5223 Commits

Author SHA1 Message Date
3acfc3b7df Merge pull request #3997 from QiWang19/sigpath
fix podman sign signature store for rootless
2019-09-12 22:23:29 +02:00
42332a3ea2 Merge pull request #3989 from mheon/storage_containers_add_info
Add further fields to StorageContainer
2019-09-12 22:23:17 +02:00
af8fedcc78 Merge pull request #3999 from jwhonce/wip/msi
Support building Windows msi file
2019-09-12 19:44:35 +02:00
8c3349bc08 Merge pull request #3959 from giuseppe/rootless-use-systemd-scope
rootless: automatically create a systemd scope
2019-09-12 19:04:07 +02:00
2de4987086 Merge pull request #4004 from giuseppe/fix-private-cgroup-systemd
linux: fix systemd with --cgroupns=private
2019-09-12 18:51:55 +02:00
046c081ed0 Add podman icon to installer
Update Makefile per review comments

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2019-09-12 09:35:54 -07:00
afa3d11381 Merge pull request #4003 from TomSweeneyRedHat/dev/tsweeney/rootlessup2
Touch up some bad grammar in rootless doc
2019-09-12 15:39:45 +02:00
b1e36204b3 Touch up some bad grammar in rootless doc
After my last update for the 'Shortcomings of Rootless Podman' was merged,
I spotted a few grammatical nits that this corrects.

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2019-09-12 08:34:08 -04:00
a249c98db8 linux: fix systemd with --cgroupns=private
When --cgroupns=private is used we need to mount a new cgroup file
system so that it points to the correct namespace.

Needs: https://github.com/containers/crun/pull/88

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-09-12 14:33:26 +02:00
57e093b3ae Merge pull request #3994 from cevich/fix_img_build_sebool
Cirrus: Fix unnecessary setsebool
2019-09-12 14:01:05 +02:00
ce31aa37d6 Merge pull request #3968 from TomSweeneyRedHat/dev/tsweeney/rootlessup
Add cgroup v2 info to rootless tutorial
2019-09-12 10:20:34 +02:00
65114a6881 Merge pull request #3996 from rhatdan/trust
podman-remote image trust is broken
2019-09-12 10:04:03 +02:00
7e88bf7fd0 rootless: run pause process in its own scope
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-09-12 08:35:27 +02:00
afd0818326 rootless: automatically create a systemd scope
when running in rootless mode and using systemd as cgroup manager
create automatically a systemd scope when the user doesn't own the
current cgroup.

This solves a couple of issues:

on cgroup v2 it is necessary that a process before it can moved to a
different cgroup tree must be in a directory owned by the unprivileged
user.  This is not always true, e.g. when creating a session with su
-l.

Closes: https://github.com/containers/libpod/issues/3937

Also, for running systemd in a container it was before necessary to
specify "systemd-run --scope --user podman ...", now this is done
automatically as part of this PR.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-09-12 08:35:26 +02:00
b94a5e2410 utils: use the user session for systemd
when running as rootless, use the user session bus.  It is already
implemented in the pkg/cgroups so just re-use it.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-09-12 08:35:26 +02:00
ecb958e598 Support building Windows msi file
* Update Makefile to build msi
* Add podman.wxs to define podman.msi
  * Version information provided by Makefile
* Add podman.bat wrapper for podman-remote-windows.exe to ensure environment
* Add wix xml schemas for reference

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2019-09-11 16:15:52 -07:00
6c702171da Add cgroup v2 info to rootless tutorial
Adding cgroup v2 information to the rootless tutorial.  Will post it to a Google Doc
to for easier review comments.

https://docs.google.com/document/d/1hrxU-CYhrKDjMf6cIRuegbyY9pkDv-AlEF-i0I8_kdk

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2019-09-11 17:15:52 -04:00
569c2e523d fix podman sign signature store for rootless
Store the the signature under graphroot when using rootless podman image sign.

Signed-off-by: Qi Wang <qiwan@redhat.com>
2019-09-11 16:27:42 -04:00
10c293d7a9 podman-remote image trust is broken
We should not be making it available, it does nothing.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-09-11 16:03:45 -04:00
866d4763a1 Cirrus: Fix unnecessary setsebool
By mistake this was added to run for the image-building-VM and is not
supported.  Kill it.

Signed-off-by: Chris Evich <cevich@redhat.com>
2019-09-11 14:03:20 -04:00
79ebb5f254 Merge pull request #3988 from mheon/fix_lookup_volume
Volume lookup needs to include state to unmarshal into
2019-09-11 18:17:30 +02:00
3c277a67d5 Add further fields to StorageContainer
This will be used when we allow 'podman ps' to display info on
storage containers instead of Libpod containers.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2019-09-11 10:53:21 -04:00
f73c3b868d Merge pull request #3973 from baude/validateupdate
add lint and manpage check to make validate
2019-09-11 16:45:55 +02:00
5ddfe5d95d Volume lookup needs to include state to unmarshal into
Lookup was written before volume states merged, but merged after,
and CI didn't catch the obvious failure here. Without a valid
state, we try to unmarshall into a null pointer, and 'volume rm'
is completely broken because of it.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-09-11 10:17:28 -04:00
093013b099 Merge pull request #3984 from mheon/prune_no_in_use_error
Do not prune images being used by a container
2019-09-11 15:31:15 +02:00
9cf852c305 Merge pull request #3927 from openSUSE/manager-annotations
Add `ContainerManager` annotation to created containers
2019-09-11 09:34:14 +02:00
7ac6ed3b4b Merge pull request #3581 from mheon/no_cgroups
Support running containers without CGroups
2019-09-11 00:58:46 +02:00
997c4b56ed Merge pull request #3961 from mheon/copy_volume_contents
When first mounting any named volume, copy up
2019-09-10 22:24:43 +02:00
3e92bcbf71 Do not prune images being used by a container
Podman is not the only user of containers/storage, and as such we
cannot rely on our database as the sole source of truth when
pruning images. If images do not show as in use from Podman's
perspective, but subsequently fail to remove because they are
being used by a container, they're probably being used by Buildah
or another c/storage client.

Since the images in question are in use, we shouldn't error on
failure to prune them - we weren't supposed to prune them in the
first place.

Fixes: #3983

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-09-10 13:30:50 -04:00
c1761ba1ac Merge pull request #3817 from xcffl/master
Add explanation mounting named volumes for `podman run`
2019-09-10 19:17:39 +02:00
095647cd6f Merge pull request #3966 from cfelder/fixup-makefile-bsd
Fixup Makefile for BSD systems, e.g. macOS
2019-09-10 17:19:06 +02:00
c2284962c7 Add support for launching containers without CGroups
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-09-10 10:52:37 -04:00
52335367bc Merge pull request #3964 from TomSweeneyRedHat/dev/tsweeney/journaldimgfix
Turn off journald in podmanimages on quay.io
2019-09-10 15:03:16 +02:00
ba7e863ac3 add lint and manpage check to make validate
make validate now runs golangci-lint and the man-page-checker to ensure
a PR is ready for our CI system.

Signed-off-by: baude <bbaude@redhat.com>
2019-09-10 05:45:59 -05:00
df036f9f8e Add ContainerManager annotation to created containers
This change adds the following annotation to every container created by
podman:

```json
"Annotations": {
    "io.containers.manager": "libpod"
}
```

Target of this annotaions is to indicate which project in the containers
ecosystem is the major manager of a container when applications share
the same storage paths. This way projects can decide if they want to
manipulate the container or not. For example, since CRI-O and podman are
not using the same container library (libpod), CRI-O can skip podman
containers and provide the end user more useful information.

A corresponding end-to-end test has been adapted as well.

Relates to: https://github.com/cri-o/cri-o/pull/2761

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2019-09-10 09:37:14 +02:00
b6106341fb When first mounting any named volume, copy up
Previously, we only did this for volumes created at the same time
as the container. However, this is not correct behavior - Docker
does so for all named volumes, even those made with
'podman volume create' and mounted into a container later.

Fixes #3945

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-09-09 17:17:39 -04:00
9a55bce9e4 Merge pull request #3896 from mheon/volume_lookup
Add ability to look up volumes by unambiguous partial name
2019-09-09 21:48:30 +02:00
7042a3d7a5 Merge pull request #3862 from baude/networkcreate
podman network create
2019-09-09 19:44:57 +02:00
511b071745 Merge pull request #3975 from edsantiago/man_page_checker_better_diagnostics
hack/man_page_checker - improve diagnostics
2019-09-09 19:19:05 +02:00
046178e55f Add function for looking up volumes by partial name
This isn't included in Docker, but seems handy enough.

Use the new API for 'volume rm' and 'volume inspect'.

Fixes #3891

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-09-09 12:06:10 -04:00
2c73633e3b hack/man_page_checker - improve diagnostics
Make the errors more readable, with clearer instructions on
what to look for, and which filename, and what we expect to
see, and perhaps even how to approach a fix.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2019-09-09 09:37:52 -06:00
16a7049085 Merge pull request #3971 from cfelder/fixup-getconfighomedir
Fixup `util.GetRootlessConfigHomeDir` permission requirements
2019-09-09 16:37:13 +02:00
ee432cf279 podman network create
initial implementation of network create.  we only support bridging
networks with this first pass.

Signed-off-by: baude <bbaude@redhat.com>
2019-09-09 09:32:43 -05:00
f44b05f6fd Fixup util.GetRootlessConfigHomeDir permission requirements
Do not require 0755 permissons for the ~/.config directory but require
at least 0700 which should be sufficient. The current implementation
internally creates this directory with 0755 if it does not exist, but if the
directory already exists with different perissions the current code returns
an empty string.

Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
2019-09-09 15:17:42 +02:00
d78521de11 Merge pull request #3914 from marcov/units-opts
cli-flags: use a consistent format for <size><unit>
2019-09-09 10:06:11 +02:00
f500feb2f1 Merge pull request #3944 from giuseppe/build-cgroup-manager
build: pass down the cgroup manager to buildah
2019-09-08 17:29:30 +02:00
731281193a Merge pull request #3965 from rhatdan/completions
Fix podman import bash completions
2019-09-08 17:20:57 +02:00
82025e7dbe Fixup Makefile for BSD systems, e.g. macOS
The bsd variant of `ln` does not support the ``-T`` option.
Testing for existence using wildcard before creating new symlinks
should be sufficient here. Furthermore the target directory is
managed internally by this Makefile anyway.

Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
2019-09-07 19:42:41 +02:00
3d240bd795 Replace "podman" with "Podman"
Signed-off-by: xcffl <xcffl@outlook.com>
2019-09-07 20:16:42 +08:00
cd7a1ac194 Add instructions for mounting named volumes
from the host for `podman run`

Signed-off-by: xcffl <xcffl@outlook.com>
2019-09-07 19:28:21 +08:00