Commit Graph

10530 Commits

Author SHA1 Message Date
OpenShift Merge Robot 9f50d486f3
Merge pull request #8969 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.0
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
2021-01-14 06:38:41 -05:00
OpenShift Merge Robot 982b7c696e
Merge pull request #8968 from containers/dependabot/go_modules/k8s.io/apimachinery-0.20.2
Bump k8s.io/apimachinery from 0.20.1 to 0.20.2
2021-01-14 06:31:38 -05:00
OpenShift Merge Robot 4e4477cae6
Merge pull request #8967 from cevich/install_tools_for_alt_build
Ensure install.tools for alt build task
2021-01-14 04:35:32 -05:00
dependabot-preview[bot] 18c190003a
Bump k8s.io/apimachinery from 0.20.1 to 0.20.2
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/kubernetes/apimachinery/releases)
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.20.1...v0.20.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-14 04:22:50 -05:00
dependabot-preview[bot] 905a9c3ff8
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-14 04:22:05 -05:00
OpenShift Merge Robot b2ac2a3f10
Merge pull request #8962 from rhatdan/man
[CI:DOCS] Add more information and examples on podman and pipes
2021-01-13 16:22:45 -05:00
OpenShift Merge Robot e273ba34ef
Merge pull request #8966 from ashley-cui/common33
Vendor in common 0.33.1
2021-01-13 16:01:25 -05:00
Chris Evich 1231665e54
Cirrus: Utilize $GOPATH cache for alt_build task
Specifically, the result of 'make install.tools' is needed.  Part of
that target installs tooling into `$GOPATH/bin`.  A future commit
requires this tooling for the `Build Each Commit` item of the
alt_build matrix.  Re-use the cache of this directory for this
task to ensure the necessary tooling/libraries are available.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-01-13 15:34:58 -05:00
Daniel J Walsh a7c0c9125f
Add more information and examples on podman and pipes
Improve the documentation to help users to know proper way to
use podman within a pipe.

Helps Prevent: https://github.com/containers/podman/issues/8916

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-13 15:08:46 -05:00
OpenShift Merge Robot bbff9c8710
Merge pull request #8960 from giuseppe/bridge-no-post-config
network: disallow CNI networks with user namespaces
2021-01-13 14:28:20 -05:00
OpenShift Merge Robot b2b14235aa
Merge pull request #8951 from edsantiago/fix_dev_diagnostic
CI: fix broken diagnostic message for -dev check
2021-01-13 14:18:17 -05:00
OpenShift Merge Robot 2b0cf7728d
Merge pull request #8954 from baude/reducebindingsize
Reduce general binding binary size
2021-01-13 13:29:24 -05:00
Ashley Cui 566a923950 Vendor in common 0.33.1
As per title

Signed-off-by: Ashley Cui <acui@redhat.com>
2021-01-13 13:00:33 -05:00
Ed Santiago 34304df281 CI: fix broken diagnostic message for -dev check
There's a CI check for the presence of "-dev" in podman-info output
(it should not appear). This test is unlikely to fail, but if it
ever does, the diagnostic output is unhelpful. This makes it helpful.

Tested via:

    $ ln -s /bin/echo ~/bin/msg
    $ ln -s /bin/echo ~/bin/die
    $ TEST_FLAVOR=release ./contrib/cirrus/runner.sh
    ...
    Releases must never contain '-dev' in output of 'podman info' ( buildahVersion: 1.19.0-dev
      Version: 3.0.0-dev)

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-01-13 10:14:10 -07:00
OpenShift Merge Robot 9473dda87c
Merge pull request #8961 from rhatdan/kube
play kube: set entrypoint when interpreting Command
2021-01-13 11:50:43 -05:00
Giuseppe Scrivano ee684667a6
test: use stringid.GenerateNonCryptoID() in more tests
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-01-13 17:04:52 +01:00
Giuseppe Scrivano bfa470e4bc
network: disallow CNI networks with user namespaces
it solves a segfault when running as rootless a command like:

$ podman run --uidmap 0:0:1 --net foo --rm fedora true
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x5629bccc407c]

goroutine 1 [running]:
panic(0x5629bd3d39e0, 0x5629be0ab8e0)
	/usr/lib/golang/src/runtime/panic.go:1064 +0x545 fp=0xc0004592c0 sp=0xc0004591f8 pc=0x5629bbd35d85
runtime.panicmem(...)
	/usr/lib/golang/src/runtime/panic.go:212
runtime.sigpanic()
	/usr/lib/golang/src/runtime/signal_unix.go:742 +0x413 fp=0xc0004592f0 sp=0xc0004592c0 pc=0x5629bbd4cd33
github.com/containers/podman/libpod.(*Runtime).setupRootlessNetNS(0xc0003fe9c0, 0xc0003d74a0, 0x0, 0x0)
	/builddir/build/BUILD/podman-2.2.1/_build/src/github.com/containers/podman/libpod/networking_linux.go:238 +0xdc fp=0xc000459338 sp=0xc0004592f0 pc=0x5629bccc407c
github.com/containers/podman/libpod.(*Container).completeNetworkSetup(0xc0003d74a0, 0x0, 0x0)
	/builddir/build/BUILD/podman-2.2.1/_build/src/github.com/containers/podman/libpod/container_internal.go:965 +0xb72 fp=0xc0004594d8 sp=0xc000459338 pc=0x5629bcc81732

[.....]

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-01-13 17:04:51 +01:00
baude 827f6c9cb0 Reduce general binding binary size
when using the bindings to *only* make a connection, the binary was
rough 28MB.  This PR reduces it down to 11.  There is more work to do
but it will come in a secondary PR.

Signed-off-by: baude <bbaude@redhat.com>
2021-01-13 09:35:24 -06:00
OpenShift Merge Robot 99c5746150
Merge pull request #8958 from zhangguanzhang/duplicated-hosts
Fixes /etc/hosts duplicated every time after container restarted in a pod
2021-01-13 09:58:09 -05:00
OpenShift Merge Robot 183f443a58
Merge pull request #8957 from srcshelton/feature/issue-8945
Add 'MemUsageBytes' format option
2021-01-13 06:28:00 -05:00
Daniel J Walsh 0a7f4eaa9d
play kube: set entrypoint when interpreting Command
We now set Entrypoint when interpeting the image Entrypoint (or yaml.Command)
and Command when interpreting image Cmd (or yaml.Args)

This change is kind of breaking because now checking Config.Cmd won't return
the full command, but only the {cmd,args}.

Adapt the tests to this change as well

Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-13 06:10:50 -05:00
OpenShift Merge Robot 85460bc41c
Merge pull request #8877 from rhatdan/load
Remove the ability to use [name:tag] in podman load command
2021-01-13 06:03:51 -05:00
zhangguanzhang 0cff5ad0a3 Fxes /etc/hosts duplicated every time after container restarted in a pod
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
2021-01-13 19:03:35 +08:00
Stuart Shelton a2367705be Merge branch 'master' into feature/issue-8945
Signed-off-by: Stuart Shelton <stuart@shelton.me>
2021-01-13 00:56:05 +00:00
Stuart Shelton a6af56f5b4 Add 'MemUsageBytes' format option
Although storage is more human-readable when expressed in SI units,
IEC/JEDEC (Bytes) units are more pertinent for memory-related values
(and match the format of the --memory* command-line options).

(To prevent possible compatibility issues, the default SI display is
left unchanged)

See https://github.com/containers/podman/issues/8945

Signed-off-by: Stuart Shelton <stuart@shelton.me>
2021-01-12 23:38:08 +00:00
OpenShift Merge Robot f52a9eeeea
Merge pull request #8953 from edsantiago/var_run_again
More /var/run -> /run
2021-01-12 18:36:33 -05:00
Daniel J Walsh a6046dceef
Remove the ability to use [name:tag] in podman load command
Docker does not support this, and it is confusing what to do if
the image has more then one tag.  We are dropping support for this
in podman 3.0

Fixes: https://github.com/containers/podman/issues/7387

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-12 17:38:32 -05:00
Ed Santiago 3ff8f27651
More /var/run -> /run
PR #8851 broke CI: it included "/var/run" strings that,
per #8771, should have been just "/run".

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-01-12 17:38:32 -05:00
Ed Santiago 68ca9066d0 More /var/run -> /run
PR #8851 broke CI: it included "/var/run" strings that,
per #8771, should have been just "/run".

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-01-12 12:38:11 -07:00
OpenShift Merge Robot 265ec914d3
Merge pull request #8950 from mheon/exorcise_driver
Exorcise Driver code from libpod/define
2021-01-12 14:02:32 -05:00
OpenShift Merge Robot db52828621
Merge pull request #8946 from JAORMX/sec-errors
Expose security attribute errors with their own messages
2021-01-12 13:46:29 -05:00
OpenShift Merge Robot b5c8cee932
Merge pull request #8900 from cevich/no_tag_testing
Cirrus: Skip most tests on tag-push
2021-01-12 13:38:59 -05:00
OpenShift Merge Robot db5e7ec4c4
Merge pull request #8947 from Luap99/cleanup-code
Fix problems reported by staticcheck
2021-01-12 13:15:35 -05:00
Matthew Heon befd40b57d Exorcise Driver code from libpod/define
The libpod/define code should not import any large dependencies,
as it is intended to be structures and definitions only. It
included the libpod/driver package for information on the storage
driver, though, which brought in all of c/storage. Split the
driver package so that define has the struct, and thus does not
need to import Driver. And simplify the driver code while we're
at it.

Signed-off-by: Matthew Heon <mheon@redhat.com>
2021-01-12 11:48:53 -05:00
OpenShift Merge Robot 0ccc88813e
Merge pull request #8851 from Luap99/fix-generate-systemd-flag-parsing
Make podman generate systemd --new flag parsing more robust
2021-01-12 11:47:14 -05:00
OpenShift Merge Robot 0532fdac1a
Merge pull request #8923 from Afourcat/master
Adding json formatting to `--list-tags` option in `podman search` command.
2021-01-12 10:29:21 -05:00
Paul Holzinger 8452b768ec Fix problems reported by staticcheck
`staticcheck` is a golang code analysis tool. https://staticcheck.io/

This commit fixes a lot of problems found in our code. Common problems are:
- unnecessary use of fmt.Sprintf
- duplicated imports with different names
- unnecessary check that a key exists before a delete call

There are still a lot of reported problems in the test files but I have
not looked at those.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
2021-01-12 16:11:09 +01:00
Juan Antonio Osorio Robles 020abbfeab Expose security attribute errors with their own messages
This creates error objects for runtime errors that might come from the
runtime. Thus, indicating to users that the place to debug should be in
the security attributes of the container.

When creating a container with a SELinux label that doesn't exist, we
get a fairly cryptic error message:

```
$ podman run --security-opt label=type:my_container.process -it fedora bash
Error: OCI runtime error: write file `/proc/thread-self/attr/exec`: Invalid argument
```

This instead handles any errors coming from LSM's `/proc` API and
enhances the error message with a relevant indicator that it's related
to the container's security attributes.

A sample run looks as follows:

```
$ bin/podman run --security-opt label=type:my_container.process -it fedora bash
Error: `/proc/thread-self/attr/exec`: OCI runtime error: unable to assign security attribute
```

With `debug` log level enabled it would be:

```
Error: write file `/proc/thread-self/attr/exec`: Invalid argument: OCI runtime error: unable to assign security attribute
```

Note that these errors wrap ErrOCIRuntime, so it's still possible to to
compare these errors with `errors.Is/errors.As`.

One advantage of this approach is that we could start handling these
errors in a more efficient manner in the future.

e.g. If a SELinux label doesn't exist (yet), we could retry until it
becomes available.

Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2021-01-12 16:10:17 +02:00
OpenShift Merge Robot 64b86d004e
Merge pull request #8905 from rhatdan/proxy
Use HTTPProxy settings from containers.conf
2021-01-12 08:40:44 -05:00
OpenShift Merge Robot 5575c7be20
Merge pull request #8819 from chen-zhuohan/add-pre-checkpoint
Add pre-checkpoint and restore with previous
2021-01-12 07:57:05 -05:00
OpenShift Merge Robot 1955eee89f
Merge pull request #8933 from giuseppe/use-O_PATH-for-unix-sock
oci: use /proc/self/fd/FD to open unix socket
2021-01-12 07:26:37 -05:00
Giuseppe Scrivano fdbc278868
oci: use /proc/self/fd/FD to open unix socket
instead of opening directly the UNIX socket path, grab a reference to
it through a O_PATH file descriptor and use the fixed size string
"/proc/self/fd/%d" to open the UNIX socket.  In this way it won't hit
the 108 chars length limit.

Closes: https://github.com/containers/podman/issues/8798

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-01-12 10:38:32 +01:00
Daniel J Walsh 1c1e670d40
Use HTTPProxy settings from containers.conf
This PR takes the settings from containers.conf and uses
them.  This works on the podman local but does not fix the
issue for podman remote or for APIv2.  We need a way
to specify optionalbooleans when creating containers.

Fixes: https://github.com/containers/podman/issues/8843

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-01-11 17:35:39 -05:00
OpenShift Merge Robot 5681907314
Merge pull request #8939 from cevich/more_cross_builds
Cirrus: Add cross-compile test for alternative arches
2021-01-11 17:20:37 -05:00
OpenShift Merge Robot a651089263
Merge pull request #8934 from vrothberg/fix-8931
image list: ignore bare manifest list
2021-01-11 17:13:53 -05:00
OpenShift Merge Robot 63d8f535ec
Merge pull request #8917 from mheon/actually_report_play_kube_errors
Ensure that `podman play kube` actually reports errors
2021-01-11 17:06:49 -05:00
OpenShift Merge Robot 20217f5789
Merge pull request #8932 from containers/dependabot/go_modules/github.com/containers/storage-1.24.5
Bump github.com/containers/storage from 1.24.4 to 1.24.5
2021-01-11 16:57:50 -05:00
Chris Evich 1d8b9e944f
Cirrus: Add cross-compile test for alternative arches
Followup to https://github.com/containers/podman/pull/8907 that simply
ensures cross-compiling podman completes.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-01-11 13:46:37 -05:00
Valentin Rothberg 1d7e5227f8 image list: ignore bare manifest list
Handle empty/bare manifest lists when listing images.

Fixes: #8931
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-01-11 19:15:33 +01:00
OpenShift Merge Robot d2503ae99b
Merge pull request #8935 from giuseppe/conmon-keep-LC_
oci: keep LC_ env variables to conmon
2021-01-11 09:49:34 -05:00