Previously, when `podman run` encountered a volume mount without
separate source and destination (e.g. `-v /run`) we would assume
that both were the same - a bind mount of `/run` on the host to
`/run` in the container. However, this does not match Docker's
behavior - in Docker, this makes an anonymous named volume that
will be mounted at `/run`.
We already have (more limited) support for these anonymous
volumes in the form of image volumes. Extend this support to
allow it to be used with user-created volumes coming in from the
`-v` flag.
This change also affects how named volumes created by the
container but given names are treated by `podman run --rm` and
`podman rm -v`. Previously, they would be removed with the
container in these cases, but this did not match Docker's
behaviour. Docker only removed anonymous volumes. With this patch
we move to that model as well; `podman run -v testvol:/test` will
not have `testvol` survive the container being removed by `podman
rm -v`.
The sum total of these changes let us turn on volume removal in
`--rm` by default.
Fixes: #4276
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
network statistics cannot be collected for rootless network devices with
the current implementation. for now, we return nil so that stats will
at least for users.
Fixes:#4268
Signed-off-by: baude <bbaude@redhat.com>
Translate the podman build --squash command to podman build --layers=false which
has the same functionality as docker build --squash. Add a new option --squash-all
which will squash all layers into one. This will be translated to buildah bud --squash
for the buildah bud api.
Also allow only one option, squash, layers or squash--all to be used per build command.
Fixes: https://github.com/containers/buildah/issues/1234
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Changes include: Containerfile by default, add --device flags to bud, allow buildah bud to be called without
arguments, and a couple of small typo corrections.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This is a horrible hack to work around issues with Fedora 31, but
other distros might need it to, so we'll move it upstream.
I do not recommend this functionality for general use, and the
manpages and other documentation will reflect this. But for some
upgrade cases, it will be the only thing that allows for a
working system.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
it enforces the systemd mode also when the command name doesn't match
/usr/sbin/init or systemd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
"init" is a quite common name for the command executed in a container
image and Podman ends up using the systemd mode also when not
required.
Be stricter on enabling the systemd mode and not enable it
automatically when the basename is "init" but expect the full path
"/usr/sbin/init".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
CRI-O defaults to 1024 for the maximum pids in a container. Podman
should have a similar limit. Once we have a containers.conf, we can
set the limit in this file, and have it easily customizable.
Currently the documentation says that -1 sets pids-limit=max, but -1 fails.
This patch allows -1, but also indicates that 0 also sets the max pids limit.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We recently moved the "How to use libpod for custom/derivative projects" page to
the docs/tutorials directory. This adds a link to the README.md there so it can
be more easily found and adds a logo to the tutorial itself.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Anything with the .md suffix in docs/ gets compiled into a
manpage, so let's get things that aren't manpages out of there.
This isn't precisely a tutorial, but it seems like the next best
place.
Signed-off-by: Matthew Heon <mheon@redhat.com>
https://github.com/debarshiray/toolbox/ was planning to vendor
libpod which I disagreed with. Let's document the advantages/disadvantages
as they exist today.
Signed-off-by: Colin Walters <walters@verbum.org>
Add ability to evict a container when it becomes unusable. This may
happen when the host setup changes after a container creation, making it
impossible for that container to be used or removed.
Evicting a container is done using the `rm --force` command.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
close#3894
This patch let podman cp return 'no such file or directory' error if DEST_PATH does not exist and ends with / when copying file.
Signed-off-by: Qi Wang <qiwan@redhat.com>
* Update scipts to produce darwin and windows output
* Update batch file to re-direct help requests to browser
* Add pandoc filter for markdown to html links
Signed-off-by: Jhon Honce <jhonce@redhat.com>
when using the remote client, users may need to specify a non-standard
port for ssh connections. we can do so on the command line and within
the remote-client configuration file.
Fixes: #3987
Signed-off-by: baude <bbaude@redhat.com>
Currently if a user specifies a --mount option, their is no way to tell SELinux
to relabel the mount point.
This patch addes the relabel=shared and relabel=private options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to default to secure when running containers as root,
in rootless, we need to change the default if the system does not
support cgroup v1.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when removing a podman network, we need to make sure we delete the
network interface if one was ever created (by running a container).
also, when removing networks, we check if any containers are using the
network. if they are, we error out unless the user provides a 'force'
option which will remove the containers in question.
Signed-off-by: baude <bbaude@redhat.com>
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This isn't included in Docker, but seems handy enough.
Use the new API for 'volume rm' and 'volume inspect'.
Fixes#3891
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
