Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup
options in the yaml file. This patch fixes this.
This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if
they are specified in the yaml file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Do not generate an entire `config.Config` for displaying the default
value for the --cgroup-manager flag and just default to systemd. Not
using the `config.Config` is okay as 1) the value may change at runtime
in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly
parse the system config files and to generate the hard-coded default
config, and 3) the log-level and other attributes are not yet set during
init() causing undesirable side effects.
Fixes: #4456
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
change the default on cgroups v2 and create a new cgroup namespace.
When a cgroup namespace is used, processes inside the namespace are
only able to see cgroup paths relative to the cgroup namespace root
and not have full visibility on all the cgroups present on the
system.
The previous behaviour is maintained on a cgroups v1 host, where a
cgroup namespace is not created by default.
Closes: https://github.com/containers/libpod/issues/4363
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Current podman deb package does not install /etc/containers/registries.conf .
The added line is for compatibility of use cases with docker.
Signed-off-by: Jun Aruga <jaruga@redhat.com>
When pulling an unqualified reference (e.g., `fedora`) make sure that
the reference is not using a non-docker transport to avoid iterating
over the search registries and trying to pull from them.
Fixes: #4434
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
If the kube.yaml specifieds the SELinux type or Level, we need the container
to be launched with the correct label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
the pidWaitTimeout is already a Duration so do not multiply it again
by time.Millisecond.
Closes: https://github.com/containers/libpod/issues/4344
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The final versions of the documentation has been shifted from `docs/` to
`docs/build/man`. Most of the Makefile has been changed accordingly, but
the docker documentation generation was not.
Introduced by #4354
Signed-off-by: Morten Linderud <morten@linderud.pw>
The previous link pointed to the Markdown file, but the links are broken on that page. This pull request points to the actual documentation.
Grabbed from @srp33 PR https://github.com/containers/libpod/pull/4407 to help the merge process.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We never verified that the context directory passed into the build
command was a valid directory. When we then slapped a default Containerfile
name onto it, things went south fast if the user had passed us a file and
not a directory.
Fixes: #4383
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Pull in changes to pkg/secrets/secrets.go that adds the
logic to disable fips mode if a pod/container has a
label set.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
change the default to -1, so that we can change the semantic of
"--tail 0" to not print any existing log line.
Closes: https://github.com/containers/libpod/issues/4396
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>