| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
This will allow container processes to write to the CRIU socket that gets injected
into the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
This updates buildah for the sysregistriesv2 changes.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
| |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
| |
This should improve performance on vfs images on top of xfs/reflink drives.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
inherit a change for rootless containers to ignore devices nodes
inside of images.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
This allows us to modify the containers mount option on a per/container basis
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
inherit a change for not failing a recursive relabelling if the file
is removed between the directory is read and the lsetxattr syscall.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
Pulls in fix for COPY --from when using --layers
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
| |
Use github.com/google/shlex for splitting commands instead of splitting
at whitespaces. This way, we avoid accidentally splitting single string
arguments into mutliple ones.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
|
| |\
| |
| | |
Set --force-rm for podman build to true by default
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since we use buildah containers for the build process, the
user will not know if we have any buildah containers lingering
due to a failed build. Setting this to true by default till
we figure out a better way to solve this.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
We need this to start testing metacopy up for podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We implement the securejoin method to make sure the paths to /etc/passwd and
/etc/group are not symlinks to something naughty or outside the container
image. And then instead of actually chrooting, we use the runc functions to
get information about a user. The net result is increased security and
a a performance gain from 41ms to 100us.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
Move selinux label reservations to containers storage.
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
|
| |
libpod requires new buildah and container image versions to resolve
bug #1640298
Signed-off-by: baude <bbaude@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\
| |
| | |
Add ability to specify static IPs with --ip flag
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Includes necessary changes for static IPs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
| |/
|
|
|
|
| |
Catches more errors when checking for login credentials.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Grab latest fixes from subpackages
Including fixes for usernamespace chowning retaining file attributes
Better logging of error messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes issues with builtin volumes having correct ownership and permissions
when doing podman builds.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1525
Approved by: giuseppe
|
| |
|
|
|
|
|
|
|
|
| |
This will cause /proc inside of the container to match the mount options
of the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1511
Approved by: baude
|
| |
|
|
|
|
| |
Switch from projectatomic/buildah to containers/buildah
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Buildah
Fixes to COPY and ADD to properly follow symbolic links is SRC is a symbolic link
Print out a digest message on successful push.
We should not drop the Bounding set when running as a non priv user in podman build
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1483
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Containers image has a fix docker tarfile: use the cached digest if existing
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1482
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
| |
Picks up changes made to authentication for registry search.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
| |
When running lots of podman commands simultaneously we were able to get
into a deadlock situation. The updated containers/storage should fix this issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1454
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream CNI project has a PR open for adding iptables and
firewalld support, but this has been stalled for the better part
of a year upstream.
On advice of several maintainers, we are vendoring this code into
libpod, to perform the relevant firewall configuration ourselves.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1431
Approved by: baude
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to more closely mimic docker default behavior, the --layers
cli option is set to true by default for podman. the buildah
environment variable of BUILDAH_LAYERS is still honored and will
override the command line input.
this should be considered in place of PR #1383.
Many thanks for Scott McCarty for inspiring this welcome change.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1422
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
| |
We need to vendor in the latest containerd/cgroups for a fix related to
slice delegation and systemd <= 239. The opencontainer/runtime-spec is
brought along for the ride.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1414
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update container/image to address a commit error when copying layers and metadata.
This change may require users to recreate containers.
container/storage added some new lock protection to prevent possible deadlock and
data corruption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1381
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
| |
To ensure we can build without easyjson installed, vendor the
easyjson repository as the generated files use the easyjson
library.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
| |
Fixes to podman build for unknown image and ADD with url
when doing --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1330
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
|
| |
|
|
|
|
|
|
|
| |
We want to add the latest support for COPY --chown UID:GID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1289
Approved by: TomSweeneyRedHat
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a couple of issues with podman top.
podman top --latest USER HUSER
Now shows you the User inside of the containers usernamespace as well as the user on the host.
podman top --latest capeff capbnd
Now has headings that differentiatiate between the Capabiltiies. We also have support for
ambient capabilities.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1286
Approved by: vrothberg
|
| |
|
|
|
|
|
|
|
|
| |
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1269
Approved by: rhatdan
|
| |
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1269
Approved by: rhatdan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we add mounts from images, volumes and internal.
We can accidently over mount an existing mount. This patch sorts the mounts
to make sure a parent directory is always mounted before its content.
Had to change the default propagation on image volume mounts from shared
to private to stop mount points from leaking out of the container.
Also switched from using some docker/docker/pkg to container/storage/pkg
to remove some dependencies on Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1243
Approved by: mheon
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for Dockerfile.in and fixes some limits
issues on docker build
Also adds support for podman build to read Dockerfile from stdin.
cat Dockerfile | podman build -f - .
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1209
Approved by: mheon
|
