Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.
Depends on: https://github.com/opencontainers/runc/pull/1832
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
Fix the test for checking when /sys must be bind mounted from the
host. It should be done only when userNS are enabled (the
!UsernsMode.IsHost() check is not enough for that).
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1349
Approved by: rhatdan
Also it fix the issue of exposing both tc/udp port even if
only one proto specified.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Closes: #1325
Approved by: mheon
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Devices are supposed to be able to be passed in via the form of
--device /dev/foo
--device /dev/foo:/dev/bar
--device /dev/foo:rwm
--device /dev/foo:/dev/bar:rwm
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1299
Approved by: umohnani8
Do not set any hostname value in the OCI configuration when --uts=host
is used and the user didn't specify any value. This prevents an error
from the OCI runtime as it cannot set the hostname without a new UTS
namespace.
Differently, the HOSTNAME environment variable is always set. When
--uts=host is used, HOSTNAME gets the value from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1280
Approved by: baude
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
Hostname should be set to the hosts hostname when network is none.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1274
Approved by: giuseppe
If more than one volume was mounted using the --volume flag in
podman run, the second and onwards volumes were picking up options
of the previous volume mounts defined. Found out that the options were
not be cleared out after every volume was parsed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1142
Approved by: mheon
This is a refresh of Dan William's PR #974 with a rebase and proper
vendoring of ocicni and containernetworking/cni. It adds the ability
to define multiple networks as so:
podman run --network=net1,net2,foobar ...
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1082
Approved by: baude
podman now supports --volumes-from flag, which allows users
to add all the volumes an existing container has to a new one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #931
Approved by: mheon
b96be3af (changes to allow for darwin compilation, 2018-06-20, #1015)
made AddPrivilegedDevices per-platform and cc6f0e85 (more changes to
compile darwin, 2018-07-04, #1047) made CreateBlockIO per-platform.
But both left but left out docs for the unsupported version [1]:
pkg/spec/config_unsupported.go:18:1⚠️ exported method
CreateConfig.AddPrivilegedDevices should have comment or be
unexported (golint)
pkg/spec/config_unsupported.go:22:1⚠️ exported method
CreateConfig.CreateBlockIO should have comment or be unexported
(golint)
To keep the docs DRY, I've restored the public methods and their docs,
and I've added new, internal methods for the per-platform
implementations.
[1]: https://travis-ci.org/projectatomic/libpod/jobs/400555937#L160
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
this should represent the last major changes to get darwin to **compile**. again,
the purpose here is to get darwin to compile so that we can eventually implement a
ci task that would protect against regressions for darwin compilation.
i have left the manual darwin compilation largely static still and in fact now only
interject (manually) two build tags to assist with the build. trevor king has great
ideas on how to make this better and i will defer final implementation of those
to him.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1047
Approved by: rhatdan
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
Catching up with opencontainers/runtime-tools@84a62c6a (generate: Move
Generator.spec to Generator.Config, 2016-11-06, #266, v0.6.0), now
that we've bumped runtime-tools in f6c0fc1a (Vendor in latest
runtime-tools, 2018-06-26, #1007).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1008
Approved by: mheon
When running podman as non root user always create an userNS and let
the OCI runtime use it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #936
Approved by: rhatdan
Everytime we add a new option for create, we end up having to also
add it to run, this makes it error prone. Moving these to the same
function makes it easier to develop and prevents user mistakes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #975
Approved by: mheon
The default /dev/pts has the option gid=5 that might not be mapped in
the rootless case.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #871
Approved by: mheon
Also add annotations from the image the container was created
from.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #886
Approved by: rhatdan
Currently we are giving all caps to users when running with podman run --user,
They should get none by default. If the command line includes --cap-add, then
we need to run with those capabilties. Similarly we need to drop caps from
bounding set, if user specifies --cap-drop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #851
Approved by: mheon
Giuseppe Scrivano
Kunal Kushwaha
haircommander
Daniel J Walsh
umohnani8
baude
W. Trevor King
Matthew Heon
Jhon Honce