Add the endpoint and methods for build so users can build an image
with varlink. build can also use the more method for streaming
output back more regularily; however, it looks like a bug in buildah
does not output all build output to the writer provided.
Tidy up some create fixes and add endpoint for GetImage requested by
jhonce.
Signed-off-by: baude <bbaude@redhat.com>
when obtaining the inspect information for a container through varlink, we need
to extract more container related information by parsing the data through the
method 'GetCtrInspectInfo' which was previously only in podman's main.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #866
Approved by: rhatdan
I'd been getting the failed-to-reap errors locally, but on an
unrelated pull-request the FAH27 suite successfully reaped that hook
[1]:
--- FAIL: TestRunKillTimeout (0.50s)
assertions.go:226:
Error Trace: exec_test.go:210
Error: Expect "signal: killed" to match "^failed to reap process within 0s of the kill signal$"
FAIL
The successful-reap cases limit our coverage, but I don't think that's
a big enough problem to be worth repeated polling or similar until we
do get the failed-to-reap error.
[1]: 96c1535fdc.0.1527811547665239762/output.log
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #868
Approved by: rhatdan
Matthew had expressed interest in a lovely release script on IRC.
Here's my attempt to encode the changes from the v0.5.4 release
branch. I've also added tag signing, so you may be prompted for your
passphrase during that step.
The version scheme for 0.x.y is 0.${month}.${count_that_month} [1].
We could automatically calculate those with a dozen or so lines of
shell script, but we don't think that's worth the maintenance burden
when it's easy enough for the caller to think them up on their own
[2].
The spec sed also bumps the Python package version to match, which
seems like the intended behavior until 1.0 when the Python code will
move into its own repository [3].
[1]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393731907
[2]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393743295
[3]: https://github.com/projectatomic/libpod/issues/786#issuecomment-390682012
Signed-off-by: W. Trevor King <wking@tremily.us>
We need to map slices set for both UID and GID maps to be equivalent if
not specified by user. Currently if you do not specify both the containers
are not running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #865
Approved by: baude
when there are no registries configured for the system and the user provided
a short image name, we panic'd due a logic bug in recent image pull changes.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #841
Approved by: rhatdan
This wraps os/exec to:
* Clear the environment when the hook doesn't set 'env'. The runtime
spec has [1]:
> * env (array of strings, OPTIONAL) with the same semantics as IEEE
> Std 1003.1-2008's environ.
And running execle or similar with NULL env results in an empty
environment:
$ cat test.c
#include <unistd.h>
int main()
{
return execle("/usr/bin/env", "env", NULL, NULL);
}
$ cc -o test test.c
$ ./test
...no output...
Go's Cmd.Env, on the other hand, has [2]:
> If Env is nil, the new process uses the current process's environment.
This commit works around that by setting []string{} in those cases
to avoid leaking the runtime environment into the hooks.
* Roll the 'timeout' value (if set) into the passed context. There's
no need for two separate ways to cancel hook execution.
* Add a configurable timeout on abandoning a post-kill wait. The
waiting goroutine will continue and eventually reap the process, but
this avoids blocking the Run() call when that takes inordinately
long (for example, if a GPU cleanup hook is stuck in I/O sleep [3]).
The 'env' output format is specified in POSIX [4].
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.1/config.md#posix-platform-hooks
[2]: https://golang.org/pkg/os/exec/#Cmd
[3]: https://github.com/projectatomic/libpod/pull/857#discussion_r192191002
[4]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/env.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #857
Approved by: mheon
There was a new line at the end of does not exist
which was causing this to fail.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #863
Approved by: baude
To more clearly distinguish between the extensionStages input to New()
(a slice of strings) and the map output from Hooks().
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #855
Approved by: rhatdan
If SELinux is enabled, we are leaking in pipes into the container
owned by conmon. The container processes are not allowed to use
these pipes, if the calling process is fully ranged. By changing
the level of the conmon process to s0, this allows container processes
to use the pipes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #854
Approved by: mheon
Currently we are giving all caps to users when running with podman run --user,
They should get none by default. If the command line includes --cap-add, then
we need to run with those capabilties. Similarly we need to drop caps from
bounding set, if user specifies --cap-drop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #851
Approved by: mheon
For two reasons:
* When a system is missing python3, we don't need to spam them with
"Command not found" in their stderr.
* Without the redirect, GNU Make (at least version 4.2.1) is overly
clever and tries to invoke the command itself, not realizing that
it's a shell builtin [1].
$ make --version
GNU Make 4.2.1
Built for aarch64-unknown-linux-gnu
Copyright (C) 1988-2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ cat Makefile
PYTHON3_A := $(shell command -v python3)
PYTHON3_B := $(shell command -v python3 2>/dev/null)
test:
@echo "SHELL: '$(SHELL)'"
@echo "PYTHON3_A: '$(PYTHON3_A)'"
@echo "PYTHON3_B: '$(PYTHON3_B)'"
$ make
make: command: Command not found
SHELL: '/bin/sh'
PYTHON3_A: ''
PYTHON3_B: '/usr/bin/python3'
By adding the redirect we actually hit the shell and can
successfully invoke command.
[1]: https://stackoverflow.com/a/17550243
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #856
Approved by: rhatdan
we cannot set additional ports on an existing container namespace, so we should
not allow --network=container with publish or publish-all.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #853
Approved by: baude
When running podman ps or podman images, the containers and images should
be sorted by newest to oldest.
Resolves: #830
Signed-off-by: baude <bbaude@redhat.com>
Closes: #848
Approved by: mheon
Format md files to work properly when converted to man pages.
Add sed command to cleanup table in podman man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #842
Approved by: mheon
Now that we make the varlink .go file on the fly, we need to have the
spec call go generate on it to build properly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #843
Approved by: baude
buildah fixed its probelm where it was not pulling in
the ENV of the base image. This pulls that change into
libpod as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #832
Approved by: mheon
The OCI runtime spec does not require Process to be passed (IE,
it can be nil). Make most of our references to it conditional on
it existing.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #828
Approved by: mheon
The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #819
Approved by: rhatdan
- Added alias 'container()' to image model for CreateContainer()
- Fixed return in containers_create.go to wrap error in varlink
exception
- Added a wait time to container.kill(), number of seconds to wait
for the container to change state
- Refactored cached_property() to use system libraries
- Refactored tests to speed up performance
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #821
Approved by: rhatdan
- Updated some tests due to slippage between tests and code
- Skipped tests will be reinstated in a separate PR
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #825
Approved by: rhatdan