Previously, the script would bind mount the user's home directory into
the container in order to execute gcloud commands. This was done
to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`.
However, it's possible the user has modified `.bash*` or `.ssh/config`
files which do not play nicely with gcloud and/or the container.
Fix this by mounting the existing temporary directory on the host, as
the user's home directory. Then bind mount in a dedicated `gcloud/ssh`
sub-directory, and the libpod repo directory on top. Pre-create the
necessary mount-points as the user, so later removal does not require
root on the host.
The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving
that work between runs is a necessary optimization. Similarly, saving the
`.gcloud` directory prevents repeatedly going through the lengthy
client-auth process.
Overall, these changes make the container environment much more selective
with the host-side data it has access to use/modify. Preventing unrelated
details from getting in the way, and preserving only the bare-minimum of
details on the host, between runs.
Signed-off-by: Chris Evich <cevich@redhat.com>
In cases where a user issues the podman container runlabel
command and the image is not local, we now default to pulling
the image automatically to mimic the atomic cli behavior.
Fixes: BZ #1677905
Signed-off-by: baude <bbaude@redhat.com>
Some callers assume when SystemExec returns, the command has completed.
Other callers explicitly wait for completion (as required). However,
forgetting to do that is an incredibly easy mistake to make. Fix this
by adding an explicit parameter to the function. This requires
every caller to deliberately state whether or not a completion-check
is required.
Also address **many** resource naming / cleanup completion-races.
Signed-off-by: Chris Evich <cevich@redhat.com>
Found via:
for i in docs/*.md;do x=$(perl -ne 'if (/\[(podman-.*?)\(1\)\]\((podman-.*?)\.1\.md/) { print " $1 != $2\n" if $1 ne $2; print " ENOENT $2\n" unless -e "docs/$2.1.md" }' <$i); if [ -n "$x" ]; then echo $i; echo "$x";fi;done
...which is probably a good candidate for another CI hook,
except I have no idea how to rewrite it in awk.
Additionally, mark `podman refresh` and `podman container refresh`
as hidden, remove its man page, and remove references to it from
all other man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
To be able to use OCI runtimes which do not implement checkpoint/restore
this adds a check to the checkpoint code path and the checkpoint/restore
tests to see if it knows about the checkpoint subcommand. If the used
OCI runtime does not implement checkpoint/restore the tests are skipped
and the actual 'podman container checkpoint' returns an error.
Signed-off-by: Adrian Reber <areber@redhat.com>
Make more general-purpose: instead of hardcoding a list
of known subcommands, and duplicating sed pipelines for
each, rely on 'podman help' itself to tell us which
podman commands have subcommands; and examine each
in turn. Should there ever be new subcommands, this
will identify and test them.
A special case is needed for 'podman image trust', whose
documentation format doesn't match the others.
The change to `common.go` fixes an inconsistency: the
Usage message for commands with subcommands had an
unnecessary blank line, making it harder to parse
automatically. This simply produces consistent
Usage messages for all podman commands.
This script will not pass until #2480 is merged.
After that, the goal is to add this as a CI hook.
Signed-off-by: Ed Santiago <santiago@redhat.com>
pr #2480 fixed the missing 'podman image list/rm' commands;
it broke their usage messages. This corrects both usage
messages and also their examples.
Also: add an e2e test for 'podman image rm' (untested)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Changes the short option `-s` to the fully specified `--storage-driver`.
The short version is no longer supported.
Allow passing in of AttachStreams to libpod.Exec() for usage in podman healthcheck. An API caller can now specify different streams for stdout, stderr and stdin, or no streams at all.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
* ps now on main command
* sign is no longer on main commmand
* ls, list no longer are valid main aliases for images
* ls, list does work for podman image
Signed-off-by: baude <bbaude@redhat.com>
if any of the mapping tools for setting up the user namespace fail,
then include their output in the error message.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
list a portion of the container id and the ports exposed on the same
line. when using all, if no ports are exposed, do not list the container
id. Also, shorten the container id to a len of 12 like other container
commands.
Fixes bugzilla #1683734
Signed-off-by: baude <bbaude@redhat.com>
When using a user namespace, we create the mount point under
`mountPrefix` so that the uid != 0 can access that directory.
Change the addFIPSModeSecret code to honor that, and also ensure we
are creating the directories with the right ownership.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Several podman commands accept no subcommands. Some
of those were not actually checking, though, which
could lead to user confusion. Added validation where
missing; and, refactored to minimize duplication.
(Side note: I decided against using cobra.NoArgs
because its error message, "unknown command",
misleadingly implies that there are known ones).
Also added validation to varlink
Signed-off-by: Ed Santiago <santiago@redhat.com>
Also add some extra debug information to help figure out what's
going on when stop goes bad.
Fixes: #2472
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
