| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\
| |
| | |
Allow specifying seccomp profiles for privileged containers
|
| |
| |
| |
| |
| |
| |
| | |
To sync the behavior between AppArmor and seccomp it is now possible to
also specify seccomp profiles for privileged containers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \
| | |
| | | |
Fix handling of working dir
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Buildah and podman build can create images without a working dir.
FROM fedora
WORKDIR /test
If you build this image with caching twice, the second time the image
will not have a working dir.
Similarly if you execute
podman run --workdir /foobar fedora
It blows up since the workingdir is not created automatically.
Finally there was duplicated code for getting the workingdir
out of an image, that this PR removes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
Do not use image CMD if user gave ENTRYPOINT
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This matches Docker behavior, and seems to make sense - the CMD
may have been specific to the original entrypoint and probably
does not make sense if it was changed.
While we're in here, greatly simplify the logic for populating
the SpecGen's Command. We create the full command when making the
OCI spec, so the client should not be doing any more than setting
it to the Command the user passed in, and completely ignoring
ENTRYPOINT.
Fixes #7115
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Default .Repository and .Tag values to <none>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor the processing of Repository and Tag fields to default to <none>
when printing via --format flag. Previously, the default format would
print <none> but --format {{.Tag}} would not in some cases.
Fixes #7123
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Fix a bug in the error handling which returned nil instead of an error
and ultimately lead to nil dereferences in the client. To prevent
future regressions, add a test and check for the error message.
Fixes: #7271
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- new sanity checks for podman-remote:
- first, confirm that when PODMAN is "-remote",
we actually talk to a server (validated by
presence of "Server:" string in "podman version").
- second, add test for #7212, in which we run
"podman --remote" (podman with --remote flag,
not podman-remote command) and make sure --remote
is allowed both as the first option and also
with other flag options preceding.
- new test for "podman image tree" (piggybacking on
top of a "podman build" test, because that gives
us lots of layers).
- skip "podman exec - basic test" when remote. It is consistently
causing CI failures, breaking all of CI, due to #7241.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\
| |
| | |
support outbound-addr
|
| |
| |
| |
| |
| |
| | |
Fixes #6064
Signed-off-by: Bohumil Cervenka <5eraph@protonmail.com>
|
|\ \
| | |
| | | |
fix podman logs --tail when log is bigger than pagesize
|
| | |
| | |
| | |
| | | |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\ \ \
| | | |
| | | | |
podman-remote send name and tag
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
when loading an image with podman-remote load, we need to send a name and a tag to the endpoint
Fixes: #7124
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Refactor parsing to not require --remote to be first flag
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use cobra.Command.FParseErrWhitelist to no longer require --remote to be
the first argument in flags when using CLI
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Ensure that exec errors write exit codes to the DB
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In local Podman, the frontend interprets the error and exit code
given by the Exec API to determine the appropriate exit code to
set for Podman itself; special cases like a missing executable
receive special exit codes.
Exec for the remote API, however, has to do this inside Libpod
itself, as Libpod will be directly queried (via the Inspect API
for exec sessions) to get the exit code. This was done correctly
when the exec session started properly, but we did not properly
handle cases where the OCI runtime fails before the exec session
can properly start. Making two error returns that would otherwise
not set exit code actually do so should resolve the issue.
Fixes #6893
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
Ensure WORKDIR from images is created
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A recent crun change stopped the creation of the container's
working directory if it does not exist. This is arguably correct
for user-specified directories, to protect against typos; it is
definitely not correct for image WORKDIR, where the image author
definitely intended for the directory to be used.
This makes Podman create the working directory and chown it to
container root, if it does not already exist, and only if it was
specified by an image, not the user.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \ \
| | | | |
| | | | | |
validate fds --preserve-fds
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
validate file descriptors passed from podman run and podman exec --preserve-fds.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Handle podman-remote run --rm
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We need to remove the container after it has exited for
podman-remote run --rm commands. If we don't remove this
container at this step, we open ourselves up to race conditions.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
fix bug podman sign storage path
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- fix the bud podman not using specified --directory as signature storage.
- use manifest and image referce to set repo@digest.
close #6994
close #6993
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such.
Fixes: #7128
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Reenable remote system tests
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman-remote is in better shape now. Let's see what needs
to be done to reenable remote system tests.
- logs test: skip multilog, it doesn't work remote
- diff test: use -l only when local, not with remote
- many other tests: skip_if_remote, with 'FIXME: pending #xxxx'
where xxxx is a filed issue.
Unrelated: added new helper to skip_if_remote and _if_rootless,
where we check if the source message includes "remote"/"rootless"
and insert it if missing. This is a minor usability enhancement
to make it easier to understand at-a-glance why a skip triggers.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
podman: support --mount type=devpts
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow to create a devpts mount.
This is useful for containers that bind mount /dev/ from the host but
at the same time want to create a terminal.
It can be used as:
podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ...
Closes: https://github.com/containers/podman/issues/6804
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Docker and CNI have very different ideas of what 0.0.0.0 means.
Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4
address on the host. CNI (and, thus, root Podman) take it to mean
the literal IP 0.0.0.0. Instead, CNI interprets the empty string
("") as "bind to all IPs".
We could ask CNI to change, but given this is established
behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and
turn it into "" when we parse ports.
Fixes #7014
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\ \ \
| |/ /
|/| | |
implement the exitcode when start a container with attach
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \
| | | |
| | | | |
API returns 500 in case network is not found instead of 404
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
|\ \ \ \
| | | | |
| | | | | |
Remove some unnecessary []byte to string conversions
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some calls to `Sprintf("%s")` can be avoided by using direct string
type assertions.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Handle single character images
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently you can only specify multiple character for image names
when executing podman-remote commit
podman-remote commit a b
Will complete, but will save the image without a name.
podman-remote commit a bb
Works.
This PR fixes and now returns an error if the user doees not specify an
image name to commit to.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Add test case for description being present in search result
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
Test for a specific static image and match the description to avoid
regression like https://github.com/containers/podman/pull/7131
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
|\ \ \
| | | |
| | | | |
Add versioned _ping endpoint
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes #7008
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you execute podman create/run with the --pod new:<name> syntax
the pod was created but the namespaces where not shared and
therefore containers could not communicate over localhost.
Add the default namespaces and pass the network options to the
pod create options.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|