| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.13.5 to 1.14.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.13.5...v1.14.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This requires updating all import paths throughout, and a matching
buildah update to interoperate.
I can't figure out the reason for go.mod tracking
github.com/containers/image v3.0.2+incompatible // indirect
((go mod graph) lists it as a direct dependency of libpod, but
(go list -json -m all) lists it as an indirect dependency),
but at least looking at the vendor subdirectory, it doesn't seem
to be actually used in the built binaries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
|
|
| |
Vendor in Buildah 1.11.2 into libpod/Podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Udica is adding new features to allow users to define container process
and file types. This would allow us to setup trusted communications channels
between multiple security domains. ContainerA -> ContainerB -> ContainerC
Add tests to make sure users can change file types
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
Ran a `go get -u` and bumped K8s deps to 1.15.0.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This will now verify labels passed in by the user.
Will also prevent users from accidently relabeling their homedir.
podman run -ti -v ~/home/user:Z fedora sh
Is not a good idea.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
* If possible, update each dependency to the latest available version.
* Use releases over commit IDs and avoid vendoring branches.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Update vendor of runc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Updating the vendor or runc to pull in some fixes that we need.
In order to get this vendor to work, we needed to update the vendor
of docker/docker, which causes all sorts of issues, just to fix
the docker/pkg/sysinfo. Rather then doing this, I pulled in pkg/sysinfo
into libpod and fixed the code locally.
I then switched the use of docker/pkg/sysinfo to libpod/pkg/sysinfo.
I also switched out the docker/pkg/mount to containers/storage/pkg/mount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
This should improve the speed of podman build.
Has fixes from containres/image for parallell pull.
Also vendor containers/storage and containers/image
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
This will allow container processes to write to the CRIU socket that gets injected
into the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
inherit a change for not failing a recursive relabelling if the file
is removed between the directory is read and the lsetxattr syscall.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This will cause /proc inside of the container to match the mount options
of the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1511
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
We need to vendor in the latest containerd/cgroups for a fix related to
slice delegation and systemd <= 239. The opencontainer/runtime-spec is
brought along for the ride.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1414
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1269
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a compiler warning that has been fixed in the
upstream, so I figured we should update to fix.
Also vendor in latest buildah to get better support for running builds in rootless
mode.
Vendor in latest containers/image to allow daemon support to be pluggable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1169
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Check at runtime if AppArmor is enabled on the host.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1128
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1037
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
Newer runtime tools separates syscalls by OS so we can build darwin.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1007
Approved by: baude
|
|
|
|
|
|
| |
Baude found an error in non linux bindings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
| |
THis should make libpod easier to build on non linux platforms.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1000
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
This should fix the issue with iptables being denied execution on
container cleanup
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #966
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
We no longer use runc code to read network I/O usage. This lets
us remove a lot of vendored code.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #425
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
When running a privileged container, it should inherit the same
devices the host has.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #330
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #206
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
|
| |
Also add --quiet option to kpod create/run since
this will help with writing tests.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #140
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
|
|
| |
Need to pull in the latest containers/storage and containers/image to fix lots of
issues. Also want to update runtime-tools to take advantage of newer generate
code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #152
Approved by: rhatdan
|
|
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|