summaryrefslogtreecommitdiff
path: root/vendor
Commit message (Collapse)AuthorAge
* Vendor CNI plugins firewall codeMatthew Heon2018-09-10
| | | | | | | | | | | | | | The upstream CNI project has a PR open for adding iptables and firewalld support, but this has been stalled for the better part of a year upstream. On advice of several maintainers, we are vendoring this code into libpod, to perform the relevant firewall configuration ourselves. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1431 Approved by: baude
* use layer cache when building imagesbaude2018-09-07
| | | | | | | | | | | | | | | | to more closely mimic docker default behavior, the --layers cli option is set to true by default for podman. the buildah environment variable of BUILDAH_LAYERS is still honored and will override the command line input. this should be considered in place of PR #1383. Many thanks for Scott McCarty for inspiring this welcome change. Signed-off-by: baude <bbaude@redhat.com> Closes: #1422 Approved by: rhatdan
* vendor containerd/cgroupsbaude2018-09-06
| | | | | | | | | | | We need to vendor in the latest containerd/cgroups for a fix related to slice delegation and systemd <= 239. The opencontainer/runtime-spec is brought along for the ride. Signed-off-by: baude <bbaude@redhat.com> Closes: #1414 Approved by: mheon
* Vendor in latest containers/storage and containers/imageDaniel J Walsh2018-08-31
| | | | | | | | | | | | | Update container/image to address a commit error when copying layers and metadata. This change may require users to recreate containers. container/storage added some new lock protection to prevent possible deadlock and data corruption. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1381 Approved by: mheon
* Vendor in latest projectatomic/buildahDaniel J Walsh2018-08-29
| | | | | | | | | | | | This will help document the defaults in podman build. podman build --help will now show the defaults and mention the environment variables that can be set to change them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1364 Approved by: mheon
* Vendor easyjson code to fix buildMatthew Heon2018-08-24
| | | | | | | | | | | To ensure we can build without easyjson installed, vendor the easyjson repository as the generated files use the easyjson library. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1322 Approved by: mheon
* Vendor in latest projectatomic/buildahumohnani82018-08-23
| | | | | | | | | | Fixes to podman build for unknown image and ADD with url when doing --layers. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1330 Approved by: mheon
* Vendor changes to psgohaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1298 Approved by: mheon
* Vendor in latest buildah and imagebuilderDaniel J Walsh2018-08-17
| | | | | | | | | We want to add the latest support for COPY --chown UID:GID. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1289 Approved by: TomSweeneyRedHat
* Vendor in latest containers/psgo codeDaniel J Walsh2018-08-16
| | | | | | | | | | | | | | | | | | This fixes a couple of issues with podman top. podman top --latest USER HUSER Now shows you the User inside of the containers usernamespace as well as the user on the host. podman top --latest capeff capbnd Now has headings that differentiatiate between the Capabiltiies. We also have support for ambient capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1286 Approved by: vrothberg
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* build, rootless: specify IsolationOCIRootlessGiuseppe Scrivano2018-08-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1269 Approved by: rhatdan
* vendor: update buildah versionGiuseppe Scrivano2018-08-15
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1269 Approved by: rhatdan
* We need to sort mounts so that one mount does not over mount another.Daniel J Walsh2018-08-10
| | | | | | | | | | | | | | | | | Currently we add mounts from images, volumes and internal. We can accidently over mount an existing mount. This patch sorts the mounts to make sure a parent directory is always mounted before its content. Had to change the default propagation on image volume mounts from shared to private to stop mount points from leaking out of the container. Also switched from using some docker/docker/pkg to container/storage/pkg to remove some dependencies on Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1243 Approved by: mheon
* Vendor in latest github.com/projectatomic/buildahDaniel J Walsh2018-08-03
| | | | | | | | | | | | | | This adds support for Dockerfile.in and fixes some limits issues on docker build Also adds support for podman build to read Dockerfile from stdin. cat Dockerfile | podman build -f - . Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1209 Approved by: mheon
* Add documentations on how to setup /etc/subuid and /etc/subgidDaniel J Walsh2018-07-31
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1185 Approved by: giuseppe
* vendor: update containers/storageGiuseppe Scrivano2018-07-28
| | | | | | | | | | | update to version 956a1971694f18fd602b1203c0a2d192e2cc88a1 inherit support for IDs shifting when fuse-overlayfs is used. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1177 Approved by: mheon
* Update vendored version of runc,buildah,containers/imageDaniel J Walsh2018-07-27
| | | | | | | | | | | | | | | There is a compiler warning that has been fixed in the upstream, so I figured we should update to fix. Also vendor in latest buildah to get better support for running builds in rootless mode. Vendor in latest containers/image to allow daemon support to be pluggable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1169 Approved by: mheon
* Update containernetworking/plugins to current masterMatthew Heon2018-07-27
| | | | | | | | | | We need to pick up changes to the netns packages that are not yet in a released tag. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1165 Approved by: baude
* vendor latest containers/psgoValentin Rothberg2018-07-26
| | | | | | | Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1162 Approved by: rhatdan
* Vendor latest container/storage to fix overlay mountoptDaniel J Walsh2018-07-25
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1160 Approved by: mheon
* Vendor in latest containers/psgo codeDaniel J Walsh2018-07-24
| | | | | | | | | Fixes spaces and sorting on capabilties and Descriptors Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1148 Approved by: vrothberg
* AppArmor: runtime check if it's enabled on the hostValentin Rothberg2018-07-23
| | | | | | | | | Check at runtime if AppArmor is enabled on the host. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1128 Approved by: mheon
* Update psgo vendorMatthew Heon2018-07-20
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* podman-top: use containers/psgoValentin Rothberg2018-07-19
| | | | | | | | | | | | | | | | | Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
* Vendor in latest code for storage,image, buildahDaniel J Walsh2018-07-19
| | | | | | | | | | | vendor in containers/storage vendor in containers/image vendor in projectatomic/buildah Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1114 Approved by: mheon
* Abort a test on nil containers, so that future tests don't panicMiloslav Trmač2018-07-19
| | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1111 Approved by: baude
* Support multiple networksbaude2018-07-12
| | | | | | | | | | | | | This is a refresh of Dan William's PR #974 with a rebase and proper vendoring of ocicni and containernetworking/cni. It adds the ability to define multiple networks as so: podman run --network=net1,net2,foobar ... Signed-off-by: baude <bbaude@redhat.com> Closes: #1082 Approved by: baude
* Log all output of logrus to syslog as well as stdout/stderrDaniel J Walsh2018-07-12
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1084 Approved by: baude
* urfave/cli: fix regression in short-opts parsingValentin Rothberg2018-07-09
| | | | | | | | | | | Add the actual argument, not the one we're looking for when searching the to-be-translated short-opt string. Otherwise, we're likely to hit an infinite loop. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1066 Approved by: rhatdan
* Vendor in latest buildah to add masks for /proc/keys and /proc/acpiDaniel J Walsh2018-07-09
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1062 Approved by: baude
* Vendor in latest containers/storageDaniel J Walsh2018-07-08
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1061 Approved by: baude
* urfave/cli: fix parsing of short optsValentin Rothberg2018-07-05
| | | | | | | | | | | | | Vendor an updated version of urfave/cli to fix the parsing of short options. Until the fix is merged upstream, vendor the code from github.com/vrothberg/cli containing both, the latest urfave/cli and the bug fix. Fixes: #714 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1046 Approved by: rhatdan
* vendor in selinux and buildah for darwin compilationbaude2018-07-02
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1037 Approved by: baude
* changes to allow for darwin compilationbaude2018-06-29
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1015 Approved by: baude
* Start using github.com/seccomp/containers-golangDaniel J Walsh2018-06-29
| | | | | | | | | User newer seccomp bindings from the seccomp upstream Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1021 Approved by: giuseppe
* Vendor latest projectatomic/buildahumohnani82018-06-28
| | | | | | | | | | Fixes issue with build for last step of docker file when building with --layers. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1023 Approved by: mheon
* vendor in latest golang/x/sysbaude2018-06-28
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1022 Approved by: baude
* vendor in latest docker packagebaude2018-06-28
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1022 Approved by: baude
* Vendor in latest buildahbaude2018-06-27
| | | | | | | Signed-off-by: baude <bbaude@redhat.com> Closes: #1007 Approved by: baude
* Vendor in latest runtime-toolsbaude2018-06-27
| | | | | | | | | Newer runtime tools separates syscalls by OS so we can build darwin. Signed-off-by: baude <bbaude@redhat.com> Closes: #1007 Approved by: baude
* Vendor in latest containers/imageumohnani82018-06-27
| | | | | | | | | | Fixes issue with podman search of private registries. Podman search was not picking up the credentials from the authfile. This fixes it. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #998 Approved by: rhatdan
* Vendor in go-selinux againDaniel J Walsh2018-06-26
| | | | | | Baude found an error in non linux bindings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update the vendoring of github.com/opencontainers/selinuxDaniel J Walsh2018-06-26
| | | | | | | | | THis should make libpod easier to build on non linux platforms. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1000 Approved by: mheon
* Update ocicni vendor to pick up bugfixesMatthew Heon2018-06-25
| | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com> Closes: #991 Approved by: rhatdan
* Add cap-add and cap-drop to build man pageTomSweeneyRedHat2018-06-22
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #968 Approved by: mheon
* Vendor containers/storage for better error reporting on dupsDaniel J Walsh2018-06-20
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #971 Approved by: mheon
* Vendor in latest go-selinuxDaniel J Walsh2018-06-19
| | | | | | | | | | This should fix the issue with iptables being denied execution on container cleanup Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #966 Approved by: mheon
* Vendor in latest projectatomic/buildahumohnani82018-06-14
| | | | | | | | | Adds --rm and --force-rm to podman build. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #945 Approved by: rhatdan
* Vendor in latest buildah codeDaniel J Walsh2018-06-13
| | | | | | | | | | This will add --layers support. Also add missing information in man pages on podman build features. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #938 Approved by: umohnani8