Introduce the concept of "intermediate UID" to explain
how --uidmap works when running rootless.
Add Markdown tables to show examples of how UIDs are mapped.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
In libpod/image.Image.Remove(), if the attempt to find the image's
parent fails for any reason, log a warning and proceed as though it
didn't have one instead of failing, which would leave us unable to
remove the image without resetting everything.
In libpod/Runtime.RemoveImage(), if we can't determine if an image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove
all images, if we encounter an error checking if a given image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
podman fails to build on CentOS 8 otherwise.
Essentially the same as commit 5a7a1a1 but cherry-picking it gave a lot
of conflicts, so I manually vendored it in.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes#10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Libpod operation id's changed to better match compatibile id
Builds on https://github.com/containers/podman/pull/9123 and corrects
a duplicated ID.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
So rootless setup could use this condition in parent and child, child
podman should adjust LISTEN_PID to its self PID.
Add system test for systemd socket activation
Signed-off-by: pendulm <lonependulm@gmail.com>
since we already have an exported function that does the check,
refactor the code to use it instead of duplicating the logic.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
As discussed in watercooler 2021-04-06: make sure that RHEL8
and CentOS are using runc. Using crun is probably a packaging
error that should be caught early.
Signed-off-by: Ed Santiago <santiago@redhat.com>
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.
Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.
Fixes: https://github.com/containers/podman/issues/9874
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Versions of the ps command have additional spaces between fields, this
manifests as the container asking to run "top" and API reporting "top "
as a process.
Endpoint and tests updated to check that "top" is reported.
There is no libpod specialized endpoint to update.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
This pointed to the container-unmount doc page. It now points to the
expected podman-image-unmount doc page.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
The split of install.docker and install.docker-docs makes some sense but
there should be some way to specify both for packagers.
This introduces `make install.docker-full` which installs both the
docker binary and the documentation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Commit 3908c00799fe2af1a12c9c4f4be8b49dbdecd9be introduces a split for
installing the docker binary and the docker documentation. The
install line creating BINDIR and MANDIR was both moved to the
install.docker-docs path which makes `install.docker` fail.
Signed-off-by: Morten Linderud <morten@linderud.pw>
* Adjust Markdown layout for --userns.
* Make the --userns sections identical for podman-run.1.md and podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Fix typos --uidmapping and --gidmapping in podman-run.1.md
* Add the corresponding sentence in podman-create.1.md
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
For commands that use the golang template library directly add the
compatible template functions
[NO TESTS NEEDED]
Fixes#8773
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Docker does not relabel this content, and openstack is running
containers in this manner. There is a penalty for doing this
on each container, that is not worth taking on a disable SELinux
container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We define in the man page that this overrides the default storage
options, but the code was appending to the existing options.
This PR also makes a change to allow users to specify --storage-opt="".
This will turn off all storage options.
https://github.com/containers/podman/issues/9852
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Initially I was missing transport information on podman manifest add.
Especially the `containers-storage` transport which references the
local image store. Had a use case where this came in quite handy and it
is not stated anywhere else in the docs. Suppose it does not make sense
for podman pull & push.
I've only added containers-storage and docker transports for
manifest add since I know those work. Maybe others work too.
I then also added the destination section to manifest push as it is done
in podman push & pull. I've added all transports here, but I don't know
if all are supported. Please review.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
One of the side-effects of the `--userns=keep-id` command is
switching the default user of the container to the UID of the
user running Podman (though this can still be overridden by the
`--user` flag). However, it did this by setting the UID and GID
in the OCI spec, and not by informing Libpod of its intention to
switch users via the `WithUser()` option. Because of this, a lot
of the code that should have triggered when the container ran
with a non-root user was not triggering. In the case of the issue
that this fixed, the code to remove capabilities from non-root
users was not triggering. Adjust the keep-id code to properly
inform Libpod of our intention to use a non-root user to fix
this.
Also, fix an annoying race around short-running exec sessions
where Podman would always print a warning that the exec session
had already stopped.
Fixes#9919
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Changed reference in swagger to correct struture that was being
returned.
* Added summary to ManifestAddLibpod to clean up generated web site
* Added serve target to Makefile, to aid in debugging generated
web site
Signed-off-by: Jhon Honce <jhonce@redhat.com>
