Currently podman ships with libpod.conf, We need to remove the noice
for these warnings from buildah for the time being. We can fix this
once podman is shipping without libpod.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In NewConfig(), settings in the file whose name we're passed should
matter more than the hardwired default files, or the file named in the
CONTAINERS_CONF environment variable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Export CheckCgroupsAndAdjustConfig() as global function and remove it from NewConfig(). So we can handle it in libpod and avoid Buildah to display cgroup warning message when reading containers.conf.
Signed-off-by: Qi Wang <qiwan@redhat.com>
During the transision period of replacing libpod.conf with containers.conf, pkg/config should also read the libpod.conf if it exist.
This patch reads the libpod.conf in NewConfig() and converts the configurations to ContainersConfig Struct.
Signed-off-by: Qi Wang <qiwan@redhat.com>
pull_policy is the same as podman run --pull option to determin whether to pull a new image when running a container.
Accepted "always", "missing", and "never". Default value is "missing".
Signed-off-by: Qi Wang <qiwan@redhat.com>
These labels allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
will tell container engines that the contained image should work fine withi
just these two capabilties, instead of running with the default capabilities,
Defined as a list, since this has not been standardized yet, we want to make
this a standard, and the standard label might be different then the label we
choose, so eventually we might need to add a standard label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to modify the default ammount of time to wait to send SIGKILL
after you tell a container to stop with a SIGINT.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Replace pkg/caps with pkg/capabilities (from libpod). It's also a fork
from Docker but attributes its origing with copyright notes and has a
trimmed down (and faster) API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Line 255:"guarantess" is a misspelling of "guarantees" (misspell)
Line 292:"guarantess" is a misspelling of "guarantees" (misspell)
rm some double spaces
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
Python call to Popen attempt to close all open file descriptors by looking at
the maximum number of open file descripors defined in ulimits. If we set
this to a huge number by default Popen will run much slower since it will
attempt to close the total number of FDs one by one.
We should just use the default that the calling process had unless the user
overrides the default in containers.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In root running containers we want to approach the MAX Number of processes and
open files, so that services running Podman will work when they have lots of open
files or processes. In rootless containers this number can not be changed. This
patch will only increase the numbers if the process is allowed.
Docker set the limit to 2**20 (1048576), it looks like this was the max for RHEL5 OS.
So we fall back to attempt to set this limit if the MAC_PROC limit is not allowed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is causing issues in rootless and remote mode. We should not be creating
directories on the fly.
Also stop exporting functions that are not used by Buildah and Podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The default alternative path for seccomp.json should be /etc/containers/seccomp.json
The DefaultNetwork in network config should be bridge
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
if CGO is enabled, make sure to use C.getenv instead of os.Getenv to
read environment variables. It is required since rootless libpod
joins the user namespace through Cgo.
The variables set via C.setenv are not visible through os.Getenv, as
the latter uses sync.Once to read the variables once.
Requires: https://github.com/containers/libpod/pull/4911
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
at the moment the cgroups package is used only by Podman and by CRI-O
(that is already vendoring libpod). So let's simplify and not have a
duplicate here.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The Capability check handles merging of Default capabiltiies along
with user specified add and drop capabilities.
Fork docker/docker/oci/caps file to prevent a huge vendor
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We also want to be able to default namespaces to host, so that HPC
machines can default to not using most of the namespaces by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fix handling of toml files
No longer need merge, since we can specify a default conf for each toml file.
The toml code will retain the previous defaults and only use the newly specified
values.
This greatly simplifies the code.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want to hide Optional Bools from the default configuration. Callers should only have to deal with boolean
fields and not deal with optionals.
Add accessor functions for all optional bools, easier.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add configurations from libpod.conf to containers.conf.Use merge code from libpod to read and merge configurations from file.
Add unshare_linux for build linux: HomeDir should buildah not only for linux. so add unshare_linux for linux and unshare.go for other
convert bool to optinalbool:Use OptionalBool for on-disk configurations so we can distinguish field is undefined vs. user set to false.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Daniel J Walsh
Qi Wang
Giuseppe Scrivano
Valentin Rothberg
Carlos Eduardo Arango Gutierrez
Sascha Grunert