These are only used on OS X Docker, and ignored elsewhere - but
since they are ignored, they're guaranteed to be safe everywhere,
and people are using them.
Fixes: #3340
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
it creates a namespace where the current UID:GID on the host is mapped
to the same UID:GID in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We were always raising an error when the rootless user attempted to
setup resources, but this is not the case anymore with cgroup v2.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
split the generation for the default storage.conf and when we write it
if not existing for a rootless user.
This is necessary because during the startup we might be overriding
the default configuration through --storage-driver and --storage-opt,
that would not be written down to the storage.conf file we generated.
Closes: https://github.com/containers/libpod/issues/2659
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when the fallback is in place, the first user creating /tmp/user/$EUID
prevents other users for creating other directories since /tmp/user is
created with mode 0700.
Since there is no way for an unprivileged user to initialize the
/tmp/user directory correctly (we would need it to be owned by root
with the sticky bit set), let's just use /tmp/libpod-rundir-$EUID.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In lipod, we now log major events that occurr. These events
can be displayed using the `podman events` command. Each
event contains:
* Type (container, image, volume, pod...)
* Status (create, rm, stop, kill, ....)
* Timestamp in RFC3339Nano format
* Name (if applicable)
* Image (if applicable)
The format of the event and the varlink endpoint are to not
be considered stable until cockpit has done its enablement.
Signed-off-by: baude <bbaude@redhat.com>
No reason to do it in util/ anymore. It's always going to be a
subdirectory of c/storage graph root by default, so we can just
set it after the return.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
There are some cases where we might not be properly adjusting the
volume path after setting the storage graph root. Ensure that we
always set volume path to be a child of graph root.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Due to our unconditionally setting some storage options, we
are not always reading storage options from storage.conf. This
can lead to some fields in the storage config (most notably extra
storage options) being ignored, despite being set in
storage.conf.
Resolve this by unconditionally refreshing our storage config
from storage.conf (this was previously only done for rootless
Podman)
Fixes#2217
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
For rootless Podman, if storage.conf exists but does not specify
one or both of RunRoot and GraphRoot, set them to rootless
defaults so we don't end up with an unusable configuration.
Fixes#2125
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Users have no idea what storage configuration file is used to setup
storage, so adding this to podman info, should make it easier to
discover.
This requires a revendor of containers/storage
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
ParseIDMap function was extracted to idtools in
https://github.com/containers/storage/pull/236
it is already used in containers/storage and buildah, it should be used in
libpod as well.
Signed-off-by: Šimon Lukašík <isimluk@fedoraproject.org>
Add support for podman volume and its subcommands.
The commands supported are:
podman volume create
podman volume inspect
podman volume ls
podman volume rm
podman volume prune
This is a tool to manage volumes used by podman. For now it only handle
named volumes, but eventually it will handle all volumes used by podman.
Signed-off-by: umohnani8 <umohnani@redhat.com>
We don't need this for anything more than rootless work in Libpod
now, but Buildah still uses it as it was originally written, so
leave it intact as part of our API.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Previous commits ensured that we would use database-configured
paths if not explicitly overridden.
However, our runtime generation did unconditionally override
storage config, which made this useless.
Move rootless storage configuration setup to libpod, and change
storage setup so we only override if a setting is explicitly
set, so we can still override what we want.
Signed-off-by: Matthew Heon <mheon@redhat.com>
do not store the entire file but only the subset of what we have
modified. Also, we were not writing the correct data. Since it is
not trivial to serialize storage.conf correctly and all the various
supported options, serialize only what we care about.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
If fuse-overlayfs is present, rootless containers default to use it.
This can still be overriden either via the command line with
--storage-driver or in the ~/.config/containers/storage.conf
configuration file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
we are currently using something like /run/user/UID/run as runroot, as
it is already done by Buildah. This ends up with
/run/user/UID/run/runc for the runc directory. Change to drop the
additional /run so that runc will use /run/user/UID/runc.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We need to map slices set for both UID and GID maps to be equivalent if
not specified by user. Currently if you do not specify both the containers
are not running.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #865
Approved by: baude
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
This represents the stage3 implementation for the image library. At this point, we
are moving the image-centric functions to pkg/image including migration of args and
object-oriented references. This is a not a one-for-one migration of funcs and some
funcs will need to continue to reside in runtime_img as they are overly specific to
libpod and probably not useful to others.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #484
Approved by: baude
