Currently podman ships with libpod.conf, We need to remove the noice
for these warnings from buildah for the time being. We can fix this
once podman is shipping without libpod.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In NewConfig(), settings in the file whose name we're passed should
matter more than the hardwired default files, or the file named in the
CONTAINERS_CONF environment variable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Export CheckCgroupsAndAdjustConfig() as global function and remove it from NewConfig(). So we can handle it in libpod and avoid Buildah to display cgroup warning message when reading containers.conf.
Signed-off-by: Qi Wang <qiwan@redhat.com>
During the transision period of replacing libpod.conf with containers.conf, pkg/config should also read the libpod.conf if it exist.
This patch reads the libpod.conf in NewConfig() and converts the configurations to ContainersConfig Struct.
Signed-off-by: Qi Wang <qiwan@redhat.com>
pull_policy is the same as podman run --pull option to determin whether to pull a new image when running a container.
Accepted "always", "missing", and "never". Default value is "missing".
Signed-off-by: Qi Wang <qiwan@redhat.com>
These labels allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
will tell container engines that the contained image should work fine withi
just these two capabilties, instead of running with the default capabilities,
Defined as a list, since this has not been standardized yet, we want to make
this a standard, and the standard label might be different then the label we
choose, so eventually we might need to add a standard label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to modify the default ammount of time to wait to send SIGKILL
after you tell a container to stop with a SIGINT.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Replace pkg/caps with pkg/capabilities (from libpod). It's also a fork
from Docker but attributes its origing with copyright notes and has a
trimmed down (and faster) API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Line 255:"guarantess" is a misspelling of "guarantees" (misspell)
Line 292:"guarantess" is a misspelling of "guarantees" (misspell)
rm some double spaces
Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com>
Python call to Popen attempt to close all open file descriptors by looking at
the maximum number of open file descripors defined in ulimits. If we set
this to a huge number by default Popen will run much slower since it will
attempt to close the total number of FDs one by one.
We should just use the default that the calling process had unless the user
overrides the default in containers.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In root running containers we want to approach the MAX Number of processes and
open files, so that services running Podman will work when they have lots of open
files or processes. In rootless containers this number can not be changed. This
patch will only increase the numbers if the process is allowed.
Docker set the limit to 2**20 (1048576), it looks like this was the max for RHEL5 OS.
So we fall back to attempt to set this limit if the MAC_PROC limit is not allowed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is the initial Code of Conduct document for use across
all of the projects under the github.com/containers repository.
The projects will each link to this document from each of their
repos.
This document was pulled from libpod which had pulled it from
Kubernetes who had pulled it from the CNCF.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This is causing issues in rootless and remote mode. We should not be creating
directories on the fly.
Also stop exporting functions that are not used by Buildah and Podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The default alternative path for seccomp.json should be /etc/containers/seccomp.json
The DefaultNetwork in network config should be bridge
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Daniel J Walsh
Qi Wang
Giuseppe Scrivano
Valentin Rothberg
Carlos Eduardo Arango Gutierrez
Sascha Grunert
TomSweeneyRedHat