SHA256
1
0
forked from pool/podman
podman/podman.changes

3090 lines
166 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Tue Jan 5 18:14:52 UTC 2021 - Michael Ströder <michael@stroeder.com>
- Update to v2.2.1
* Changes
- Due to a conflict with a previously-removed field, we were forced to
modify the way image volumes (mounting images into containers using
--mount type=image) were handled in the database.
As a result, containers created in Podman 2.2.0 with image volume
will not have them in v2.2.1, and these containers will need to be re-created.
* Bugfixes
- Fixed a bug where rootless Podman would, on systems without the
XDG_RUNTIME_DIR environment variable defined, use an incorrect path
for the PID file of the Podman pause process, causing Podman to fail
to start (#8539).
- Fixed a bug where containers created using Podman v1.7 and earlier were
unusable in Podman due to JSON decode errors (#8613).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead
of erroring, for containers that were not running.
- Fixed a bug where the podman system reset command would print a warning
about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount sysfs in
circumstances where it was not allowed; some OCI runtimes (notably
crun) would fall back to alternatives and not fail, but others
(notably runc) would fail to run containers.
- Fixed a bug where the podman run and podman create commands would fail
to create containers from untagged images (#8558).
- Fixed a bug where remote Podman would prompt for a password even when
the server did not support password authentication (#8498).
- Fixed a bug where the podman exec command did not move the Conmon
process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the ancestor option to
podman ps --filter did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves
up (or remove themselves if --rm was set) if the Podman command that
created them was invoked with --log-level=debug.
* API
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the Binds and Mounts parameters in HostConfig.
- Fixed a bug where the Compat Create endpoint for Containers
ignored the Name query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the "default" value for NetworkMode (this value is
used extensively by docker-compose) (#8544).
- Fixed a bug where the Compat Build endpoint for Images would sometimes
incorrectly use the target query parameter as the image's tag.
* Misc
- Podman v2.2.0 vendored a non-released, custom version of the
github.com/spf13/cobra package; this has been reverted to the latest
upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0
-------------------------------------------------------------------
Wed Dec 2 13:24:06 UTC 2020 - Richard Brown <rbrown@suse.com>
- Update to v2.2.0
* Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
- Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
- The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
- The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
- The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
- The podman play kube command now supports persistent volumes claims using Podman named volumes.
- The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
- The podman play kube command now supports a --log-driver option to set the log driver for created containers.
- The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
- The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
- The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
- The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
- The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
- The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
- The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
- The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
- The podman search command can now output JSON using the --format=json option.
- The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The --tls-verify and --authfile options have been enabled for use with remote Podman.
- The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
- The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
- The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
- The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
- The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
- The podman pod ps command now supports a new filter status, that matches pods in a certain state.
* Changes
- The podman network rm --force command will now also remove pods that are using the network (#7791).
- The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
- If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
- The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
- The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
- A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
- The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
- Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
- The podman network rm command now has a new alias, podman network remove (#8402).
* Bugfixes
- Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
- Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
- Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
- Fixed a bug where the podman untag --all command was not supported with remote Podman.
- Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
- Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
- Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
- Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
- Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
- Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
- Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
- Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
- Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
- Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
- Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
- Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
- Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
- Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
- Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
- Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
- Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
- Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
- Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
- Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
- Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
- Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
- Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
- Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
- Fixed a bug where the --extract option to podman cp was nonfunctional.
- Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
- Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
- Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
- Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
- Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
- Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
- Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
- Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
- Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
- Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
- Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
- Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
- Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
- Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
- Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
- Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
- Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
- Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
- Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
- Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
- Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
- Fixed a bug where the podman container ps alias for podman ps was missing (#8445).
* API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
- Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
- Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.
-------------------------------------------------------------------
Mon Oct 26 14:08:32 UTC 2020 - Adrian Schröter <adrian@suse.de>
- add dependency to timezone package or podman fails to build a
container (bsc#1178122)
-------------------------------------------------------------------
Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
- Added patch varlink.patch to disable needless varlink code
generation. This would cause compile failures in OBS.
(https://github.com/containers/podman/pull/7854)
- Cleanup %build section a bit and no longer build in GOPATH.
This shouldn't be needed anymore.
- Path BUILDFLAGS via enviroment variable to allow it being
appended to the corresponding Makefile variable instead of
completely overriding it.
- Install new auto-update system units
- Update to v2.1.1 (bsc#1178392):
* Changes
- The `podman info` command now includes the cgroup manager
Podman is using.
* API
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints
could terminate early, before sending all output from the
container.
- Fixed a bug where the Compat Create endpoint for containers
did not properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers
could continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List
endpoint for Containers did not properly handle a limit of 0
(returning nothing, instead of all containers) [#7722].
- The Libpod Stats endpoint for containers is being deprecated
and will be replaced by a similar endpoint with additional
features in a future release.
- Changes in v2.1.0
* Features
- A new command, `podman image mount`, has been added. This
allows for an image to be mounted, read-only, to inspect its
contents without creating a container from it [#1433].
- The `podman save` and `podman load` commands can now create
and load archives containing multiple images [#2669].
- Rootless Podman now supports all `podman network` commands,
and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY`
instructions has been greatly improved, especially when a
`.dockerignore` is present.
- The `podman run` and `podman create` commands now support a
new mode for the `--cgroups` option, `--cgroups=split`.
Podman will create two cgroups under the cgroup it was
launched in, one for the container and one for Conmon. This
mode is useful for running Podman in a systemd unit, as it
ensures that all processes are retained in systemd's cgroup
hierarchy [#6400].
- The `podman run` and `podman create` commands can now specify
options to slirp4netns by using the `--network` option as
follows: `--net slirp4netns:opt1,opt2`. This allows for,
among other things, switching the port forwarder used by
slirp4netns away from rootlessport.
- The `podman ps` command now features a new option,
`--storage`, to show containers from Buildah, CRI-O and other
applications.
- The `podman run` and `podman create` commands now feature a
`--sdnotify` option to control the behavior of systemd's
sdnotify with containers, enabling improved support for
Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds`
opton to pass file descriptors from the host into the
container [#6458].
- The `podman run` and `podman create` commands can now create
overlay volume mounts, by adding the `:O` option to a bind
mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
mount a directory into a container from the host and allow
changes to it, but not write those changes back to the
directory on the host.
- The `podman play kube` command now supports the Socket
HostPath type [#7112].
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now supports setting labels on
pods from Kubernetes metadata labels.
- The `podman play kube` command now supports setting container
restart policy [#7656].
- The `podman play kube` command now properly handles
`HostAlias` entries.
- The `podman generate kube` command now adds entries to
`/etc/hosts` from `--host-add` generated YAML as `HostAlias`
entries.
- The `podman play kube` and `podman generate kube` commands
now properly support `shareProcessNamespace` to share the PID
namespace in pods.
- The `podman volume ls` command now supports the `dangling`
filter to identify volumes that are dangling (not attached to
any container).
- The `podman run` and `podman create` commands now feature a
`--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a
`--tz` option to set the timezone within the container [#5128].
- Environment variables for Podman can now be added in the
`containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now
supports a new mount type, `type=devpts`, to add a `devpts`
mount to the container. This is useful for containers that
want to mount `/dev/` from the host into the container, but
still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create`
now supports a new option, `proc-opts`, to specify options
for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option
to `podman run` and `podman create`, `--cgroup-conf`, which
allows for advanced configuration of cgroups on cgroups v2
systems.
- The `podman create` and `podman run` commands now support a
`--override-variant` option, to override the architecture
variant of the image that will be pulled and ran.
- A new global option has been added to Podman,
`--runtime-flags`, which allows for setting flags to use when
the OCI runtime is called.
- The `podman manifest add` command now supports the
`--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
options.
* Security
- This release resolves CVE-2020-14370, in which environment
variables could be leaked between containers created using
the Varlink API.
* Changes
- Podman will now retry pulling an image 3 times if a pull
fails due to network errors.
- The `podman exec` command would previously print error
messages (e.g. `exec session exited with non-zero exit code
-1`) when the command run exited with a non-0 exit code. It
no longer does this. The `podman exec` command will still
exit with the same exit code as the command run in the
container did.
- Error messages when creating a container or pod with a name
that is already in use have been improved.
- For read-only containers running systemd init, Podman creates
a tmpfs filesystem at `/run`. This was previously limited to
65k in size and mounted `noexec`, but is now unlimited size
and mounted `exec`.
- The `podman system reset` command no longer removes
configuration files for rootless Podman.
* API
- The Libpod API version has been bumped to v2.0.0 due to a
breaking change in the Image List API.
- Docker-compatible Volume Endpoints (Create, Inspect, List,
Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for
containers.
- The `last` parameter to the Libpod container list endpoint
now has an alias, `limit` [#6413].
- The Libpod image list API new returns timestamps in Unix
format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port
information in NetworkSettings.
- The Compat List endpoint for images now features limited
support for the (deprecated) `filter` query parameter [#6797].
- Fixed a bug where the Compat Create endpoint for containers
was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers
would not return a 404 when the requested image was not
present.
- Fixed a bug where the Compat Create endpoint for containers
did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly
added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly
populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead
of an empty array, when no pods were present [#7392].
- Fixed a bug where endpoints that hijacked would do perform
the hijack too early, before being ready to send and receive
data [#7195].
- Fixed a bug where Pod endpoints that can operate on multiple
containers at once (e.g. Kill, Pause, Unpause, Stop) would
not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering
results [#7462].
- Fixed a bug where the Top endpoint for pods would return both
a 500 and 404 when run on a non-existant pod.
- Fixed a bug where Pull endpoints did not stream progress back
to the client.
- The Version endpoints (Libpod and Compat) now provide version
in a format compatible with Docker.
- All non-hijacking responses to API requests should not
include headers with the version of the server.
- Fixed a bug where Libpod and Compat Events endpoints did not
send response headers until the first event occurred [#7263].
- Fixed a bug where the Build endpoints (Compat and Libpod) did
not stream progress to the client.
- Fixed a bug where the Stats endpoints (Compat and Libpod) did
not properly handle clients disconnecting.
- Fixed a bug where the Ignore parameter to the Libpod Stop
endpoint was not performing properly.
- Fixed a bug where the Compat Logs endpoint for containers did
not stream its output in the correct format [#7196].
-------------------------------------------------------------------
Tue Sep 8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Cleanup %install section to use "make install"
- install missing systemd units for the new Rest API (bsc#1175957)
and a few man-pages that where missing before
- Drop varlink API related bits (in favor of the new API)
- fix install location for zsh completions
-------------------------------------------------------------------
Wed Sep 2 00:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to v2.0.6
* Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
* Fixed a bug where /etc/passwd could be re-created every time a container
is restarted if the container's /etc/passwd did not contain an entry
for the user the container was started as.
* Fixed a bug where containers without an /etc/passwd file specifying
a non-root user would not start.
* Fixed a bug where the --remote flag would sometimes not make
remote connections and would instead attempt to run Podman locally.
-------------------------------------------------------------------
Tue Aug 25 07:01:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
- Update to v2.0.5 (bsc#1175821)
* Features
- Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
- The podman system connection command has been reworked to support multiple connections, and reenabled for use!
- Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.
* Changes
- Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
- Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.
* Bugfixes
- Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
- Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
- Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
- Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]).
- Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
- Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
- Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
- Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
- Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
- Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
- Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
- Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
- Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
- Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
- Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
- Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
- Fixed a bug where podman build would not generate an event on completion (#7022).
- Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
- Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
- Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
- Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
- Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
- Fixed a bug where the podman version command did not properly include build time and Git commit.
- Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
- Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).
* API
- Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
- Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
- The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.
* Misc
- Updated Buildah to v1.15.1
- Updated containers/image library to v5.5.2
-------------------------------------------------------------------
Tue Aug 18 15:11:31 UTC 2020 - Richard Brown <rbrown@suse.com>
- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib
-------------------------------------------------------------------
Wed Aug 12 09:35:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Change hard requires for AppArmor to Recommends. They are not
needed for runtime or with SELinux but already installed if
AppArmor is used [jsc#SMO-15]
-------------------------------------------------------------------
Tue Aug 4 13:52:05 UTC 2020 - Richard Brown <rbrown@suse.com>
- Add BuildRequires for pkg-config(libselinux) to build with
SELinux support [jsc#SMO-15]
-------------------------------------------------------------------
Mon Aug 3 06:47:04 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update to v2.0.4
* Fixed a bug where the output of podman image search did not
populate the Description field as it was mistakenly assigned to
the ID field.
* Fixed a bug where podman build - and podman build on an HTTP
target would fail.
* Fixed a bug where rootless Podman would improperly chown the
copied-up contents of anonymous volumes (#7130).
* Fixed a bug where Podman would sometimes HTML-escape special
characters in its CLI output.
* Fixed a bug where the podman start --attach --interactive
command would print the container ID of the container attached
to when exiting (#7068).
* Fixed a bug where podman run --ipc=host --pid=host would only
set --pid=host and not --ipc=host (#7100).
* Fixed a bug where the --publish argument to podman run, podman
create and podman pod create would not allow binding the same
container port to more than one host port (#7062).
* Fixed a bug where incorrect arguments to podman images --format
could cause Podman to segfault.
* Fixed a bug where podman rmi --force on an image ID with more
than one name and at least one container using the image would
not completely remove containers using the image (#7153).
* Fixed a bug where memory usage in bytes and memory use
percentage were swapped in the output of podman stats
--format=json.
* Fixed a bug where the libpod and compat events endpoints would
fail if no filters were specified (#7078).
* Fixed a bug where the CgroupVersion field in responses from the
compat Info endpoint was prefixed by "v" (instead of just being
"1" or "2", as is documented).
-------------------------------------------------------------------
Fri Jul 31 13:07:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Remove obsolete libpod.conf from Package sources
-------------------------------------------------------------------
Tue Jul 28 13:16:55 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- libpod got renamed to podman on GitHub. Point _service file to
the new name.
- Remove obsolete old Requires on libcontainers-image and -storage
all of that is inside libcontainers-common
- Require a new enough libcontainers-common version to have the
default containers.conf installed.
- Remove deprecated libpod.conf and create an update notice pointing
to containers.conf for user that made changes to libpod.conf
-------------------------------------------------------------------
Tue Jul 28 09:13:49 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Suggest katacontainers instead of recommending it. It's not
enabled by default, so it's just bloat
-------------------------------------------------------------------
Fri Jul 24 12:19:32 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to v2.0.3
* Fix handling of entrypoint
* log API: add context to allow for cancelling
* fix API: Create container with an invalid configuration
* Remove all instances of named return "err" from Libpod
* Fix: Correct connection counters for hijacked connections
* Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
* Remove hijacked connections from active connections list
* version/info: format: allow more json variants
* Correctly print STDOUT on non-terminal remote exec
* Fix container and pod create commands for remote create
* Mask out /sys/dev to prevent information leak from the host
* Ensure sig-proxy default is propagated in start
* Add SystemdMode to inspect for containers
* When determining systemd mode, use full command
* Fix lint
* Populate remaining unused fields in `pod inspect`
* Include infra container information in `pod inspect`
* play-kube: add suport for "IfNotPresent" pull type
* docs: user namespace can't be shared in pods
* Fix "Error: unrecognized protocol \"TCP\" in port mapping"
* Error on rootless mac and ip addresses
* Fix & add notes regarding problematic language in codebase
* abi: set default umask and rlimits
* Used reference package with errors for parsing tag
* fix: system df error when an image has no name
* Fix Generate API title/description
* Add noop function disable-content-trust
* fix play kube doesn't override dockerfile ENTRYPOINT
* Support default profile for apparmor
* Bump github.com/containers/common to v0.14.6
* events endpoint: backwards compat to old type
* events endpoint: fix panic and race condition
* Switch references from libpod.conf to containers.conf
* podman.service: set type to simple
* podman.service: set doc to podman-system-service
* podman.service: use default registries.conf
* podman.service: use default killmode
* podman.service: remove stop timeout
* systemd: symlink user->system
* vendor golang.org/x/text@v0.3.3
* Fix a bug where --pids-limit was parsed incorrectly
* search: allow wildcards
* [CI:DOCS]Do not copy policy.json into gating image
* Fix systemd pid 1 test
* Cirrus: Rotate keys post repo. rename
- The libpod.conf(5) man page got removed and all references are
now pointing towards containers.conf(5), which will be part
of the libcontainers-common package.
-------------------------------------------------------------------
Wed Jul 8 07:12:58 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to podman v2.0.2
* fix race condition in `libpod.GetEvents(...)`
* Fix bug where `podman mount` didn't error as rootless
* remove podman system connection
* Fix imports to ensure v2 is used with libpod
* Update release notes for v2.0.2
* specgen: fix order for setting rlimits
* Ensure umask is set appropriately for 'system service'
* generate systemd: improve pod-flags filter
* Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
* Fixes --remote flag issues
* Pids-limit should only be set if the user set it
* Set console mode for windows
* Allow empty host port in --publish flag
* Add a note on the APIs supported by `system service`
* fix: Don't override entrypoint if it's `nil`
* Set TMPDIR to /var/tmp by default if not set
* test: add tests for --user and volumes
* container: move volume chown after spec generation
* libpod: volume copyup honors namespace mappings
* Fix `system service` panic from early hangup in events
* stop podman service in e2e tests
* Print errors from individual containers in pods
* auto-update: clarify systemd-unit requirements
* podman ps truncate the command
* move go module to v2
* Vendor containers/common v0.14.4
* Bump to imagebuilder v1.1.6 on v2 branch
* Account for non-default port number in image name
- Changes since v2.0.1
* Update release notes with further v2.0.1 changes
* Fix inspect to display multiple label: changes
* Set syslog for exit commands on log-level=debug
* Friendly amendment for pr 6751
* podman run/create: support all transports
* systemd generate: allow manual restart of container units in pods
* Revert sending --remote flag to containers
* Print port mappings in `ps` for ctrs sharing network
* vendor github.com/containers/common@v0.14.3
* Update release notes for v2.0.1
* utils: drop default mapping when running uid!=0
* Set stop signal to 15 when not explicitly set
* podman untag: error if tag doesn't exist
* Reformat inspect network settings
* APIv2: Return `StatusCreated` from volume creation
* APIv2:fix: Remove `/json` from compat network EPs
* Fix ssh-agent support
* libpod: specify mappings to the storage
* APIv2:doc: Fix swagger doc to refer to volumes
* Add podman network to bash command completions
* Fix typo in manpage for `podman auto update`.
* Add JSON output field for ps
* V2 podman system connection
* image load: no args required
* Re-add PODMAN_USERNS environment variable
* Fix conflicts between privileged and other flags
* Bump required go version to 1.13
* Add explicit command to alpine container in test case.
* Use POLL_DURATION for timer
* Stop following logs using timers
* "pod" was being truncated to "po" in the names of the generated systemd unit files.
* rootless_linux: improve error message
* Fix podman build handling of --http-proxy flag
* correct the absolute path of `rm` executable
* Makefile: allow customizable GO_BUILD
* Cirrus: Change DEST_BRANCH to v2.0
-------------------------------------------------------------------
Mon Jun 22 14:55:23 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to podman v2.0.0
* The `podman generate systemd` command now supports the `--new`
flag when used with pods, allowing portable services for pods
to be created.
* The `podman play kube` command now supports running Kubernetes
Deployment YAML.
* The `podman exec` command now supports the `--detach` flag to
run commands in the container in the background.
* The `-p` flag to `podman run` and `podman create` now supports
forwarding ports to IPv6 addresses.
* The `podman run`, `podman create` and `podman pod create`
command now support a `--replace` flag to remove and replace any
existing container (or, for `pod create`, pod) with the same name
* The `--restart-policy` flag to `podman run` and `podman create`
now supports the `unless-stopped` restart policy.
* The `--log-driver` flag to `podman run` and `podman create`
now supports the `none` driver, which does not log the
container's output.
* The `--mount` flag to `podman run` and `podman create` now
accepts `readonly` option as an alias to `ro`.
* The `podman generate systemd` command now supports the `--container-prefix`,
`--pod-prefix`, and `--separator` arguments to control the
name of generated unit files.
* The `podman network ls` command now supports the `--filter`
flag to filter results.
* The `podman auto-update` command now supports specifying an
authfile to use when pulling new images on a per-container
basis using the `io.containers.autoupdate.authfile` label.
* Fixed a bug where the `podman exec` command would log to journald
when run in containers loggined to journald
([#6555](https://github.com/containers/libpod/issues/6555)).
* Fixed a bug where the `podman auto-update` command would not
preserve the OS and architecture of the original image when
pulling a replacement
([#6613](https://github.com/containers/libpod/issues/6613)).
* Fixed a bug where the `podman cp` command could create an extra
`merged` directory when copying into an existing directory
([#6596](https://github.com/containers/libpod/issues/6596)).
* Fixed a bug where the `podman pod stats` command would crash
on pods run with `--network=host`
([#5652](https://github.com/containers/libpod/issues/5652)).
* Fixed a bug where containers logs written to journald did not
include the name of the container.
* Fixed a bug where the `podman network inspect` and
`podman network rm` commands did not properly handle non-default
CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
* Fixed a bug where Podman did not properly remove containers
when using the Kata containers OCI runtime.
* Fixed a bug where `podman inspect` would sometimes incorrectly
report the network mode of containers started with `--net=none`.
* Podman is now better able to deal with cases where `conmon`
is killed before the container it is monitoring.
- Requires go 1.13 now
-------------------------------------------------------------------
Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to podman v1.9.3:
* Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
were not properly mounted into containers
* Fixed a bug where builds run over Varlink would hang
* Fixed a bug where podman save would fail when the target
image was specified by digest
* Fixed a bug where rootless containers with ports forwarded to them
could panic and dump core due to a concurrency issue (#6018)
* Fixed a bug where rootless Podman could race when opening the
rootless user namespace, resulting in commands failing to run
* Fixed a bug where HTTP proxy environment variables forwarded into
the container by the --http-proxy flag could not be overridden by --env or --env-file
* Fixed a bug where rootless Podman was setting resource limits on cgroups
v2 systems that were not using systemd-managed cgroups
(and thus did not support resource limits), resulting in containers failing to start
-------------------------------------------------------------------
Wed Apr 29 06:34:51 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.9.1:
* Bugfixes
- Fixed a bug where healthchecks could become nonfunctional if
container log paths were manually set with --log-path and
multiple container logs were placed in the same directory
- Fixed a bug where rootless Podman could, when using an older
libpod.conf, print numerous warning messages about an invalid
CGroup manager config
- Fixed a bug where rootless Podman would sometimes fail to
close the rootless user namespace when joining it
* Misc
- Updated containers/common to v0.8.2
-------------------------------------------------------------------
Thu Apr 16 06:33:21 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Switched to simple `make binaries` for building podman
- Update podman to v1.9.0:
* Features
- Experimental support has been added for podman run
--userns=auto, which automatically allocates a unique UID and
GID range for the new container's user namespace
- The podman play kube command now has a --network flag to
place the created pod in one or more CNI networks
- The podman commit command now supports an --iidfile flag to
write the ID of the committed image to a file
- Initial support for the new containers.conf configuration
file has been added. containers.conf allows for much more
detailed configuration of some Podman functionality
* Changes
- There has been a major cleanup of the podman info command
resulting in breaking changes. Many fields have been renamed
to better suit usage with APIv2
- All uses of the --timeout flag have been switched to prefer
the alternative --time. The --timeout flag will continue to
work, but man pages and --help will use the --time flag
instead
* Bugfixes
- Fixed a bug where some volume mounts from the host would
sometimes not properly determine the flags they should use
when mounting
- Fixed a bug where Podman was not propagating $PATH to Conmon
and the OCI runtime, causing issues for some OCI runtimes
that required it
- Fixed a bug where rootless Podman would print error messages
about missing support for systemd cgroups when run in a
container with no cgroup support
- Fixed a bug where podman play kube would not properly handle
container-only port mappings (#5610)
- Fixed a bug where the podman container prune command was not
pruning containers in the created and configured states
- Fixed a bug where Podman was not properly removing CNI IP
address allocations after a reboot (#5433)
- Fixed a bug where Podman was not properly applying the
default Seccomp profile when --security-opt was not given at
the command line
* HTTP API
- Many Libpod API endpoints have been added, including Changes,
Checkpoint, Init, and Restore
- Resolved issues where the podman system service command would
time out and exit while there were still active connections
- Stability overall has greatly improved as we prepare the API
for a beta release soon with Podman 2.0
* Misc
- The default infra image for pods has been upgraded to
k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
architecture metadata for non-AMD64 images
- The slirp4netns networking utility in rootless Podman now
uses Seccomp filtering where available for improved security
- Updated Buildah to v1.14.8
- Updated containers/storage to v1.18.2
- Updated containers/image to v5.4.3
- Updated containers/common to v0.8.1
-------------------------------------------------------------------
Fri Apr 3 14:30:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Add "systemd" BUILDFLAGS to build with support for journald
logging (bsc#1162432)
-------------------------------------------------------------------
Fri Mar 27 12:40:44 UTC 2020 - Richard Brown <rbrown@suse.com>
- Use infra_image pause:3.2
-------------------------------------------------------------------
Fri Mar 27 09:52:26 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Fix dependency on slirp4netns. We need at least 0.4.0 now
(bsc#1167850)
-------------------------------------------------------------------
Fri Mar 20 07:56:22 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.8.2:
* Features
- Initial support for automatically updating containers managed
via Systemd unit files has been merged. This allows
containers to automatically upgrade if a newer version of
their image becomes available
* Bugfixes
- Fixed a bug where unit files generated by podman generate
systemd --new would not force containers to detach, causing
the unit to time out when trying to start
- Fixed a bug where podman system reset could delete important
system directories if run as rootless on installations
created by older Podman (#4831)
- Fixed a bug where image built by podman build would not
properly set the OS and Architecture they were built with
(#5503)
- Fixed a bug where attached podman run with --sig-proxy
enabled (the default), when built with Go 1.14, would
repeatedly send signal 23 to the process in the container and
could generate errors when the container stopped (#5483)
- Fixed a bug where rootless podman run commands could hang
when forwarding ports
- Fixed a bug where rootless Podman would not work when /proc
was mounted with the hidepid option set
- Fixed a bug where the podman system service command would use
large amounts of CPU when --timeout was set to 0 (#5531)
* HTTP API
- Initial support for Libpod endpoints related to creating and
operating on image manifest lists has been added
- The Libpod Healthcheck and Events API endpoints are now
supported
- The Swagger endpoint can now handle cases where no Swagger
documentation has been generated
* Misc
- Updated Buildah to v1.14.3
- Updated containers/storage to v1.16.5
- Several performance improvements have been made to creating
containers, which should somewhat improve the performance of
podman create and podman run
-------------------------------------------------------------------
Thu Mar 12 07:36:52 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.8.1:
* Features
- Many networking-related flags have been added to podman pod
create to enable customization of pod networks, including
--add-host, --dns, --dns-opt, --dns-search, --ip,
--mac-address, --network, and --no-hosts
- The podman ps --format=json command now includes the ID of
the image containers were created with
- The podman run and podman create commands now feature an
--rmi flag to remove the image the container was using after
it exits (if no other containers are using said image)
([#4628](https://github.com/containers/libpod/issues/4628))
- The podman create and podman run commands now support the
--device-cgroup-rule flag (#4876)
- While the HTTP API remains in alpha, many fixes and additions
have landed. These are documented in a separate subsection
below
- The podman create and podman run commands now feature a
--no-healthcheck flag to disable healthchecks for a container
(#5299)
- Containers now recognize the io.containers.capabilities
label, which specifies a list of capabilities required by the
image to run. These capabilities will be used as long as they
are more restrictive than the default capabilities used
- YAML produced by the podman generate kube command now
includes SELinux configuration passed into the container via
--security-opt label=... (#4950)
* Bugfixes
- Fixed CVE-2020-1726, a security issue where volumes manually
populated before first being mounted into a container could
have those contents overwritten on first being mounted into a
container
- Fixed a bug where Podman containers with user namespaces in
CNI networks with the DNS plugin enabled would not have the
DNS plugin's nameserver added to their resolv.conf
([#5256](https://github.com/containers/libpod/issues/5256))
- Fixed a bug where trailing / characters in image volume
definitions could cause them to not be overridden by a
user-specified mount at the same location
([#5219](https://github.com/containers/libpod/issues/5219))
- Fixed a bug where the label option in libpod.conf, used to
disable SELinux by default, was not being respected (#5087)
- Fixed a bug where the podman login and podman logout commands
required the registry to log into be specified (#5146)
- Fixed a bug where detached rootless Podman containers could
not forward ports (#5167)
- Fixed a bug where rootless Podman could fail to run if the
pause process had died
- Fixed a bug where Podman ignored labels that were specified
with only a key and no value (#3854)
- Fixed a bug where Podman would fail to create named volumes
when the backing filesystem did not support SELinux labelling
(#5200)
- Fixed a bug where --detach-keys="" would not disable
detaching from a container (#5166)
- Fixed a bug where the podman ps command was too aggressive
when filtering containers and would force --all on in too
many situations
- Fixed a bug where the podman play kube command was ignoring
image configuration, including volumes, working directory,
labels, and stop signal (#5174)
- Fixed a bug where the Created and CreatedTime fields in
podman images --format=json were misnamed, which also broke
Go template output for those fields
([#5110](https://github.com/containers/libpod/issues/5110))
- Fixed a bug where rootless Podman containers with ports
forwarded could hang when started (#5182)
- Fixed a bug where podman pull could fail to parse registry
names including port numbers
- Fixed a bug where Podman would incorrectly attempt to
validate image OS and architecture when starting containers
- Fixed a bug where Bash completion for podman build -f would
not list available files that could be built (#3878)
- Fixed a bug where podman commit --change would perform
incorrect validation, resulting in valid changes being
rejected (#5148)
- Fixed a bug where podman logs --tail could take large amounts
of memory when the log file for a container was large (#5131)
- Fixed a bug where Podman would sometimes incorrectly generate
firewall rules on systems using firewalld
- Fixed a bug where the podman inspect command would not
display network information for containers properly if a
container joined multiple CNI networks
([#4907](https://github.com/containers/libpod/issues/4907))
- Fixed a bug where the --uts flag to podman create and podman
run would only allow specifying containers by full ID (#5289)
- Fixed a bug where rootless Podman could segfault when passed
a large number of file descriptors
- Fixed a bug where the podman port command was incorrectly
interpreting additional arguments as container names, instead
of port numbers
- Fixed a bug where units created by podman generate systemd
did not depend on network targets, and so could start before
the system network was ready (#4130)
- Fixed a bug where exec sessions in containers which did not
specify a user would not inherit supplemental groups added to
the container via --group-add
- Fixed a bug where Podman would not respect the $TMPDIR
environment variable for placing large temporary files during
some operations (e.g. podman pull)
([#5411](https://github.com/containers/libpod/issues/5411))
* HTTP API
- Initial support for secure connections to servers via SSH
tunneling has been added
- Initial support for the libpod create and logs endpoints for
containers has been added
- Added a /swagger/ endpoint to serve API documentation
- The json endpoint for containers has received many fixes
- Filtering images and containers has been greatly improved,
with many bugs fixed and documentation improved
- Image creation endpoints (commit, pull, etc) have seen many
fixes
- Server timeout has been fixed so that long operations will no
longer trigger the timeout and shut the server down
- The stats endpoint for containers has seen major fixes and
now provides accurate output
- Handling the HTTP 304 status code has been fixed for all
endpoints
- Many fixes have been made to API documentation to ensure it
matches the code
* Misc
- Updated vendored Buildah to v1.14.2
- Updated vendored containers/storage to v1.16.2
- The Created field to podman images --format=json has been
renamed to CreatedSince as part of the fix for (#5110). Go
templates using the old name shou ld still work
- The CreatedTime field to podman images --format=json has been
renamed to CreatedAt as part of the fix for (#5110). Go
templates using the old name should still work
- The before filter to podman images has been renamed to since
for Docker compatibility. Using before will still work, but
documentation has been changed to use the new since filter
- Using the --password flag to podman login now warns that
passwords are being passed in plaintext
- Some common cases where Podman would deadlock have been fixed
to warn the user that podman system renumber must be run to
resolve the deadlock
-------------------------------------------------------------------
Thu Mar 5 16:26:16 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Added SLE specific README.SUSE about current support status
(jsc#SLE-9112, jsc#CAASP-60)
-------------------------------------------------------------------
Thu Mar 5 15:40:12 UTC 2020 - Richard Brown <rbrown@suse.com>
- Configure br_netfilter for podman automatically (boo#1165738)
-------------------------------------------------------------------
Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- The name of the cni-bridge in the default config changed from
"cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to
rename the bridge in the system to the new default if it exists.
The trigger is only excuted when updating podman-cni-config
from something older than 1.6.0. This is mainly needed for SLE
where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).
-------------------------------------------------------------------
Fri Feb 7 14:18:16 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Remove: 0001-clarify-container-prune-force.patch because it's now
included in the release
- Update podman to v1.8.0 (bsc#1160460):
* Features
- The podman system service command has been added, providing a
preview of Podman's new Docker-compatible API. This API is
still very new, and not yet ready for production use, but is
available for early testing
- Rootless Podman now uses Rootlesskit for port forwarding,
which should greatly improve performance and capabilities
- The podman untag command has been added to remove tags from
images without deleting them
- The podman inspect command on images now displays previous
names they used
- The podman generate systemd command now supports a --new
option to generate service files that create and run new
containers instead of managing existing containers
- Support for --log-opt tag= to set logging tags has been added
to the journald log driver
- Added support for using Seccomp profiles embedded in images
for podman run and podman create via the new --seccomp-policy
CLI flag
- The podman play kube command now honors pull policy
* Bugfixes
- Fixed a bug where the podman cp command would not copy the
contents of directories when paths ending in /. were given
- Fixed a bug where the podman play kube command did not
properly locate Seccomp profiles specified relative to
localhost
- Fixed a bug where the podman info command for remote Podman
did not show registry information
- Fixed a bug where the podman exec command did not support
having input piped into it
- Fixed a bug where the podman cp command with rootless Podman
on CGroups v2 systems did not properly determine if the
container could be paused while copying
- Fixed a bug where the podman container prune --force command
could possible remove running containers if they were started
while the command was running
- Fixed a bug where Podman, when run as root, would not
properly configure slirp4netns networking when requested
- Fixed a bug where podman run --userns=keep-id did not work
when the user had a UID over 65535
- Fixed a bug where rootless podman run and podman create with
the --userns=keep-id option could change permissions on
/run/user/$UID and break KDE
- Fixed a bug where rootless Podman could not be run in a
systemd service on systems using CGroups v2
- Fixed a bug where podman inspect would show CPUShares as 0,
instead of the default (1024), when it was not explicitly set
- Fixed a bug where podman-remote push would segfault
- Fixed a bug where image healthchecks were not shown in the
output of podman inspect
- Fixed a bug where named volumes created with containers from
pre-1.6.3 releases of Podman would be autoremoved with their
containers if the --rm flag was given, even if they were
given names
- Fixed a bug where podman history was not computing image
sizes correctly
- Fixed a bug where Podman would not error on invalid values to
the --sort flag to podman images
- Fixed a bug where providing a name for the image made by
podman commit was mandatory, not optional as it should be
- Fixed a bug where the remote Podman client would append an
extra " to %PATH
- Fixed a bug where the podman build command would sometimes
ignore the -f option and build the wrong Containerfile
- Fixed a bug where the podman ps --filter command would only
filter running containers, instead of all containers, if
--all was not passed
- Fixed a bug where the podman load command on compressed
images would leave an extra copy on disk
- Fixed a bug where the podman restart command would not
properly clean up the network, causing it to function
differently from podman stop; podman start
- Fixed a bug where setting the --memory-swap flag to podman
create and podman run to -1 (to indicate unlimited) was not
supported
* Misc
- Initial work on version 2 of the Podman remote API has been
merged, but is still in an alpha state and not ready for use.
Read more here
- Many formatting corrections have been made to the manpages
- The changes to address (#5009) may cause anonymous volumes
created by Podman versions 1.6.3 to 1.7.0 to not be removed
when their container is removed
- Updated vendored Buildah to v1.13.1
- Updated vendored containers/storage to v1.15.8
- Updated vendored containers/image to v5.2.0
-------------------------------------------------------------------
Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
- Add apparmor-abstractions as required runtime dependency to
have `tunables/global` available.
-------------------------------------------------------------------
Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Add: 0001-clarify-container-prune-force.patch to fix the --force
flag for the "container prune" command.
(https://github.com/containers/libpod/issues/4844)
-------------------------------------------------------------------
Wed Jan 8 09:23:01 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update podman to v1.7.0
* Features
- Added support for setting a static MAC address for containers
- Added support for creating macvlan networks with podman
network create, allowing Podman containers to be attached
directly to networks the host is connected to
- The podman image prune and podman container prune commands
now support the --filter flag to filter what will be pruned,
and now prompts for confirmation when run without --force
(#4410 and #4411)
- Podman now creates CGroup namespaces by default on systems
using CGroups v2 (#4363)
- Added the podman system reset command to remove all Podman
files and perform a factory reset of the Podman installation
- Added the --history flag to podman images to display previous
names used by images (#4566)
- Added the --ignore flag to podman rm and podman stop to not
error when requested containers no longer exist
- Added the --cidfile flag to podman rm and podman stop to read
the IDs of containers to be removed or stopped from a file
- The podman play kube command now honors Seccomp annotations
(#3111)
- The podman play kube command now honors RunAsUser,
RunAsGroup, and selinuxOptions
- The output format of the podman version command has been
changed to better match docker version when using the
--format flag
- Rootless Podman will no longer initialize containers/storage
twice, removing a potential deadlock preventing Podman
commands from running while an image was being pulled (#4591)
- Added tmpcopyup and notmpcopyup options to the --tmpfs and
--mount type=tmpfs flags to podman create and podman run to
control whether the content of directories are copied into
tmpfs filesystems mounted over them
- Added support for disabling detaching from containers by
setting empty detach keys via --detach-keys=""
- The podman build command now supports the --pull and
--pull-never flags to control when images are pulled during a
build
- The podman ps -p command now shows the name of the pod as
well as its ID (#4703)
- The podman inspect command on containers will now display the
command used to create the container
- The podman info command now displays information on registry
mirrors (#4553)
* Bugfixes
- Fixed a bug where Podman would use an incorrect runtime
directory as root, causing state to be deleted after root
logged out and making Podman in systemd services not function
properly
- Fixed a bug where the --change flag to podman import and
podman commit was not being parsed properly in many cases
- Fixed a bug where detach keys specified in libpod.conf were
not used by the podman attach and podman exec commands, which
always used the global default ctrl-p,ctrl-q key combination
(#4556)
- Fixed a bug where rootless Podman was not able to run podman
pod stats even on CGroups v2 enabled systems (#4634)
- Fixed a bug where rootless Podman would fail on kernels
without the renameat2 syscall (#4570)
- Fixed a bug where containers with chained network namespace
dependencies (IE, container A using --net container=B and
container B using --net container=C) would not properly mount
/etc/hosts and /etc/resolv.conf into the container (#4626)
- Fixed a bug where podman run with the --rm flag and without
-d could, when run in the background, throw a 'container does
not exist' error when attempting to remove the container
after it exited
- Fixed a bug where named volume locks were not properly
reacquired after a reboot, potentially leading to deadlocks
when trying to start containers using the volume (#4605 and
#4621)
- Fixed a bug where Podman could not completely remove
containers if sent SIGKILL during removal, leaving the
container name unusable without the podman rm --storage
command to complete removal (#3906)
- Fixed a bug where checkpointing containers started with --rm
was allowed when --export was not specified (the container,
and checkpoint, would be removed after checkpointing was
complete by --rm) (#3774)
- Fixed a bug where the podman pod prune command would fail if
containers were present in the pods and the --force flag was
not passed (#4346)
- Fixed a bug where containers could not set a static IP or
static MAC address if they joined a non-default CNI network
(#4500)
- Fixed a bug where podman system renumber would always throw
an error if a container was mounted when it was run
- Fixed a bug where podman container restore would fail with
containers using a user namespace
- Fixed a bug where rootless Podman would attempt to use the
journald events backend even on systems without systemd
installed
- Fixed a bug where podman history would sometimes not properly
identify the IDs of layers in an image (#3359)
- Fixed a bug where containers could not be restarted when
Conmon v2.0.3 or later was used
- Fixed a bug where Podman did not check image OS and
Architecture against the host when starting a container
- Fixed a bug where containers in pods did not function
properly with the Kata OCI runtime (#4353)
- Fixed a bug where `podman info --format '{{ json . }}' would
not produce JSON output (#4391)
- Fixed a bug where Podman would not verify if files passed to
--authfile existed (#4328)
- Fixed a bug where podman images --digest would not always
print digests when they were available
- Fixed a bug where rootless podman run could hang due to a
race with reading and writing events
- Fixed a bug where rootless Podman would print warning-level
logs despite not be instructed to do so (#4456)
- Fixed a bug where podman pull would attempt to fetch from
remote registries when pulling an unqualified image using the
docker-daemon transport (#4434)
- Fixed a bug where podman cp would not work if STDIN was a
pipe
- Fixed a bug where podman exec could stop accepting input if
anything was typed between the command being run and the exec
session starting (#4397)
- Fixed a bug where podman logs --tail 0 would print all lines
of a container's logs, instead of no lines (#4396)
- Fixed a bug where the timeout for slirp4netns was incorrectly
set, resulting in an extremely long timeout (#4344)
- Fixed a bug where the podman stats command would print CPU
utilizations figures incorrectly (#4409)
- Fixed a bug where the podman inspect --size command would not
print the size of the container's read/write layer if the
size was 0 (#4744)
- Fixed a bug where the podman kill command was not properly
validating signals before use (#4746)
- Fixed a bug where the --quiet and --format flags to podman ps
could not be used at the same time
- Fixed a bug where the podman stop command was not stopping
exec sessions when a container was created without a PID
namespace (--pid=host)
- Fixed a bug where the podman pod rm --force command was not
removing anonymous volumes for containers that were removed
- Fixed a bug where the podman checkpoint command would not
export all changes to the root filesystem of the container if
performed more than once on the same container (#4606)
- Fixed a bug where containers started with --rm would not be
automatically removed on being stopped if an exec session was
running inside the container (#4666)
* Misc
- The fixes to runtime directory path as root can cause strange
behavior if an upgrade is performed while containers are
running
- Updated vendored Buildah to v1.12.0
- Updated vendored containers/storage library to v1.15.4
- Updated vendored containers/image library to v5.1.0
- Kata Containers runtimes (kata-runtime, kata-qemu, and
kata-fc) are now present in the default libpod.conf, but will
not be available unless Kata containers is installed on the
system
- Podman previously did not allow the creation of containers
with a memory limit lower than 4MB. This restriction has been
removed, as the crun runtime can create containers with
significantly less memory
- Remove no longer needed workaround for *.5.md man page sources
-------------------------------------------------------------------
Thu Dec 12 14:30:34 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update podman to v1.6.4
- Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
- Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
- Suppress spurious log messages when running rootless Podman
- Update vendored containers/storage to v1.13.6
- Fix a deadlock related to writing events
- Do not use the journald event logger when it is not available
- Remove obsolete patch container-start-fix.patch
-------------------------------------------------------------------
Thu Oct 31 13:05:29 UTC 2019 - Richard Brown <rbrown@suse.com>
- Add container-start-fix.patch to correct output of container-start to show container_name, not _id.
-------------------------------------------------------------------
Mon Oct 21 07:21:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.6.2
* Features
- Added a --runtime flag to podman system migrate to allow the
OCI runtime for all containers to be reset, to ease transition
to the crun runtime on CGroups V2 systems until runc gains full
support
- The podman rm command can now remove containers in broken
states which previously could not be removed
- The podman info command, when run without root, now shows
information on UID and GID mappings in the rootless user
namespace
- Added podman build --squash-all flag, which squashes all layers
(including those of the base image) into one layer
- The --systemd flag to podman run and podman create now accepts
a string argument and allows a new value, always, which forces
systemd support without checking if the the container
entrypoint is systemd
* Bugfixes
- Fixed a bug where the podman top command did not work on
systems using CGroups V2 (#4192)
- Fixed a bug where rootless Podman could double-close a file,
leading to a panic
- Fixed a bug where rootless Podman could fail to retrieve some
containers while refreshing the state
- Fixed a bug where podman start --attach --sig-proxy=false would
still proxy signals into the container
- Fixed a bug where Podman would unconditionally use a
non-default path for authentication credentials (auth.json),
breaking podman login integration with skopeo and other tools
using the containers/image library
- Fixed a bug where podman ps --format=json and podman images
--format=json would display null when no results were returned,
instead of valid JSON
- Fixed a bug where podman build --squash was incorrectly
squashing all layers into one, instead of only new layers
- Fixed a bug where rootless Podman would allow volumes with
options to be mounted (mounting volumes requires root),
creating an inconsistent state where volumes reported as
mounted but were not (#4248)
- Fixed a bug where volumes which failed to unmount could not be
removed (#4247)
- Fixed a bug where Podman incorrectly handled some errors
relating to unmounted or missing containers in
containers/storage
- Fixed a bug where podman stats was broken on systems running
CGroups V2 when run rootless (#4268)
- Fixed a bug where the podman start command would print the
short container ID, instead of the full ID
- Fixed a bug where containers created with an OCI runtime that
is no longer available (uninstalled or removed from the config
file) would not appear in podman ps and could not be removed
via podman rm
- Fixed a bug where containers restored via podman container
restore --import would retain the CGroup path of the original
container, even if their container ID changed; thus, multiple
containers created from the same checkpoint would all share the
same CGroup
* Misc
- The default PID limit for containers is now set to 4096. It can
be adjusted back to the old default (unlimited) by passing
--pids-limit 0 to podman create and podman run
- The podman start --attach command now automatically attaches
STDIN if the container was created with -i
- The podman network create command now validates network names
using the same regular expression as container and pod names
- The --systemd flag to podman run and podman create will now
only enable systemd mode when the binary being run inside the
container is /sbin/init, /usr/sbin/init, or ends in systemd
(previously detected any path ending in init or systemd)
- Updated vendored Buildah to 1.11.3
- Updated vendored containers/storage to 1.13.5
- Updated vendored containers/image to 4.0.1
-------------------------------------------------------------------
Fri Oct 4 06:57:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.6.1
* Features
- The podman network create, podman network rm, podman network
inspect, and podman network ls commands have been added to
manage CNI networks used by Podman
- The podman volume create command can now create and mount
volumes with options, allowing volumes backed by NFS, tmpfs,
and many other filesystems
- Podman can now run containers without CGroups for better
integration with systemd by using the --cgroups=disabled flag
with podman create and podman run. This is presently only
supported with the crun OCI runtime
- The podman volume rm and podman volume inspect commands can now
refer to volumes by an unambiguous partial name, in addition to
full name (e.g. podman volume rm myvol to remove a volume named
myvolume) (#3891)
- The podman run and podman create commands now support the
--pull flag to allow forced re-pulling of images (#3734)
- Mounting volumes into a container using --volume, --mount, and
--tmpfs now allows the suid, dev, and exec mount options (the
inverse of nosuid, nodev, noexec) (#3819)
- Mounting volumes into a container using --mount now allows the
relabel=Z and relabel=z options to relabel mounts.
- The podman push command now supports the --digestfile option to
save a file containing the pushed digest
- Pods can now have their hostname set via podman pod create
--hostname or providing Pod YAML with a hostname set to podman
play kube (#3732)
- The podman image sign command now supports the --cert-dir flag
- The podman run and podman create commands now support the
--security-opt label=filetype:$LABEL flag to set the SELinux
label for container files
- The remote Podman client now supports healthchecks
* Bugfixes
- Fixed a bug where remote podman pull would panic if a Varlink
connection was not available (#4013)
- Fixed a bug where podman exec would not properly set terminal
size when creating a new exec session (#3903)
- Fixed a bug where podman exec would not clean up socket
symlinks on the host (#3962)
- Fixed a bug where Podman could not run systemd in containers
that created a CGroup namespace
- Fixed a bug where podman prune -a would attempt to prune images
used by Buildah and CRI-O, causing errors (#3983)
- Fixed a bug where improper permissions on the ~/.config
directory could cause rootless Podman to use an incorrect
directory for storing some files
- Fixed a bug where the bash completions for podman import threw
errors
- Fixed a bug where Podman volumes created with podman volume
create would not copy the contents of their mountpoint the
first time they were mounted into a container (#3945)
- Fixed a bug where rootless Podman could not run podman exec
when the container was not run inside a CGroup owned by the
user (#3937)
- Fixed a bug where podman play kube would panic when given Pod
YAML without a securityContext (#3956)
- Fixed a bug where Podman would place files incorrectly when
storage.conf configuration items were set to the empty string
(#3952)
- Fixed a bug where podman build did not correctly inherit
Podman's CGroup configuration, causing crashed on CGroups V2
systems (#3938)
- Fixed a bug where podman cp would improperly copy files on the
host when copying a symlink in the container that included a
glob operator (#3829)
- Fixed a bug where remote podman run --rm would exit before the
container was completely removed, allowing race conditions when
removing container resources (#3870)
- Fixed a bug where rootless Podman would not properly handle
changes to /etc/subuid and /etc/subgid after a container was
launched
- Fixed a bug where rootless Podman could not include some
devices in a container using the --device flag (#3905)
- Fixed a bug where the commit Varlink API would segfault if
provided incorrect arguments (#3897)
- Fixed a bug where temporary files were not properly cleaned up
after a build using remote Podman (#3869)
- Fixed a bug where podman remote cp crashed instead of reporting
it was not yet supported (#3861)
- Fixed a bug where podman exec would run as the wrong user when
execing into a container was started from an image with
Dockerfile USER (or a user specified via podman run --user)
(#3838)
- Fixed a bug where images pulled using the oci: transport would
be improperly named
- Fixed a bug where podman varlink would hang when managed by
systemd due to SD_NOTIFY support conflicting with Varlink
(#3572)
- Fixed a bug where mounts to the same destination would
sometimes not trigger a conflict, causing a race as to which
was actually mounted
- Fixed a bug where podman exec --preserve-fds caused Podman to
hang (#4020)
- Fixed a bug where removing an unmounted container that was
unmounted might sometimes not properly clean up the container
(#4033)
- Fixed a bug where the Varlink server would freeze when run in a
systemd unit file (#4005)
- Fixed a bug where Podman would not properly set the $HOME
environment variable when the OCI runtime did not set it
- Fixed a bug where rootless Podman would incorrectly print
warning messages when an OCI runtime was not found (#4012)
- Fixed a bug where named volumes would conflict with, instead of
overriding, tmpfs filesystems added by the --read-only-tmpfs
flag to podman create and podman run
- Fixed a bug where podman cp would incorrectly make the target
directory when copying to a symlink which pointed to a
nonexistent directory (#3894)
- Fixed a bug where remote Podman would incorrectly read STDIN
when the -i flag was not set (#4095)
- Fixed a bug where podman play kube would create an empty pod
when given an unsupported YAML type (#4093)
- Fixed a bug where podman import --change improperly parsed CMD
(#4000)
- Fixed a bug where rootless Podman on systems using CGroups V2
would not function with the cgroupfs CGroups manager
- Fixed a bug where rootless Podman could not correctly identify
the DBus session address, causing containers to fail to start
(#4162)
- Fixed a bug where rootless Podman with slirp4netns networking
would fail to start containers due to mount leaks
* Misc
- Significant changes were made to Podman volumes in this
release. If you have pre-existing volumes, it is strongly
recommended to run podman system renumber after upgrading.
- Version 0.8.1 or greater of the CNI Plugins is now required for
Podman
- Version 2.0.1 or greater of Conmon is strongly recommended
- Updated vendored Buildah to v1.11.2
- Updated vendored containers/storage library to v1.13.4
- Improved error messages when trying to create a pod with no
name via podman play kube
- Improved error messages when trying to run podman pause or
podman stats on a rootless container on a system without
CGroups V2 enabled
- TMPDIR has been set to /var/tmp by default to better handle
large temporary files
- podman wait has been optimized to detect stopped containers
more rapidly
- Podman containers now include a ContainerManager annotation
indicating they were created by libpod
- The podman info command now includes information about
slirp4netns and fuse-overlayfs if they are available
- Podman no longer sets a default size of 65kb for tmpfs
filesystems
- The default Podman CNI network has been renamed in an attempt
to prevent conflicts with CRI-O when both are run on the same
system. This should only take effect on system restart
- The output of podman volume inspect has been more closely
matched to docker volume inspect
- Removed CVE-2019-10214.patch as it was merged upstream
-------------------------------------------------------------------
Thu Sep 5 15:26:01 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
- Add katacontainers as a recommended package, and include it as an
additional OCI runtime in the configuration.
-------------------------------------------------------------------
Mon Sep 2 12:02:44 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add patch for CVE-2019-10214. bsc#1144065
+ CVE-2019-10214.patch
-------------------------------------------------------------------
Tue Aug 27 08:04:20 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
- Update podman to v1.5.1
* Features
- The hostname of pods is now set to the pod's name
* Bugfixes
- Fixed a bug where podman run and podman create did not honor the --authfile
option (#3730)
- Fixed a bug where containers restored with podman container restore
--import would incorrectly duplicate the Conmon PID file of the original container
- Fixed a bug where podman build ignored the default OCI runtime configured
in libpod.conf
- Fixed a bug where podman run --rm (or force-removing any running container
with podman rm --force) were not retrieving the correct exit code (#3795)
- Fixed a bug where Podman would exit with an error if any configured hooks
directory was not present
- Fixed a bug where podman inspect and podman commit would not use the
correct CMD for containers run with podman play kube
- Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
- Fixed a bug where the podman events command with the --since or --until
options could take a very long time to complete
* Misc
- Rootless Podman will now inherit OCI runtime configuration from the root
configuration (#3781)
- Podman now properly sets a user agent while contacting registries (#3788)
- Add zsh completion for podman commands
-------------------------------------------------------------------
Wed Aug 14 08:26:22 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.5.0
* Features
- Podman containers can now join the user namespaces of other
containers with --userns=container:$ID, or a user namespace at
an arbitary path with --userns=ns:$PATH
- Rootless Podman can experimentally squash all UIDs and GIDs in
an image to a single UID and GID (which does not require use of
the newuidmap and newgidmap executables) by passing
--storage-opt ignore_chown_errors
- The podman generate kube command now produces YAML for any bind
mounts the container has created (#2303)
- The podman container restore command now features a new flag,
--ignore-static-ip, that can be used with --import to import a
single container with a static IP multiple times on the same
host
- Added the ability for podman events to output JSON by
specifying --format=json
- If the OCI runtime or conmon binary cannot be found at the
paths specified in libpod.conf, Podman will now also search for
them in the calling user's path
- Added the ability to use podman import with URLs (#3609)
- The podman ps command now supports filtering names using
regular expressions (#3394)
- Rootless Podman containers with --privileged set will now mount
in all host devices that the user can access
- The podman create and podman run commands now support the
--env-host flag to forward all environment variables from the
host into the container
- Rootless Podman now supports healthchecks (#3523)
- The format of the HostConfig portion of the output of podman
inspect on containers has been improved and synced with Docker
- Podman containers now support CGroup namespaces, and can create
them by passing --cgroupns=private to podman run or podman
create
- The podman create and podman run commands now support the
--ulimit=host flag, which uses any ulimits currently set on the
host for the container
- The podman rm and podman rmi commands now use different exit
codes to indicate 'no such container' and 'container is
running' errors
- Support for CGroups V2 through the crun OCI runtime has been
greatly improved, allowing resource limits to be set for
rootless containers when the CGroups V2 hierarchy is in use
* Bugfixes
- Fixed a bug where a race condition could cause podman restart
to fail to start containers with ports
- Fixed a bug where containers restored from a checkpoint would
not properly report the time they were started at
- Fixed a bug where podman search would return at most 25
results, even when the maximum number of results was set higher
- Fixed a bug where podman play kube would not honor capabilities
set in imported YAML (#3689)
- Fixed a bug where podman run --env, when passed a single key
(to use the value from the host), would set the environment
variable in the container even if it was not set on the host
(#3648)
- Fixed a bug where podman commit --changes would not properly
set environment variables
- Fixed a bug where Podman could segfault while working with
images with no history
- Fixed a bug where podman volume rm could remove arbitrary
volumes if given an ambiguous name (#3635)
- Fixed a bug where podman exec invocations leaked memory by not
cleaning up files in tmpfs
- Fixed a bug where the --dns and --net=container flags to podman
run and podman create were not mutually exclusive (#3553)
- Fixed a bug where rootless Podman would be unable to run
containers when less than 5 UIDs were available
- Fixed a bug where containers in pods could not be removed
without removing the entire pod (#3556)
- Fixed a bug where Podman would not properly clean up all CGroup
controllers for created cgroups when using the cgroupfs CGroup
driver
- Fixed a bug where Podman containers did not properly clean up
files in tmpfs, resulting in a memory leak as containers
stopped
- Fixed a bug where healthchecks from images would not use
default settings for interval, retries, timeout, and start
period when they were not provided by the image (#3525)
- Fixed a bug where healthchecks using the HEALTHCHECK CMD format
where not properly supported (#3507)
- Fixed a bug where volume mounts using relative source paths
would not be properly resolved (#3504)
- Fixed a bug where podman run did not use authorization
credentials when a custom path was specified (#3524)
- Fixed a bug where containers checkpointed with podman container
checkpoint did not properly set their finished time
- Fixed a bug where running podman inspect on any container not
created with podman run or podman create (for example, pod
infra containers) would result in a segfault (#3500)
- Fixed a bug where healthcheck flags for podman create and
podman run were incorrectly named (#3455)
- Fixed a bug where Podman commands would fail to find targets if
a partial ID was specified that was ambiguous between a
container and pod (#3487)
- Fixed a bug where restored containers would not have the
correct SELinux label
- Fixed a bug where Varlink endpoints were not working properly
if more was not correctly specified
- Fixed a bug where the Varlink PullImage endpoint would crash if
an error occurred (#3715)
- Fixed a bug where the --mount flag to podman create and podman
run did not allow boolean arguments for its ro and rw options
(#2980)
- Fixed a bug where pods did not properly share the UTS
namespace, resulting in incorrect behavior from some utilities
which rely on hostname (#3547)
- Fixed a bug where Podman would unconditionally append
ENTRYPOINT to CMD during podman commit (and when reporting CMD
in podman inspect) (#3708)
- Fixed a bug where podman events with the journald events
backend would incorrectly print 6 previous events when only new
events were requested (#3616)
- Fixed a bug where podman port would exit prematurely when a
port number was specified (#3747)
- Fixed a bug where passing . as an argument to the --dns-search
flag to podman create and podman run was not properly clearing
DNS search domains in the container
* Misc
- Updated vendored Buildah to v1.10.1
- Updated vendored containers/image to v3.0.2
- Updated vendored containers/storage to v1.13.1
- Podman now requires conmon v2.0.0 or higher
- The podman info command now displays the events logger being in
use
- The podman inspect command on containers now includes the ID of
the pod a container has joined and the PID of the container's
conmon process
- The -v short flag for podman --version has been re-added
- Error messages from podman pull should be significantly clearer
- The podman exec command is now available in the remote client
- The podman-v1.5.0.tar.gz file attached is podman packaged for
MacOS. It can be installed using Homebrew.
- Use new conmon package as direct dependency
- Remove internal conmon package
- Update libpod.conf to support latest path discovery feature for
`runc` and `conmon` binaries.
- Re-enable 32bit build
--------------------------------------------------------------------
Tue Jul 30 07:46:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on
SLE (bsc#1143386)
-------------------------------------------------------------------
Thu Jul 25 09:20:47 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update libpod.conf to use correct infra_command
-------------------------------------------------------------------
Thu Jul 18 10:12:43 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update libpod.conf to use better versioned pause container
-------------------------------------------------------------------
Wed Jul 17 14:53:38 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update libpod.conf to use official kubic pause container
-------------------------------------------------------------------
Wed Jul 10 13:55:09 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
- Update libpod.conf to match latest features set:
detach_keys, lock_type, runtime_supports_json
-------------------------------------------------------------------
Mon Jul 8 10:46:43 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
- Add podman-remote varlink client
- Update podman to v1.4.4
* Features
- Podman now has greatly improved support for containers using multiple OCI
runtimes. Containers now remember if they were created with a different
runtime using --runtime and will always use that runtime
- The cached and delegated options for volume mounts are now allowed for
Docker compatability (#3340)
- The podman diff command now supports the --latest flag
* Bugfixes
- Fixed a bug where rootless Podman would attempt to use the entire root
configuration if no rootless configuration was present for the user,
breaking rootless Podman for new installations
- Fixed a bug where rootless Podman's pause process would block SIGTERM,
preventing graceful system shutdown and hanging until the system's init
send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not work after
running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
were being ignored
- Fixed a bug where images with no layers could not properly be displayed
and removed by Podman
- Fixed a bug where locks were not properly freed on failure to create a
container or pod
- Fixed a bug where podman cp on a single file would create a directory at
the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to container's
/etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid ports
configuration (#3408)
* Misc
- Updated containers/storage to v1.12.13
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct default setting
in help if the default was overridden by libpod.conf
- For backwards compatability, setting --log-driver=json-file in podman run
is now supported as an alias for --log-driver=k8s-file. This is considered
deprecated, and json-file will be moved to a new implementation in the
future ([#3363](https://github.com/containers/libpo\
d/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI runtime to be
used if it is installed
-------------------------------------------------------------------
Wed Jun 26 11:24:32 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- Update podman to v1.4.2
- Fixed a bug where Podman could not run containers using an older version of
Systemd as init
- Updated vendored Buildah to v1.9.0 to resolve a critical bug with
Dockerfile RUN instructions
- The error message for running podman kill on containers that are not
running has been improved
- Podman remote client can now log to a file if syslog is not available
- The podman exec command now sets its error code differently based on
whether the container does not exist, and the command in the container does
not exist
- The podman inspect command on containers now outputs Mounts JSON that matches
that of docker inspect, only including user-specified volumes and
differentiating bind mounts and named volumes
- The podman inspect command now reports the path to a container's OCI spec
with the OCIConfigPath key (only included when the container is initialized
or running)
- The podman run --mount command now supports the bind-nonrecursive option for
bind mounts
- Fixed a bug where podman play kube would fail to create containers due to an
unspecified log driver
- Fixed a bug where Podman would fail to build with musl libc
- Fixed a bug where rootless Podman using slirp4netns networking in an
environment with no nameservers on the host other than localhost would
result in nonfunctional networking
- Fixed a bug where podman import would not properly set environment
variables, discarding their values and retaining only keys
- Fixed a bug where Podman would fail to run when built with Apparmor support
but run on systems without the Apparmor kernel module loaded
- Remote Podman will now default the username it uses to log in to remote
systems to the username of the current user
- Podman now uses JSON logging with OCI runtimes that support it, allowing for
better error reporting
- Updated vendored containers/image to v2.0
- Update conmon to v0.3.0
- Support OOM Monitor under cgroup V2
- Add config binary and make target for configuring conmon with a go library
for importing values
-------------------------------------------------------------------
Mon Jun 24 09:36:12 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- update dependency for slirp4netns to 0.3.0 or newer
-------------------------------------------------------------------
Tue Jun 11 06:43:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.4.0:
- The podman checkpoint and podman restore commands can now be
used to migrate containers between Podman installations on
different systems
- The podman cp command now supports a pause flag to pause
containers while copying into them
- The remote client now supports a configuration file for
pre-configuring connections to remote Podman installations
- Fixed CVE-2019-10152 - The podman cp command improperly
dereferenced symlinks in host context
- Fixed a bug where podman commit could improperly set
environment variables that contained = characters
- Fixed a bug where rootless Podman would sometimes fail to start
containers with forwarded ports
- Fixed a bug where podman version on the remote client could
segfault
- Fixed a bug where podman container runlabel would use
/proc/self/exe instead of the path of the Podman command when
printing the command being executed
- Fixed a bug where filtering images by label did not work
- Fixed a bug where specifying a bing mount or tmpfs mount over
an image volume would cause a container to be unable to start
- Fixed a bug where podman generate kube did not work with
containers with named volumes
- Fixed a bug where rootless Podman would receive permission
denied errors accessing conmon.pid
- Fixed a bug where podman cp with a folder specified as target
would replace the folder, as opposed to copying into it
- Fixed a bug where rootless Podman commands could double-unlock
a lock, causing a crash
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
mounts, causing errors when using the Kata containers runtime
- Fixed a bug where podman exec would fail on older kernels
- The podman commit command is now usable with the Podman remote
client
- The --signature-policy flag (used with several image-related
commands) has been deprecated
- The podman unshare command now defines two environment
variables in the spawned shell: CONTAINERS_RUNROOT and
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
storage for rootless containers
- Updated vendored containers/storage and containers/image
libraries with numerous bugfixes
- Updated vendored Buildah to v1.8.3
- Podman now requires Conmon v0.2.0
- The podman cp command is now aliased as podman container cp
- Rootless Podman will now default init_path using root Podman's
configuration files (/etc/containers/libpod.conf and
/usr/share/containers/libpod.conf) if not overridden in the
rootless configuration
-------------------------------------------------------------------
Fri Jun 7 11:48:27 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Add fuse-overlayfs dependency to support overlay based rootless image
manipulations
-------------------------------------------------------------------
Wed May 29 14:16:08 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.3.2:
- Fixed a bug where podman would fail to run if a volume was
mounted over an image volume
-------------------------------------------------------------------
Wed May 22 07:04:24 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.3.1:
- The podman cp command can now read input redirected to STDIN, and output to
STDOUT instead of a file, using - instead of an argument.
- The Podman remote client now displays version information from both the
client and server in podman version
- The podman unshare command has been added, allowing easy entry into the
user namespace set up by rootless Podman (allowing the removal of files
created by rootless Podman, among other things)
- Fixed a bug where Podman containers with the --rm flag were removing
created volumes when they were automatically removed
- Fixed a bug where container and pod locks were incorrectly marked as
released after a system reboot, causing errors on container and pod removal
- Fixed a bug where Podman pods could not be removed if any container in the
pod encountered an error during removal
- Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
encounter a race condition during removal, potentially failing to remove
the pod CGroup
- Fixed a bug where the podman container checkpoint and podman container
restore commands were not visible in the remote client
- Fixed a bug where podman remote ps --ns would not print the container's
namespaces
- Fixed a bug where removing stopped containers with healthchecks could cause
an error
- Fixed a bug where the default libpod.conf file was causing parsing errors
- Fixed a bug where pod locks were not being freed when pods were removed,
potentially leading to lock exhaustion
- Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
containers, create an inconsistent state rendering the container unusable
- The remote Podman client now uses the Varlink bridge to establish remote
connections by default
- Update conmon to 0.2.0 and switched to containers/conmon upstream project
-------------------------------------------------------------------
Fri May 17 12:08:37 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
shortcut through systemd-mini-devel
-------------------------------------------------------------------
Thu May 16 15:04:52 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
- Update podman to v1.3.0
* Podman now supports container restart policies! The --restart-policy flag
on podman create and podman run allows containers to be restarted after
they exit. Please note that Podman cannot restart containers after a system
reboot - for that, see our next feature
* Podman podman generate systemd command was added to generate systemd unit
files for managing Podman containers
* The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
be populated by global options passed to the podman runlabel command,
allowing custom storage configurations to be passed into containers run
with runlabel
* The podman play kube command now allows File and FileOrCreate volumes
* The podman pod prune command was added to prune unused pods
* Added the podman system migrate command to migrate containers using older
configurations to allow their use by newer Libpod versions
* Podman containers now forward proxy-related environment variables from the
host into the container with the --http-proxy flag (enabled by default)
* Read-only Podman containers can now create tmpfs filesystems on /tmp,
/var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
* The podman init command was added, performing all container pre-start tasks
without starting the container to allow pre-run debugging
- Update conmon to cri-o v1.14.1
- Update libpod.conf to match latest feature set
-------------------------------------------------------------------
Mon Apr 1 14:05:35 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to podman 1.2.0
* Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
* The podman events command was added to show a stream of significant events
* The podman ps command now supports a --watch flag that will refresh its output on a given interval
* The podman image tree command was added to show a tree representation of an image's layers
* The podman logs command can now display logs for multiple containers at the same time
* The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
* The podman images command can now filter images by reference
* The podman system df command was added to show disk usage by Podman
* The --add-host option can now be used by containers sharing a network namespace
* The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
* Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
* The podman runlabel command now supports the --replace option to replace containers using the name requested
* Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
* The podman play kube command now supports the HostPath and VolumeMounts YAML fields
* Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
* The podman version command now supports the {{ json . }} template (which outputs JSON)
* Podman can now forward ports using the SCTP protocol
- Update conmon to cri-o 1.14.0
- Stop building for i586 (not supported by upstream, does not build)
-------------------------------------------------------------------
Fri Mar 22 21:02:05 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
- Change default libpod.conf configuration file: use the runtimes
section to allow users to specify different OCI runtimes. This
allows user to choose which runtime to use on a per container
basis.
-------------------------------------------------------------------
Tue Mar 19 13:15:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add 'apparmor-parser' to list of requires (boo#1123387)
-------------------------------------------------------------------
Sat Mar 16 08:33:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Scriptlets contain sh-compatible code, so drop -p /bin/bash.
-------------------------------------------------------------------
Fri Mar 8 09:47:25 UTC 2019 - Richard Brown <rbrown@suse.com>
- podman-cni-config: remove artificial conflicts with kubelet
-------------------------------------------------------------------
Thu Mar 7 15:22:22 UTC 2019 - Richard Brown <rbrown@suse.com>
- Disable build with PIE on ppc64le to avoid boo#1098017
-------------------------------------------------------------------
Wed Mar 6 14:07:01 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to v1.1.2
* Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
* Fixed a bug where the --label option to podman create and podman run was missing the -l alias
* Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir
* Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output
* Fixed a bug where the podman cp command would automatically extract .tar files copied into the container
* The podman container stop command is now usable with the Podman remote client
-------------------------------------------------------------------
Mon Mar 4 11:27:03 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
- Update to v1.1.1
* Update release notes for v1.1.1
* Pull image for runlabel if not local
* Fix SystemExec completion race
* Fix link inconsistencies in man pages
* Verify that used OCI runtime supports checkpoint
* Should be defaulting to pull not pull-always
* podman-commands script: refactor
* Move Alias lines to descriptions of commands
* Fix usage messages for podman image list, rm
* Fix -s to --storage-driver in baseline test
* No podman container ps command exists
* Allow Exec API user to override streams
* fix up a number of misplace commands
* rootless, new[ug]idmap: on failure add output
* [ci skip] Critical note about merge bot
* podman port fix output
* Fix ignored --time argument to podman restart
* secrets: fix fips-mode with user namespaces
* Fix four errors tagged by Cobra macro debugging
* Clean up man pages to match commands
* Add debugging for errors to Cobra compatibility macros
* Command-line input validation: reject unused args
* Fix ignored --stop-timeout flag to 'podman create'
* fixup! Incorporate review feedback
* fixup! missed some more:
* fixup! Correction to 'checkpoint'
* Followup to #2456: update examples, add trust
* podman create: disable interspersed opts
* fix up a number of misplace commands
* Add a task to Cirrus gating to build w/o Varlink
* Skip checkpoint/restore tests on Fedora for now
* Fix build for non-Varlink-tagged Podman
* Remove restore as podman subcommand
* Better usage synopses for subcommands
* Bump gitvalidation epoch
* Bump to v1.2.0-dev
* Centralize setting default volume path
* Ensure volume path is set appropriately by default
* Move all storage configuration defaults into libpod
* rename pod when we have a name collision with a container
* podman remote-client readme
- Update package to ship varlink required files
-------------------------------------------------------------------
Wed Feb 27 09:01:41 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to v1.1.0
* Added --latest and --all flags to podman mount and podman umount
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
* Added an alias -f for the --format flag of the podman info and podman version commands
* Added an alias -s for the --size flag of the podman inspect command
* Added the podman system info and podman system prune commands
* Added the podman cp command to copy files between containers and the host
* Added the --password-stdin flag to podman login
* Added the --all-tags flag to podman pull
* The --rm and --detach flags can now be used together with podman run
* The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
* Added the podman system renumber command to handle lock changes
* The --net=host and --dns flags for podman run and podman create no longer conflict
* Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:
* Various bugfixes - full changelog https://github.com/containers/libpod/releases/tag/v1.1.0
- Removed obsolete patch containers-libpod-pull-2225.diff
-------------------------------------------------------------------
Tue Feb 26 17:17:32 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to conmon from cri-o v1.13.1
* oci: read conmon process status
-------------------------------------------------------------------
Tue Feb 19 15:35:30 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to v1.0.1
* rootless: join both userns and mount namespace with --pod
* rootless: create the userns immediately when creating a new pod
* Preserve exited state across reboot
* podman image prune -- implement all flag
* Add varlink support for prune
* Make --quiet work in podman create/run
* rootless: fix --pid=host without --privileged
* podman-inspect: don't ignore errors
-------------------------------------------------------------------
Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de>
- Fix rootless mode with AppArmor
https://github.com/containers/libpod/pull/2225
Add patch containers-libpod-pull-2225.diff
-------------------------------------------------------------------
Mon Jan 28 10:32:38 UTC 2019 - Richard Brown <rbrown@suse.com>
- Stop using conmon from random git commits, use cri-o releases
- Update to conmon from cri-o v1.13.0
* Solve gh#containers/libpod#527
- Tidy up .gitignore files from podman-1.0.0.tar.xz
-------------------------------------------------------------------
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer <jmassaguerpla@suse.com>
- Update requirement to go1.11 to stay in sync with CaaSP4 and use the same
version as k8s and cri-o to prevent "weird" issues because of the go version
(we had problems mixing go1.5 and go1.6 in the past)
-------------------------------------------------------------------
Wed Jan 16 09:42:52 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update libpod.conf to better align with upstream defaults [boo#1122024]
- Require catatonit for new --init flag
-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
- Upgrade to v1.0.0
* The podman exec command now includes a --workdir option to set working directory for the executed command
* The podman create and podman run commands now support the --init flag to use a minimal init process in the container
* Added the podman image sign command to GPG sign images
* The podman run --device flag now accepts directories, and will added any device nodes in the directory to the container
* Added the podman play kube command to create pods and containers from Kubernetes pod YAML
* Rootless containers now unconditionally use postrun cleanup processes, ensuring resources are freed when the container stops
* Pulling images has been parallelized, allowing individual layers to be pulled in parallel
-------------------------------------------------------------------
Tue Jan 8 11:20:42 UTC 2019 - Richard Brown <rbrown@suse.com>
- Update to v0.12.1.2
* Rootless Podman now creates the storage.conf, libpod.conf, and mounts.conf configuration files automatically in ~/.config/containers/ for ease of reconfiguration
* The podman pod create command can expose ports in the pod's network namespace, allowing public services to be created in pods
* The podman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flag
* The podman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connections
* The podman version command now has a --format flag to produce machine-readable output
* Added the podman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or ID
* The podman ps --pod flag now has a short alias, -p
* The podman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectively
* The podman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errors
* Added the podman volume set of commands for creating and managing local-only named volumes
* Added the podman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and pods
* The podman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod
-------------------------------------------------------------------
Tue Dec 18 09:40:40 UTC 2018 - Marco Vedovati <mvedovati@suse.com>
- Update package summary and description
-------------------------------------------------------------------
Fri Dec 7 07:42:47 UTC 2018 - Adrian Schröter <adrian@suse.de>
- add dependency to iptables, build fails otherwise
-------------------------------------------------------------------
Fri Nov 16 08:22:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Changelog for v0.11.1.1 (2018-11-15)
* Increase pidWaitTimeout to 60s
* rootless: call IsRootless just once
* Add space between num & unit in images output
* Better document rootless containers
* info: add rootless field
* Do not hide errors when creating container with UserNSRoot
* correct assignment of networkStatus
* rootless: default to fuse-overlayfs when available
-------------------------------------------------------------------
Tue Nov 13 07:17:16 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Require golang >= 1.10.
-------------------------------------------------------------------
Fri Nov 9 07:46:46 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Changelog for v0.11.1 (2018-11-08)
* update seccomp.json
* Touch up --log* options and daemons in man pages
* Don't fail if /etc/passwd or /etc/group does not exists
* Properly set Running state when starting containers
* If a container ceases to exist in runc, set exit status
* rootless: mount /sys/fs/cgroup/systemd from the host
* rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
* Add hostname to /etc/hosts
* Remove conmon cgroup before pod cgroup for cgroupfs
* Make kill, pause, and unpause parallel.
* Fix long image name handling
* Make restart parallel and add --all
* rootless: do not add an additional /run to runroot
* rootless: avoid hang on failed slirp4netns
* Fix setting of version information
* runtime: do not allow runroot longer than 50 characters
* attach: fix attach when cuid is too long
* truncate command output in ps by default
* make various changes to ps output
* Use two spaces to pad PS fields
* fix bug in rm -fa parallel deletes
* Ensure test container in running state
* Add tests for selinux labels
* Add --max-workers and heuristics for parallel operations
* Increase security and performance when looking up groups
* run prepare in parallel
* runlabel: run any command
* Explain the device format in man pages
* Add --all and --latest to checkpoint/restore
* Use more reliable check for rootless for firewall init
* Make podman ps fast
* Support auth file environment variable in podman build
* fix environment variable parsing
* Use the CRIU version check in checkpoint/restore
* Handle http/https in registry given to login/out
* correct stats err with non-running containers
* Make rm faster
* Fix man page to show info on storage
- Changelog for v0.10.1.3 (2018-10-17)
* Vendor in new new buildah/ci
* Fix podman in podman
- Changelog for v0.10.1.2 (2018-10-17)
* Fix CGroup paths used for systemd CGroup mount
-------------------------------------------------------------------
Tue Oct 30 06:57:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Require slirp4netns to enable networking for unprivileged network namespaces
aka networking for rootless podman.
-------------------------------------------------------------------
Wed Oct 17 06:07:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Changelog for v0.10.1.1 (2018-10-16)
* Mount proper cgroup for systemd to manage inside of the container.
* volume: resolve symlinks in paths
* volume: write the correct ID of the container in error messages
* Support auth file environment variable & add change to man pages
* Generate a passwd file for users not in container
-------------------------------------------------------------------
Fri Oct 12 06:43:30 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Changelog for v0.10.1 (2018-10-11)
* Sort all command flags
* rootless: detect when user namespaces are not enabled
* Log an otherwise ignored error from joining a net ns
* Update manpages for --ip flag
* Add --ip flag and plumbing into libpod
* Document --net as an alias of --network in podman run & create
* rootless: report more error messages from the startup phase
* rootless: fix an hang on older versions of setresuid/setresgid
* fix runlabel functions based on QA feedback
* Stop containers in parallel fashion
* runlabel: execute /proc/self/exe and avoid recursion
* Ensure resolv.conf has the right label and path
* completions: add checkpoint/restore completions
* Add support to checkpoint/restore containers
* selinux: drop superflous relabel
* rootless: always set XDG_RUNTIME_DIR
* Address review comments and fix ps output
* Disable SELinux labeling if --privileged
* Implement pod varlink bindings
* Add --all flag to podman kill
* Add container runlabel command
* run complex image names with short names
-------------------------------------------------------------------
Mon Oct 1 05:51:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Update conmon to 4cd5a7c60349be0678d9f1b0657683324c1a2726 and fetch
it from its new home https://github.com/kubernetes-sigs/cri-o.
- Changelog for v0.9.3.1 (2018-09-25)
* Disable problematic SELinux code causing runc issues
- Changelog for v0.9.3 (2018-09-21)
* Add --mount option for `create` & `run` command
* Don't mount /dev/shm if the user told you --ipc=none
* rootless: error out if there are not enough UIDs/GIDs available
* Add new field to libpod to indicate whether or not to use labelling
* Bind Mounts should be mounted read-only when in read-only mode
* report when rootless
* Don't crash if an image has no names
- Changelog for v0.9.2 (2018-09-14)
* Don't mount /dev/* if user mounted /dev
* rootless: do not raise an error if the entrypoint is specified
* Add a way to disable port reservation
* Do not set rlimits if we are rootless
* Add --interval flag to podman wait
* Add `podman rm --volumes` flag
* Explicitly set default CNI network name in libpod.conf
- Changelog for v0.9.1.1 (2018-09-10)
* Replace existing iptables handler with firewall code
* Vendor CNI plugins firewall code
* Fix displaying size on size calculation error
- Changelog for v0.9.1 (2018-09-07)
* Fix pod sharing for utsmode
* Respect user-added mounts over default spec mounts
* use layer cache when building images
* Start pod infra container when pod is created
* Fix up libpod.conf man pages and referencese to it.
* We should fail Podman with ExitCode 125 by default
* Add CRI logs parsing to podman logs
* rmi remove all not error when no images are present
* rootless, create: support --pod
* rootless, run: support --pod
-------------------------------------------------------------------
Mon Sep 3 06:04:26 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
- Changelog for v0.8.5 (2018-08-31)
* Add proper support for systemd inside of podman
* We are mistakenly seeing repos as registries.
* Up time between checks for podman wait
* Turn on test debugging
* Add support for remote commands
* fixup A few language changes and subuid(5)
* Make the documentation of user namespace options in podman-run clearer
* catch command-not-found errors
* don't print help message for usage errors
* docs: consistent format for example
* docs: consistent headings
* docs: make HISTORY consistent
* docs: fix headers
* varlink: fix --timeout usage
* run/create: reserve `-h` flag for hostname
* podman,varlink: inform user about --timeout 0
* rootless: show an error when stats is used
* rootless: show an error when pause/unpause are used
* rootless: unexport GetUserNSForPid
* rootless, exec: use the new function to join the userns
* rootless: fix top
* rootless: add new function to join existing namespace
* Do not set max open files by default if we are rootless
* Set default max open files in spec
* Resolve /etc/resolv.conf before reading
* document `--rm` semantics
* rootless, search: do not create a new userns
* rootless, login, logout: do not create a new userns
* rootless, kill: do not create a new userns
* rootless, stop: do not create a new userns
* Fix manpage to note how multiple filters are combined
* Fix handling of multiple filters in podman ps
* Fix Mount Propagation
* docs: add containers-mounts.conf(5)
* docs: use "containers-" prefix for registries and storage
* rootless: fix --pid=host
* rootless: fix --ipc=host
* spec: bind mount /sys only when userNS are enabled
* rootless, tests: add test for --uts=host
* rootless: don't use kill --all
* rootless: exec handle processes that create an user namespace
* rootless: fix exec
-------------------------------------------------------------------
Mon Aug 27 06:05:18 UTC 2018 - vrothberg@suse.com
- Changelog for v0.8.4 (2018-08-24)
* Swap from FFJSON to easyjson
* rootless: allow to override policy.json by the user
* add completion for --pod in run and create
* Fixed formatting and lowered verbosity of pod ps
* Do not try to enable AppArmor in rootless mode
* Reveal information about container capabilities
* Fixing network ns segfault
* Change pause container to infra container
* Added option to share kernel namespaces in libpod and podman
* Add podman pod top
* Include pod stats and top in commands/completions
* Fix syntax description of --ulimit command
* Properly translate users into runc format for exec
* rootless: fix --net host --privileged
* Fixed segfault in stats where container had netNS none or from container
* Enable pod stats with short ID and name
* Touch up cert-dir in man pages
* Support Attach subcommand in pypodman
-------------------------------------------------------------------
Mon Aug 20 06:40:02 UTC 2018 - vrothberg@suse.com
- Changelog for v0.8.3 (2018-08-17)
* Switch from github.com/projectatomic to github.com/containers
* Mention that systemd is the default cgroup manager
* Fix handling of socket connection refusal.
* podman: fix --uts=host
* podman pod stats
* Added reason to PodContainerError
* Add Pod API to varlink.
* Revert "spec: bind mount /sys only for rootless containers"
* Document STORAGE_DRIVER and STORAGE_OPTS environment variable
* Create pod CGroups when using the systemd cgroup driver
* Switch systemd default CGroup parent to machine.slice
* spec: bind mount /sys only for rootless containers
* Add create and pull commands
* rootless: not require userns for help/version
* pkg/apparmor: use a pipe instead of a tmp file
* podman in rootless mode will only work with cgroupfs at this point.
* when searching, survive errors for multiple registries
-------------------------------------------------------------------
Mon Aug 13 06:32:40 UTC 2018 - vrothberg@suse.com
- Changelog for v0.8.2.1 (2018-08-11)
* Ensure pod inspect is locked and validity-checked
* Swap default CGroup manager to systemd
- Changelog for v0.8.2 (2018-08-10)
* We need to sort mounts so that one mount does not over mount another.
* search name should include registry
* removeContainer: fix deadlock
* Add FFJSON to build container
* Add FFJSON generation to makefile
* Fixed a bug setting dependencies on the wrong container
* Always connect to the stdout and stderr of stream
* apparmor: respect "unconfined" setting
* oci.go: syslog: fix debug formatting
* add podman pod inspect
* Fix CGroupFS cgroup manager cgroup creation for pods
* Pass newly-added --log-level flag to Conmon
* Cleanup man pages
* Improve ps handling of container start/stop time
* rootless: fix user lookup if USER= is not set
* Add dpkg support for returning oci/conmon versions
* Have info print conmon/oci runtime information
* Better pull error for fully-qualified images
* Add Runc and Conmon versions to Podman Version
-------------------------------------------------------------------
Thu Aug 9 10:20:19 UTC 2018 - vrothberg@suse.com
- Add a dedicated conmon for podman as the requirements on the specific
version started to differ from the ones of CRI-O. This change implies
dropping the requirement on the cri-o package.
- Add libpod.conf as a new source to allow tweaking the search paths
for openSUSE. This change makes execution slightly faster.
-------------------------------------------------------------------
Mon Aug 6 06:27:09 UTC 2018 - vrothberg@suse.com
- Changelog for v0.8.1 (2018-08-03)
* Added ps --pod option
* clarify pull error message
* Man page fixes found by https://pagure.io/ManualPageScan
* rootless: do not segfault if the parent already died
* Document the properties of DefaultTransport a bit better.
* Add --force to podman umount to force the unmounting of the rootfs
* network: add support for rootless network with slirp4netns
* Add documentations on how to setup /etc/subuid and /etc/subgid
* podman rmi shouldn't delete named referenced images
-------------------------------------------------------------------
Mon Jul 30 05:45:52 UTC 2018 - vrothberg@suse.com
- Changelog for v0.7.4 (2018-07-27)
* Add pod pause/unpause
* Fix up docker compatibility messages
* Fix handling of Linux network namespaces
* Cleanup descriptions and help information
* Add pod kill
* Added pod restart
* podman: allow to specify the IPC namespace to join
* podman: allow to specify the UTS namespace to join
* podman: allow to specify the PID namespace to join
* podman: allow to specify the userns to join
* spec: allow container:NAME network mode
* Add libpod namespace to config
* Add missing runtime.go lines to set namespace
* Set namespace for new pods/containers based on runtime
* Add --namespace flag to Podman
* Update documentation for the State interface
* Ensure pods are part of the set namespace when added
* Enforce namespace checks on container add
* Add container and pod namespaces to configs
* AppArmor: runtime check if it's enabled on the host
* Add format descriptors infor to podman top
* docs/podman-top: fix typo and whitespace
-------------------------------------------------------------------
Mon Jul 23 06:18:32 UTC 2018 - vrothberg@suse.com
- Changelog for v0.7.3 (2018-07-20)
* Podman load/tag/save prepend localhost when no repository is present
* Pod ps now uses pod.Status()
* Added pod start and stop
* rootless: support a per-user mounts.conf
* secrets: parse only one mounts configuration file
* rootless: allow a per-user registries.conf file
* rootless: allow a per-user storage.conf file
* rootless, docs: document the libpod.conf file used in rootless mode
* podman-top: use containers/psgo
* oci: keep exposed ports busy and leak the fd into conmon
* Fix ps filter with key=value labels
* rootless: require subids to be present
-------------------------------------------------------------------
Mon Jul 16 05:37:36 UTC 2018 - vrothberg@suse.com
- Changelog for v0.7.2 (2018-07-13)
* Only print container size JSON if --size was requested
* Don't print rootfs and rw sizes if they're empty
* Major fixes to podman ps --format=json output
* Ignore running containers in ps exit-code filters
* rootless: correctly propagate the exit status from the container
* rootless: unshare mount namespace
* Need to wait for container to exit before completing run/start completes
* If proxy fails then then signal should be sent to the main process
* fix pull image that includes a sha
* Added full podman pod ps, with tests and man page
* Podman pod create/rm commands with man page and tests.
* Added created time to pod state
* Support multiple networks
* podman rmi should only untag image if parent of another
* build: enable ostree in containers/storage when available
* podman/libpod: add default AppArmor profile
* rootless: propagate errors from GetRootlessRuntimeDir()
* rootless: resolve the user home directory
* rootless: fix when argv[0] is not an absolute path
* urfave/cli: fix regression in short-opts parsing
* Add --volumes-from flag to podman run and create
* Mask /proc/keys to protect information leak about keys on host
* Podman stats with no containers listed is the same as podman stats --all
- install missing podman (1) manpage
- podman-rpmlintrc: ignore missing-call-to-setgroups-before-setuid wari
- install bash completion at /usr/share/bash-completion/completions
- buildmode=pie: build position independent code
-------------------------------------------------------------------
Mon Jul 9 05:47:32 UTC 2018 - vrothberg@suse.com
- Changelog for v0.7.1 (2018-07-06)
* Block use of /proc/acpi from inside containers
* Remove per-container CGroup parents
* rootless: add /run/user/$UID to the lookup paths
* rootless: add function to retrieve the original UID
* rootless: always set XDG_RUNTIME_DIR
* rootless: set XDG_RUNTIME_DIR also for state and exec
* urfave/cli: fix parsing of short opts
* docs: Follow man-pages(7) suggestions for SYNOPSIS
* Allow multiple mounts
- re-enable varlink support (build conditional)
-------------------------------------------------------------------
Mon Jul 2 05:53:26 UTC 2018 - vrothberg@suse.com
- Changelog for v0.6.5 (2018-06-29)
* Fix built-in volume issue with podman run/create
* Add `podman container cleanup` to CLI
* Allow multiple containers and all for umount
* Returning joining namespace error should not be fatal
* Test to verify overlay quotas work, show container overhead on quota
* Remove the --registry flag from podman search
* utils: fix endless write of resize event
* Start prints UUID or container name that user inputs on success
* Fix podman hangs when detecting startup error in container attached mode
* podman-build --help: update description
* docs: add documentation for rootless containers
* Add --authfile to podman search
* Add podman-image and podman-container man page links
* make varlink optional for podman
-------------------------------------------------------------------
Mon Jun 25 05:58:20 UTC 2018 - vrothberg@suse.com
- Changelog for v0.6.4 (2018-06-22)
* Point podman-refresh at the right manpage
* Add bash completions for podman refresh
* Add manpages for podman refresh
* Add podman refresh command
* Add information about the configuration files to the install docs
* Add unittests and fix bugs
* Podman history now prints out intermediate image IDs
* Add cap-add and cap-drop to build man page
* Fix image volumes access and mount problems on restart
* Add carriage return to log message when using --tty flag
* Added --sort to ps
* Fix podman build -q
* Add extra debug so we can tell apart postdelete hooks
* TLS verify is skipped per registry.
* Add --all,-a flag to podman images
* top: make output tabular
* Add more network info ipv4/ipv6 and be more compatible with docker
* Do not run iptablesDNS workaround on IPv6 addresses
* Added --tls-verify functionality to podman search, with tests
-------------------------------------------------------------------
Mon Jun 18 05:46:23 UTC 2018 - vrothberg@suse.com
- Changelog for v0.6.3 (2018-06-15)
* podman: use a different store for the rootless case
* podman: do not use Chown in rootless mode
* network: do not attempt to create a network in rootless mode
* oci: do not set resources in rootless mode
* oci: do not use hooks in rootless mode
* oci: do not set the cgroup path in Rootless mode
* spec: change mount options for /dev/pts in rootless mode
* container: do not add shm in rootless mode
* podman: provide a default UID mapping when non root
* podman: accept option --rootfs to use exploded images
* When setting a memory limit, also set a swap limit
* Fix cleaning up network namespaces on detached ctrs
* Implement --latest for ps
* Added --sort flag to podman image
* add podman container and image command
* rmi: remove image if all tags are specified
-------------------------------------------------------------------
Mon Jun 11 06:22:30 UTC 2018 - vrothberg@suse.com
- Changelog for v0.6.2 (2018-06-08)
* Vendor in latest buildah code
* Update epoch to fix validation problems
* Touch up whitespace issue in build man
* Add disable-content flag info to man page for build
* podman-run: clean up some formatting issues
* Remove SELinux transition rule after conmon is started.
* Add --all flag even though it is a noop so scripts will work
* podman-varlink: log timeouts
* bash completion: remove shebang
* Vendor in latest containers/storage
-------------------------------------------------------------------
Fri Jun 8 14:26:33 UTC 2018 - dcassany@suse.com
- Make use of %license macro
-------------------------------------------------------------------
Tue Jun 5 13:36:00 UTC 2018 - vrothberg@suse.com
- Changelog for v0.6.1 (2018-06-01)
* Fix lable handling
* runtime: add /usr/libexec/podman/conmon to the conmon paths
* varlink build
* Add OnBuild support for podman build
* return all inspect info for varlink containerinspect
* hooks/exec: Allow successful reaps for 0s post-kill timeouts
* fix panic with podman pull
* Remove --net flag and make it an alias for --network
* Clear all caps, except the bounding set, when --user is specified.
Fix: bsc#1097970 CVE-2018-10856
* do not allow port related args to be used with --network=container:
* sort containers and images by create time
* Cleanup man pages
-------------------------------------------------------------------
Tue May 29 12:35:47 UTC 2018 - parlt@suse.com
- Changelog for v0.5.4 (2018-05-25):
* Make references to the Process part of Spec conditional
* save and load should support multi-tag for docker-archive
* Implement python podman create and start
* Set Entrypoint from image only if not already set
* Update podman build to match buildah bud functionality
* Fix handling of command in images
* Add support for Zulu timestamp parsing
* Clarify using podman build with a URL, Git repo, or archive.
* podman create, start, getattachsocket
* oci-hooks.5: Discuss directory precedence and monitoring
* Tighten the security on the podman varlink socket
-------------------------------------------------------------------
Tue May 22 10:16:03 UTC 2018 - parlt@suse.com
- Changelog for v0.5.3 (2018-05-18):
* troubleshooting: Add console syntax highlighting
* Refresh pods when refreshing podman state
* Add per-pod CGroups
* Add pod state
* hooks: Fix monitoring of multiple directories
* Add Troubleshooting guide
* Add python3 package to podman
* libpod: fix panic when using -t and the process fails to start
* Allow push/save without image reference
* Fix podman inspect bash completions
* Support pulling Dockerfile from http
* add more bash completions
* implement varlink commit
* fix segfault for podman push
* Add the Podman Logo
* hooks: Add package support for extension stages
-------------------------------------------------------------------
Mon May 14 08:33:11 UTC 2018 - vrothberg@suse.com
- Changelog for v0.5.2 (2018-05-11):
* Fix varlink remove image force
* Do not error trying to remove cgroups that don't exist
* Remove parent cgroup we create with cgroupfs
* Place Conmon and Container in separate CGroups
* Add --cgroup-manager flag to Podman binary
* Major fixes to systemd cgroup handling
* Add validation for CGroup parents. Pass CGroups path into runc
* varlink info
* Dont eat the pull error message for varlink
* podman push should honor registries.conf
* alphabetize the varlink methods, types, and errors in the docs
* Add missing newline to podman port
* Fix calculation of RunningFor in ps json output
* Should not error out if container no longer exists in oci
* Make invalid state nonfatal when cleaning up in run
* podman, userNS: configure an intermediate mount namespace
* networking, userNS: configure the network namespace after create
* Begin wiring in USERNS Support into podman
-------------------------------------------------------------------
Mon May 7 05:42:24 UTC 2018 - vrothberg@suse.com
- Remove runtime dependency on buildah, which isn't required anymore as
libpod vendors in buildah's code directly.
- Changelog for v0.5.1 (2018-05-04):
* Fix pulling from secure registry
* Optionally init() during container restart
* bashcompletion enhancements
* Add directory for systemd socket and service if not present
* varlink containers
* Make podman commit to localhost rather then docker.io
* Do not print unnecessary Buildah details during commit
* Fix podman logout --all flag
* podman should assign a host port to -p when omitted
* libpod.conf: Podman's conmon path on openSUSE
* correct varlink command in service file
* Make ':' a restricted character for file names
-------------------------------------------------------------------
Mon Apr 30 06:53:09 UTC 2018 - vrothberg@suse.com
- Update podman to v0.4.4:
* Use buildah commit and bud in podman
* Remove systemd-cat support
* Add --default-mounts-file hidden flag
* Add isolation note to build man page
* Strip transport from image name when looking for local image
* Do not eat error messages from pullImage
* Modify --user flag for podman create and run
* add libpod.conf man page
-------------------------------------------------------------------
Mon Apr 23 08:37:57 UTC 2018 - parlt@suse.com
- Update podman to v0.4.3:
* podman push without destination image
* Add make .git target
* Fix tests for podman run --attach
* Vendor in latest containers/image and contaners/storage
* It is OK to start an already running container (with no attach)
* Allow podman start to attach to a running container
* regression: tls verify should be set on registries.conf if insecure
* ip validation game too strong
* reverse host field order (ip goes first) - fix host string split to permit IPv6
* Allow podman to exit exit codes of removed containers
* validate dns-search values prior to creation
* Add WaitContainerReady for wait for docker registry ready
* podman pull should always try to pull
* Allow the use of -i/-a on any container
* Fix secrets patch
-------------------------------------------------------------------
Tue Apr 17 06:44:19 UTC 2018 - vrothberg@suse.com
- Require golang >= 1.9.
-------------------------------------------------------------------
Tue Apr 17 06:19:33 UTC 2018 - vrothberg@suse.com
- Update podman to v0.4.2:
* Allowing attaching stdin to non-interactive containers
* Fix terminal attach
* Fix locking interaction in batched Exec() on container
* Force host UID/GID mapping when creating containers
* Do not lock all containers during pod kill
* Do not lock all containers during pod start
* Make pod stop lock one container at a time
* Containers transitioning to stop should not break stats
* Add -i to exec for compatibility reasons
* Unescape characters in inspect JSON format output
* Use buildah commit for podman commit
-------------------------------------------------------------------
Mon Apr 9 07:48:52 UTC 2018 - parlt@suse.com
- Update podman to v0.4.1:
* Remove image via storage if a buildah container is associated
* Add hooks support to podman
* Run images with no names
* Prevent a potential race when stopping containers
* Only allocate tty when -t
* Add conmon-pidfile flag to bash completions/manpages
* --entrypoint= should delete existing entrypoint
* Do not require Init() before Start()
* Ensure dependencies are running before initializing containers
* Add container dependencies to Inspect output
* Vendor in latest containers/image
* Change errorf to warnf in warning removing ctr storage
-------------------------------------------------------------------
Thu Apr 5 06:40:07 UTC 2018 - asarai@suse.com
- Split out podman's basic CNI configuration to podman-cni-config, to avoid
breaking Kubernetes clusters due to misconfigured networking. On openSUSE we
still install this configuration so things "just work" there.
-------------------------------------------------------------------
Tue Apr 3 05:41:54 UTC 2018 - vrothberg@suse.com
- Update podman to v0.3.5:
* Allow sha256: prefix for input
* Add secrets patch to podman
* Only start containers that are not running in pod start
* Check for duplicate names when generating new container and pod names.
* podman: new option --conmon-pidfile=
* Remove dependency on kubernetes
* Vendor in lots of kubernetes stuff to shrink image size
* cmd/podman/run.go: Error nicely when no image found
* Update containers/storage to pick up overlay driver fix
* First tag, untag THEN reload the image
-------------------------------------------------------------------
Mon Mar 26 05:57:07 UTC 2018 - vrothberg@suse.com
- Update podman to v0.3.4:
* Make container env variable conditional
* Small manpage reword
* Document .containerenv in manpages. Move it to /run.
* Add .containerenv file
* Removing tagged images change in behavior
* Image library stage 4 - create and commit
* Add 'podman restart' asciinema
-------------------------------------------------------------------
Mon Mar 19 09:47:24 UTC 2018 - vrothberg@suse.com
- Remove old (redundant) source archive.
-------------------------------------------------------------------
Sat Mar 17 10:36:53 UTC 2018 - vrothberg@suse.com
- Do not compile commit hash into binary. `podman version` will not print
the commit number as we are now following official releases.
- Change tar naming from commit to version to facilitate updates via the
_service file.
- Update podman to v0.3.3. This update includes several fixes and a new
configuration file, libpod.conf. By default, this config will be
installed to /usr/share/containers and /etc/containers, whereas podman
will always use the latter if present. The config in
/usr/share/containers can be used to check for new config options and
will be replaced with each package update. The libpod.conf config can
be used to tweak some run-time paths of conmon, runc, etc., which is a
more flexible approach than hard-coding those paths in podman.
Changelog:
* Update containers/image
* Add restart to main podman manpage
* Add podman restart to podman bash completions and commands
* Make manpage more clear
* Add 'podman restart' command
* Remove ability to specify mount label when mounting
* Add signal proxying to podman run, start, and attach
* We should not allow a user to mount a container with a different label
* We should not have a default workdir
* Add additional debug logging
* Implement container restarting
* sleep does not catch SIGTERM
* Include tmpfs in inspect
* Add run and search to commands page
* Add new default location for conmon
* podman-images: return correct image list
* Remove crio.conf references from manpages
* Fix a potential race around container removal in ps
* podman ps command string too long
* Podman load can pull in compressed files
* Fix Conmon error to display Conmon paths
* Add support to load runtime configuration from config file
* Add default libpod config file
* Change conmon and runtime paths to arrays
* Update containers/storage to fix locking bug
-------------------------------------------------------------------
Thu Mar 15 15:24:23 UTC 2018 - vrothberg@suse.com
- Add requirement on cni-plugins to avoid potential issues in the
future.
feature#crio
-------------------------------------------------------------------
Tue Mar 6 11:00:09 UTC 2018 - vrothberg@suse.com
- Add run-time requirement on buildah to support `podman build`.
feature#crio
-------------------------------------------------------------------
Tue Mar 6 08:01:37 UTC 2018 - vrothberg@suse.com
- Fix typo when setting the git commit at compile time.
-------------------------------------------------------------------
Sat Mar 3 14:20:06 UTC 2018 - vrothberg@suse.com
- Update podman to v0.3.1:
* allow DNS resolution in containers
* Adjust podman logs error message for clarity
* Instead of erroring on exit file not being found, warn
* podman logs -f: does not detect container stop or rm
* Fix issue with podman logs on fresh containers
* Replace usage of runc with runtime
* Handle removing containers with active exec sessions
* Ensure that Cleanup() will not run on active containers
* Add tracking for exec session IDs
* Add tracking for container exec sessions to DB
* Small fixes to container Exec
* docs/podman-info.1.md update man page
* Update containers/storage
* podman info add registries
* podman stats add networking
* CNIPluginDir: check "/usr/lib/cni"
* remove build alias
* Restrict top output to container's pids only
* ps displays incorrect exit code
* podman load dont panic when no repotags
* Do not override user mounts
* Tagging an image alias by shortname
* Add support for --no-new-privs
* podman ps json output use batched ops
* CreateContainerStorage by image id
* Implement --image-volumes for create and run
* Add ability to start containers in a pod
* Add kill and stop for pods
* Add pod status command
* Add tests and cleanup
* Implement podman run option --cgroup-parent
* Inspect output should be in array form
* Add --time alias to manpages
* Alias --time to --timeout for 'podman stop'
* Resolve contention between copr and fedora repos
* Ensure we don't repeatedly poll disk for exit codes
* Change uptime format in `podman info` to human-readable
-------------------------------------------------------------------
Thu Feb 22 10:25:14 UTC 2018 - vrothberg@suse.com
- Replace macro by the entire URL in the spec file.
-------------------------------------------------------------------
Tue Feb 20 14:29:54 UTC 2018 - vrothberg@suse.com
- Add podman-rpmlintrc to ignore "explicit-lib-dependency" warnings. Those are
intentional as we must include the libcontainers-* packages.
+ podman-rpmlintrc
- Update to podman v0.2.1 (change to semantic version scheme):
* Run podman inside a podman container
* Add FFJSON encoding/decoding for our container structs
* images --all developer note
* Add podman version
* Touch up tutorial location and install reqs
* No registries warning
* Return imageid from podman pull
* Squash logged errors from failed SQL rollbacks
* Privileged containers should inherit host devices
* Disable default Seccomp profile with privileged containers
* Make libpod build on 32-bit systems
* Add buckets for all containers and all pods
* Containers in a pod can only join namespaces in that pod
* Change json to match docker inspect
* Honor ENTRYPOINT in image
* Fix libpod to use given CGroup parent instead of a hardcoded one
* podman logs: fix tailing
* Allow removing pods with running containers if --force is given
* Match podman inspect output to docker inspect
* Touchup podman kill manpage
* Change stop signal default to SIGTERM
* Add podman search command
* sysfs should be mounted rw for privileged
* Need to add LISTEN_PID environment variable to conmon command
* Add authfile, cert-dir and creds params to build
-------------------------------------------------------------------
Fri Feb 9 15:55:16 UTC 2018 - vrothberg@suse.com
- Add requirement on libcontainers-common, which now provides the
/etc/containers/policy.json config.
- Use golang-packaging macros.
- Set version to +git%{rev_list} scheme as there's no official release yet.
- Spec file cleanups via spec-cleaner.
- Add requirement on libcontainers-{common,image,storage}, which provide
configuration files, manpages and debugging tools useful and required by
podman.
-------------------------------------------------------------------
Wed Feb 7 08:51:16 UTC 2018 - vrothberg@suse.com
- Fix typo to provide the correct package.
- Replace tabs with spaces.
-------------------------------------------------------------------
Mon Feb 5 06:40:05 UTC 2018 - vrothberg@suse.com
- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
-------------------------------------------------------------------
Thu Feb 1 12:38:03 UTC 2018 - vrothberg@suse.com
- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowed
because you cannot make hardlinks between certain partitions.
-------------------------------------------------------------------
Tue Jan 30 15:33:21 UTC 2018 - vrothberg@suse.com
- Add podman package: podman is a simple client only tool to help with
debugging issues when daemons such as CRI runtime and the kubelet are not
responding or failing.