from the clone man page:
On the cris and s390 architectures, the order of the first two
arguments is reversed:
long clone(void *child_stack, unsigned long flags,
int *ptid, int *ctid,
unsigned long newtls);
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1672714
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The Golang standard library implementation of RFC3339Nano will
trim trailing 0s from the nanoseconds portion of timestamps. This
is undesirable for lining everything up nicely during terminal
output. As the Golang developers have not seen fit to give us a
better way, use the one that was proposed on the issue tracker
but rejected.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When we log time timestamps, don't print a new timestamp for each
input - instead, print one at the start of every line, and then
wait until we hit a newline to print a new timestamp.
This still doesn't exactly mirror the Docker behavior (they don't
print until they receive an entire line, while we print any time
the logs file is appended to - so you can see partial lines being
typed in our system). Also, timestamps are recorded as the start
of a line being typed, as opposed to when the enter key is
pressed (on Docker).
(Worth noting that, while characters are printed as they are
typed, logs does respect the backspace key - so you'll also see
them disappear as the person typing realizes they've made a
mistake and retypes their command).
This is the closest we can get to Docker without major surgery on
the Kubernetes log-printing library, so I'm content to call this
an adequate solution.
Signed-off-by: Matthew Heon <mheon@redhat.com>
When writing logs with timestamps to the terminal, ensure that
each line is newline-terminated, so we don't end up with an
unreadable mess with timestamps interspersed with the actual
content being displayed.
Signed-off-by: Matthew Heon <mheon@redhat.com>
* Clean up adapter code
* Add GetContainersByContext to Varlink API
* Add missing comments
* Restore save command
* Restore error type mapping when using varlink
Signed-off-by: Jhon Honce <jhonce@redhat.com>
if any of the mapping tools for setting up the user namespace fail,
then include their output in the error message.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When using a user namespace, we create the mount point under
`mountPrefix` so that the uid != 0 can access that directory.
Change the addFIPSModeSecret code to honor that, and also ensure we
are creating the directories with the right ownership.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
No reason to do it in util/ anymore. It's always going to be a
subdirectory of c/storage graph root by default, so we can just
set it after the return.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
There are some cases where we might not be properly adjusting the
volume path after setting the storage graph root. Ensure that we
always set volume path to be a child of graph root.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
if there is already a bind mount specified for the target, do not
create a new volume.
Regression introduced by 52df1fa7e0
Closes: https://github.com/containers/libpod/issues/2441
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when joining an existing namespace, we were not maintaining the
current working directory, causing commands like export -o to fail
when they weren't referring to absolute paths.
Closes: https://github.com/containers/libpod/issues/2381
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
the remote-client is currently weak for carrying error messages
over the varlink interface and displaying something useful to users
and developers for the purposes of debug. this is a starting point
to improve that user experience.
Signed-off-by: baude <bbaude@redhat.com>
enable the remote client to be able to inspect a pod. also, bonus of
enabling the podman pod exists command which returns a 0 or 1 depending
on whether the given pod exists.
Signed-off-by: baude <bbaude@redhat.com>
Also add some argument checks to the Varlink function to avoid
referencing nil pointers, and complement the API.md descriptions.
The varlink endpoint can be tested via varlink CLI:
$ varlink call -m unix:/run/podman/io.podman/io.podman.SearchImages \
'{"query": "ruby", "limit": 0, "tlsVerify": false, "filter": {}}'
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Refactor the image-search logic from cmd/podman/search.go to
libpod/image/search.go and update podman-search and the Varlink API to
use it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Cockpit team wants to list the registry name where the image was
found.
Also fix up SearchImages code to check if the user specified a registry
in his call to use that rather then all the registries, This matches
podman search command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Cockpit wants to be able to search images on systems without
tlsverify turned on.
tlsverify should be an optional parameter, if not set then we default
to the system defaults defined in /etc/containers/registries.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
OpenShift Merge Robot
Giuseppe Scrivano
Jhon Honce
Matthew Heon
Matthew Heon
baude
Daniel J Walsh
Harald Hoyer
Valentin Rothberg
Sebastian Jug
Peter Hunt