be sure there are no bits in the umask that prevent us for creating
directories with mode 0755. Set the umask very early in the program
startup.
Closes: https://github.com/containers/libpod/issues/2074
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Do not try to login with existing credentials when the user specifies a
username or password on the CLI.
* Improve error messages.
* Use specified tls-verify switch and cert-dir for all requests.
Fixes: #2092
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This should improve the speed of podman build.
Has fixes from containres/image for parallell pull.
Also vendor containers/storage and containers/image
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch makes the path unigue to each UID.
Also cleans up some return code to return the path it is trying to lock.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Updating the vendor or runc to pull in some fixes that we need.
In order to get this vendor to work, we needed to update the vendor
of docker/docker, which causes all sorts of issues, just to fix
the docker/pkg/sysinfo. Rather then doing this, I pulled in pkg/sysinfo
into libpod and fixed the code locally.
I then switched the use of docker/pkg/sysinfo to libpod/pkg/sysinfo.
I also switched out the docker/pkg/mount to containers/storage/pkg/mount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when using container runlabel, if a --name is not provided, we must
deduce the container name from the base name of the image to maintain
parity with the atomic cli.
fixed small bug where we split the cmd on " " rather than using fields could
lead to extra spaces in command output.
Signed-off-by: baude <bbaude@redhat.com>
The limit of build_each_commit seems to be 17 commits - any more
and it times out. Give it a bit more time to work with.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Don't initialize the lock manager until almost the end of libpod
init, so we can guarantee our tmp dir is properly set up and
exists. This wasn't an issue on systems that had previously run
Podman, but CI caught it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
It's impossible to get good debug out of the python tests, so
nuke them for now so I can figure out what's wrong.
DO NOT MERGE THIS COMMIT
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This will hopefully help cases where libpod is initialized
multiple times on the same system (as on our CI tests).
We still run into potential issues where multiple Podmans with
multiple tmp paths try to run on the same system - we could end
up thrashing the locks.
I think we need a file locks driver for situations like that. We
can also see about storing paths in the SHM segment, to make sure
multiple libpod instances aren't using the same one.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Remove runtime's lockDir as it is no longer needed after the lock
rework.
Add a trivial in-memory lock manager for unit testing
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Golint wants to rename the struct. I think the name is fine. I
can disable golint. Golint will no longer complain about the
name.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Move SHM specific code into a subpackage. Within the main locks
package, move the manager to be linux-only and add a non-Linux
unsupported build file.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Check value of semaphores when incrementing to ensure we never go
beyond 1, preserving mutex invariants.
Also, add cleanup code to the lock tests, ensuring that we never
leave the locks in a bad state after a test. We aren't destroying
and recreating the SHM every time, so we have to be careful not
to leak state between test runs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonitFixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
vendor in latest containers/storage which contains a fix for when
a filesystem that overlayfs is on is ENOSPC.
adding pgzip/compress as a new dep for c/s
Signed-off-by: baude <bbaude@redhat.com>
Currently completions do not work. podman generate kube and podman play kube
completions broke this.
Also fixed podman import to work properly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Overriding storage.conf is not intuitive behavior, so pop up an
error message when it happens, so people know that bad things are
happening.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Runc does not produce helpful error messages when the container's
command is not found, so print the command ourselves.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Casting integers to strings is definitely not correct, so let the
standard library handle matters.
Fixes#2066
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
A common failure with people building container images is the
creation of large sparse files, particularly useradd creating
the lastlog file.
This PR Documents the failures.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
OpenShift Merge Robot
Giuseppe Scrivano
Valentin Rothberg
Daniel J Walsh
Matthew Heon
Chris Evich
baude
Matthew Heon
TomSweeneyRedHat