aboutsummaryrefslogtreecommitdiff
path: root/utils
Commit message (Collapse)AuthorAge
* enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix a number of `godot` issuesValentin Rothberg2022-03-22
| | | | | | | Still an unknown number remains but I am running out of patience. Adding dots is not the best use of my time. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* go fmt: use go 1.18 conditional-build syntaxValentin Rothberg2022-03-18
| | | | Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* move rootless netns slirp4netns process to systemd user.slicePaul Holzinger2022-02-07
| | | | | | | | | | | | | When running podman inside systemd user units, it is possible that systemd kills the rootless netns slirp4netns process because it was started in the default unit cgroup. When the unit is stopped all processes in that cgroup are killed. Since the slirp4netns process is run once for all containers it should not be killed. To make sure systemd will not kill the process we move it to the user.slice. Fixes #13153 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* switch podman image scp from depending on machinectl to just os/execcdoern2022-01-26
| | | | | | | | | machinectl does not propogate error messages and adds extra lines in the output, exec.Cmd is able to clear the env besides PATH and TERM, and use the given UID and GID to execute the command properly. machinectl is still used to create a user session. Ubuntu support is limited by this. Signed-off-by: cdoern <cdoern@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12429 from cdoern/scpOpenShift Merge Robot2022-01-05
|\ | | | | podman image scp never enter podman user NS
| * podman image scp never enter podman user NScdoern2021-12-23
| | | | | | | | | | | | | | | | | | | | | | Podman image scp should never enter the Podman UserNS unless it needs to. This allows for a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo, the simple sudo podman save/load does not work, machinectl/su is necessary here. This modification allows for both rootful and rootless transfers, and an overall change of scp to be more of a wrapper function for different load and save calls as well as the ssh component Signed-off-by: cdoern <cdoern@redhat.com>
* | MovePauseProcessToScope do not seed everytimePaul Holzinger2021-12-16
| | | | | | | | | | | | | | | | | | | | | | Instead of using math/rand we can use crypto/rand which we do not have to seed. crypto/rand uses getrandom(2) Also instead of adding an int to the scope name we add a 4 byte hex string. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | pause scope: don't use the global math/rand RNGValentin Rothberg2021-12-14
|/ | | | | | | | | | | Otherwise, we'll always get the same sequence of random numbers which may lead to conflicts. Also bump the number of maximum attempts to 10 instead of 3. [NO NEW TESTS NEEDED] as I cannot enforce random number collisions. Existing tests should continue be green and flake slightly less. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* utils: reintroduce moveToCgroupGiuseppe Scrivano2021-12-08
| | | | | | | | | | | | | | | commit ee62711136339c5daf38e38859227d85b06fc32a introduced the regression. It was mistakenly removed as part of a cleanup, but this code is needed by another code path, where we move conmon for the exec session to the same cgroup used by conmon for the process. Closes: https://github.com/containers/podman/issues/12535 [NO NEW TESTS NEEDED] it fixes a regression in the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* checkpoint do not modify XDG_RUNTIME_DIRPaul Holzinger2021-11-24
| | | | | | | | | | We should not modify the XDG_RUNTIME_DIR env value during runtime of libpod, this can cause hard to find bugs. Only set it for the OCI runtime, this matches the other commands such as start, stop, kill... [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* utils: use podman-pause-$RANDOM.scope nameGiuseppe Scrivano2021-11-17
| | | | | | | | | | | | | | | we try hard to re-use the existing podman-pause.scope name when it already exists, causing any sort of race errors when the already existing scope is terminating. There is no such a requirement though, so just try with a random name. Closes: https://github.com/containers/podman/issues/12065 [NO NEW TESTS NEEDED] it fixes a race in the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* runtime: change PID existence checkGiuseppe Scrivano2021-10-28
| | | | | | | | | | | | | | | commit 6b3b0a17c625bdf71b0ec8b783b288886d8e48d7 introduced a check for the PID file before attempting to move the PID to a new scope. This is still vulnerable to TOCTOU race condition though, since the PID file or the PID can be removed/killed after the check was successful but before it was used. Closes: https://github.com/containers/podman/issues/12065 [NO NEW TESTS NEEDED] it fixes a CI flake Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: do not overwrite the err variableGiuseppe Scrivano2021-10-27
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: return error message from StartTransientUnitGiuseppe Scrivano2021-09-20
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: raise warning only on cgroupv2Giuseppe Scrivano2021-09-20
| | | | | | | | | | | if it is not running on cgroup v2, print only a debug message since rootless users cannot create the cgroup. commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8 introduced the regression. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: move MovePauseProcessToScope to utilsGiuseppe Scrivano2021-09-16
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* system: always move pause process when running on systemdGiuseppe Scrivano2021-09-16
| | | | | | | when running on a systemd with systemd, always try to move the pause process to its own scope. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils.RunUnderSystemdScope(): always close ConnNalin Dahyabhai2021-08-23
| | | | | | | | | | Make sure we close our private connection to the bus, even if we're not successful in in using it to ask systemd to move a unit's processes to a specific control group. [NO TESTS NEEDED] Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* utils: move message from warning to debugGiuseppe Scrivano2021-06-16
| | | | | | | | | if a pid could not be moved to a new cgroup, print a debug message instead of a warning. Closes: https://github.com/containers/podman/issues/10674 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: improve error messageGiuseppe Scrivano2021-06-16
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Improvements for machinebaude2021-03-25
| | | | | | clean up ci failures and add appropriate arch,os exclusion tags Signed-off-by: baude <bbaude@redhat.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* utils: takes the longest path on cgroup v1Giuseppe Scrivano2021-02-11
| | | | | | | | | | | | | | | | | | | | | | now getCgroupProcess takes the longest path on cgroup v1, instead of complaining if the paths are different. This should help when --cgroups=split is used on cgroup v1 and the process cgroups look like: $ cat /proc/self/cgroup 11:pids:/user.slice/user-0.slice/session-4.scope 10:blkio:/ 9:cpuset:/ 8:devices:/user.slice 7:freezer:/ 6:memory:/user.slice/user-0.slice/session-4.scope 5:net_cls,net_prio:/ 4:hugetlb:/ 3:cpu,cpuacct:/ 2:perf_event:/ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: create parent cgroupsGiuseppe Scrivano2021-02-11
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: ignore unified on cgroupv1 if not presentGiuseppe Scrivano2021-02-11
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* utils: skip empty linesGiuseppe Scrivano2021-02-11
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix some nitzhangguanzhang2020-12-04
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* podman, exec: move conmon to the correct cgroupGiuseppe Scrivano2020-12-03
| | | | | | | | | | | | move the conmon process to the conmon cgroup also on exec. The previous implementation would fail to move the conmon process as the systemd unit already exists so its creation would fail. When the unit cannot be created, attempt to directly join the cgroup instead. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Ensure libpod/define does not include libpod/imageMatthew Heon2020-07-31
| | | | | | | | | | | | | The define package under Libpod is intended to be an extremely minimal package, including constants and very little else. However, as a result of some legacy code, it was dragging in all of libpod/image (and, less significantly, the util package). Fortunately, this was just to ensure that error constants were not duplicating, and there's nothing preventing us from importing in the other direction and keeping libpod/define free of dependencies. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* utils: fix parsing of cgroup with : in the nameGiuseppe Scrivano2020-06-30
| | | | | | | | | a cgroup can have ':' in its name. Make sure the parser doesn't split more than 3 fields and leave untouched the ':' in the cgroup name. commit 6ee5f740a4ecb70636b888e78b02065ee984636c introduced the issue. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* v2 podman statsbaude2020-05-05
| | | | Signed-off-by: baude <bbaude@redhat.com>
* utils: delete dead codeGiuseppe Scrivano2020-04-02
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* update systemd & dbus dependenciesValentin Rothberg2020-03-10
| | | | | | | | Update the outdated systemd and dbus dependencies which are now provided as go modules. This will further tighten our dependencies and releases and pave the way for the upcoming auto-update feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* utils: use the user session for systemdGiuseppe Scrivano2019-09-12
| | | | | | | when running as rootless, use the user session bus. It is already implemented in the pkg/cgroups so just re-use it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* code cleanupbaude2019-07-08
| | | | | | clean up code identified as problematic by golands inspection Signed-off-by: baude <bbaude@redhat.com>
* libpod: specify a detach keys sequence in libpod.confMarco Vedovati2019-06-26
| | | | | | Add the ability of specifying a detach keys sequence in libpod.conf Signed-off-by: Marco Vedovati <mvedovati@suse.com>
* enable podman-remote on windowsbaude2019-04-30
| | | | | | | build a podman-remote binary for windows that allows users to use the remote client on windows and interact with podman on linux system. Signed-off-by: baude <bbaude@redhat.com>
* Corrected detach man pages and code commentsJhon Honce2019-03-13
| | | | | | * Updated documentation to match code Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman-remote save [image]baude2019-02-20
| | | | | | | Add the ability to save an image from the remote-host to the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* Fix manual detach from containers to not wait for exitMatthew Heon2019-02-12
| | | | | | | | | | | | | | | | | | | | | | | | | At present, when manually detaching from an attached container (using the detach hotkeys, default C-p C-q), Podman will still wait for the container to exit to obtain its exit code (so we can set Podman's exit code to match). This is correct in the case where attach finished because the container exited, but very wrong for the manual detach case. As a result of this, we can no longer guarantee that the cleanup and --rm functions will fire at the end of 'podman run' - we may be exiting before we get that far. Cleanup is easy enough - we swap to unconditionally using the cleanup processes we've used for detached and rootless containers all along. To duplicate --rm we need to also teach 'podman cleanup' to optionally remove containers instead of cleaning them up. (There is an argument for just using 'podman rm' instead of 'podman cleanup --rm', but cleanup does have different semantics given that we only ever expect it to run when the container has just exited. I think it might be useful to keep the two separate for things like 'podman events'...) Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add container runlabel commandbaude2018-09-28
| | | | | | | | | | | | | Execute the command as described by a container image. The value of the label is processed into a command by: 1. Ensuring the first argument of the command is podman. 2. Substituting any variables with those defined by the environment or otherwise. If no label exists in the container image, nothing is done. podman container runlabel LABEL IMAGE extra_args Signed-off-by: baude <bbaude@redhat.com>
* Initial checkin from CRI-O repoMatthew Heon2017-11-01
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>