The backend allows for any start/end ip in the subnet. There is no
reason to limit the cli to only CIDR subnets. This allows for much more
flexibility.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
One feature needed for podmansh is the ability to set the default
homedir to be the workingdir when you login.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The Sysctl=name=value entry can be used to set --sysctl=name=value
directly without the need to use PodmanArgs=--sysctl=name=value.
Signed-off-by: Laurenz Kruty <git@laurenzkruty.de>
Work around a go-md2man bug, and add a check script to make sure
this doesn't hit us again.
Background: go-md2man can't deal with a left-hand column > 31 chars.
It produces man pages that look like:
| Something With >31 Character | |
| | ..description |
(should be all on one row). It also has trouble when the vertical
bars are misaligned: it completely removes the right-hand side.
There's almost certainly a better solution: fix go-md2man, or
use a different conversion tool, or maybe even pre/postprocess.
But this is a quick interim solution.
Sorry for the perl. This could be done in bash/sed/awk/grep,
but not with any sort of sane error messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a new field `ExitCodePropagation` field to allow for configuring the
newly added functionality of controlling how the main PID of a kube
service exits.
Jira: issues.redhat.com/browse/RUN-1776
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
If there's a container defined in multiple directories use the following
precedence:
$XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
takes precedence over /etc/containers/systemd/users/$(UID) and this
takes precedence over /etc/containers/systemd/users/
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
I would like to allow admin to control quadlet containers
in users homedirs.
If an admin sets a quadlet in
/etc/containers/systemd/users, then all users will run these
quadlet services when they login.
If an admin places a quadlet in /etc/containers/systemd/users/$(USERNAME)
then only the USERNAME will execute this quadlet service when
they login.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Highlight that existing user and system services may be overridden if
they have same name as the Quadlet file. Also point the user to
systemctl and how to list existing files.
Closes: #18275
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Update e2e tests not to expect the flag
System tests - explicitly set the log driver to be able to parse the output
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The `UserNS` key will replace the `RemapGid`, `RemapUid`, `RemapUidSize`
and `RemapUsers` options which are therefore marked as deprecated by
this commit.
Closes#17984
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
This commit adds an quadlet option `Tmpfs` which can be used to mount a
tmpfs in the container.
Closes#17907
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
Fix the example for RemapGid from keep-id to keep-groups
Reflect the chnages to the support for keep-id in Containers as well
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
If the volume source starts with . resolve the path relative to the
location of the unit file
Update the test code to allow verification of regex for the value in key
value arguments
Add the usage of relative paths to the volume and mount test cases
Update the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Handle the Mount key
Reuse code from the handling of the Volume key
Add E2E Test
E2E Test - Add checker for KeyValue string
Update man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Change podman to Podman
Add a period at the end of all sentences
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
- Don't order the container unit before local-fs.target as that creates
an ordering cycle that triggers other issues.
- Use the example network in the container unit
- Only use groups that exists by default for the volume
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Add support for disabeling SELinux process separation in the container.
Add support for setting the process type of the container.
Add support for setting the process MCS level of the container.
Add support for setting the file type of the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Michael Hrivnak
Daniel J Walsh
Paul Holzinger
OpenShift Merge Robot
Cedric Staniewski
Laurenz Kruty
Ygal Blum
Ed Santiago
Valentin Rothberg
Erik Sjölund
Petr Lautrbach
restitux
Rahil Bhimjiani
Timothée Ravier