* Add network API tests
* Update network create endpoint to return ID not Name
Audit:
- GET /networks ListNetworks
- GET /networks/{id} InspectNetwork
- DELETE /networks/{id} RemoveNetwork
- POST /networks/create CreateNetwork
- POST /networks/prune 405 not implemented
Signed-off-by: Jhon Honce <jhonce@redhat.com>
We can't mount sysfs as rootless unless we manage the network
namespace. Problem: slirp4netns is now creating and managing a
network namespace separate from the OCI runtime, so we can't
mount sysfs in many circumstances. The `crun` OCI runtime will
automatically handle this by falling back to a bind mount, but
`runc` will not, so we didn't notice until RHEL gating tests ran
on the new branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Previously close rawSouce in the middle makes future use of rawSource invalid.
Move the rawSource.Close() to the end of each loop.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Currently asking for login password, even if not supported by
the ssh server. So wait with prompt until actually requested.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
@Luap99 is a long-term contributor, does a lot of reviews, contributed
many non-trivial patches, and is very active in the community.
Being in the OWNERS file gives privileges to approve (/approve) and
merge (/lgtm) pull requests.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Audit and add tests for required fields.
* Added issue for /images/load implementation
Audit:
- GET /images/json GetImages
- POST /build BuildImage
- POST /build/prune 404 not found
- POST /images/create CreateImageFromImage/CreateImageFromSrc
- GET /images/{name}/json GetImage
- GET /images/{name}/history HistoryImage
- POST /images/{name}/push PushImage
- POST /images/{name}/tag TagImage
- DELETE /images/{name} RemoveImage
- POST /images/prune PruneImages
- POST /commit CommitContainer
- GET /images/{name}/get ExportImage
- GET /images/get ExportImages
- POST /images/load LoadImages See https://github.com/containers/podman/issues/8586
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Mostly audit and minor changes to nil from ""
Audit:
- GET /containers/json ListContainers
- POST /containers/create CreateContainer
- GET /containers/{id}/json GetContainer
- GET /containers/{id}/top TopContainer
- GET /containers/{id}/logs LogsFromContainer
- GET /containers/{id}/changes Changes
- GET /containers/{id}/export ExportContainer
- GET /containers/{id}/stats StatsContainer
- POST /containers/{id}/resize ResizeTTY
- POST /containers/{id}/start StartContainer
- POST /containers/{id}/stop StopContainer
- POST /containers/{id}/restart RestartContainer
- POST /containers/{id}/kill KillContainer
- POST /containers/{id}/update 404 not supported
- POST /containers/{id}/rename 404 not supported
- POST /containers/{id}/pause PauseContainer
- POST /containers/{id}/unpause UnpauseContainer
- POST /containers/{id}/attach AttachContainer
- GET /containers/{id}/attach/ws 404 not supported
- POST /containers/{id}/wait WaitContainer
- DELETE /containers/{id} RemoveContainer
- HEAD /containers/{id}/archive Archive
- GET /containers/{id}/archive Archive
- PUT /containers/{id}/archive Archive
- POST /containers/prune PruneContainers
Images etc PR's will follow.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
We have been asked to leak some information into the container
to indicate:
* The name and id of the container
* The version of podman used to launch the container
* The image name and ID the container is based on.
* Whether the container engine is running in rootless mode.
Fixes: https://github.com/containers/podman/issues/6192
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
move the conmon process to the conmon cgroup also on exec.
The previous implementation would fail to move the conmon process as
the systemd unit already exists so its creation would fail.
When the unit cannot be created, attempt to directly join the cgroup
instead.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Docker defines an option of "default" which means to
use the default network. We should support this with
the same code path as --network="".
This is important for compatibility with the Docker API.
Fixes: https://github.com/containers/podman/issues/8544
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* verify socat and podman binaries exist
* setup a sandboxed podman service
* run podman service with socat proxy to capture API stream
* clean up sandbox leaving the log files for review
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Looks like #7337 was fixed (by #8112). Reenable a disabled
test for it; and make it actually work. Confirmed that
newly-added test fails on d45676549 (the commit before #8112).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Previously, we always computed pause path from the Rootless
runtime directory. Problem: this does not match the behavior of
Libpod when the directory changes. Libpod will continue to use
the previous directory, cached in the database; Pause pidfiles
will swap to the new path. This is problematic when the directory
needs to exist to write the pidfile, and Libpod is what creates
the directory.
There are two potential solutions - allow the pause pidfile to
move and just make the directory when we want to write it, or use
the cached Libpod paths for a guaranteed location. This patch
does the second, because it seems safer - we will never miss a
previously-existing pidfile because the location is now
consistent.
Fixes#8539
Signed-off-by: Matthew Heon <mheon@redhat.com>
when formatting mount options into a string for the compat container create, the options need to be comma delimited.
Signed-off-by: baude <bbaude@redhat.com>
