* Rename id_ to ident, make non-PEP8'ers happier
* Fix bug where port was required on local connections
* Improve error messages for exceptions
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1246
Approved by: rhatdan
Use a pipe instead of a temporary file to load the apparmor profile.
This change has a measurable speed improvement for apparmor users.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1262
Approved by: mheon
Move all Linux-related data under the corresponding buildtags to reduce
the memory footprint and speed up compilation for non-apparmor builds.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1262
Approved by: mheon
If user does not pass in cgroup manager and running in rootless mode,
then we need to force the cgroupfs support until/unless we get support
for rootless systemd support.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1261
Approved by: mheon
when searching multiple registries for images, if we get an error on one
of the searches, we should keep going and complete the search. if there
is only one search registry however, we will return an error.
Resolves: #1255
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1257
Approved by: mheon
Also, don't return the internal podState struct - instead return
a public inspect struct.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1258
Approved by: rhatdan
Currently we add mounts from images, volumes and internal.
We can accidently over mount an existing mount. This patch sorts the mounts
to make sure a parent directory is always mounted before its content.
Had to change the default propagation on image volume mounts from shared
to private to stop mount points from leaking out of the container.
Also switched from using some docker/docker/pkg to container/storage/pkg
to remove some dependencies on Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1243
Approved by: mheon
When doing a podman search, the so-called NAME should be the image's
fully qualified name (not index plus shortname).
```
$ sudo podman search rhel7
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
redhat.com registry.access.redhat.com/rhel7/rhel This platform image provides a minimal runti... 0
redhat.com registry.access.redhat.com/rhel7.0 This platform image provides a minimal runti... 0
redhat.com registry.access.redhat.com/rhel7 This platform image provides a minimal runti... 0
....
```
Resolves: #1208
Resolves: Bugz #1614710
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1253
Approved by: rhatdan
This removes anything but structs and simple accessors from
pod.go itself, which is a target file for FFJSON generation. This
should reduce the amount of times FFJSON needs to run.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1247
Approved by: rhatdan
During refresh, we cannot hard-fail, as that would mean leaving a
partially-configured state behind, leaving libpod unable to start
without manual intervention.
Instead, log errors refreshing individual containers and pods and
continue. Individual containers and pods may be unusable and need
to be removed manually, but libpod itself will continue to
function.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1252
Approved by: rhatdan
When checking if the container has already been removed, use
c.state.HasContainer() instead of the runtime's API to avoid
trying to take the already acquired lock.
Fixes: #1245
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1251
Approved by: baude
If the stdout and stderr are not attach, podman will at least get
a messsage that the container has completed and finish.
This fixes the
`podman run -a stdin fedora true`
Hang issue.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1239
Approved by: mheon
The "unconfined" profile must be treated specially to turn off apparmor
confinement and to avoid applying any other profile.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1241
Approved by: mheon
...and some naming decisions.
This change ensures podman save doesn't incorrectly prepend localhost when saving an image.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1140
Approved by: rhatdan
podman does not support nocopy so remove reference in the man page.
podman build now supports --isolation, so add documentation.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1225
Approved by: TomSweeneyRedHat
Previously all calculations were done based off the container's
start time. Retrieve end time and use it to calculate time
stopped for containers.
Also, convert ps JSON output to report timestamps for create,
start, and stop times.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1228
Approved by: rhatdan
Lookup the current username by UID if the USER env variable is not
set.
Reported in: https://github.com/projectatomic/libpod/issues/1092
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1217
Approved by: rhatdan
