allow a container to run in a new cgroup namespace.
When running in a new cgroup namespace, the current cgroup appears to
be the root, so that there is no way for the container to access
cgroups outside of its own subtree.
By default it uses --cgroup=host to keep the previous behavior.
To create a new namespace, --cgroup=private must be provided.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Docker CLI calls the healthcheck flags "--health-*", instead of
"--healthcheck-*".
Introduce the former, in order to keep compatibility, and alias
the later, in order to avoid breaking current usage.
Change "--healthcheck-*" to "--health-*" in the docs and tests.
Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
Fix Docker CLI compatibility issue: the "--healthcheck-command" option
value should not be split but instead be passed as single string to
"CMD-SHELL", i.e. "/bin/sh -c <opt>".
On the other hand implement the same extension as is already available
for "--entrypoint", i.e. allow the option value to be a JSON array of
strings. This will make life easier for tools like podman-compose.
Updated "--healthcheck-command" option values in tests accordingly.
Continuation of #3455 & #3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
This flag passes the host environment into the container. The basic idea is to
leak all environment variables from the host into the container.
Environment variables from the image, and passed in via --env and --env-file
will override the host environment.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add a simple way to copy ulimit values from the host.
if --ulimit host is used then the current ulimits in place are copied
to the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
By default, podman points PIDFile in generated unit file to non-existent
location. As a result, the unit file, generated by podman, is broken:
an attempt to start this unit without prior modification results in a crash,
because systemd can not find the pidfile of service's main process.
Fix the value of "PIDFile" and add a system test for this case.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
Logging messages from the dependency libraries should not log onto the
screen when using the remote client. This patch writes logging to
~/.config/containers/podman-remote.log
Fixes#3299
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Currently we report cgroupmanager default as systemd, even if the user modified
the libpod.conf. Also cgroupmanager does not work in rootless mode. This
PR correctly identifies the default cgroup manager or reports it is not supported.
Also add homeDir to correctly get the homedir if the $HOME is not set. Will
attempt to get Homedir out of /etc/passwd.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
A quick follow up to #3306 to touch up two more
'container command' to 'contained command' to match the
rest of the doc suite.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This flag switches to removing containers directly from c/storage
and is mostly used to remove orphan containers.
It's a superior solution to our former one, which attempted
removal from storage under certain circumstances and could, under
some conditions, not trigger.
Also contains the beginning of support for storage in `ps` but
wiring that in is going to be a much bigger pain.
Fixes#3329.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This allows writing output directly to a file, instead of STDOUT.
Makes things easier for some scripting tasks. Like the unit tests
for 'play kube'.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
I took the liberty of combining related checks together
so as to avoid a little duplication; if this is not a
Go best practice, I will revert. I also made a minor
wording adjustment to an error message for clarity.
Also: update wording of man page.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The option to restore a container from an external checkpoint archive
(podman container restore -i /tmp/checkpoint.tar.gz) restores a
container with the same name and same ID as id had before checkpointing.
This commit adds the option '--name,-n' to 'podman container restore'.
With this option the restored container gets the name specified after
'--name,-n' and a new ID. This way it is possible to restore one
container multiple times.
If a container is restored with a new name Podman will not try to
request the same IP address for the container as it had during
checkpointing. This implicitly assumes that if a container is restored
from a checkpoint archive with a different name, that it will be
restored multiple times and restoring a container multiple times with
the same IP address will fail as each IP address can only be used once.
Signed-off-by: Adrian Reber <areber@redhat.com>
Giuseppe Scrivano
Hunor Csomortáni
Stefan Becker
OpenShift Merge Robot
Daniel J Walsh
baude
Danila Kiver
Marco Vedovati
Peter Hunt
TomSweeneyRedHat
Jhon Honce
Sagi Shnaidman
Petr Vaněk
Matthew Heon
Ed Santiago
Ashley Cui
Jonathan Wakely
Jens Petersen
Adrian Reber