We're printing them unconditionally now, even if --size is not
passed, which is confusing (you see a pair of 0s for container
size, when it is clearly not 0).
This may introduce bugs related to containers with an rwsize of 0
(freshly created from an image) and --size specified, but is
definitely better than what we have now.
Signed-off-by: Matthew Heon <mheon@redhat.com>
A number of fields were never being populated. Populate them as
best we can.
Add a new field, exited, to indicate whether the exit code has
meaning (IE, the container has exited).
Fix handling of running time - it stops ticking when the
container stops. There is further work needed here, I suspect.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Use this to supplement exit codes returned from containers, to
make sure we know when exit codes are invalid (as the container
has not yet exited)
Signed-off-by: Matthew Heon <mheon@redhat.com>
This fixes a race condition where conmon is still writing the exit
file and the container is exiting.
Also we should not be ignoring the -a stdin flag if the user specifies
--interactive mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
This way ^c will actually kill the host process if the container is not
actually running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1086
Approved by: baude
podman rmi was deleting an image even if it was a parent of
another image. This fix just untags the image instead.
This also fixes podman rmi to remove intermediate images of
an image when the image is removed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1055
Approved by: mheon
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
podman now supports --volumes-from flag, which allows users
to add all the volumes an existing container has to a new one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #931
Approved by: mheon
if we snip the requirement to use a buildah const in the libpod image library,
we can save something on the order of 85 vendored files in consumers of the
the library.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1054
Approved by: mheon
Use a single function startAttachCtr() to handle both container start
with attach and attach to running containers, as the code handling the
attach is common for the 2 use cases.
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Closes: #1025
Approved by: rhatdan
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
Instead of setting the --registry flag to search a single registry,
prefix the registry before the image name in the input, an example is
`podman search registry.fedoraproject.org/fedora` and this will search for
the fedora image in only registry.fedoraproject.org.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1011
Approved by: rhatdan
On Thu, Jun 28, 2018 at 03:48:26AM -0700, Marco Vedovati wrote [1]:
> The root cause is a deadlock between two channel writes made by two
> different goroutines:
>
> 1. `resizeTty() : go func(){} : sendUpdate()` is sending a resize
> message thru `resize` right at the beginning, but the channel is
> never read if some startup error occurs.
>
> 2. Upon program termination, `startAttachCtr() : defer func(){} ` is
> telling the goroutine in "1." to stop via the `resizeTerminate`
> channel. But that guy is still waiting for the write to `resize`
> to complete so the the termination message is never read.
>
> I think the go deadlock detection does not kick in because not all
> goroutines are seen as asleep. E.g. `os/signal Notify()` is enough
> to have the deadlock not detected.
333ab8c2 (Fix podman hangs when detecting startup error in container
attached mode, 2018-06-27, #1010) addressed this with a deferred
drain. This commit adjusts that approach to use a single select to
cover "have we been canceled?", "has there been a resize signal?", and
(when we have one) "can we write the most recent resize event to the
resize channel?".
A side benefit to this approach is that if we have a slow resize
consumer and several resize signals, the resizeTty function will keep
updating its local resizeEvent. Once the resize channel is able to
accept, only the most-recent event will be written. Previously we'd
have written one resize event for every received signal, even if the
resize consumer was falling behind.
[1]: https://github.com/projectatomic/libpod/pull/1010#issuecomment-400994436
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1018
Approved by: rhatdan
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
The initial resize command sent to the terminal window over the resize
channel may never be delivered in case of error.
Hence it is necessary to consume all data from the resize channel to
avoid a deadlock on startup.
Fixes: #1009Closes: #1010
Approved by: giuseppe
Update the description of podman-build which was mentioning the initial
requirement of Buildah which doesn't apply anymore since Podman is
vendoring Buildah code.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1005
Approved by: rhatdan
When running podman as non root user always create an userNS and let
the OCI runtime use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
Since podman search requires credentials to search private registries,
add the --authfile flag to allow users to pass in credentials from a
different authfile than the default one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #998
Approved by: rhatdan
Between the time that ps command gets the list of containers
and is able to ask for more data, the container could have
exited. This patch logs Clibpod.ErrNoSuchCtr errors and just continues
processing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #996
Approved by: mheon
some platforms and operating systems do not have varlink. in those cases,
we need to be able to turn off enablement of varlink in podman. this can now
be done with BUILDTAGS passed to the build though perhaps in the future
will be better.
the default is to build with varlink
Signed-off-by: baude <bbaude@redhat.com>
squash! make varlink optional for podman
The API.md and cmd/podman/varlink/ioprojectatomicpodman.go targets
will continue to work regardless of the presence (or not) of 'varlink'
is in BUILDTAGS. However, cmd/podman/varlink/ioprojectatomicpodman.go
is now only required by the podman target when BUILDTAGS contains
'varlink'.
API.md had also been an podman dependency since 5b2627dd (Makefile:
Drop find-godeps.sh for podman target, 2018-05-15, #776) when I
expanded varlink_api_generate. It had been an indirect podman
dependency (via varlink_api_generate) since 25263558 (Generate varlink
API documentation automatically, 2018-05-07, #734). But the podman
executable obviously doesn't depend on the Markdown file, so I'm
removing that dependency here.
Signed-off-by: baude <bbaude@redhat.com>
squash! make varlink optional for podman
The command-pointer approach will scale well if/when we add additional
optional commands behind their own build tags, because those tags
won't all be competing for the same getOptionalCommands namespace.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #987
Approved by: rhatdan
If the intermediate image exists in the store, podman history
will show the IDs of the intermediate image of each layer.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #982
Approved by: mheon
Everytime we add a new option for create, we end up having to also
add it to run, this makes it error prone. Moving these to the same
function makes it easier to develop and prevents user mistakes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #975
Approved by: mheon
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
Add a raw text formatter for logrus to be used when terminal is in raw
mode (i.e. when allocating a pseudo-TTY for the container). The raw text
formatter terminates the log messages with the corret \r\n sequence.
Closes: #967
Approved by: rhatdan
Also podman ps now allows user to only output size of root FS, changed language of images and ps --sort to be by "created" as opposed to "time", and refactored the way templates are created (converted from psJSONParams type).
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #948
Approved by: rhatdan
Need to pick the values from the flags and send it to
buildah for build.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #947
Approved by: rhatdan
podman images will not show intermediate images by default.
To view all images, including intermediate images created during
a build, use the --all flag.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #947
Approved by: rhatdan
Make the output of top tabular to be compatible with Docker. Please
note, that any user-input for `GetContainerPidInformation(...)` will be
ignored until we have found a way to generically and reliably parse ps-1
output or until there is a go-lib to extract all the data from /proc in
a ps-1 compatible fashion.
Fixes: #458
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #939
Approved by: rhatdan
