profile
viewpoint
Daniel J Walsh rhatdan Red Hat Westford MA http://danwalsh.livejournal.com Mr SELinux, Distinguished Engineer at Red Hat. Work on OCI Container Runtimes: CRI-O, Podman, Skopeo, Buildah projects, buildah, containers/image & storage

containers/libpod 4050

libpod is a library used to create container pods. Home of Podman.

containers/buildah 2729

A tool that facilitates building OCI images

containers/skopeo 1929

Work with remote images registries - retrieving information, images, signing content

containers/podman-compose 637

a script to run docker-compose.yml using podman

containers/fuse-overlayfs 121

FUSE implementation for overlayfs

containers/container-selinux 94

SELinux policy files for Container Runtimes

containers/podman.io 83

Repository for podman.io website using GitHub Pages.

opencontainers/selinux 78

common selinux implementation

projectatomic/oci-systemd-hook 45

OCI hook to enable running systemd in a container

containers/psgo 25

A ps(1) AIX-format compatible golang library

issue commentcontainers/conmon

Any Statically Linked Pre-Complied Binaray for Download?

Please open a PR to make this happen.

hswong3i

comment created time in 15 hours

push eventrhatdan/libpod

Sascha Grunert

commit sha 1cdaf45d053caccd3aeebfe2d23df3aa6f2097c5

Add history names to image inspect data During writing the tests I found it would be probably useful to have the tag history part of the inspect data. Signed-off-by: Sascha Grunert <sgrunert@suse.com>

view details

Ed Santiago

commit sha 3467f24fce1f9919b9efde5a9e755f2e167bc972

zsh completion: ignore multi-line output in Flags PR #4475 introduced an interesting twist on --help: a help string that spans multiple lines. This broke zsh completion. I'm not keen on that multi-line output, but it shouldn't break completion. Fix is simple: look only for flag lines beginning with '-', filter out anything else. Fixes: #4738 Signed-off-by: Ed Santiago <santiago@redhat.com>

view details

Daniel J Walsh

commit sha 6dfffa92d93444cc9207e0ab68d3577347e11984

Update containers/storage to v1.15.4 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

baude

commit sha 4f09cfdaccfdd0f1deb01e52c7e1b18a9cec7d49

add struct response for removal of images when removing an image from storage, we should return a struct that details what was untagged vs deleted. this replaces the simple println's used previously and assists in API development. Signed-off-by: baude <bbaude@redhat.com>

view details

OpenShift Merge Robot

commit sha 9bf7315882dd6565e43754d1d7ab7cfa44b00820

Merge pull request #4697 from rhatdan/context Set contextdir to current PWD if user did not specify a context dir.

view details

OpenShift Merge Robot

commit sha d43bff7cc6484927487ded4246e7625c8b42b5e8

Merge pull request #4740 from edsantiago/zsh_completion_flagfix zsh completion: ignore multi-line output in Flags

view details

OpenShift Merge Robot

commit sha d62fce0c873bdd1341af15eba4418ff83af7edba

Merge pull request #4743 from baude/imageresponse add struct response for removal of images

view details

OpenShift Merge Robot

commit sha c759c3f78dcbbf5dec462a863ad25cd41a1707b7

Merge pull request #4742 from rhatdan/vendor Update containers/storage to v1.15.4

view details

Matthew Heon

commit sha 25860df8785c6d51ced8320ec6d0d9620171bdb9

The --quiet flag does not conflict with templates in ps To match Docker behavior, make `--quiet` and `--format` with a Go template not conflict. Instead, just turn off `--quiet` in such cases, as we'll be using Go template output instead. Signed-off-by: Matthew Heon <matthew.heon@pm.me>

view details

Ed Santiago

commit sha 40f55ca3fe06d2e5d0232c1f07911ea728fd1bc1

signal parsing - better input validation The helper function we use for signal name mapping does not check for negative numbers nor invalid (too-high) ones. This can yield unexpected error messages: # podman kill -s -1 foo ERRO[0000] unknown signal "18446744073709551615" This PR introduces a small wrapper for it that: 1) Strips off a leading dash, allowing '-1' or '-HUP' as valid inputs; and 2) Rejects numbers <1 or >64 (SIGRTMAX) Also adds a test suite checking signal handling as well as ensuring that invalid signals are rejected by the command line. Fixes: #4746 Signed-off-by: Ed Santiago <santiago@redhat.com>

view details

OpenShift Merge Robot

commit sha 55922e36707347d5db7182cda3d820e4bd85968d

Merge pull request #4751 from mheon/quiet_template_noconflict The --quiet flag does not conflict with templates in ps

view details

OpenShift Merge Robot

commit sha 269b17349631e260cafda2a607c0650299705394

Merge pull request #4749 from edsantiago/parse_and_validate_signal signal parsing - better input validation

view details

Neville Cain

commit sha 2a5c235f789e866cb2c1d0fd54cc23c13bc1fc69

Ensure SizeRw is shown when a user does 'inspect --size -t container'. Currently, if a user requests the size on a container (inspect --size -t container), the SizeRw does not show up if the value is 0. It's because InspectContainerData is defined as int64 and there is an omit when empty. We do want to display it even if the value is empty. I have changed the type of SizeRw to be a pointer to an int64 instead of an int64. It will allow us todistinguish the empty value to the missing value. I updated the test "podman inspect container with size" to ensure we check thatSizeRw is displayed correctly. Closes #4744 Signed-off-by: NevilleC <neville.cain@qonto.eu>

view details

Neville Cain

commit sha 8bc394ce6ec597f3c5bfb0fab5eb39b51afbe67d

Add the pod name when we use `podman ps -p` The pod name does not appear when doing `podman ps -p`. It is missing as the documentation says: -p, --pod Print the ID and name of the pod the containers are associated with The pod name is added in the ps output and checked in unit tests. Closes #4703 Signed-off-by: NevilleC <neville.cain@qonto.eu>

view details

Neville Cain

commit sha 644132419219404edecbdc62ab4abd9a6f2344c6

Ensure 'make uninstall' remove bin and conf files. I updated the 'make uninstall' command to remove: 1. podman and remote bin 2. cni/net.d/87-podman-bridge.conflist 3. podman.conf 4. systemd conf files: io.podman.socket.* Closes #4572 Signed-off-by: Neville Cain <neville.cain@qonto.eu>

view details

OpenShift Merge Robot

commit sha 24b4921508be011b8fc4707d262116f77c8a176b

Merge pull request #4753 from NevilleC/nc-missingsize Ensure SizeRw is shown when a user does 'inspect --size -t container'.

view details

Ed Santiago

commit sha 0f78f345d9b063987fc14685a13898191e6f1304

Fix race condition in kill test leading to hang When you open a FIFO for reading, but there's no writer, you hang. This is just one of those obscure UNIXisms we all know but just forget all too often. My last PR was guilty of introducing such a condition; I caught it by accident while testing other stuff. In short, the signal container was doing 'echo DONE' as its last step, and we (BATS) were reading the FIFO to check for it; but if the container exited before we opened the FIFO for read, the open would hang. This is not a hang that we can catch in the test: it would hang the entire job forever. CI would presumably time out eventually, but with no useful indication of the cause of the error. Solution: use 'exec' to open the FIFO early and keep it open, and use 'read -u FD' instead of 'read <$fifo': the former reads from an open FD, the latter forces a new open() each time. There is a shorter, more maintainable solution -- see #4755 -- but that suffers from the same hanging problem in the (unlikely) case where the signal-handling container exits, e.g. if signal handling is broken in podman. The test would hang, with no helpful indicator. Although this PR is a little more advanced scripting, I have commented the relevant code well and believe the maintenance cost is worth the risk of undebuggable hangs. There is still a hang risk: if 'podman logs -f' fails and exits immediately, the 'exec' will hang. I can't think of a non-racy way to prevent that, and choose to live with that risk. Tested by temporarily including 9 (SIGKILL) in the signals list. The read timeout triggers, and the end user has a fair chance of tracking down the root cause. Signed-off-by: Ed Santiago <santiago@redhat.com>

view details

OpenShift Merge Robot

commit sha 6897a1f5c2b9f4b5e897b5461e632d6f6ab128c6

Merge pull request #4754 from NevilleC/nc-improvemakeuninstall Ensure 'make uninstall' removes bin and conf files.

view details

OpenShift Merge Robot

commit sha fa551fd16d20d8a427cb988feb8428c91827a21d

Merge pull request #4756 from edsantiago/fix_kill_test_hang_safely Fix race condition in kill test leading to hang

view details

OpenShift Merge Robot

commit sha 9e03aa14b63f9351926071ba0a8b7064154cb0fe

Merge pull request #4748 from NevilleC/nc-podname [Issue #4703] Add the pod name when we use `podman ps -p`

view details

push time in 17 hours

PR opened containers/libpod

Update vendor of buildah and containers/common

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

+805 -795

0 comment

48 changed files

pr created time in 17 hours

push eventcontainers/buildah

Sascha Grunert

commit sha c0eed1c463426bf6a7d09523187cec1bcbf0795b

Improve remote manifest retrieval Before this patch, it was not possible to retrieve a remote manifest just by specifying the image name, like: ``` > buildah manifest inspect alpine Invalid image name "alpine", expected colon-separated transport:reference ``` It was possible to get the manifest via: ``` > buildah manifest inspect docker://alpine … ``` But after pulling the image into the local storage, this works not any more: ``` > buildah pull alpine e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a > buildah manifest inspect docker://alpine manifest from image … is of type "application/vnd.docker.distribution.manifest.v2+json", which is not a list type ERRO exit status 1 ``` This means we now collect a list of possible local or remote manifests and try to resolve them sequentially. This enables us to fallback to the remote location if the locally fetched manifest is not an actual manifest. It also enables us to see the remote manifest via: ``` > ./buildah manifest inspect alpine { … } ``` Signed-off-by: Sascha Grunert <sgrunert@suse.com>

view details

Daniel J Walsh

commit sha 002dffb8d2cb7bd22d8adba9827e93c8a1d84d2b

Merge pull request #2174 from openSUSE/remote-manifests Improve remote manifest retrieval

view details

push time in 17 hours

PR merged containers/buildah

Reviewers
Improve remote manifest retrieval

Before this patch, it was not possible to retrieve a remote manifest just by specifying the image name, like:

> buildah manifest inspect alpine
Invalid image name "alpine", expected colon-separated transport:reference

It was possible to get the manifest via:

> buildah manifest inspect docker://alpine
…

But after pulling the image into the local storage, this works not any more:

> buildah pull alpine
e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a
> buildah manifest inspect docker://alpine
manifest from image … is of type
"application/vnd.docker.distribution.manifest.v2+json", which
is not a list type
ERRO exit status 1

This means we now collect a list of possible local or remote manifests and try to resolve them sequentially. This enables us to fallback to the remote location if the locally fetched manifest is not an actual manifest. It also enables us to see the remote manifest via:

> ./buildah manifest inspect alpine
{
    …
}
+75 -14

11 comments

2 changed files

saschagrunert

pr closed time in 17 hours

push eventcontainers/buildah

Daniel J Walsh

commit sha bb781cf238ae0dc34098278f2aa63a20ee49886a

Update to containers/common v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha f833737fb2bbda09aba3432436323dce6d7cafdf

Merge pull request #2180 from rhatdan/vendor Update to containers/common v0.4.0

view details

push time in 17 hours

PR merged containers/buildah

Update to containers/common v0.4.0

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

+3451 -1145

2 comments

98 changed files

rhatdan

pr closed time in 17 hours

pull request commentcontainers/buildah

Update to containers/common v0.4.0

/retest

rhatdan

comment created time in a day

pull request commentcontainers/buildah

Improve remote manifest retrieval

bors retry bors you have one more chance.

saschagrunert

comment created time in a day

pull request commentcontainers/libpod

add more image tests for go bindings

/lgtm /hold

baude

comment created time in a day

pull request commentcontainers/libpod

[WIP] test rootless_storage_path from storage.conf

We could bind mount over it, or maybe we just add an environment variable into libpod and test with that.

QiWang19

comment created time in a day

push eventrhatdan/buildah

Daniel J Walsh

commit sha bb781cf238ae0dc34098278f2aa63a20ee49886a

Update to containers/common v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

push eventcontainers/buildah

Nalin Dahyabhai

commit sha 6d7ab38f33edb9ab87a290a0c68cfd27b55b061f

Check for .dockerignore specifically When generating the list of exclusions to process .dockerignore contents, don't include .dockerignore if we don't have a .dockerignore file in the context directory. That way, if the file doesn't exist, and the caller didn't pass in any patterns, we get no patterns instead of just one ".dockerignore" pattern, and we can hit the faster copy path. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2072 Approved by: giuseppe

view details

Nalin Dahyabhai

commit sha f999964084ce75c833b0cffd17fb09b947dad506

copyFileWithTar: close source files at the right time Close source files after we've finished reading from them, rather than leaving it for later. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2072 Approved by: giuseppe

view details

Daniel J Walsh

commit sha 5608d26ecb0a65b991a9dc9e669056dba8732a42

Merge pull request #2181 from nalind/release-1.11-rhel-copy [release-1.11-rhel] check for .dockerignore specifically

view details

push time in a day

PR merged containers/buildah

[release-1.11-rhel] check for .dockerignore specifically

This PR pulls in two changes that landed between v1.13.0 and v1.13.1, originally as part of #2072.

  • When generating the list of exclusions to process .dockerignore contents, don't include .dockerignore if we don't have a .dockerignore file in the context directory. That way, if the file doesn't exist, and the caller didn't pass in any patterns, we get no patterns instead of just one ".dockerignore" pattern, and we can hit the faster copy path.
  • When copying, close source files after we've finished reading from them, rather than leaving it for later.
+11 -8

4 comments

2 changed files

nalind

pr closed time in a day

pull request commentcontainers/buildah

[release-1.11-rhel] check for .dockerignore specifically

Not living in bors hell tonight.

nalind

comment created time in a day

Pull request review commentopencontainers/selinux

Translation support and CreateContext

 func CanonicalizeContext(val string) (string, error) { 	return readWriteCon(filepath.Join(getSelinuxMountPoint(), "context"), val) } +/*+CreateContext requests the type transition from source to target for class  from the kernel.

This seems badly named.

jbrindle

comment created time in a day

Pull request review commentopencontainers/selinux

Translation support and CreateContext

+// +build selinux,linux++package labeltrans++import (+	"fmt"+	"github.com/google/vectorio"

Please separate out the upstream go from the github.com source.

import (
    "fmt"
    "net"
    "syscall"
    "unsafe"

    "github.com/google/vectorio"
)
jbrindle

comment created time in a day

Pull request review commentopencontainers/selinux

Translation support and CreateContext

+module github.com/yulicrunchy/selinux-go/go-selinux

These files should not be in the PR?

jbrindle

comment created time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func sharedImageFlags() ([]cli.Flag, *sharedImageOptions) { 	return []cli.Flag{ 		cli.StringFlag{ 			Name:        "authfile",-			Usage:       "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",+			Value:       defaultAuthFile(),+			Usage:       "path of the authentication file.",

I have changed the code to show the expected default value, but iff XDG_RUNTIME_DIR is not set and the user does not specify a value, then containers/image will still get "" so it can figure out its own default value.

rhatdan

comment created time in a day

push eventrhatdan/skopeo

Daniel J Walsh

commit sha 56f58daae8694dd72fb6324c110270cce72598f3

add support for REGISTRY_AUTH_FILE Fix cli to use REGISTRY_AUTH_FILE if set and to display the default location to use for authfiles in the `skopeo copy --help` Modify tests to verify the different settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func fakeImageOptions(t *testing.T, flagPrefix string, globalFlags []string, cmd  func TestImageOptionsNewSystemContext(t *testing.T) { 	// Default state++	// Make sure when XDG_RUNTIME_DIR is set, defaults to "$XDG_RUNTIME_DIR/containers/auth.json"+	runtimeDir := "/run/test/0"+	os.Setenv("XDG_RUNTIME_DIR", runtimeDir)

Fixed

rhatdan

comment created time in a day

push eventrhatdan/skopeo

dependabot-preview[bot]

commit sha 1d136f0541bdf91c96828001e3081560196fe0c0

Bump github.com/containers/storage from 1.15.8 to 1.16.0 Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.15.8 to 1.16.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.15.8...v1.16.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

dependabot-preview[bot]

commit sha 377ba25c6b1c43cffa5aeffe8d9a3e3f6d7edc4f

Bump github.com/stretchr/testify from 1.4.0 to 1.5.0 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.4.0...v1.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Harshal Patil

commit sha 8d1a4649f280038a4e0850cc4b039239c7087fb0

Partial image encryption support Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>

view details

Daniel J Walsh

commit sha c2fa78096becc7aefb6edfd5f76f498ce62fb037

Merge pull request #821 from containers/dependabot/go_modules/github.com/stretchr/testify-1.5.0 Bump github.com/stretchr/testify from 1.4.0 to 1.5.0

view details

Daniel J Walsh

commit sha 88f6057eaa619a81c4ff2af970a8558c065b19be

Merge pull request #814 from harche/partial_enc Partial image encryption support

view details

Daniel J Walsh

commit sha 7c29094b51482df8d5da98f93fcda5ffa1253785

Merge pull request #820 from containers/dependabot/go_modules/github.com/containers/storage-1.16.0 Bump github.com/containers/storage from 1.15.8 to 1.16.0

view details

Daniel J Walsh

commit sha 77fe5bee058ade39f685fa1394ab42945f47c82e

add support for REGISTRY_AUTH_FILE Fix cli to use REGISTRY_AUTH_FILE if set and to display the default location to use for authfiles in the `skopeo copy --help` Modify tests to verify the different settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func sharedImageFlags() ([]cli.Flag, *sharedImageOptions) { 	return []cli.Flag{ 		cli.StringFlag{ 			Name:        "authfile",-			Usage:       "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",+			Value:       defaultAuthFile(),+			Usage:       "path of the authentication file.", 			Destination: &opts.authFilePath, 		}, 	}, &opts } +func defaultAuthFile() string {+	authFile := os.Getenv("REGISTRY_AUTH_FILE")+	if authFile == "" {+		runtimeDir := os.Getenv("XDG_RUNTIME_DIR")

The problem with burying the default in containers image is that it can not be revealed to the user. If you want to add the defaultAuthFile interface to containers image then I would be fine with it.

rhatdan

comment created time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func sharedImageFlags() ([]cli.Flag, *sharedImageOptions) { 	return []cli.Flag{ 		cli.StringFlag{ 			Name:        "authfile",-			Usage:       "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",+			Value:       defaultAuthFile(),+			Usage:       "path of the authentication file.",

No it would not. The issue is setting the Value field causes the CLI help information to expand to path of the authentication file. (default: "/run/user/3267/containers/auth.json") (default: "/run/user/3267/containers/auth.json") IE It would put the message out twice.

rhatdan

comment created time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func sharedImageFlags() ([]cli.Flag, *sharedImageOptions) { 	return []cli.Flag{ 		cli.StringFlag{ 			Name:        "authfile",-			Usage:       "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",+			Value:       defaultAuthFile(),+			Usage:       "path of the authentication file.", 			Destination: &opts.authFilePath, 		}, 	}, &opts } +func defaultAuthFile() string {+	authFile := os.Getenv("REGISTRY_AUTH_FILE")+	if authFile == "" {+		runtimeDir := os.Getenv("XDG_RUNTIME_DIR")

This helps the user document the behaviour. We document this in the current code in skopeo that $XDG_RUNTIME_DIR/containers/conf, I am just expanding the path to match what the usre had.

rhatdan

comment created time in a day

Pull request review commentcontainers/skopeo

add support for REGISTRY_AUTH_FILE

 func sharedImageFlags() ([]cli.Flag, *sharedImageOptions) { 	return []cli.Flag{ 		cli.StringFlag{ 			Name:        "authfile",-			Usage:       "path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json",+			Value:       defaultAuthFile(),+			Usage:       "path of the authentication file.",

I guess it could be. It will do the exact same thing and look the same.

rhatdan

comment created time in a day

issue commentcontainers/libpod

Add flag to podman run/create to automatically set the timezone in container to match host.

Awesome. Just a PR to github, if that is what you meant?

rhatdan

comment created time in a day

push eventcontainers/skopeo

dependabot-preview[bot]

commit sha 1d136f0541bdf91c96828001e3081560196fe0c0

Bump github.com/containers/storage from 1.15.8 to 1.16.0 Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.15.8 to 1.16.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.15.8...v1.16.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Harshal Patil

commit sha 8d1a4649f280038a4e0850cc4b039239c7087fb0

Partial image encryption support Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>

view details

Daniel J Walsh

commit sha 88f6057eaa619a81c4ff2af970a8558c065b19be

Merge pull request #814 from harche/partial_enc Partial image encryption support

view details

Daniel J Walsh

commit sha 7c29094b51482df8d5da98f93fcda5ffa1253785

Merge pull request #820 from containers/dependabot/go_modules/github.com/containers/storage-1.16.0 Bump github.com/containers/storage from 1.15.8 to 1.16.0

view details

dependabot-preview[bot]

commit sha d682166e8d55022a0ccf86781c45a2043ddce969

Bump github.com/containers/common from 0.2.1 to 0.4.1 Bumps [github.com/containers/common](https://github.com/containers/common) from 0.2.1 to 0.4.1. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.2.1...v0.4.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

pull request commentcontainers/libpod

[WIP] test rootless_storage_path from storage.conf

@edsantiago Any way for us to run sudo from the test platform?

QiWang19

comment created time in a day

pull request commentcontainers/buildah

Improve remote manifest retrieval

bors r+

saschagrunert

comment created time in a day

push eventrhatdan/buildah

Daniel J Walsh

commit sha 7f4c232b4431b8e50c375a29fb7dfbc07a681dc5

Update to containers/common v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

pull request commentcontainers/buildah

[release-1.11-rhel] check for .dockerignore specifically

bors r+

nalind

comment created time in a day

pull request commentcontainers/buildah

Improve remote manifest retrieval

bors r+

saschagrunert

comment created time in a day

issue commentcontainers/storage

Please use /tmp instead of /run/user/${uid} as runtime or temp path

I think if you set systemd to linger, this should maintain both. I believe without linger systemd will kill all user processes in the session when you logout anyways. @mheon @giuseppe WDYT?

andrew-aladev

comment created time in a day

pull request commentcontainers/buildah

[release-1.11-rhel] check for .dockerignore specifically

LGTM

nalind

comment created time in a day

pull request commentcontainers/libpod

[CI:DOCS] Update release notes for v1.8.1

Ok since there is a bug in buildah that blocks installation of files with file caps.

mheon

comment created time in a day

pull request commentcontainers/libpod

disable generation of cni firewall plugin

/lgtm /hold

baude

comment created time in a day

pull request commentcontainers/libpod

[CI:DOCS] Update release notes for v1.8.1

LGTM Did you update the version of Buildah?

mheon

comment created time in a day

issue commentcontainers/libpod

rootless containers don't work anymore

Could you check to see if you have any podman processes running on your system and kill them?

fansari

comment created time in a day

pull request commentcri-o/cri-o

Auto inject CRI-O version

@giuseppe I though e2e_crun tests were not blocking

saschagrunert

comment created time in a day

issue commentcontainers/libpod

Problem mounting cifs-share as volume into container

If you want that you could do it with

# podman --uidmap 0:500000:8000 --uidmap 8000:8000:1 --user 8000 ...
kommulu

comment created time in a day

push eventrhatdan/buildah

Daniel J Walsh

commit sha 6fb57e19128939ad63212260680b64ef614b3542

Update to containers/common v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

release containers/common

v0.4.1

released time in a day

created tagcontainers/common

tagv0.4.1

Location for shared common files in github.com/containers repos.

created time in a day

push eventcontainers/common

Daniel J Walsh

commit sha aa15809a93e70c9c6f8bef521749f19cdb84c692

Bump to v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 1d967ce4f8cba4dc3b82999618dc5ae73cf9565c

Move to v0.4.2-dev Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha e59161c5bc2a08ba9699cbd21e3ffa8c702932e3

Merge pull request #74 from rhatdan/vendor Vendor

view details

push time in a day

PR merged containers/common

Vendor

<!--- Please read the contributing guidelines before proceeding --->

+1 -1

0 comment

1 changed file

rhatdan

pr closed time in a day

push eventrhatdan/image

Daniel J Walsh

commit sha 6653d513c06e5231780ef573fe99b921b9171484

Add $HOME/.config/containers/certs.d to perHostCertDirPath We want to allow users to store certs in their homedir when running in rootless mode. We want rootless podman and rootless buildah to add $HOME/.config/containers/certs.d to the search path for certificates by default. Currently there is no way for a non privileged user to get certs without being root on the system or specify the certs dir on ever call. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

push eventrhatdan/image

dependabot-preview[bot]

commit sha 47d0d3bf04a79b47b5b6182fb7876dda207415c9

Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

view details

Daniel J Walsh

commit sha 946faef442da14932bca6d304d1dfa8de99e8677

Merge pull request #828 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.2 Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2

view details

Daniel J Walsh

commit sha 4da19e9767492864735c70584a2bd629b91272f6

Add $HOME/.config/containers/certs.d to sytemPerHostCertDirPath We want to allow users to store certs in their homedir when running in rootless mode. We want rootless podman and rootless buildah to add $HOME/.config/containers/certs.d to the search path for certificates by default. Currently there is no way for a non privileged user to get certs without being root on the system or specify the certs dir on ever call. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

push eventcontainers/image

dependabot-preview[bot]

commit sha 47d0d3bf04a79b47b5b6182fb7876dda207415c9

Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

view details

Daniel J Walsh

commit sha 946faef442da14932bca6d304d1dfa8de99e8677

Merge pull request #828 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.2 Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2

view details

push time in a day

PR merged containers/image

Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 dependencies

Bumps github.com/opencontainers/selinux from 1.3.1 to 1.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/opencontainers/selinux/releases">github.com/opencontainers/selinux's releases</a>.</em></p> <blockquote> <h2>v1.3.2</h2> <pre><code>xattr: use x/sys/unix, simplify Use /proc/thread-self/attr if available Add/use readAttr/writeAttr isProcHandle: simplify usage, improve diagnostics Fix [Set]EnforceMode and SecurityCheckContext getSELinuxfs: simplify using sync.Once findSELinuxfsMount: optimize TestSetEnforceMode: separate and fix for non-root Remove SelinuxfsMagic go-selinux/SetKeyLabel: fix for RHEL7 kernels </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/opencontainers/selinux/commit/9400b9f1346111e4e265efd9563cd3b4a8ed8ad7"><code>9400b9f</code></a> Bump to v1.3.2</li> <li><a href="https://github.com/opencontainers/selinux/commit/b3ef866829df7a127043e631bbf6256561cce83c"><code>b3ef866</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/64">#64</a> from kolyshkin/fs-fix</li> <li><a href="https://github.com/opencontainers/selinux/commit/d08248bb4004414c686966a077b03ba999b8f817"><code>d08248b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/66">#66</a> from kolyshkin/thread-self</li> <li><a href="https://github.com/opencontainers/selinux/commit/c834f1ca61ea587d1ab2a11bc124a51f9e441de8"><code>c834f1c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/67">#67</a> from kolyshkin/xattr</li> <li><a href="https://github.com/opencontainers/selinux/commit/db3c263624ece859abd86a26e790cb0192e284e7"><code>db3c263</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/65">#65</a> from kolyshkin/simple-init</li> <li><a href="https://github.com/opencontainers/selinux/commit/d5168becd8e298ba3b995b29baa013a98909eb3d"><code>d5168be</code></a> xattr: use x/sys/unix, simplify</li> <li><a href="https://github.com/opencontainers/selinux/commit/6090a6495641dc292c5df71c86cd9d91a45e10bb"><code>6090a64</code></a> Use /proc/thread-self/attr if available</li> <li><a href="https://github.com/opencontainers/selinux/commit/ef463382c50151db54f578b217df978e5ec203b2"><code>ef46338</code></a> Add/use readAttr/writeAttr</li> <li><a href="https://github.com/opencontainers/selinux/commit/0d4b6a22580a1719a56a10eb7e09b5358db6ad73"><code>0d4b6a2</code></a> isProcHandle: simplify usage, improve diagnostics</li> <li><a href="https://github.com/opencontainers/selinux/commit/a843350825b615a52988c8acb164ac745e428a76"><code>a843350</code></a> Fix [Set]EnforceMode and SecurityCheckContext</li> <li>Additional commits viewable in <a href="https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+3 -1

0 comment

2 changed files

dependabot-preview[bot]

pr closed time in a day

pull request commentcontainers/image

Intial authfile man page

LGTM, will merge once the tests pass.

TomSweeneyRedHat

comment created time in a day

PR opened containers/common

Vendor

<!--- Please read the contributing guidelines before proceeding --->

+1 -1

0 comment

1 changed file

pr created time in a day

push eventrhatdan/common

Daniel J Walsh

commit sha d294d1bafefc0b7f0424795c02d4bcad555495be

Merge pull request #73 from rhatdan/vendor Update vendor of SELinux and containers/storage

view details

Daniel J Walsh

commit sha 160b8ada9492129075304981cde9661ee4e285a7

Add StopTimeout for podman Allow users to modify the default ammount of time to wait to send SIGKILL after you tell a container to stop with a SIGINT. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha a30ab3da42331021f2a6eabdaf7d9c50746bee95

Merge pull request #72 from rhatdan/stoptimeout Add StopTimeout for podman

view details

Daniel J Walsh

commit sha aa15809a93e70c9c6f8bef521749f19cdb84c692

Bump to v0.4.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 1d967ce4f8cba4dc3b82999618dc5ae73cf9565c

Move to v0.4.2-dev Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

push eventcontainers/common

Daniel J Walsh

commit sha 160b8ada9492129075304981cde9661ee4e285a7

Add StopTimeout for podman Allow users to modify the default ammount of time to wait to send SIGKILL after you tell a container to stop with a SIGINT. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha a30ab3da42331021f2a6eabdaf7d9c50746bee95

Merge pull request #72 from rhatdan/stoptimeout Add StopTimeout for podman

view details

push time in a day

PR merged containers/common

Add StopTimeout for podman

Allow users to modify the default ammount of time to wait to send SIGKILL after you tell a container to stop with a SIGINT.

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

<!--- Please read the contributing guidelines before proceeding --->

+11 -0

2 comments

4 changed files

rhatdan

pr closed time in a day

pull request commentcontainers/libpod

[WIP] test rootless_storage_path from storage.conf

Remove the tmpdir stuff. That must be the issue.

cp /etc/containers/storage.conf /etc/containers/storage.conf.test And then copy it back.

QiWang19

comment created time in a day

pull request commentcontainers/libpod

implement reverse reader for log reads

/lgtm

baude

comment created time in a day

pull request commentcontainers/libpod

Remove ImageVolumes from database

/lgtm /hold

mheon

comment created time in a day

pull request commentcontainers/crun

criu: Add masked paths to external mount map

@giuseppe PTAL and then merge.

rst0git

comment created time in a day

push eventcontainers/crun

Giuseppe Scrivano

commit sha 07a2025dd8e128e328dbb93e09da2d300bf32d40

exec: do not inherit env variables from main pid instead use the configuration file. Closes: https://github.com/containers/crun/issues/282 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 4adc40c44178c4d2a7692c248169b82c98225ef6

Merge pull request #283 from giuseppe/no-inherit-env-main-process exec: do not inherit env variables from main pid

view details

push time in a day

PR merged containers/crun

exec: do not inherit env variables from main pid

instead use the configuration file.

Closes: https://github.com/containers/crun/issues/282

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+21 -36

1 comment

2 changed files

giuseppe

pr closed time in a day

issue closedcontainers/crun

podman exec inherits environment variables from container process

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman exec does not use the environment variables that the container image is built with. Instead it seems to inherit environment variables from the container process.

Steps to reproduce the issue:

  1. Run
$ podman run --rm -d --name execenv debian env x=y PATH=/bin sleep 10
eefc809c55a0fb0c877f3ef331b51b4d0091dd7d5e4f8445854d0f21d45a756b
$ podman exec execenv env

Describe the results you received:

$ podman exec execenv env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=podman
HOSTNAME=
HOME=/root
x=y

Note $x is set and $PATH gets reset.

Describe the results you expected:

Compare to docker

$ sudo docker run --rm -d --name execenv debian env x=y PATH=/bin sleep 10
b4c0ef743608691c9f6094b68f42b6df3da822e5e1565258bf5d1756c94b5c24
$ sudo docker exec execenv env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=b4c0ef743608
HOME=/root

$x is unset and $PATH has a default value.

Additional information you deem important (e.g. issue happens only occasionally):

I am running into this issue while using containers that run processes inside Python virtualenvs. In particular, because podman exec inherits VIRTUAL_ENV and other variables, but PATH is reset without the virtualenv path, I end up half-in/half-out of the virtualenv.

Output of podman version:

Version:            1.8.0
RemoteAPI Version:  1
Go Version:         go1.13.6
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: ""
  go version: go1.13.6
  podman version: 1.8.0
host:
  BuildahVersion: 1.13.1
  CgroupVersion: v2
  Conmon:
    package: conmon-2.0.10-2.fc31.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.10, commit: 6b526d9888abb86b9e7de7dfdeec0da98ad32ee0'
  Distribution:
    distribution: fedora
    version: "31"
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  MemFree: 355692544
  MemTotal: 8049713152
  OCIRuntime:
    name: crun
    package: crun-0.12.1-1.fc31.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.12.1
      commit: df5f2b2369b3d9f36d175e1183b26e5cee55dd0a
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  SwapFree: 6940782592
  SwapTotal: 8212443136
  arch: amd64
  cpus: 4
  eventlogger: journald
  hostname: doughboy
  kernel: 5.4.19-200.fc31.x86_64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64
    Version: |-
      slirp4netns version 0.4.0-beta.3+dev
      commit: bbd6f25c70d5db2a1cd3bfb0416a8db99a75ed7e
  uptime: 7h 52m 32.61s (Approximately 0.29 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - quay.io
store:
  ConfigFile: /home/joe/.config/containers/storage.conf
  ContainerStore:
    number: 21
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.7.5-2.fc31.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 0.7.5
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  GraphRoot: /home/joe/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 28
  RunRoot: /run/user/1000
  VolumePath: /home/joe/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.8.0-2.fc31.x86_64

Additional environment details (AWS, VirtualBox, physical, etc.):

physical

closed time in a day

jmou

pull request commentcontainers/crun

exec: do not inherit env variables from main pid

LGTM

giuseppe

comment created time in a day

push eventcontainers/crun

Giuseppe Scrivano

commit sha 370ca451e31730c98d31a9ede254d3b65caf5e37

cgroup: support systemd properties via annotations add support for systemd properties passed through annotations in the form: "annotations": { "org.systemd.property.TimeoutStopUSec": "uint64 123456789", "org.systemd.property.CollectMode":"'inactive-or-failed'" } add a basic parser for the gvariant types to avoid a dependency on glib. The parser doesn't support complex types but it is just enough for the types accepted by systemd. Similar to https://github.com/opencontainers/runc/pull/2224 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 7c84e354169e3e4dd49d5ac21f13a143b87f5493

Merge pull request #266 from giuseppe/add-support-systemd-properties cgroup: support systemd properties via annotations

view details

push time in a day

PR merged containers/crun

cgroup: support systemd properties via annotations

add support for systemd properties passed through annotations in the form:

"annotations": { "org.systemd.property.TimeoutStopUSec": "uint64 123456789", "org.systemd.property.CollectMode":"'inactive-or-failed'" }

add a basic parser for the gvariant types to avoid a dependency on glib. The parser doesn't support complex types but it is just enough for the types accepted by systemd.

Similar to https://github.com/opencontainers/runc/pull/2224

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+197 -8

10 comments

3 changed files

giuseppe

pr closed time in a day

pull request commentcontainers/crun

cgroup: support systemd properties via annotations

LGTM

giuseppe

comment created time in a day

push eventcontainers/buildah.io

Tom Sweeney

commit sha f32eca48eb039b4f9373b077df3b39ef36ec9e01

Buildah v1.14.0 Release Announcement (#71) Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>

view details

push time in a day

pull request commentcontainers/buildah.io

Buildah v1.14.0 Release Announcement

LGTM

TomSweeneyRedHat

comment created time in a day

pull request commentcontainers/libpod

[WIP] test rootless_storage_path from storage.conf

@QiWang19 Whats the scoop on this. Once this passes tests we can merge storage PR.

QiWang19

comment created time in a day

issue commentcontainers/libpod

Testing Flake: iptables chain already exists

@rhvgoyal was just showing some similar errors to this. We had to do a podman system reset to clear them up.

cevich

comment created time in a day

pull request commentcontainers/libpod

apiv2: Image filtering and fixup docs

/approve

marusak

comment created time in a day

pull request commentcontainers/libpod

Warn user about --password cli option in login

I agree, but I believe these warnings run deep.

Akasurde

comment created time in a day

pull request commentcontainers/image

Intial authfile man page

I would just document what we have now. Would be difficult to remove support now, but we could extend it in the future.

TomSweeneyRedHat

comment created time in a day

Pull request review commentcontainers/image

Intial authfile man page

+% containers-authfile(5)++# NAME+containers-authfile - syntax for the registry authentication file++# DESCRIPTION++A credentials file stored at `${XDG_RUNTIME_DIR}/containers/auth.json` in+json format used to authenticate against container image registries.++## FORMAT++The auth.json file stores encrypted authentication information for the+user to container image registries.  The file can have zero to many entries and+is created by a `login` command from a container tool such as `podman login` or+`buildah login`.  Each entry includes the name of the registry and then an auth+token in the form of a base64 encoded string from the concatenation of the+username, a colon, and the password.++The following example shows the values found in auth.json after the user logged in to+their accounts on quay.io and docker.io:++```+{+	"auths": {+		"docker.io": {+			"auth": "erfi7sYi89234xJUqaqxgmzcnQ2rRFWM5aJX0EC="+		},+		"quay.io": {+			"auth": "juQAqGmz5eR1ipzx8Evn6KGdw8fEa1w5MWczmgY="+		}+	}+}+```++An entry can be removed by using a `logout` command from a container+tool such as `podman logout` or `buildah logout`.++In addition, a Docker credential store can be created and the Docker credentials-helper software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication provided by `login`.++When the Docker credentials-helper is in use on a Linux platform, the auth.json file would contain:++```+    "auths": {+        "localhost:5001": {}+    },+    "credsStore": "secretservice"

So we should not document it here, until we get containers/image to support credStore.

TomSweeneyRedHat

comment created time in a day

Pull request review commentcontainers/common

Add StopTimeout for podman

 refer to a member of the runtimes table. By default this will be configured relative to where containers/storage stores containers. +**stop_timeout**=10+  Amount of time to wait for container processes to exit before sending kill

Changed comments to seconds.

rhatdan

comment created time in a day

push eventrhatdan/common

Daniel J Walsh

commit sha a96fe6cb1f262d41b6e5f3349bb27973f0c0cdd6

Update vendor of SELinux and containers/storage Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha d294d1bafefc0b7f0424795c02d4bcad555495be

Merge pull request #73 from rhatdan/vendor Update vendor of SELinux and containers/storage

view details

Daniel J Walsh

commit sha 160b8ada9492129075304981cde9661ee4e285a7

Add StopTimeout for podman Allow users to modify the default ammount of time to wait to send SIGKILL after you tell a container to stop with a SIGINT. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in a day

Pull request review commentcontainers/common

Add StopTimeout for podman

 type LibpodConfig struct { 	// files. 	StaticDir string `toml:"static_dir"` +	// StopTimeout amount of time to wait for container processes to exit before sending kill signal+	StopTimeout uint `toml:"stop_timeout"`

Inside of podman right now it is an uint. I don't think we need that fine grain of control.

rhatdan

comment created time in a day

push eventcontainers/common

Daniel J Walsh

commit sha a96fe6cb1f262d41b6e5f3349bb27973f0c0cdd6

Update vendor of SELinux and containers/storage Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha d294d1bafefc0b7f0424795c02d4bcad555495be

Merge pull request #73 from rhatdan/vendor Update vendor of SELinux and containers/storage

view details

push time in a day

PR merged containers/common

Update vendor of SELinux and containers/storage

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

<!--- Please read the contributing guidelines before proceeding --->

+2676 -351

0 comment

42 changed files

rhatdan

pr closed time in a day

PR merged containers/storage

Bump github.com/stretchr/testify from 1.5.0 to 1.5.1 dependencies

Bumps github.com/stretchr/testify from 1.5.0 to 1.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p> <blockquote> <h2>HOTFIX: Revert suite interface type</h2> <p>This is a hotfix which reverts the <code>suite</code> package's interface type to use <code>testing.T</code></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stretchr/testify/commit/3ebf1ddaeb260c4b1ae502a01c7844fa8c1fa0e9"><code>3ebf1dd</code></a> Revert PR <a href="https://github-redirect.dependabot.com/stretchr/testify/issues/867">#867</a></li> <li>See full diff in <a href="https://github.com/stretchr/testify/compare/v1.5.0...v1.5.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+4 -2

0 comment

3 changed files

dependabot-preview[bot]

pr closed time in a day

push eventcontainers/storage

dependabot-preview[bot]

commit sha 6cd26301e552b3aee460b775cbeea318394614a1

Bump github.com/stretchr/testify from 1.5.0 to 1.5.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.5.0...v1.5.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 02080446fe26e8279a21509f3754bb4335470a47

Merge pull request #536 from containers/dependabot/go_modules/github.com/stretchr/testify-1.5.1 Bump github.com/stretchr/testify from 1.5.0 to 1.5.1

view details

push time in a day

push eventcontainers/storage

dependabot-preview[bot]

commit sha fe2828019542dc30c4de7a113396e455ee7a7e70

Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 36cdac96ad87f3e1a96bee31d5768014e4da82f5

Merge pull request #538 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.2 Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2

view details

push time in a day

PR merged containers/storage

Bump github.com/opencontainers/selinux from 1.3.1 to 1.3.2 dependencies

Bumps github.com/opencontainers/selinux from 1.3.1 to 1.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/opencontainers/selinux/releases">github.com/opencontainers/selinux's releases</a>.</em></p> <blockquote> <h2>v1.3.2</h2> <pre><code>xattr: use x/sys/unix, simplify Use /proc/thread-self/attr if available Add/use readAttr/writeAttr isProcHandle: simplify usage, improve diagnostics Fix [Set]EnforceMode and SecurityCheckContext getSELinuxfs: simplify using sync.Once findSELinuxfsMount: optimize TestSetEnforceMode: separate and fix for non-root Remove SelinuxfsMagic go-selinux/SetKeyLabel: fix for RHEL7 kernels </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/opencontainers/selinux/commit/9400b9f1346111e4e265efd9563cd3b4a8ed8ad7"><code>9400b9f</code></a> Bump to v1.3.2</li> <li><a href="https://github.com/opencontainers/selinux/commit/b3ef866829df7a127043e631bbf6256561cce83c"><code>b3ef866</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/64">#64</a> from kolyshkin/fs-fix</li> <li><a href="https://github.com/opencontainers/selinux/commit/d08248bb4004414c686966a077b03ba999b8f817"><code>d08248b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/66">#66</a> from kolyshkin/thread-self</li> <li><a href="https://github.com/opencontainers/selinux/commit/c834f1ca61ea587d1ab2a11bc124a51f9e441de8"><code>c834f1c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/67">#67</a> from kolyshkin/xattr</li> <li><a href="https://github.com/opencontainers/selinux/commit/db3c263624ece859abd86a26e790cb0192e284e7"><code>db3c263</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/opencontainers/selinux/issues/65">#65</a> from kolyshkin/simple-init</li> <li><a href="https://github.com/opencontainers/selinux/commit/d5168becd8e298ba3b995b29baa013a98909eb3d"><code>d5168be</code></a> xattr: use x/sys/unix, simplify</li> <li><a href="https://github.com/opencontainers/selinux/commit/6090a6495641dc292c5df71c86cd9d91a45e10bb"><code>6090a64</code></a> Use /proc/thread-self/attr if available</li> <li><a href="https://github.com/opencontainers/selinux/commit/ef463382c50151db54f578b217df978e5ec203b2"><code>ef46338</code></a> Add/use readAttr/writeAttr</li> <li><a href="https://github.com/opencontainers/selinux/commit/0d4b6a22580a1719a56a10eb7e09b5358db6ad73"><code>0d4b6a2</code></a> isProcHandle: simplify usage, improve diagnostics</li> <li><a href="https://github.com/opencontainers/selinux/commit/a843350825b615a52988c8acb164ac745e428a76"><code>a843350</code></a> Fix [Set]EnforceMode and SecurityCheckContext</li> <li>Additional commits viewable in <a href="https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+89 -110

0 comment

5 changed files

dependabot-preview[bot]

pr closed time in a day

issue commentcontainers/buildah

rootless buildah bud fails due to filesystem capabilities

Yes I will roll out a fix for Buildah ASAP. I screwed up...

Spindel

comment created time in a day

issue commentcontainers/libpod

podman is overwriting user's CNI_ARGS to the CNI plugin

I will let @mheon and @baude answer that question.

space88man

comment created time in a day

pull request commentcri-o/ocicni

Propagate existing CNI_ARGS to non-k8s consumers, e.g., podman

@mheon @mrunalp PTAL

space88man

comment created time in a day

issue commentcontainers/buildah

runc not found (debian, project karmic)

@TomSweeneyRedHat or @lsm5 we have now merged containers/common into buildah, so could one of you open a PR to use the containers/common to figure out the runc to use, and match what podman is doing.

astronouth7303

comment created time in a day

push eventcontainers/crun

Giuseppe Scrivano

commit sha 07bae05e613df2086966a3f1d763729a8677f6a9

ebpf: fix endianess issue on s390x load the full 32 bits word and take the lower 16 bits, instead of reading just 16 bits. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha d435bf8d729489af50c41342c6f639301dc3bc4a

Merge pull request #278 from giuseppe/ebpf-s390x ebpf: fix endianess issue on s390x

view details

push time in 2 days

PR merged containers/crun

ebpf: fix endianess issue on s390x

load the full 32 bits word and take the lower 16 bits, instead of reading just 16 bits.

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+2 -1

2 comments

1 changed file

giuseppe

pr closed time in 2 days

pull request commentcontainers/crun

ebpf: fix endianess issue on s390x

LGTM

giuseppe

comment created time in 2 days

issue commentcontainers/libpod

podman play kube from deleted working directory errors out

Workingdir, is the location where the executable is launched from. Apps tend to do getpwd() call and I guess if this fails, then the app could fail.

Komic

comment created time in 2 days

pull request commentcontainers/common

Add StopTimeout for podman

@TomSweeneyRedHat @mheon @giuseppe @vrothberg PTAL

rhatdan

comment created time in 2 days

PR opened containers/common

Update vendor of SELinux and containers/storage

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

<!--- Please read the contributing guidelines before proceeding --->

+2676 -351

0 comment

42 changed files

pr created time in 2 days

create barnchrhatdan/common

branch : vendor

created branch time in 2 days

push eventcontainers/skopeo

dependabot-preview[bot]

commit sha 1d136f0541bdf91c96828001e3081560196fe0c0

Bump github.com/containers/storage from 1.15.8 to 1.16.0 Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.15.8 to 1.16.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.15.8...v1.16.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Daniel J Walsh

commit sha 7c29094b51482df8d5da98f93fcda5ffa1253785

Merge pull request #820 from containers/dependabot/go_modules/github.com/containers/storage-1.16.0 Bump github.com/containers/storage from 1.15.8 to 1.16.0

view details

push time in 2 days

PR merged containers/skopeo

Bump github.com/containers/storage from 1.15.8 to 1.16.0 dependencies

Bumps github.com/containers/storage from 1.15.8 to 1.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/containers/storage/releases">github.com/containers/storage's releases</a>.</em></p> <blockquote> <h2>v1.16.0</h2> <p>Add pkg/homedir as a fork from docker/docker reexec: drop Pdeathsig</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/containers/storage/commit/9cc600ee6d8102703549efb0916954bf03ecf960"><code>9cc600e</code></a> Bump to v1.16.0</li> <li><a href="https://github.com/containers/storage/commit/a91fd22da05a14e4f524e5bbbb9a73c7116e2964"><code>a91fd22</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/storage/issues/531">#531</a> from vrothberg/pkg/homedir</li> <li><a href="https://github.com/containers/storage/commit/76f71055fb516be48b5b3d4f19e334ae4d6bd30b"><code>76f7105</code></a> use pkg/homedir</li> <li><a href="https://github.com/containers/storage/commit/565517712994e54d7ce8dba8e45c7485dbc5d717"><code>5655177</code></a> add pkg/homedir</li> <li><a href="https://github.com/containers/storage/commit/9b531447257f108ffb7cdc17d110bb395cf22603"><code>9b53144</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/storage/issues/530">#530</a> from giuseppe/drop-pdeathsig</li> <li><a href="https://github.com/containers/storage/commit/10caa2af548a0b4781c305a2ba36216db836228c"><code>10caa2a</code></a> reexec: drop Pdeathsig</li> <li><a href="https://github.com/containers/storage/commit/9b5a5542bcd92e6a3ef5500bf9f53520e424bb07"><code>9b5a554</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/storage/issues/528">#528</a> from containers/dependabot/go_modules/github.com/klau...</li> <li><a href="https://github.com/containers/storage/commit/cea8efdf1d503a8f025cdf47f458203572764065"><code>cea8efd</code></a> Bump github.com/klauspost/compress from 1.9.8 to 1.10.0</li> <li><a href="https://github.com/containers/storage/commit/d0b5f07b2b379bd5988618d69251d5dfbcdc0f92"><code>d0b5f07</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/containers/storage/issues/527">#527</a> from TomSweeneyRedHat/coc</li> <li><a href="https://github.com/containers/storage/commit/5f1725acf7cfe4724514528a9122b45a7c71f6de"><code>5f1725a</code></a> Add Code of Conduct</li> <li>Additional commits viewable in <a href="https://github.com/containers/storage/compare/v1.15.8...v1.16.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+2436 -148

0 comment

29 changed files

dependabot-preview[bot]

pr closed time in 2 days

more