Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work.
Signed-off-by: Brent Baude <bbaude@redhat.com>
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes#6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* --remote, --url and --identity are now anchored to podman command.
Subcommands should no longer have issues
* TraverseChildren now set to V1 expectations
* Latest flag now has helper function. Now has consistent usage.
* IsRemote() uses cobra parser to determin if --remote is given
* Moved validation functions from parser pkg to validate pkg
*
Fixes#6598Fixes#6704
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
New functionality in hack/man-page-checker: start cross-
referencing the man page 'Synopsis' line against the
output of 'podman foo --help'. This is part 1, flag/option
consistency. Part 2 (arg consistency) is too big and will
have to wait for later.
flag/option consistency means: if 'podman foo --help'
includes the string '[flags]' in the Usage message,
make sure the man page includes '[*options*]' in its
Synopsis line, and vice-versa. This found several
inconsistencies, which I've fixed.
While doing this I realized that Cobra automatically
includes a 'Flags:' subsection in its --help output
for all subcommands that have defined flags. This
is great - it lets us cross-check against the
usage synopsis, and make sure that '[flags]' is
present or absent as needed, without fear of
human screwups. If a flag-less subcommand ever
gets extended with flags, but the developer forgets
to add '[flags]' and remove DisableFlagsInUseLine,
we now have a test that will catch that. (This,
too, caught two instances which I fixed).
I don't actually know if the new man-page-checker
functionality will work in CI: I vaguely recall that
it might run before 'make podman' does; and also
vaguely recall that some steps were taken to remedy
that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support all image transports in podman run/create. It seems we
regressed with v2 on that. Also add tests to make sure we're
not regressing again.
Fixes: #6744
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
If the user runs a container like
podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ...
Podman inspect was only showing the second option
This change will show
"SecurityOpt": [
"label=type:spc_t,label=level:s0:c60",
"seccomp=unconfined"
],
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When going through the output of `podman inspect` to try and
identify another issue, I noticed that Podman 2.0 was setting
StopSignal to 0 on containers by default. After chasing it
through the command line and SpecGen, I determined that we were
actually not setting a default in Libpod, which is strange
because I swear we used to do that. I re-added the disappeared
default and now all is well again.
Also, while I was looking for the bug in SpecGen, I found a bunch
of TODOs that have already been done. Eliminate the comments for
these.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
...plus a few others. And fixes to actual parsing.
If a command's usage message includes '...' in the
argument list, assume it can take unlimited arguments.
Nothing we can check.
For all others, though, the ALL-CAPS part on the
right-hand side of the usage message will define
an upper bound on the number of arguments accepted
by the command. So in our 'podman --help' test,
generate N+1 args and run that command. We expect
a 125 exit status and a suitably helpful error message.
Not all podman commands or subcommands were checking,
so I fixed that. And, fixed some broken usage messages
(all-caps FLAGS, and '[flags]' at the end of 'ARGS').
Add new checks to the help test to prevent those in
the future.
Plus a little refactoring/cleanup where necessary.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Disable the args requirement of `image load`. Instead of requiring a
lower bound, we really need an upper one with at most 1 argument.
Extend the system tests to prevent future regressions.
Fixes: #6718
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The `--privileged` flag does not conflict with `--group-add`
(this one was breaking Toolbox) and does not conflict with most
parts of `--security-opt` (this was breaking Openstack).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This was lost during the Podman 2.0 migration. Turns out to be a
very easy fix, fortunately - we want to use the environment var
if not explicitly overridden.
Fixes#6705
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Previously, if an image was tagged with the format
$REGISTRY:$PORT/$REPO:$TAG,
then `podman images` would display $PORT/$REPO:$TAG under the "TAG"
field.
This commit correctly displays $REGISTRY:$PORT/$REPO under the
"REPOSITORY" field while the "TAG" field only displays $TAG.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Fixes: gh#6665
Pretty print the JSON output when listing images. We regressed on that
during v2 development. The indentation is now identical to the one of
Podman v1.9.3.
Fixes: #6687
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
These were part of Podman v1.9, but were lost in the transition
to using Specgen to create containers. Most resource limits are
checked via the sysinfo package to ensure they are safe to use
(the cgroup is mounted, kernel support is present, etc) and
removed if not safe. Further, bounds checks are performed to
ensure that values are valid.
Ensure these warnings are printed client-side when they occur.
This part is a little bit gross, as it happens in pkg/infra and
not cmd/podman, which is largely down to how we implemented
`podman run` - all the work is done in pkg/infra and it returns
only once the container has exited, and we need warnings to print
*before* the container runs. The solution here, while inelegant,
avoid the need to extensively refactor our handling of run.
Should fix blkio-limit warnings that were identified by the FCOS
test suite.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This started as a small fix to `podman inspect` where a container
and image, with the same name/tag, were present, and
`podman inspect` was run on that name. `podman inspect` in 1.9
(and `docker inspect`) will give you the container; in v2.0, we
gave the image. This was an easy fix (just reorder how we check
for image/container).
Unfortunately, in the process of testing this fix, I determined
that we regressed in a different area. When you run inspect on
a number of containers, some of which do not exist,
`podman inspect` should return an array of inspect results for
the objects that exist, then print a number of errors, one for
each object that could not be found. We were bailing after the
first error, and not printing output for the containers that
succeeded. (For reference, this applied to images as well). This
required a much more substantial set of changes to properly
handle - signatures for the inspect functions in ContainerEngine
and ImageEngine, plus the implementations of these interfaces,
plus the actual inspect frontend code needed to be adjusted to
use this.
Fixes#6556
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add a `--replace` flag to the `pod create` command. If another pod with
the same name already exists, it will be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a pod may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Note that the `--replace` flag does not require the `--name` flag to be
set, so it can be set unconditionally in `podman generate systemd`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a `--replace` flag to the `container {create,run}` commands.
If another container with the same name already exists, it will
be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a container may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
OpenShift Merge Robot
Brent Baude
Matthew Heon
Jhon Honce
Giuseppe Scrivano
Ed Santiago
Valentin Rothberg
Daniel J Walsh
Lokesh Mandvekar
Qi Wang
Matthew Heon
Joseph Gooch