Revert the error check from #2832. This is not strictly
necessary, since 'podman ps --size' now works perfectly
fine in nonroot because some recent change (Giuseppe's,
presumably) masked os.Geteuid() return 0... but removing
for maintainability's sake.
Signed-off-by: Ed Santiago <santiago@redhat.com>
add the ability to create and run containers via the podman-remote
client.
we now create an intermediate layer from the the create/run cli flags.
the intermediate layer can be converted into a createconfig or into a
varlink struct. Once transported, the varlink struct can be converted
back to an intermediate layer and then to a createconfig.
remote terminals are not supported yet.
Signed-off-by: baude <bbaude@redhat.com>
Before we ignored an entrypoint specified in an image, which lead to crashes when a user assumed the entrypoint would be used
Signed-off-by: Peter Hunt <pehunt@redhat.com>
`podman cp` used to copy the contents under the source directory to the destination. But according to the specification in podman-cp.md. it should copy the whole directory to the destination if the destination directory already exists.
- src dir ends with /., copy the contents to dest dir
- src dir does not end with /.
- dest dir /home does not exist, copy the contents
- dest dir /home exists, copy the directory
```
$ sudo podman cp /home/qiwan/Documents/empty 7c47:/home
$ sudo podman exec -it 7c47 ls /home
$
$ sudo podman cp /home/qiwan/Documents/empty 7c47:/home
$ sudo podman exec -it 7c47 ls /home
empty
```
Signed-off-by: Qi Wang <qiwan@redhat.com>
When generating headers for search, we unconditionally
access element 0 of an array, and I saw this segfault in our CI.
There's no reason we have to do this, we're just going through it
to get field names with reflect, so just make a new copy of the
struct in question.
Also, move this code, which is only for CLI display, into
cmd/podman from libpod/image.
Signed-off-by: Matthew Heon <mheon@redhat.com>
We'd need to join multiple container's user namespaces, which is
not possible for now. The rootless single userns patches under
development by Giuseppe will fix this, but won't land in 1.2.x.
For now, disable --size as rootless.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
the remote client now can run the diff command to report changes,
modifications, and deletions in an image or container.
Signed-off-by: baude <bbaude@redhat.com>
simplify the rootless implementation to use a single user namespace
for all the running containers.
This makes the rootless implementation behave more like root Podman,
where each container is created in the host environment.
There are multiple advantages to it: 1) much simpler implementation as
there is only one namespace to join. 2) we can join namespaces owned
by different containers. 3) commands like ps won't be limited to what
container they can access as previously we either had access to the
storage from a new namespace or access to /proc when running from the
host. 4) rootless varlink works. 5) there are only two ways to enter
in a namespace, either by creating a new one if no containers are
running or joining the existing one from any container.
Containers created by older Podman versions must be restarted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
in the few places where we care about skipping the storage
initialization, we can simply use the process effective UID, instead
of relying on a global boolean flag.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
--trace, --help and --version were not capatilized like the rest of the
global options. This patch fixes this problem.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently in rootless containers, we end up not using the blob cache.
We also don't store the blob cache based on the users specified graph
storage. This change will cause the cache directory to be stored with
the rest of the containe images.
While doing this patch, I found that we had duplicated GetSystemContext in
two places in libpod. I cleaned this up.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Before, there were SELinux denials when a volume was bind-mounted by podman play kube.
Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate)
For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point
also remove left over debugging print statement
Signed-off-by: Peter Hunt <pehunt@redhat.com>
allows users to "watch" the output of podman ps on a set interval in
seconds. in watch mode, the screen is cleared between intervals as well.
podman -ps -w1 watches on 1 second intervals
Signed-off-by: baude <bbaude@redhat.com>
fix typo in Containers space usage: of podman system df -v, add a space for created time Change format string to const
Signed-off-by: Qi Wang <qiwan@redhat.com>
Add `digest` field to Image struct and update API.md
Show image digests when using --digests in podman-remote.
```
$ PODMAN_VARLINK_ADDRESS="tcp:127.0.0.1:1234" sudo bin/podman-remote images --digests
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
docker.io/library/alpine latest sha256:d05ecd4520cab5d9e5d877595fb0532aadcd6c90f4bbc837bc11679f704c4c82 5cb3aa00f899 2 weeks ago 5.79 MB
docker.io/library/busybox latest sha256:4415a904b1aca178c2450fd54928ab362825e863c0ad5452fd020e92f7a6a47e d8233ab899d4 5 weeks ago 1.42 MB
```
Signed-off-by: Qi Wang <qiwan@redhat.com>
The jsoniterator library believes that panic() is a reasonable
response to being told to indent JSON with a tab. So use spaces
instead.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We have a very high performance JSON library that doesn't need to
perform code generation. Let's use it instead of our questionably
performant, reflection-dependent deep copy library.
Most changes because some functions can now return errors.
Also converts cmd/podman to use jsoniter, instead of pkg/json,
for increased performance.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
fallback to the previous behavior of joining only the user namespace,
when we cannot join the conmon userns+mount namespaces.
Closes: https://github.com/containers/libpod/issues/2673
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
on the remote client, if a user wants to know the rootfs size of a
container, a -s should be passed. this corrects a behavior where size
was shown by default.
Fixes#2765
Signed-off-by: baude <bbaude@redhat.com>
We have a new event for container 'Exited' which has been renamed to
'died'.
also removed the stream bool from the varlink endpoint for events
because it can be determined by the varlink more value.
Signed-off-by: baude <bbaude@redhat.com>
Ed Santiago
OpenShift Merge Robot
baude
Daniel J Walsh
Giuseppe Scrivano
Peter Hunt
Qi Wang
Sascha Grunert
Matthew Heon
Matthew Heon
Valentin Rothberg