This change implements docker compatibile endpoint for interacting with
volumes. The code is mostly lifted from the `libpod` API handlers but
decodes and constructs data using types defined in the docker API
package.
Some notable support caveats with the current implementation:
* we don't return the nullable `Status` or `UsageData` keys when
returning volume information for inspect and create endpoints
* we don't support filters when pruning
* we return a fixed `0` for the `SpaceReclaimed` key when pruning
since we have no insight into how much space was freed from runtime
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
In the API, we are currently returning the image time of creation
as a string, in time.Time format. The API is for a 64 bit integer
representing Unix time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
test-apiv2 has two basic comparisons of returned JSON:
equality and likeness ('=' and '~'). When logging failures,
the test runner shows both actual and expected values. When
logging success, for '=' there's no need to show both actual
and expected. But for '~', it can be helpful (for verifying
test correctness) to show the actual returned value.
To be specific:
old: ok ... .MemTotal~[0-9]\+
new: ok ... .MemTotal ('33509068800') ~ [0-9]\+
old: ok ... .[0].State~\(exited\|stopped\)
new: ok ... .[0].State ('exited') ~ \(exited\|stopped\)
The main benefit is that a developer or end user can
easily see precisely what was returned; this can help
confirm that the test is working as intended, and/or
help fine-tune how the test is written.
Signed-off-by: Ed Santiago <santiago@redhat.com>
podman inspect is problematic because there can be naming clashes. Also,
it only inspects a couple of types of objects and the docs for it didn't
help discover that several more types could be inspected as well.
To address both concerns, we deprecate `podman inspect` and update the
docs to point to to the recommend alternatives.
Issue: #6756
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
a cgroup can have ':' in its name. Make sure the parser doesn't split
more than 3 fields and leave untouched the ':' in the cgroup name.
commit 6ee5f740a4ecb70636b888e78b02065ee984636c introduced the issue.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Containers/image will use TMPDIR for the location of pulled layer blobs.
If TMPDIR is not set, it will use /tmp. Since this is known to be of
limited space on most systems, we change the default to /var/tmp
if the user has not told the tools where to store temporary files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This change ensures that we only override a container's entrypoint if it
is set to something other than `nil`.
Signed-off-by: Matt Brindley <58414429+maybe-sybr@users.noreply.github.com>
This makes it clear that we target compatibility with a specific
Docker version (v1.40), but do not reject other versions. It also
adds a link to documentation on the Podman-specific API.
Signed-off-by: Matthew Heon <mheon@redhat.com>
move the chown for newly created volumes after the spec generation so
the correct UID/GID are known.
Closes: https://github.com/containers/libpod/issues/5698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Run `podman auto-update` in the systemd system tests. Note that this is
a first step to at least exercise parts of `auto-update` in the CI. The
service won't get updated just yet as we need to set up a local
registry, and push a new image. I do not have enough time at the moment
to do that but consider this change already as an improvement.
We are experiencing some issues in #6793 w.r.t. to auto-updates but
couldn't track down the root cause yet.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes#6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* --remote, --url and --identity are now anchored to podman command.
Subcommands should no longer have issues
* TraverseChildren now set to V1 expectations
* Latest flag now has helper function. Now has consistent usage.
* IsRemote() uses cobra parser to determin if --remote is given
* Moved validation functions from parser pkg to validate pkg
*
Fixes#6598Fixes#6704
Signed-off-by: Jhon Honce <jhonce@redhat.com>
We need a umask of 0022 to ensure containers are created
correctly, but we set a different one prior to starting the
server (to ensure the unix socket has the right permissions).
Thus, we need to set the umask after the socket has been bound,
but before the server begins accepting requests.
Fixes#6787
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Followup to #6761: confirm that 'podman ps' shows the ports
on a running container in a pod created with -p (not to
be confused with the container itself running with -p,
tested in 500-networking.bats).
While we're at it, test that the port handling itself works,
by sending random text to the container and making sure the
container receives it.
Followup to #6752: 'podman inspect' should show multiple
security opts
Signed-off-by: Ed Santiago <santiago@redhat.com>
Also make sure that the limits we set for rootless are not higher than
what we'd set for root containers.
Rootless containers failed to start when the calling user already
had ulimit (e.g. on NOFILE) set.
This is basically a cherry-pick of 76f8efc0d0d into specgen
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
