Commit Graph

5608 Commits

Author SHA1 Message Date
2f6b8b94e8 enable dnsplugin for network create
when users create a new network and the dnsname plugin can be found by
podman, we will enable container name resolution on the new network.
there is an option to opt *out* as well.

tests cannot be added until we solve the packaging portion of the
dnsname plugin.

Signed-off-by: baude <bbaude@redhat.com>
2019-10-28 12:52:30 -05:00
ac73fd3fe5 Merge pull request from rhatdan/man
Cleanup man pages
2019-10-27 16:02:15 +01:00
ea46937675 Merge pull request from giuseppe/mask-release_agent
systemd: mask /sys/fs/cgroup/systemd/release_agent
2019-10-26 10:32:02 +02:00
94087bade2 Cleanup man pages
The format of the --network flags in man pages was all screwed up.
This patch cleans this up.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-10-25 16:47:53 -04:00
0d5d6dab57 systemd: mask /sys/fs/cgroup/systemd/release_agent
when running in systemd mode on cgroups v1, make sure the
/sys/fs/cgroup/systemd/release_agent is masked otherwise the container
is able to modify it and execute scripts on the host.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-25 21:50:29 +02:00
a01cb220c8 Merge pull request from sshnaidm/docs_net
Add multiple networks explanation to docs
2019-10-25 15:58:25 +02:00
77c7a28a72 Merge pull request from giuseppe/error-rootless-cni
rootless: raise an error with --network=
2019-10-24 21:29:53 +02:00
e4566cc216 Add multiple networks explanation to docs
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
2019-10-24 22:18:16 +03:00
8f75b3e8c9 rootless: raise an error with --network=
Closes: https://github.com/containers/libpod/issues/4332

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-24 20:14:24 +02:00
ba4a808fe7 Merge pull request from baude/rtdfirstmenu
Initial dump of man pages and first menus
2019-10-24 19:23:30 +02:00
a180dd43fc Initial dump of man pages and first menus
Signed-off-by: baude <bbaude@redhat.com>
2019-10-24 10:00:59 -05:00
43b1c2fa68 Merge pull request from mheon/update_vol_create_docs
Add documentation on options to volume create manpage
2019-10-24 15:12:51 +02:00
674dc2bc75 Merge pull request from giuseppe/detect-no-systemd-session
rootless: detect no system session with --cgroup-manager=systemd
2019-10-24 01:20:25 +02:00
299a430759 Merge pull request from mheon/no_noexec_image_volume
Image volumes should not be mounted noexec
2019-10-24 01:07:51 +02:00
4b8832a9af Merge pull request from mheon/uid_gid_options
Add parsing for UID, GID in volume "o" option
2019-10-24 01:07:43 +02:00
daadfe9744 Add documentation on options to volume create manpage
Document the rough equivalence between our option types and the
various parts of the mount command. Amend examples a bit to cover
this.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-23 15:35:57 -04:00
2e6c9aa490 Merge pull request from baude/rtdrequirements
add pip requirements file for rtd
2019-10-23 19:29:15 +02:00
57eaea9539 Image volumes should not be mounted noexec
This matches Docker more closely, but retains the more important
protections of nosuid/nodev.

Fixes 

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-23 12:09:22 -04:00
ef556cfecf Merge pull request from vrothberg/fix-4274
stats: list all running containers unless specified otherwise
2019-10-23 15:43:49 +02:00
77a2bbb1c0 stats: list all running containers unless specified otherwise
Unless specified otherwise by --all, --latest or via arguments, list all
running containers.  This matches the behaviour of Docker and is also
illustrated in the man pages where containers and options are marked to
be optional.

Fixes: 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2019-10-23 13:48:54 +02:00
13fe146840 rootless: detect no system session with --cgroup-manager=systemd
if the cgroup manager is set to systemd, detect if dbus is available,
otherwise fallback to --cgroup-manager=cgroupfs.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-23 09:26:54 +02:00
371af4344d add pip requirements file for rtd
read the docs requires a pip requirements file to build markdown files
instead of the rst format.

Signed-off-by: baude <bbaude@redhat.com>
2019-10-22 16:40:24 -05:00
46ad6bc1fa Merge pull request from baude/readthedocsinit
Initial checking for readthedocs
2019-10-22 23:28:24 +02:00
aac33a4a30 Initial checking for readthedocs
Signed-off-by: baude <bbaude@redhat.com>
2019-10-22 15:28:32 -05:00
f60a814e4d Add parsing for UID, GID in volume "o" option
Everything else is a flag to mount, but "uid" and "gid" are not.
We need to parse them out of "o" and handle them separately.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-22 14:32:54 -04:00
d358840ebe Merge pull request from mheon/anonymous_volumes
Add support for anonymous volumes to `podman run -v`
2019-10-22 14:50:28 +02:00
a329328186 Merge pull request from stevengubler/master
Markdown Formatting Fixes
2019-10-22 14:40:33 +02:00
5431aceb0a Merge pull request from haircommander/unused-var
exec: remove unused var
2019-10-22 02:08:01 +02:00
06850ea2c0 exec: remove unused var
Signed-off-by: Peter Hunt <pehunt@redhat.com>
2019-10-21 17:04:27 -04:00
efc54c3987 Merge pull request from mheon/fix_vol_inspect
Show volume options in 'volume inspect'
2019-10-21 22:20:40 +02:00
d2591a5433 Merge pull request from giuseppe/write-storage-overrides
rootless: write storage overrides to the conf file
2019-10-21 22:02:57 +02:00
03da8b641d Rewrite backend for remote 'volume inspect'
We need to use the new Inspect() endpoint instead of trying to
JSON the actual volume structs. Currently, the output seems
completely nonsensical; it seems like we're JSONing the struct
for the Varlink connection itself? This should restore sanity and
match the format of remote and local inspect on volumes.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-21 14:37:27 -04:00
fa9982b87e rootless: write storage overrides to the conf file
make sure the user overrides are stored in the configuration file when
first created.

Closes: https://github.com/containers/libpod/issues/2659

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-21 12:07:21 +02:00
d3520de633 Merge pull request from baude/remotestdin
Add ability to redirect bash for run -i
2019-10-20 13:49:08 +02:00
92152a5b80 Markdown Formatting Fixes
Signed-off-by: Steven Gubler <stevegubler@protonmail.com>
2019-10-18 15:38:30 -06:00
02ab9c73c1 Merge pull request from cnbattle/master
README.md update latest version to 1.6.2
2019-10-18 20:35:31 +02:00
6456f6da17 Show volume options in 'volume inspect'
We initialized the map to show them, but didn't actually copy
them in, so they weren't being displayed.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2019-10-18 13:42:31 -04:00
f0da9cfc26 Merge pull request from giuseppe/do-not-set-lingering-mode-by-default
rootless: do not enable lingering mode
2019-10-18 16:06:44 +02:00
2793ec29c6 Merge pull request from mheon/bump-1.6.2
Bump to v1.6.2

Signed-off-by: cnbattle <qiaicn@gmail.com>
2019-10-18 21:55:16 +08:00
123e034892 Merge pull request from haircommander/kube-test-refactor
play kube: refactor test suite
2019-10-18 15:52:56 +02:00
83644e24e5 Merge pull request from chuanchang/bz1731117
System tests: make sure exec pid hash w/o leaking
2019-10-18 15:38:22 +02:00
774a36d177 System tests: make sure exec pid hash w/o leaking
podman exec leaks an exec_pid_<hash> file for every exec in tmpfs,
it's known rhbz#1731117, this case makes sure leakage issue has
been fixed.

rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117

Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
2019-10-18 15:04:09 +08:00
b6fdfa041a Merge pull request from mheon/bump-1.6.2
Bump to v1.6.2
2019-10-17 23:02:40 +02:00
e2ddfd704b Bump gitvalidation epoch
Signed-off-by: Matthew Heon <mheon@redhat.com>
2019-10-17 15:09:46 -04:00
21f9c93073 Bump to v1.6.3-dev
Signed-off-by: Matthew Heon <mheon@redhat.com>
2019-10-17 15:09:46 -04:00
f3ffda1e08 Bump to v1.6.2
Signed-off-by: Matthew Heon <mheon@redhat.com>
v1.6.2
2019-10-17 15:09:41 -04:00
2b0892e757 Merge pull request from mheon/release_notes_1.6.2_final
Finalize release notes for v1.6.2
2019-10-17 21:09:05 +02:00
92b70f0637 Finalize release notes for v1.6.2
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-17 14:16:17 -04:00
0d623914d0 Add support for anonymous volumes to podman run -v
Previously, when `podman run` encountered a volume mount without
separate source and destination (e.g. `-v /run`) we would assume
that both were the same - a bind mount of `/run` on the host to
`/run` in the container. However, this does not match Docker's
behavior - in Docker, this makes an anonymous named volume that
will be mounted at `/run`.

We already have (more limited) support for these anonymous
volumes in the form of image volumes. Extend this support to
allow it to be used with user-created volumes coming in from the
`-v` flag.

This change also affects how named volumes created by the
container but given names are treated by `podman run --rm` and
`podman rm -v`. Previously, they would be removed with the
container in these cases, but this did not match Docker's
behaviour. Docker only removed anonymous volumes. With this patch
we move to that model as well; `podman run -v testvol:/test` will
not have `testvol` survive the container being removed by `podman
rm -v`.

The sum total of these changes let us turn on volume removal in
`--rm` by default.

Fixes: 

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-10-17 13:18:17 -04:00
f400e852c7 troubleshooting.md: document lingering mode
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-17 19:12:11 +02:00