Ensure we don't force TLS verification when --tls-verify is set
to false.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #636
Approved by: rhatdan
If a container is already running, and a user asks to start it -a (attach), we should
honor this and attach to the container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #634
Approved by: baude
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
We can read the exit file created by conmon to get the exit code
instead of querying libpod.
Also, do not error on cleanup if the container is already gone,
as a completely removed container is definitely cleaned up.
Resolves: #527
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #632
Approved by: rhatdan
Format the examples in podman-diff.md better.
The description for --type in the inspect docs was slightly different
from that in the inline help.
Also stated what values to use in the Go template for the --format flag.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #620
Approved by: mheon
Sometime podman push local registry still failed caused by the
docker registry is not start yet after sleep 5s in the test.
So add this function to check the container status by its output
and skip the test when the docker registry can not start normally
instead of failed the case.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Add five tests for podman push tests:
- push to docker with authorization
- push to docker-archive
- push to docker-daemon
- push to oci-archive
- push to ostree
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
In the case where you have an image local, if the the user runs
podman pull, we should always attempt to pull an updated image.
Added a forceRemote bool to New (image) so we can differentiate
between "pull" or run because the actions differ. Run does not
need to pull the latest -- only run.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #618
Approved by: baude
We used to not allow the use of -a/-i on containers that were not
started with -i or a tty. Given the improvements in our terminal
handling, this should work now.
This also fixes a systemic problem with the autotests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #617
Approved by: baude
The secrets code was just tarring and copying the contents of the secrets directory on host as is.
This meant it was not accounting for any symlinks inside the directory, leading up to the contents
not being copied over.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #611
Approved by: mheon
Comparing Go interfaces, like io.Reader, to nil does not work. As
such, we need to include a bool with each stream telling whether
to attach to it.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
This allows us to attach to attach to just stdout or stderr or
stdin, or any combination of these.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
We leak open files when creating new c/storage stores (locks do
not close themselves, so the open FDs in the test suite increase
every time we use c/storage to load cached images for the tests).
Fix this temporarily by increasing rlimits on open files until we
can create a permanent fix next release.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #615
Approved by: baude
Until we can handle running containers which use UID/GID mappings, make
sure that we always create containers that use the host mappings.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #609
Approved by: baude
This solves a nasty locking issue with getting the path of
namespaces for dependencies
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #600
Approved by: rhatdan
When a container is transitioning from running to stopped and stats is runnings,
we should not break stats if we are unable to get stats for that container.
Resolves: #598
Signed-off-by: baude <bbaude@redhat.com>
Closes: #599
Approved by: mheon
This patch changes the way the inspect command output is displayed
on the screen when the format is set to JSON.
Note: if the output is redirected to a file the output is *not*
escaped.
For example, before this commit if you run:
$ sudo podman inspect --format "json" daveimg
[
{
...
"Author": "Dave \u003cdave@corp.io\u003e",
}
...
]
with this patch the output will be:
[
{
...
"Author": "Dave <dave@corp.io>",
}
...
]
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
Closes: #602
Approved by: mheon
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
Containers/storage brings in support for UserNS ID Mappings
This means we can start experimenting with User NS Support in
podman
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #596
Approved by: TomSweeneyRedHat
When an image name has no reponames, you should still be able to run it
by ID. When doing so, imageName needs to be set to "" so we don't hit an index
out of range error
Resolves: #587
Signed-off-by: baude <bbaude@redhat.com>
Closes: #593
Approved by: mheon
If sending a signal fails, check if the container is alive. If it
is not, it probably stopped on its own before we could send the
signal, so don't error out.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #591
Approved by: rhatdan
