Made a mistake in my earlier patch. I though that if you add an empty string
to an array, the length of the array would still be 0...
Realised this when vendoring the secrets pkg into cri-o.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #685
Approved by: mheon
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
Instead of execing out to the host's IP, use the IP address we
got back from CNI to populate Inspect's IP address information.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #680
Approved by: umohnani8
The hidden flag is used to override the path of the default mounts file
for testing purposes.
Also modified the secrets pkg to allow for this override to happen.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #678
Approved by: mheon
When a user pulls an image using a transport, like docker-daemon, we try to lookup
the new image in storage by the input name after the pull. Because the input name
has a transport (different than local storage), that lookup would fail.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #644
Approved by: rhatdan
If an integer is passed into the --user flag, i.e --user=1234
don't look up the user in /etc/passwd, just assign the integer as the uid.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #652
Approved by: mheon
If the host is in FIPS mode and /etc/system-fips exists
/run/secrets/system-fips is created in the container so that
the container can run in FIPS mode as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
In the case where you have an image local, if the the user runs
podman pull, we should always attempt to pull an updated image.
Added a forceRemote bool to New (image) so we can differentiate
between "pull" or run because the actions differ. Run does not
need to pull the latest -- only run.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #618
Approved by: baude
Comparing Go interfaces, like io.Reader, to nil does not work. As
such, we need to include a bool with each stream telling whether
to attach to it.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
Until we can handle running containers which use UID/GID mappings, make
sure that we always create containers that use the host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #609
Approved by: baude
This solves a nasty locking issue with getting the path of
namespaces for dependencies
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #600
Approved by: rhatdan
When a container is transitioning from running to stopped and stats is runnings,
we should not break stats if we are unable to get stats for that container.
Resolves: #598
Signed-off-by: baude <bbaude@redhat.com>
Closes: #599
Approved by: mheon
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
If sending a signal fails, check if the container is alive. If it
is not, it probably stopped on its own before we could send the
signal, so don't error out.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #591
Approved by: rhatdan
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
Instead of checking during init(), which could result in major
locking issues when used with pods, make our dependency checks in
the public API instead. This avoids doing them when we start pods
(where, because of the dependency graph, we can reasonably say
all dependencies are up before we start a container).
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #577
Approved by: rhatdan
We don't use it directly, we aren't going to cache it in the DB,
and when we do use it (image volumes) we might well be in a
different process (podman create -> podman start). No point in
keeping it around.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
We have other tools using containers/storage. They can delete our
containers in c/storage without us knowing. Try and handle this
better by warning instead of erroring when delete our storage and
it is already gone.
This does not handle cases where libpod thinks the container is
mounted, but it is not. This is harder to check for, because
c/storage Mount() and Unmount() take a layer, image, or container
and that complicates our "container no longer exists" question.
Further work is needed here.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #571
Approved by: rhatdan
We should allow users to pass in image ids with the sha256: prefix
for local images.
Resolves: #493
Signed-off-by: baude <bbaude@redhat.com>
Closes: #560
Approved by: baude
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
Instead of looping to find containers with no dependencies,
maintain a map of them and remove entries as we add dependency
edges.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #557
Approved by: rhatdan
umohnani8
baude
Matthew Heon
Nathan Williams
TomSweeneyRedHat
Matthew Heon
Nalin Dahyabhai
Daniel J Walsh