Commit Graph

6355 Commits

Author SHA1 Message Date
OpenShift Merge Robot b8863b260a
Merge pull request #2611 from nalind/buffer-stdin-import
Buffer stdin to a file when importing "-"
2019-03-11 11:08:11 -07:00
Nalin Dahyabhai 135b670a2e Buffer stdin to a file when importing "-"
When importing an image from a file somewhere, we already know how to
download data from a URL to a file, so do the same for stdin, in case
it's unexpectedly large.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2019-03-11 13:33:14 -04:00
Valentin Rothberg 508ab7f565 vendor psgo v1.2
The psgo library now be used concurrently by multiple goroutines without
interferring with another.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2019-03-11 18:05:37 +01:00
OpenShift Merge Robot 6421208e0f
Merge pull request #2583 from giuseppe/rootless-fix-pod-rm
rootless: fix stop and rm when the container is running with uid != 0
2019-03-11 10:01:25 -07:00
OpenShift Merge Robot f5afe88098
Merge pull request #2597 from jwhonce/issue/2016
Initialize field in InfoHost struct
2019-03-11 09:29:19 -07:00
OpenShift Merge Robot 8656d2d887
Merge pull request #2538 from giuseppe/slirp4netns-path
libpod: allow to configure path to the slirp4netns binary
2019-03-11 07:56:50 -07:00
baude 651520389d preparation for remote-client create container
to prepare for being able to remotely run a container, we need to
perform a refactor to get code out of main because it is not
reusable.  the shared location is a good starting spot though
eventually some will likely end up in pkg/spec/ at some point.

Signed-off-by: baude <bbaude@redhat.com>
2019-03-11 09:42:22 -05:00
Jhon Honce 55e24c65ce Initialize field in InfoHost struct
Fixes #2016

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2019-03-11 07:30:32 -07:00
OpenShift Merge Robot 9b42577c32
Merge pull request #2604 from giuseppe/allow-single-mappings
rootless: allow single ID mappings
2019-03-11 07:30:31 -07:00
OpenShift Merge Robot b33a00ef96
Merge pull request #2606 from TomSweeneyRedHat/dev/tsweeney/builddocfix
Remove --rm and --detach don't coexist note
2019-03-11 06:54:40 -07:00
Giuseppe Scrivano af3e73426a
rootless: allow single mappings
we were playing safe and not allowed any container to have less than
65536 mappings.  There are a couple of reasons to change it:

- it blocked libpod to work in an environment where
  newuidmap/newgidmap are not available, or not configured.

- not allowed to use different partitions of subuids, where each user
  has less than 65536 ids available.

Hopefully this change in containers/storage:

https://github.com/containers/storage/pull/303

will make error clearers if there are not enough IDs for the image
that is being used.

Closes: https://github.com/containers/libpod/issues/1651

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 14:38:42 +01:00
TomSweeneyRedHat 3e3fcd5422 Remove --rm and --detach don't coexist note
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>

With later changes of Podman, you can now use both the
--rm and --detach in a single run command.  This PR removes
the documentation in the man pages saying this is not
allowed.

Fixes: #2601
2019-03-11 09:34:30 -04:00
Giuseppe Scrivano 231129e4dc
rootless: fix pod stop|rm if uid in the container != 0
join the user namespace where the pod is running, so that we can both
manage the storage and correctly send the kill signal to a process
which is not running as root in the namespace.

Closes: https://github.com/containers/libpod/issues/2577

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:48:28 +01:00
Giuseppe Scrivano 35432ecaae
rootless: fix rm when uid in the container != 0
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:48:27 +01:00
Giuseppe Scrivano d6ebccf7c2
rootless: disable pod stats
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:48:27 +01:00
Giuseppe Scrivano 4a0fb35335
rootless: do not create automatically a userns for pod kill
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:48:26 +01:00
Giuseppe Scrivano f31ba2929b
rootless: support a custom arg to the new process
let the process running as euid != 0 pass down an argument to the
process running in the user namespace.  This will be useful for
commands like rm -a that needs to join different namespaces, so that
we can re-exec separately for each of them.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:48:25 +01:00
Giuseppe Scrivano e6139b4824
slirp4netns: add builtin DNS server to resolv.conf
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 11:42:01 +01:00
Giuseppe Scrivano e22fc79f39
errors: fix error cause comparison
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 10:08:38 +01:00
Giuseppe Scrivano e02393ba70
libpod: allow to configure path to the network-cmd binary
allow to configure the path to the network-cmd binary, either via an
option flag --network-cmd-path or through the libpod.conf
configuration file.

This is currently used to customize the path to the slirp4netns
binary.

Closes: https://github.com/containers/libpod/issues/2506

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 09:29:04 +01:00
Giuseppe Scrivano 06e444124f
build: honor --net
when --net is specified, pass it down to Buildah.

Depends on: https://github.com/containers/buildah/pull/1395

Closes: https://github.com/containers/libpod/issues/2572

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 09:28:57 +01:00
Giuseppe Scrivano ddcdc0c172
pull: promote debug statement to error
print an error if there is any failure pulling an image.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-11 09:25:40 +01:00
OpenShift Merge Robot 349e691149
Merge pull request #2603 from mheon/misc_pod_fixes
Misc pod fixes
2019-03-11 00:54:38 -07:00
Matthew Heon 54fd1a7bb9 Fix generation of infra container command
When sourcing from an image, we need to grab its entrypoint first
and then add command on to mimic the behavior of Docker.

The default Kube pause image just sets ENTRYPOINT, and not CMD,
so nothing changes there, but this ought to fix other images
(for example, nginx would try to run the pause command instead of
an nginx process without this patch)

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-03-10 14:25:13 -04:00
Matthew Heon eb3dd94159 Remove an unused if statement I added
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-03-10 12:20:04 -04:00
Matthew Heon bb0377eb3d Don't delete another container's resolv and hosts files
The logic of deleting and recreating /etc/hosts and
/etc/resolv.conf only makes sense when we're the one that creates
the files - when we don't, it just removes them, and there's
nothing left to use.

Fixes #2602

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-03-10 12:18:12 -04:00
Matthew Heon 7f0128ac33 Fix a potential segfault during infra container create
I was seeing some segfaults where image config was being passed
as nil, causing a nil dereference segfault. Fix the apparent
cause and add some safety fencing to try and ensure it doesn't
happen again.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2019-03-10 12:14:54 -04:00
OpenShift Merge Robot d95f97a63e
Merge pull request #2516 from rhatdan/secrets
Move secrets package to buildah
2019-03-09 05:11:24 -08:00
OpenShift Merge Robot 68a984a937
Merge pull request #2576 from rhatdan/troubleshooting
Add troublshoot information about SELinux labeling of containers/storage
2019-03-09 05:03:24 -08:00
OpenShift Merge Robot b15273a0ca
Merge pull request #2531 from cevich/rootless_stub
Cirrus: Add dedicated rootless mode testing
2019-03-09 04:15:09 -08:00
OpenShift Merge Robot 720e9c5ab4
Merge pull request #2598 from mheon/crio_umount_is_useless
We don't use crio-umount.conf
2019-03-09 03:30:08 -08:00
Matthew Heon caa8c66a87 We don't use crio-umount.conf
It also causes conflicts with CRI-O packages.

Also, change the path on seccomp.json so it lives in /usr/share
by default, with everything else.

Fixes #2596

Signed-off-by: Matthew Heon <mheon@redhat.com>
2019-03-08 18:22:10 -05:00
OpenShift Merge Robot 9b21f14eef
Merge pull request #2592 from baude/testfixups
test docs fixups
2019-03-08 13:28:43 -08:00
OpenShift Merge Robot f4787aeeb4
Merge pull request #2590 from haircommander/pause_entry_cmd
Default to image entrypoint for infra container
2019-03-08 13:16:38 -08:00
Daniel J Walsh 2f3875d009
Move secrets package to buildah
Trying to remove circular dependencies between libpod and buildah.

First step to move pkg content from libpod to buildah.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-03-08 16:08:44 -05:00
Daniel J Walsh 550f9b1f6f
Add troublshoot information about SELinux labeling of containers/storage
We have some bug reports about people moving containers storage to new
directories and this troubleshooter should help them fix this.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-03-08 16:07:59 -05:00
baude 8a3b45728a test docs fixups
adding some clarification on testing based on tom's input.

Signed-off-by: baude <bbaude@redhat.com>
2019-03-08 14:30:20 -06:00
OpenShift Merge Robot 008aaf7468
Merge pull request #2560 from baude/ginkgoimprovements
ginkgo status improvements
2019-03-08 12:27:20 -08:00
Peter Hunt dff224a205 Default to image entrypoint for infra container
If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease.
Also use process environment variables from image

Signed-off-by: Peter Hunt <pehunt@redhat.com>
2019-03-08 15:15:15 -05:00
baude d5546008ab ginkgo status improvements
a series of improvements to our ginkgo test framework so we can
get better ideas of whats going on when run in CI

Signed-off-by: baude <bbaude@redhat.com>
2019-03-08 13:28:33 -06:00
OpenShift Merge Robot be6ad02049
Merge pull request #2591 from baude/issue2209
podman play kube defaults
2019-03-08 11:24:44 -08:00
OpenShift Merge Robot b3d9540b16
Merge pull request #2589 from baude/issue2171
container runlabel respect $PWD
2019-03-08 11:12:25 -08:00
OpenShift Merge Robot bf8c2096d8
Merge pull request #2588 from giuseppe/rootless-propagate-error-from-info
rootless: propagate errors from info
2019-03-08 11:00:52 -08:00
Giuseppe Scrivano cc411dd98f
rootless: propagate errors from info
we use "podman info" to reconfigure the runtime after a reboot, but we
don't propagate the error message back if something goes wrong.

Closes: https://github.com/containers/libpod/issues/2584

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-03-08 19:42:20 +01:00
baude 754d486da5 podman play kube defaults
if an input YAML file lacks securitycontext and working dir for
a container, we need to be able to handle that.  if no default for
working dir is provided, we use a default of "/".

fixes issue #2209

Signed-off-by: baude <bbaude@redhat.com>
2019-03-08 12:36:25 -06:00
OpenShift Merge Robot 5ae7359184
Merge pull request #2557 from QiWang19/filter2241
fix bug in podman images list all images with same name
2019-03-08 09:23:36 -08:00
OpenShift Merge Robot 5fdb8bfcb3
Merge pull request #2257 from cevich/system_test_beginning
[ci skip] System-test: Begin list of needed high-level tests
2019-03-08 09:13:07 -08:00
baude 24f567a3db container runlabel respect $PWD
When doing environment variable substitution, we need to make sure
$PWD is replaced with the current working directory.

fixes issue #2171

Signed-off-by: baude <bbaude@redhat.com>
2019-03-08 10:32:33 -06:00
OpenShift Merge Robot c4815e8a61
Merge pull request #2569 from giuseppe/rootless-fix-exec-with-user
rootless: exec join the user+mount namespace
2019-03-08 08:22:55 -08:00
OpenShift Merge Robot 90319bcf52
Merge pull request #2586 from mheon/fix_ps_states
Remove 'podman ps' restarting filter and fix stopped
2019-03-08 08:05:45 -08:00