep into this test, usually
caused by a missing backslash on a test command. I've long wanted
to 'set -e' but that causes other problems. This PR introduces
error handling via 'trap', with useful diagnostics on failure.
This PR also catches and fixes two previously-unknown bugs that
were causing tests to not actually run.
And, since /events takes eons on my high-uptime laptop, add /since
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Show --external containers even without --all option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We currently do not show --external containers when the user specifies
it, unless they also specify the --all flag. This has led to confusion.
I see no reason not to list them without the --all flag if the user
specifies the option.
Fixes: https://github.com/containers/podman/issues/12353
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
network db rewrite
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes #11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes #9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some months ago, apiv2 tests got added that needed new
functionality: passing a tarball to the remote server.
There was no mechanism to do so in the 't' helper, so
these tests used complicated (and actually not-really-
working) curl commands.
This PR introduces and documents a new usage of 't', in
which passing an argument ending in '.tar' adds the
right magic syntax (--data-binary @PATH) to the existing
curl. This lets us use all standard 't' checks, making
for simpler tests and in the process fixing some bugs.
Also: drive-by fix of a typo bug in the networks test.
Also: set CONTAINERS_REGISTRIES_CONF when starting server
and when running direct podman, to avoid docker.io throttling.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Add secret list --filter to cli
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This PR is a follow-up of #11431. It adds possibility of filtering
secret list based on id and name.
Signed-off-by: Jakub Guzik <jguzik@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fixes #12063 Add docker compatible output after image build.
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
network ls: show networks in deterministic order
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
The new network backend stores the networks in a map so the returned
order is not deterministic. Lets sort the network names alphabetically
to ensure a deterministic order.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
