We cannot use the RunDir for writing the conmon.pid file as we might
not be able to read it before we join a namespace, since it is owned
by the root in the container which can be a different uid when using
uidmap. To avoid completely the issue, we will just write it to the
static dir which is always readable by the unprivileged user.
Closes: https://github.com/containers/libpod/issues/2673
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add an example to the run man page to illustrate how
you can configure storage from the CLI. This addresses
a request from issue #2662.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
add the ability for users to specify more than one container at a time
while using podman logs. If more than one container is being displayed,
podman will also prepend a shortened container id of the container on
the log line.
also, enabled the podman-remote logs command during the refactoring of
the above ability.
fixes issue #2219
Signed-off-by: baude <bbaude@redhat.com>
Getting a list of containers, and then deleting them are two separate
fallible steps that can run into different sets of errors. eg., in the
case of a bogus missing container and a container that's running or
paused, the first step will only trigger libpod.ErrNoSuchCtr. At this
point it might appear that the exit code ought to be 1. However, when
attempting the deletion, it will fail once more due to the status of
the running or paused container. Since libpod.ErrNoSuchCtr is no longer
the only error encountered, the exit code should be reset to 125.
This problem is currently masked for rootless usage due to commit
35432ecaae ("rootless: fix rm when uid in the container != 0").
Fixes: 85db895012 ("rm: set exit code to 1 if a specified ...")
e41279b902 ("Change exit code to 1 on podman rm ...")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
SCTP is already present and enabled in the CNI plugins, so all we
need to do to add support is not error on attempting to bind
ports to reserve them.
I investigated adding this binding for SCTP, but support for SCTP
in Go is honestly a mess - there's no widely-supported library
for doing it that will do what we need.
For now, warn that port reservation for SCTP is not supported and
forward the ports.
Signed-off-by: Matthew Heon <mheon@redhat.com>
When creating a new image volume to be mounted into a container, we need to
make sure the new volume matches the Ownership and permissions of the path
that it will be mounted on.
For example if a volume inside of a containre image is owned by the database
UID, we want the volume to be mounted onto the image to be owned by the
database UID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
if the settings are available in the user config file, do not override
them with the global configuration.
Closes: https://github.com/containers/libpod/issues/2614
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
we had two functions NewRuntimeFromConfig and NewRuntime that differed
only for the config file they use.
Move comon logic to newRuntimeFromConfig and let it lookup the
configuration file to use when one is not specified.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when the fallback is in place, the first user creating /tmp/user/$EUID
prevents other users for creating other directories since /tmp/user is
created with mode 0700.
Since there is no way for an unprivileged user to initialize the
/tmp/user directory correctly (we would need it to be owned by root
with the sticky bit set), let's just use /tmp/libpod-rundir-$EUID.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Update the `--pull` and `--pull-always` documentation in the build
command to clarify what each does.
Fixes: https://github.com/containers/buildah/issues/1381
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Older versions of slirp4netns do not have the --disable-host-loopback
flag.
Remove the check once we are sure the updated version is available
everywhere.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
...in order to silence Cobra's usually-helpful "(default xxx)"
message.
Initialization is now done in code, by testing for empty string
and setting that to /dev/std{in,out} as appropriate; make special
note of load.go where there's mild duplication between a local
variable and cliconfig.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Replaces 'skopeo-containers' with 'containers-common' in the files that
I feel comfortable changing it in. There are a number of rpm building
related files that still have it, but I was hesitant to do so.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Remove the word buildah from the man page and replace it
with podman. Cut and paste job gone bad apparently.
Fixes: #2639
Weekend hack by someone who doesn't grok zsh completion
but who finds it deeply offensive that most completion
files have an unmaintainable duplication of options
and arguments. The idea behind this one is to discover
the command line using --help, with a few hardcoded
helpers for discovering containers, images, pods,
and figuring out which args take files/dirs as args.
Working remarkably well. I am using this in my daily
routine and wondering how I ever managed without it.
It's not perfect -- a future version can perhaps
show only stopped containers for podman rm, only
running ones for podman stop -- but ROI seems low
on that given my limited zsh completion skills.
Sadly, I can't figure out how to write a regression
test suite for this. It would be lovely to have a
list if partial command lines and expected completions,
because the history of this change is that (seemingly)
minor tweaks in one place cause breakage in another.
Does anyone know of such a framework?
Still... working well enough to ship, IMO.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Remove hardcoded '(default: true)' strings from bool flags,
and '(default this-or-that)' from string flags.
First because it's unmaintainable duplication that would cause
confusion should someone ever change the default and not notice
the message.
Second, because cobra[1] already prints '(default XXXX)' for
all options with non-false non-nil default. So in each of
these cases, current podman help behavior is:
$ podman login --help
...
--tls-verify Require HTTPS ... (default: true) (default true)
This PR eliminates that duplication.
[1] actually spf13/pflag/flag.go
The only nontrivial one of these is start.go, where the default
for sigProxy depends on the --attach flag. Solution: change
the command-line default to false, and implement the new
conditional default in logic. Bonus: removed unnecessary
check, because now if sigProxy is set without --attach,
we can guarantee that it was done by the user. But please
pay close scrutiny to this particular section in case
there's something I missed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Giuseppe Scrivano