it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I'd left this out in a4b483c848 (libpod/container_internal: Deprecate
implicit hook directories, 2018-12-02, #1920).
Signed-off-by: W. Trevor King <wking@tremily.us>
define two environment variables, that simplify the task of cleaning
up the storage, as we can do something like:
podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT'
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes#1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
We want to start supporting the registries.conf format.
Also start showing blocked registries in podman info
Fix sorting so all registries are listed together in podman info.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fallback to executing ps(1) in case we hit an unknown psgo descriptor.
This ensures backwards compatibility with docker-top, which was purely
ps(1) driven.
Also support comma-separated descriptors as input.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
the podman generate systemd command will generate a systemd unit file
based on the attributes of an existing container and user inputs. the
command outputs the unit file to stdout for the user to copy or
redirect. it is enabled for the remote client as well.
users can set a restart policy as well as define a stop timeout
override for the container.
Signed-off-by: baude <bbaude@redhat.com>
As part of this, rework the number of workers used by various
Podman tasks to match original behavior - need an explicit
fallthrough in the switch statement for that block to work as
expected.
Also, trivial change to Podman cleanup to work on initialized
containers - we need to reset to a different state after cleaning
up the OCI runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The `--mount` options was after the `--uts` option in the man page
for run. This moves it up into alphabetical order. No other changes
to the text.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
it is useful to migrate existing containers to a new version of
podman. Currently, it is needed to migrate rootless containers that
were created with podman <= 1.2 to a newer version which requires all
containers to be running in the same user namespace.
Closes: https://github.com/containers/libpod/issues/2935
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The --read-only-tmpfs option caused podman to mount tmpfs on /run, /tmp, /var/tmp
if the container is running int read-only mode.
The default is true, so you would need to execute a command like
--read-only --read-only-tmpfs=false to turn off this behaviour.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add the ability for podman to read and write events to journald instead
of just a logfile. This can be controlled in libpod.conf with the
`events_logger` attribute of `journald` or `file`. The default will be
set to `journald`.
Signed-off-by: baude <bbaude@redhat.com>
Supporting the all-tags semantics added some non-trivial code to the
pull command which does not make use of `registries.conf` and introduced
some regressions such as not adhering to the configured search registries.
Speacial case the all-tags flags to let existing users of all-tags
continue working while others can work again. This implies that the
all-tags pull does not adhere to configured search registries while the
default (non-all-tags) pull does.
Note that this is a purely symptomaic fix. A final solution should
include Buildah and the c/image library to avoid redundant and
error-prone code across the projects.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1701922
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We refer to the pause_image and pause_container in the libpod.conf
description, but internally we had infra_image and infra_container.
This means it the user made changes to the conf, it would not effect the
actual tool using libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman system prune would leave pods be, and not prune them if they were stopped.
Fix this by adding a `podman pod prune` command that prunes stopped pods similarly to containers.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Seems like we have some old references to crio man pages left
over in the docs, since we don't mention crio in man pages
we should not be referencing the man page in the see-also.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The 'docker commit' will never include a container's volumes when
committing, without an explicit request through '--change'.
Podman, however, defaulted to including user volumes as image
volumes.
Make this behavior depend on a new flag, '--include-volumes',
and make the default behavior match Docker.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
