I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
Fixes to podman build for unknown image and ADD with url
when doing --layers.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1330
Approved by: mheon
As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
This results in some functionality changes:
If a ErrCtrStateInvalid is returned to GetPodStats, the container is ommitted from the stats.
As such, if an empty slice of Container stats are returned to GetPodStats in varlink, an error will occur.
GetContainerStats will return the ErrCtrStateInvalid as well.
Finally, if ErrCtrStateInvalid is returned to the podman stats call, the container will be ommitted from the stats.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1319
Approved by: baude
remove slirp4netns as hard dep as it isn't available on rhel7.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Closes: #1328
Approved by: baude
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
We need a useradd binary in the container for this test, so swap
from Alpine to fedora-minimal.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
Runc exec expects the --user flag to be formatted as UID:GID.
Use chrootuser code to translate whatever user is passed to exec
into this format.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1315
Approved by: vrothberg
When a non-nil process was used and a hook was set to match
always, this would not actually match. Fix this.
Fixes: #1308
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1311
Approved by: rhatdan
Change from an external patched branch to the upstream master. The
vendored code is indentical to the previous one.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1310
Approved by: mheon
Devices are supposed to be able to be passed in via the form of
--device /dev/foo
--device /dev/foo:/dev/bar
--device /dev/foo:rwm
--device /dev/foo:/dev/bar:rwm
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1299
Approved by: umohnani8
This ensures that we can still use Podman even if a container or
pod with bad config JSON makes it into the state. We still can't
remove these containers, but at least we can do our best to make
things usable.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1294
Approved by: rhatdan
We want to add the latest support for COPY --chown UID:GID.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1289
Approved by: TomSweeneyRedHat
I think a created container which was never run will have no size struct
we should just return 0
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1288
Approved by: TomSweeneyRedHat
Currently if the socket was never started you get an error about
the service being started. But if the service was started and later
stopped, you get a useless error.
This change causes the error to always be the same for connection refused.
The error message was also repeating the address twice which looked bad.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1287
Approved by: baude
Do not set any hostname value in the OCI configuration when --uts=host
is used and the user didn't specify any value. This prevents an error
from the OCI runtime as it cannot set the hostname without a new UTS
namespace.
Differently, the HOSTNAME environment variable is always set. When
--uts=host is used, HOSTNAME gets the value from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1280
Approved by: baude
To better reflect it's usage: to share functions between podman and varlink.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1275
Approved by: mheon
