forked from pool/podman
ce455fe894
OBS-URL: https://build.opensuse.org/request/show/838911 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=70
2886 lines
142 KiB
Plaintext
2886 lines
142 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
|
|
- Added patch varlink.patch to disable needless varlink code
|
|
generation. This would cause compile failures in OBS.
|
|
(https://github.com/containers/podman/pull/7854)
|
|
- Cleanup %build section a bit and no longer build in GOPATH.
|
|
This shouldn't be needed anymore.
|
|
- Path BUILDFLAGS via enviroment variable to allow it being
|
|
appended to the corresponding Makefile variable instead of
|
|
completely overriding it.
|
|
- Install new auto-update system units
|
|
- Update to v2.1.1:
|
|
* Changes
|
|
- The `podman info` command now includes the cgroup manager
|
|
Podman is using.
|
|
* API
|
|
- The REST API now includes a Server header in all responses.
|
|
- Fixed a bug where the Libpod and Compat Attach endpoints
|
|
could terminate early, before sending all output from the
|
|
container.
|
|
- Fixed a bug where the Compat Create endpoint for containers
|
|
did not properly handle the Interactive parameter.
|
|
- Fixed a bug where the Compat Kill endpoint for containers
|
|
could continue to run after a fatal error.
|
|
- Fixed a bug where the Limit parameter of the Compat List
|
|
endpoint for Containers did not properly handle a limit of 0
|
|
(returning nothing, instead of all containers) [#7722].
|
|
- The Libpod Stats endpoint for containers is being deprecated
|
|
and will be replaced by a similar endpoint with additional
|
|
features in a future release.
|
|
- Changes in v2.1.0
|
|
* Features
|
|
- A new command, `podman image mount`, has been added. This
|
|
allows for an image to be mounted, read-only, to inspect its
|
|
contents without creating a container from it [#1433].
|
|
- The `podman save` and `podman load` commands can now create
|
|
and load archives containing multiple images [#2669].
|
|
- Rootless Podman now supports all `podman network` commands,
|
|
and rootless containers can now be joined to networks.
|
|
- The performance of `podman build` on `ADD` and `COPY`
|
|
instructions has been greatly improved, especially when a
|
|
`.dockerignore` is present.
|
|
- The `podman run` and `podman create` commands now support a
|
|
new mode for the `--cgroups` option, `--cgroups=split`.
|
|
Podman will create two cgroups under the cgroup it was
|
|
launched in, one for the container and one for Conmon. This
|
|
mode is useful for running Podman in a systemd unit, as it
|
|
ensures that all processes are retained in systemd's cgroup
|
|
hierarchy [#6400].
|
|
- The `podman run` and `podman create` commands can now specify
|
|
options to slirp4netns by using the `--network` option as
|
|
follows: `--net slirp4netns:opt1,opt2`. This allows for,
|
|
among other things, switching the port forwarder used by
|
|
slirp4netns away from rootlessport.
|
|
- The `podman ps` command now features a new option,
|
|
`--storage`, to show containers from Buildah, CRI-O and other
|
|
applications.
|
|
- The `podman run` and `podman create` commands now feature a
|
|
`--sdnotify` option to control the behavior of systemd's
|
|
sdnotify with containers, enabling improved support for
|
|
Podman in `Type=notify` units.
|
|
- The `podman run` command now features a `--preserve-fds`
|
|
opton to pass file descriptors from the host into the
|
|
container [#6458].
|
|
- The `podman run` and `podman create` commands can now create
|
|
overlay volume mounts, by adding the `:O` option to a bind
|
|
mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
|
|
mount a directory into a container from the host and allow
|
|
changes to it, but not write those changes back to the
|
|
directory on the host.
|
|
- The `podman play kube` command now supports the Socket
|
|
HostPath type [#7112].
|
|
- The `podman play kube` command now supports read-only mounts.
|
|
- The `podman play kube` command now supports setting labels on
|
|
pods from Kubernetes metadata labels.
|
|
- The `podman play kube` command now supports setting container
|
|
restart policy [#7656].
|
|
- The `podman play kube` command now properly handles
|
|
`HostAlias` entries.
|
|
- The `podman generate kube` command now adds entries to
|
|
`/etc/hosts` from `--host-add` generated YAML as `HostAlias`
|
|
entries.
|
|
- The `podman play kube` and `podman generate kube` commands
|
|
now properly support `shareProcessNamespace` to share the PID
|
|
namespace in pods.
|
|
- The `podman volume ls` command now supports the `dangling`
|
|
filter to identify volumes that are dangling (not attached to
|
|
any container).
|
|
- The `podman run` and `podman create` commands now feature a
|
|
`--umask` option to set the umask of the created container.
|
|
- The `podman create` and `podman run` commands now feature a
|
|
`--tz` option to set the timezone within the container [#5128].
|
|
- Environment variables for Podman can now be added in the
|
|
`containers.conf` configuration file.
|
|
- The `--mount` option of `podman run` and `podman create` now
|
|
supports a new mount type, `type=devpts`, to add a `devpts`
|
|
mount to the container. This is useful for containers that
|
|
want to mount `/dev/` from the host into the container, but
|
|
still create a terminal.
|
|
- The `--security-opt` flag to `podman run` and `podman create`
|
|
now supports a new option, `proc-opts`, to specify options
|
|
for the container's `/proc` filesystem.
|
|
- Podman with the `crun` OCI runtime now supports a new option
|
|
to `podman run` and `podman create`, `--cgroup-conf`, which
|
|
allows for advanced configuration of cgroups on cgroups v2
|
|
systems.
|
|
- The `podman create` and `podman run` commands now support a
|
|
`--override-variant` option, to override the architecture
|
|
variant of the image that will be pulled and ran.
|
|
- A new global option has been added to Podman,
|
|
`--runtime-flags`, which allows for setting flags to use when
|
|
the OCI runtime is called.
|
|
- The `podman manifest add` command now supports the
|
|
`--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
|
|
options.
|
|
* Security
|
|
- This release resolves CVE-2020-14370, in which environment
|
|
variables could be leaked between containers created using
|
|
the Varlink API.
|
|
* Changes
|
|
- Podman will now retry pulling an image 3 times if a pull
|
|
fails due to network errors.
|
|
- The `podman exec` command would previously print error
|
|
messages (e.g. `exec session exited with non-zero exit code
|
|
-1`) when the command run exited with a non-0 exit code. It
|
|
no longer does this. The `podman exec` command will still
|
|
exit with the same exit code as the command run in the
|
|
container did.
|
|
- Error messages when creating a container or pod with a name
|
|
that is already in use have been improved.
|
|
- For read-only containers running systemd init, Podman creates
|
|
a tmpfs filesystem at `/run`. This was previously limited to
|
|
65k in size and mounted `noexec`, but is now unlimited size
|
|
and mounted `exec`.
|
|
- The `podman system reset` command no longer removes
|
|
configuration files for rootless Podman.
|
|
* API
|
|
- The Libpod API version has been bumped to v2.0.0 due to a
|
|
breaking change in the Image List API.
|
|
- Docker-compatible Volume Endpoints (Create, Inspect, List,
|
|
Remove, Prune) are now available!
|
|
- Added an endpoint for generating systemd unit files for
|
|
containers.
|
|
- The `last` parameter to the Libpod container list endpoint
|
|
now has an alias, `limit` [#6413].
|
|
- The Libpod image list API new returns timestamps in Unix
|
|
format, as integer, as opposed to as strings
|
|
- The Compat Inspect endpoint for containers now includes port
|
|
information in NetworkSettings.
|
|
- The Compat List endpoint for images now features limited
|
|
support for the (deprecated) `filter` query parameter [#6797].
|
|
- Fixed a bug where the Compat Create endpoint for containers
|
|
was not correctly handling bind mounts.
|
|
- Fixed a bug where the Compat Create endpoint for containers
|
|
would not return a 404 when the requested image was not
|
|
present.
|
|
- Fixed a bug where the Compat Create endpoint for containers
|
|
did not properly handle Entrypoint and Command from images.
|
|
- Fixed a bug where name history information was not properly
|
|
added in the Libpod Image List endpoint.
|
|
- Fixed a bug where the Libpod image search endpoint improperly
|
|
populated the Description field of responses.
|
|
- Added a `noTrunc` option to the Libpod image search endpoint.
|
|
- Fixed a bug where the Pod List API would return null, instead
|
|
of an empty array, when no pods were present [#7392].
|
|
- Fixed a bug where endpoints that hijacked would do perform
|
|
the hijack too early, before being ready to send and receive
|
|
data [#7195].
|
|
- Fixed a bug where Pod endpoints that can operate on multiple
|
|
containers at once (e.g. Kill, Pause, Unpause, Stop) would
|
|
not forward errors from individual containers that failed.
|
|
- The Compat List endpoint for networks now supports filtering
|
|
results [#7462].
|
|
- Fixed a bug where the Top endpoint for pods would return both
|
|
a 500 and 404 when run on a non-existant pod.
|
|
- Fixed a bug where Pull endpoints did not stream progress back
|
|
to the client.
|
|
- The Version endpoints (Libpod and Compat) now provide version
|
|
in a format compatible with Docker.
|
|
- All non-hijacking responses to API requests should not
|
|
include headers with the version of the server.
|
|
- Fixed a bug where Libpod and Compat Events endpoints did not
|
|
send response headers until the first event occurred [#7263].
|
|
- Fixed a bug where the Build endpoints (Compat and Libpod) did
|
|
not stream progress to the client.
|
|
- Fixed a bug where the Stats endpoints (Compat and Libpod) did
|
|
not properly handle clients disconnecting.
|
|
- Fixed a bug where the Ignore parameter to the Libpod Stop
|
|
endpoint was not performing properly.
|
|
- Fixed a bug where the Compat Logs endpoint for containers did
|
|
not stream its output in the correct format [#7196].
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Cleanup %install section to use "make install"
|
|
- install missing systemd units for the new Rest API (bsc#1175957)
|
|
and a few man-pages that where missing before
|
|
- Drop varlink API related bits (in favor of the new API)
|
|
- fix install location for zsh completions
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 2 00:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
- Update to v2.0.6
|
|
* Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
|
|
* Fixed a bug where /etc/passwd could be re-created every time a container
|
|
is restarted if the container's /etc/passwd did not contain an entry
|
|
for the user the container was started as.
|
|
* Fixed a bug where containers without an /etc/passwd file specifying
|
|
a non-root user would not start.
|
|
* Fixed a bug where the --remote flag would sometimes not make
|
|
remote connections and would instead attempt to run Podman locally.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 25 07:01:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|
|
|
- Update to v2.0.5 (bsc#1175821)
|
|
* Features
|
|
- Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
|
|
- The podman system connection command has been reworked to support multiple connections, and reenabled for use!
|
|
- Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.
|
|
* Changes
|
|
- Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
|
|
- Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.
|
|
* Bugfixes
|
|
- Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
|
|
- Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
|
|
- Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
|
|
- Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]).
|
|
- Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
|
|
- Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
|
|
- Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
|
|
- Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
|
|
- Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
|
|
- Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
|
|
- Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
|
|
- Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
|
|
- Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
|
|
- Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
|
|
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
|
|
- Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
|
|
- Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
|
|
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
|
|
- Fixed a bug where podman build would not generate an event on completion (#7022).
|
|
- Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
|
|
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
|
|
- Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
|
|
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
|
|
- Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
|
|
- Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
|
|
- Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
|
|
- Fixed a bug where the podman version command did not properly include build time and Git commit.
|
|
- Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
|
|
- Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
|
|
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).
|
|
* API
|
|
- Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
|
|
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
|
|
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
|
|
- Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
|
|
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
|
|
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
|
|
- The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.
|
|
* Misc
|
|
- Updated Buildah to v1.15.1
|
|
- Updated containers/image library to v5.5.2
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 18 15:11:31 UTC 2020 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 12 09:35:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Change hard requires for AppArmor to Recommends. They are not
|
|
needed for runtime or with SELinux but already installed if
|
|
AppArmor is used [jsc#SMO-15]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 4 13:52:05 UTC 2020 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Add BuildRequires for pkg-config(libselinux) to build with
|
|
SELinux support [jsc#SMO-15]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 3 06:47:04 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update to v2.0.4
|
|
* Fixed a bug where the output of podman image search did not
|
|
populate the Description field as it was mistakenly assigned to
|
|
the ID field.
|
|
* Fixed a bug where podman build - and podman build on an HTTP
|
|
target would fail.
|
|
* Fixed a bug where rootless Podman would improperly chown the
|
|
copied-up contents of anonymous volumes (#7130).
|
|
* Fixed a bug where Podman would sometimes HTML-escape special
|
|
characters in its CLI output.
|
|
* Fixed a bug where the podman start --attach --interactive
|
|
command would print the container ID of the container attached
|
|
to when exiting (#7068).
|
|
* Fixed a bug where podman run --ipc=host --pid=host would only
|
|
set --pid=host and not --ipc=host (#7100).
|
|
* Fixed a bug where the --publish argument to podman run, podman
|
|
create and podman pod create would not allow binding the same
|
|
container port to more than one host port (#7062).
|
|
* Fixed a bug where incorrect arguments to podman images --format
|
|
could cause Podman to segfault.
|
|
* Fixed a bug where podman rmi --force on an image ID with more
|
|
than one name and at least one container using the image would
|
|
not completely remove containers using the image (#7153).
|
|
* Fixed a bug where memory usage in bytes and memory use
|
|
percentage were swapped in the output of podman stats
|
|
--format=json.
|
|
* Fixed a bug where the libpod and compat events endpoints would
|
|
fail if no filters were specified (#7078).
|
|
* Fixed a bug where the CgroupVersion field in responses from the
|
|
compat Info endpoint was prefixed by "v" (instead of just being
|
|
"1" or "2", as is documented).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 31 13:07:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Remove obsolete libpod.conf from Package sources
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 28 13:16:55 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- libpod got renamed to podman on GitHub. Point _service file to
|
|
the new name.
|
|
- Remove obsolete old Requires on libcontainers-image and -storage
|
|
all of that is inside libcontainers-common
|
|
- Require a new enough libcontainers-common version to have the
|
|
default containers.conf installed.
|
|
- Remove deprecated libpod.conf and create an update notice pointing
|
|
to containers.conf for user that made changes to libpod.conf
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 28 09:13:49 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
- Suggest katacontainers instead of recommending it. It's not
|
|
enabled by default, so it's just bloat
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 24 12:19:32 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Update to v2.0.3
|
|
* Fix handling of entrypoint
|
|
* log API: add context to allow for cancelling
|
|
* fix API: Create container with an invalid configuration
|
|
* Remove all instances of named return "err" from Libpod
|
|
* Fix: Correct connection counters for hijacked connections
|
|
* Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
|
|
* Remove hijacked connections from active connections list
|
|
* version/info: format: allow more json variants
|
|
* Correctly print STDOUT on non-terminal remote exec
|
|
* Fix container and pod create commands for remote create
|
|
* Mask out /sys/dev to prevent information leak from the host
|
|
* Ensure sig-proxy default is propagated in start
|
|
* Add SystemdMode to inspect for containers
|
|
* When determining systemd mode, use full command
|
|
* Fix lint
|
|
* Populate remaining unused fields in `pod inspect`
|
|
* Include infra container information in `pod inspect`
|
|
* play-kube: add suport for "IfNotPresent" pull type
|
|
* docs: user namespace can't be shared in pods
|
|
* Fix "Error: unrecognized protocol \"TCP\" in port mapping"
|
|
* Error on rootless mac and ip addresses
|
|
* Fix & add notes regarding problematic language in codebase
|
|
* abi: set default umask and rlimits
|
|
* Used reference package with errors for parsing tag
|
|
* fix: system df error when an image has no name
|
|
* Fix Generate API title/description
|
|
* Add noop function disable-content-trust
|
|
* fix play kube doesn't override dockerfile ENTRYPOINT
|
|
* Support default profile for apparmor
|
|
* Bump github.com/containers/common to v0.14.6
|
|
* events endpoint: backwards compat to old type
|
|
* events endpoint: fix panic and race condition
|
|
* Switch references from libpod.conf to containers.conf
|
|
* podman.service: set type to simple
|
|
* podman.service: set doc to podman-system-service
|
|
* podman.service: use default registries.conf
|
|
* podman.service: use default killmode
|
|
* podman.service: remove stop timeout
|
|
* systemd: symlink user->system
|
|
* vendor golang.org/x/text@v0.3.3
|
|
* Fix a bug where --pids-limit was parsed incorrectly
|
|
* search: allow wildcards
|
|
* [CI:DOCS]Do not copy policy.json into gating image
|
|
* Fix systemd pid 1 test
|
|
* Cirrus: Rotate keys post repo. rename
|
|
- The libpod.conf(5) man page got removed and all references are
|
|
now pointing towards containers.conf(5), which will be part
|
|
of the libcontainers-common package.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 8 07:12:58 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Update to podman v2.0.2
|
|
* fix race condition in `libpod.GetEvents(...)`
|
|
* Fix bug where `podman mount` didn't error as rootless
|
|
* remove podman system connection
|
|
* Fix imports to ensure v2 is used with libpod
|
|
* Update release notes for v2.0.2
|
|
* specgen: fix order for setting rlimits
|
|
* Ensure umask is set appropriately for 'system service'
|
|
* generate systemd: improve pod-flags filter
|
|
* Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
|
|
* Fixes --remote flag issues
|
|
* Pids-limit should only be set if the user set it
|
|
* Set console mode for windows
|
|
* Allow empty host port in --publish flag
|
|
* Add a note on the APIs supported by `system service`
|
|
* fix: Don't override entrypoint if it's `nil`
|
|
* Set TMPDIR to /var/tmp by default if not set
|
|
* test: add tests for --user and volumes
|
|
* container: move volume chown after spec generation
|
|
* libpod: volume copyup honors namespace mappings
|
|
* Fix `system service` panic from early hangup in events
|
|
* stop podman service in e2e tests
|
|
* Print errors from individual containers in pods
|
|
* auto-update: clarify systemd-unit requirements
|
|
* podman ps truncate the command
|
|
* move go module to v2
|
|
* Vendor containers/common v0.14.4
|
|
* Bump to imagebuilder v1.1.6 on v2 branch
|
|
* Account for non-default port number in image name
|
|
- Changes since v2.0.1
|
|
* Update release notes with further v2.0.1 changes
|
|
* Fix inspect to display multiple label: changes
|
|
* Set syslog for exit commands on log-level=debug
|
|
* Friendly amendment for pr 6751
|
|
* podman run/create: support all transports
|
|
* systemd generate: allow manual restart of container units in pods
|
|
* Revert sending --remote flag to containers
|
|
* Print port mappings in `ps` for ctrs sharing network
|
|
* vendor github.com/containers/common@v0.14.3
|
|
* Update release notes for v2.0.1
|
|
* utils: drop default mapping when running uid!=0
|
|
* Set stop signal to 15 when not explicitly set
|
|
* podman untag: error if tag doesn't exist
|
|
* Reformat inspect network settings
|
|
* APIv2: Return `StatusCreated` from volume creation
|
|
* APIv2:fix: Remove `/json` from compat network EPs
|
|
* Fix ssh-agent support
|
|
* libpod: specify mappings to the storage
|
|
* APIv2:doc: Fix swagger doc to refer to volumes
|
|
* Add podman network to bash command completions
|
|
* Fix typo in manpage for `podman auto update`.
|
|
* Add JSON output field for ps
|
|
* V2 podman system connection
|
|
* image load: no args required
|
|
* Re-add PODMAN_USERNS environment variable
|
|
* Fix conflicts between privileged and other flags
|
|
* Bump required go version to 1.13
|
|
* Add explicit command to alpine container in test case.
|
|
* Use POLL_DURATION for timer
|
|
* Stop following logs using timers
|
|
* "pod" was being truncated to "po" in the names of the generated systemd unit files.
|
|
* rootless_linux: improve error message
|
|
* Fix podman build handling of --http-proxy flag
|
|
* correct the absolute path of `rm` executable
|
|
* Makefile: allow customizable GO_BUILD
|
|
* Cirrus: Change DEST_BRANCH to v2.0
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 22 14:55:23 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Update to podman v2.0.0
|
|
* The `podman generate systemd` command now supports the `--new`
|
|
flag when used with pods, allowing portable services for pods
|
|
to be created.
|
|
* The `podman play kube` command now supports running Kubernetes
|
|
Deployment YAML.
|
|
* The `podman exec` command now supports the `--detach` flag to
|
|
run commands in the container in the background.
|
|
* The `-p` flag to `podman run` and `podman create` now supports
|
|
forwarding ports to IPv6 addresses.
|
|
* The `podman run`, `podman create` and `podman pod create`
|
|
command now support a `--replace` flag to remove and replace any
|
|
existing container (or, for `pod create`, pod) with the same name
|
|
* The `--restart-policy` flag to `podman run` and `podman create`
|
|
now supports the `unless-stopped` restart policy.
|
|
* The `--log-driver` flag to `podman run` and `podman create`
|
|
now supports the `none` driver, which does not log the
|
|
container's output.
|
|
* The `--mount` flag to `podman run` and `podman create` now
|
|
accepts `readonly` option as an alias to `ro`.
|
|
* The `podman generate systemd` command now supports the `--container-prefix`,
|
|
`--pod-prefix`, and `--separator` arguments to control the
|
|
name of generated unit files.
|
|
* The `podman network ls` command now supports the `--filter`
|
|
flag to filter results.
|
|
* The `podman auto-update` command now supports specifying an
|
|
authfile to use when pulling new images on a per-container
|
|
basis using the `io.containers.autoupdate.authfile` label.
|
|
* Fixed a bug where the `podman exec` command would log to journald
|
|
when run in containers loggined to journald
|
|
([#6555](https://github.com/containers/libpod/issues/6555)).
|
|
* Fixed a bug where the `podman auto-update` command would not
|
|
preserve the OS and architecture of the original image when
|
|
pulling a replacement
|
|
([#6613](https://github.com/containers/libpod/issues/6613)).
|
|
* Fixed a bug where the `podman cp` command could create an extra
|
|
`merged` directory when copying into an existing directory
|
|
([#6596](https://github.com/containers/libpod/issues/6596)).
|
|
* Fixed a bug where the `podman pod stats` command would crash
|
|
on pods run with `--network=host`
|
|
([#5652](https://github.com/containers/libpod/issues/5652)).
|
|
* Fixed a bug where containers logs written to journald did not
|
|
include the name of the container.
|
|
* Fixed a bug where the `podman network inspect` and
|
|
`podman network rm` commands did not properly handle non-default
|
|
CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
|
|
* Fixed a bug where Podman did not properly remove containers
|
|
when using the Kata containers OCI runtime.
|
|
* Fixed a bug where `podman inspect` would sometimes incorrectly
|
|
report the network mode of containers started with `--net=none`.
|
|
* Podman is now better able to deal with cases where `conmon`
|
|
is killed before the container it is monitoring.
|
|
- Requires go 1.13 now
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
|
|
|
|
- Update to podman v1.9.3:
|
|
* Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
|
|
were not properly mounted into containers
|
|
* Fixed a bug where builds run over Varlink would hang
|
|
* Fixed a bug where podman save would fail when the target
|
|
image was specified by digest
|
|
* Fixed a bug where rootless containers with ports forwarded to them
|
|
could panic and dump core due to a concurrency issue (#6018)
|
|
* Fixed a bug where rootless Podman could race when opening the
|
|
rootless user namespace, resulting in commands failing to run
|
|
* Fixed a bug where HTTP proxy environment variables forwarded into
|
|
the container by the --http-proxy flag could not be overridden by --env or --env-file
|
|
* Fixed a bug where rootless Podman was setting resource limits on cgroups
|
|
v2 systems that were not using systemd-managed cgroups
|
|
(and thus did not support resource limits), resulting in containers failing to start
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 29 06:34:51 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.9.1:
|
|
* Bugfixes
|
|
- Fixed a bug where healthchecks could become nonfunctional if
|
|
container log paths were manually set with --log-path and
|
|
multiple container logs were placed in the same directory
|
|
- Fixed a bug where rootless Podman could, when using an older
|
|
libpod.conf, print numerous warning messages about an invalid
|
|
CGroup manager config
|
|
- Fixed a bug where rootless Podman would sometimes fail to
|
|
close the rootless user namespace when joining it
|
|
* Misc
|
|
- Updated containers/common to v0.8.2
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 16 06:33:21 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Switched to simple `make binaries` for building podman
|
|
- Update podman to v1.9.0:
|
|
* Features
|
|
- Experimental support has been added for podman run
|
|
--userns=auto, which automatically allocates a unique UID and
|
|
GID range for the new container's user namespace
|
|
- The podman play kube command now has a --network flag to
|
|
place the created pod in one or more CNI networks
|
|
- The podman commit command now supports an --iidfile flag to
|
|
write the ID of the committed image to a file
|
|
- Initial support for the new containers.conf configuration
|
|
file has been added. containers.conf allows for much more
|
|
detailed configuration of some Podman functionality
|
|
* Changes
|
|
- There has been a major cleanup of the podman info command
|
|
resulting in breaking changes. Many fields have been renamed
|
|
to better suit usage with APIv2
|
|
- All uses of the --timeout flag have been switched to prefer
|
|
the alternative --time. The --timeout flag will continue to
|
|
work, but man pages and --help will use the --time flag
|
|
instead
|
|
* Bugfixes
|
|
- Fixed a bug where some volume mounts from the host would
|
|
sometimes not properly determine the flags they should use
|
|
when mounting
|
|
- Fixed a bug where Podman was not propagating $PATH to Conmon
|
|
and the OCI runtime, causing issues for some OCI runtimes
|
|
that required it
|
|
- Fixed a bug where rootless Podman would print error messages
|
|
about missing support for systemd cgroups when run in a
|
|
container with no cgroup support
|
|
- Fixed a bug where podman play kube would not properly handle
|
|
container-only port mappings (#5610)
|
|
- Fixed a bug where the podman container prune command was not
|
|
pruning containers in the created and configured states
|
|
- Fixed a bug where Podman was not properly removing CNI IP
|
|
address allocations after a reboot (#5433)
|
|
- Fixed a bug where Podman was not properly applying the
|
|
default Seccomp profile when --security-opt was not given at
|
|
the command line
|
|
* HTTP API
|
|
- Many Libpod API endpoints have been added, including Changes,
|
|
Checkpoint, Init, and Restore
|
|
- Resolved issues where the podman system service command would
|
|
time out and exit while there were still active connections
|
|
- Stability overall has greatly improved as we prepare the API
|
|
for a beta release soon with Podman 2.0
|
|
* Misc
|
|
- The default infra image for pods has been upgraded to
|
|
k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
|
|
architecture metadata for non-AMD64 images
|
|
- The slirp4netns networking utility in rootless Podman now
|
|
uses Seccomp filtering where available for improved security
|
|
- Updated Buildah to v1.14.8
|
|
- Updated containers/storage to v1.18.2
|
|
- Updated containers/image to v5.4.3
|
|
- Updated containers/common to v0.8.1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 3 14:30:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Add "systemd" BUILDFLAGS to build with support for journald
|
|
logging (bsc#1162432)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 27 12:40:44 UTC 2020 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Use infra_image pause:3.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 27 09:52:26 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Fix dependency on slirp4netns. We need at least 0.4.0 now
|
|
(bsc#1167850)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 20 07:56:22 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.8.2:
|
|
* Features
|
|
- Initial support for automatically updating containers managed
|
|
via Systemd unit files has been merged. This allows
|
|
containers to automatically upgrade if a newer version of
|
|
their image becomes available
|
|
* Bugfixes
|
|
- Fixed a bug where unit files generated by podman generate
|
|
systemd --new would not force containers to detach, causing
|
|
the unit to time out when trying to start
|
|
- Fixed a bug where podman system reset could delete important
|
|
system directories if run as rootless on installations
|
|
created by older Podman (#4831)
|
|
- Fixed a bug where image built by podman build would not
|
|
properly set the OS and Architecture they were built with
|
|
(#5503)
|
|
- Fixed a bug where attached podman run with --sig-proxy
|
|
enabled (the default), when built with Go 1.14, would
|
|
repeatedly send signal 23 to the process in the container and
|
|
could generate errors when the container stopped (#5483)
|
|
- Fixed a bug where rootless podman run commands could hang
|
|
when forwarding ports
|
|
- Fixed a bug where rootless Podman would not work when /proc
|
|
was mounted with the hidepid option set
|
|
- Fixed a bug where the podman system service command would use
|
|
large amounts of CPU when --timeout was set to 0 (#5531)
|
|
* HTTP API
|
|
- Initial support for Libpod endpoints related to creating and
|
|
operating on image manifest lists has been added
|
|
- The Libpod Healthcheck and Events API endpoints are now
|
|
supported
|
|
- The Swagger endpoint can now handle cases where no Swagger
|
|
documentation has been generated
|
|
* Misc
|
|
- Updated Buildah to v1.14.3
|
|
- Updated containers/storage to v1.16.5
|
|
- Several performance improvements have been made to creating
|
|
containers, which should somewhat improve the performance of
|
|
podman create and podman run
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 12 07:36:52 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.8.1:
|
|
* Features
|
|
- Many networking-related flags have been added to podman pod
|
|
create to enable customization of pod networks, including
|
|
--add-host, --dns, --dns-opt, --dns-search, --ip,
|
|
--mac-address, --network, and --no-hosts
|
|
- The podman ps --format=json command now includes the ID of
|
|
the image containers were created with
|
|
- The podman run and podman create commands now feature an
|
|
--rmi flag to remove the image the container was using after
|
|
it exits (if no other containers are using said image)
|
|
([#4628](https://github.com/containers/libpod/issues/4628))
|
|
- The podman create and podman run commands now support the
|
|
--device-cgroup-rule flag (#4876)
|
|
- While the HTTP API remains in alpha, many fixes and additions
|
|
have landed. These are documented in a separate subsection
|
|
below
|
|
- The podman create and podman run commands now feature a
|
|
--no-healthcheck flag to disable healthchecks for a container
|
|
(#5299)
|
|
- Containers now recognize the io.containers.capabilities
|
|
label, which specifies a list of capabilities required by the
|
|
image to run. These capabilities will be used as long as they
|
|
are more restrictive than the default capabilities used
|
|
- YAML produced by the podman generate kube command now
|
|
includes SELinux configuration passed into the container via
|
|
--security-opt label=... (#4950)
|
|
* Bugfixes
|
|
- Fixed CVE-2020-1726, a security issue where volumes manually
|
|
populated before first being mounted into a container could
|
|
have those contents overwritten on first being mounted into a
|
|
container
|
|
- Fixed a bug where Podman containers with user namespaces in
|
|
CNI networks with the DNS plugin enabled would not have the
|
|
DNS plugin's nameserver added to their resolv.conf
|
|
([#5256](https://github.com/containers/libpod/issues/5256))
|
|
- Fixed a bug where trailing / characters in image volume
|
|
definitions could cause them to not be overridden by a
|
|
user-specified mount at the same location
|
|
([#5219](https://github.com/containers/libpod/issues/5219))
|
|
- Fixed a bug where the label option in libpod.conf, used to
|
|
disable SELinux by default, was not being respected (#5087)
|
|
- Fixed a bug where the podman login and podman logout commands
|
|
required the registry to log into be specified (#5146)
|
|
- Fixed a bug where detached rootless Podman containers could
|
|
not forward ports (#5167)
|
|
- Fixed a bug where rootless Podman could fail to run if the
|
|
pause process had died
|
|
- Fixed a bug where Podman ignored labels that were specified
|
|
with only a key and no value (#3854)
|
|
- Fixed a bug where Podman would fail to create named volumes
|
|
when the backing filesystem did not support SELinux labelling
|
|
(#5200)
|
|
- Fixed a bug where --detach-keys="" would not disable
|
|
detaching from a container (#5166)
|
|
- Fixed a bug where the podman ps command was too aggressive
|
|
when filtering containers and would force --all on in too
|
|
many situations
|
|
- Fixed a bug where the podman play kube command was ignoring
|
|
image configuration, including volumes, working directory,
|
|
labels, and stop signal (#5174)
|
|
- Fixed a bug where the Created and CreatedTime fields in
|
|
podman images --format=json were misnamed, which also broke
|
|
Go template output for those fields
|
|
([#5110](https://github.com/containers/libpod/issues/5110))
|
|
- Fixed a bug where rootless Podman containers with ports
|
|
forwarded could hang when started (#5182)
|
|
- Fixed a bug where podman pull could fail to parse registry
|
|
names including port numbers
|
|
- Fixed a bug where Podman would incorrectly attempt to
|
|
validate image OS and architecture when starting containers
|
|
- Fixed a bug where Bash completion for podman build -f would
|
|
not list available files that could be built (#3878)
|
|
- Fixed a bug where podman commit --change would perform
|
|
incorrect validation, resulting in valid changes being
|
|
rejected (#5148)
|
|
- Fixed a bug where podman logs --tail could take large amounts
|
|
of memory when the log file for a container was large (#5131)
|
|
- Fixed a bug where Podman would sometimes incorrectly generate
|
|
firewall rules on systems using firewalld
|
|
- Fixed a bug where the podman inspect command would not
|
|
display network information for containers properly if a
|
|
container joined multiple CNI networks
|
|
([#4907](https://github.com/containers/libpod/issues/4907))
|
|
- Fixed a bug where the --uts flag to podman create and podman
|
|
run would only allow specifying containers by full ID (#5289)
|
|
- Fixed a bug where rootless Podman could segfault when passed
|
|
a large number of file descriptors
|
|
- Fixed a bug where the podman port command was incorrectly
|
|
interpreting additional arguments as container names, instead
|
|
of port numbers
|
|
- Fixed a bug where units created by podman generate systemd
|
|
did not depend on network targets, and so could start before
|
|
the system network was ready (#4130)
|
|
- Fixed a bug where exec sessions in containers which did not
|
|
specify a user would not inherit supplemental groups added to
|
|
the container via --group-add
|
|
- Fixed a bug where Podman would not respect the $TMPDIR
|
|
environment variable for placing large temporary files during
|
|
some operations (e.g. podman pull)
|
|
([#5411](https://github.com/containers/libpod/issues/5411))
|
|
* HTTP API
|
|
- Initial support for secure connections to servers via SSH
|
|
tunneling has been added
|
|
- Initial support for the libpod create and logs endpoints for
|
|
containers has been added
|
|
- Added a /swagger/ endpoint to serve API documentation
|
|
- The json endpoint for containers has received many fixes
|
|
- Filtering images and containers has been greatly improved,
|
|
with many bugs fixed and documentation improved
|
|
- Image creation endpoints (commit, pull, etc) have seen many
|
|
fixes
|
|
- Server timeout has been fixed so that long operations will no
|
|
longer trigger the timeout and shut the server down
|
|
- The stats endpoint for containers has seen major fixes and
|
|
now provides accurate output
|
|
- Handling the HTTP 304 status code has been fixed for all
|
|
endpoints
|
|
- Many fixes have been made to API documentation to ensure it
|
|
matches the code
|
|
* Misc
|
|
- Updated vendored Buildah to v1.14.2
|
|
- Updated vendored containers/storage to v1.16.2
|
|
- The Created field to podman images --format=json has been
|
|
renamed to CreatedSince as part of the fix for (#5110). Go
|
|
templates using the old name shou ld still work
|
|
- The CreatedTime field to podman images --format=json has been
|
|
renamed to CreatedAt as part of the fix for (#5110). Go
|
|
templates using the old name should still work
|
|
- The before filter to podman images has been renamed to since
|
|
for Docker compatibility. Using before will still work, but
|
|
documentation has been changed to use the new since filter
|
|
- Using the --password flag to podman login now warns that
|
|
passwords are being passed in plaintext
|
|
- Some common cases where Podman would deadlock have been fixed
|
|
to warn the user that podman system renumber must be run to
|
|
resolve the deadlock
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 16:26:16 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Added SLE specific README.SUSE about current support status
|
|
(jsc#SLE-9112, jsc#CAASP-60)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 15:40:12 UTC 2020 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Configure br_netfilter for podman automatically (boo#1165738)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- The name of the cni-bridge in the default config changed from
|
|
"cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to
|
|
rename the bridge in the system to the new default if it exists.
|
|
The trigger is only excuted when updating podman-cni-config
|
|
from something older than 1.6.0. This is mainly needed for SLE
|
|
where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 7 14:18:16 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Remove: 0001-clarify-container-prune-force.patch because it's now
|
|
included in the release
|
|
- Update podman to v1.8.0 (bsc#1160460):
|
|
* Features
|
|
- The podman system service command has been added, providing a
|
|
preview of Podman's new Docker-compatible API. This API is
|
|
still very new, and not yet ready for production use, but is
|
|
available for early testing
|
|
- Rootless Podman now uses Rootlesskit for port forwarding,
|
|
which should greatly improve performance and capabilities
|
|
- The podman untag command has been added to remove tags from
|
|
images without deleting them
|
|
- The podman inspect command on images now displays previous
|
|
names they used
|
|
- The podman generate systemd command now supports a --new
|
|
option to generate service files that create and run new
|
|
containers instead of managing existing containers
|
|
- Support for --log-opt tag= to set logging tags has been added
|
|
to the journald log driver
|
|
- Added support for using Seccomp profiles embedded in images
|
|
for podman run and podman create via the new --seccomp-policy
|
|
CLI flag
|
|
- The podman play kube command now honors pull policy
|
|
* Bugfixes
|
|
- Fixed a bug where the podman cp command would not copy the
|
|
contents of directories when paths ending in /. were given
|
|
- Fixed a bug where the podman play kube command did not
|
|
properly locate Seccomp profiles specified relative to
|
|
localhost
|
|
- Fixed a bug where the podman info command for remote Podman
|
|
did not show registry information
|
|
- Fixed a bug where the podman exec command did not support
|
|
having input piped into it
|
|
- Fixed a bug where the podman cp command with rootless Podman
|
|
on CGroups v2 systems did not properly determine if the
|
|
container could be paused while copying
|
|
- Fixed a bug where the podman container prune --force command
|
|
could possible remove running containers if they were started
|
|
while the command was running
|
|
- Fixed a bug where Podman, when run as root, would not
|
|
properly configure slirp4netns networking when requested
|
|
- Fixed a bug where podman run --userns=keep-id did not work
|
|
when the user had a UID over 65535
|
|
- Fixed a bug where rootless podman run and podman create with
|
|
the --userns=keep-id option could change permissions on
|
|
/run/user/$UID and break KDE
|
|
- Fixed a bug where rootless Podman could not be run in a
|
|
systemd service on systems using CGroups v2
|
|
- Fixed a bug where podman inspect would show CPUShares as 0,
|
|
instead of the default (1024), when it was not explicitly set
|
|
- Fixed a bug where podman-remote push would segfault
|
|
- Fixed a bug where image healthchecks were not shown in the
|
|
output of podman inspect
|
|
- Fixed a bug where named volumes created with containers from
|
|
pre-1.6.3 releases of Podman would be autoremoved with their
|
|
containers if the --rm flag was given, even if they were
|
|
given names
|
|
- Fixed a bug where podman history was not computing image
|
|
sizes correctly
|
|
- Fixed a bug where Podman would not error on invalid values to
|
|
the --sort flag to podman images
|
|
- Fixed a bug where providing a name for the image made by
|
|
podman commit was mandatory, not optional as it should be
|
|
- Fixed a bug where the remote Podman client would append an
|
|
extra " to %PATH
|
|
- Fixed a bug where the podman build command would sometimes
|
|
ignore the -f option and build the wrong Containerfile
|
|
- Fixed a bug where the podman ps --filter command would only
|
|
filter running containers, instead of all containers, if
|
|
--all was not passed
|
|
- Fixed a bug where the podman load command on compressed
|
|
images would leave an extra copy on disk
|
|
- Fixed a bug where the podman restart command would not
|
|
properly clean up the network, causing it to function
|
|
differently from podman stop; podman start
|
|
- Fixed a bug where setting the --memory-swap flag to podman
|
|
create and podman run to -1 (to indicate unlimited) was not
|
|
supported
|
|
* Misc
|
|
- Initial work on version 2 of the Podman remote API has been
|
|
merged, but is still in an alpha state and not ready for use.
|
|
Read more here
|
|
- Many formatting corrections have been made to the manpages
|
|
- The changes to address (#5009) may cause anonymous volumes
|
|
created by Podman versions 1.6.3 to 1.7.0 to not be removed
|
|
when their container is removed
|
|
- Updated vendored Buildah to v1.13.1
|
|
- Updated vendored containers/storage to v1.15.8
|
|
- Updated vendored containers/image to v5.2.0
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Add apparmor-abstractions as required runtime dependency to
|
|
have `tunables/global` available.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Add: 0001-clarify-container-prune-force.patch to fix the --force
|
|
flag for the "container prune" command.
|
|
(https://github.com/containers/libpod/issues/4844)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 8 09:23:01 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Update podman to v1.7.0
|
|
* Features
|
|
- Added support for setting a static MAC address for containers
|
|
- Added support for creating macvlan networks with podman
|
|
network create, allowing Podman containers to be attached
|
|
directly to networks the host is connected to
|
|
- The podman image prune and podman container prune commands
|
|
now support the --filter flag to filter what will be pruned,
|
|
and now prompts for confirmation when run without --force
|
|
(#4410 and #4411)
|
|
- Podman now creates CGroup namespaces by default on systems
|
|
using CGroups v2 (#4363)
|
|
- Added the podman system reset command to remove all Podman
|
|
files and perform a factory reset of the Podman installation
|
|
- Added the --history flag to podman images to display previous
|
|
names used by images (#4566)
|
|
- Added the --ignore flag to podman rm and podman stop to not
|
|
error when requested containers no longer exist
|
|
- Added the --cidfile flag to podman rm and podman stop to read
|
|
the IDs of containers to be removed or stopped from a file
|
|
- The podman play kube command now honors Seccomp annotations
|
|
(#3111)
|
|
- The podman play kube command now honors RunAsUser,
|
|
RunAsGroup, and selinuxOptions
|
|
- The output format of the podman version command has been
|
|
changed to better match docker version when using the
|
|
--format flag
|
|
- Rootless Podman will no longer initialize containers/storage
|
|
twice, removing a potential deadlock preventing Podman
|
|
commands from running while an image was being pulled (#4591)
|
|
- Added tmpcopyup and notmpcopyup options to the --tmpfs and
|
|
--mount type=tmpfs flags to podman create and podman run to
|
|
control whether the content of directories are copied into
|
|
tmpfs filesystems mounted over them
|
|
- Added support for disabling detaching from containers by
|
|
setting empty detach keys via --detach-keys=""
|
|
- The podman build command now supports the --pull and
|
|
--pull-never flags to control when images are pulled during a
|
|
build
|
|
- The podman ps -p command now shows the name of the pod as
|
|
well as its ID (#4703)
|
|
- The podman inspect command on containers will now display the
|
|
command used to create the container
|
|
- The podman info command now displays information on registry
|
|
mirrors (#4553)
|
|
* Bugfixes
|
|
- Fixed a bug where Podman would use an incorrect runtime
|
|
directory as root, causing state to be deleted after root
|
|
logged out and making Podman in systemd services not function
|
|
properly
|
|
- Fixed a bug where the --change flag to podman import and
|
|
podman commit was not being parsed properly in many cases
|
|
- Fixed a bug where detach keys specified in libpod.conf were
|
|
not used by the podman attach and podman exec commands, which
|
|
always used the global default ctrl-p,ctrl-q key combination
|
|
(#4556)
|
|
- Fixed a bug where rootless Podman was not able to run podman
|
|
pod stats even on CGroups v2 enabled systems (#4634)
|
|
- Fixed a bug where rootless Podman would fail on kernels
|
|
without the renameat2 syscall (#4570)
|
|
- Fixed a bug where containers with chained network namespace
|
|
dependencies (IE, container A using --net container=B and
|
|
container B using --net container=C) would not properly mount
|
|
/etc/hosts and /etc/resolv.conf into the container (#4626)
|
|
- Fixed a bug where podman run with the --rm flag and without
|
|
-d could, when run in the background, throw a 'container does
|
|
not exist' error when attempting to remove the container
|
|
after it exited
|
|
- Fixed a bug where named volume locks were not properly
|
|
reacquired after a reboot, potentially leading to deadlocks
|
|
when trying to start containers using the volume (#4605 and
|
|
#4621)
|
|
- Fixed a bug where Podman could not completely remove
|
|
containers if sent SIGKILL during removal, leaving the
|
|
container name unusable without the podman rm --storage
|
|
command to complete removal (#3906)
|
|
- Fixed a bug where checkpointing containers started with --rm
|
|
was allowed when --export was not specified (the container,
|
|
and checkpoint, would be removed after checkpointing was
|
|
complete by --rm) (#3774)
|
|
- Fixed a bug where the podman pod prune command would fail if
|
|
containers were present in the pods and the --force flag was
|
|
not passed (#4346)
|
|
- Fixed a bug where containers could not set a static IP or
|
|
static MAC address if they joined a non-default CNI network
|
|
(#4500)
|
|
- Fixed a bug where podman system renumber would always throw
|
|
an error if a container was mounted when it was run
|
|
- Fixed a bug where podman container restore would fail with
|
|
containers using a user namespace
|
|
- Fixed a bug where rootless Podman would attempt to use the
|
|
journald events backend even on systems without systemd
|
|
installed
|
|
- Fixed a bug where podman history would sometimes not properly
|
|
identify the IDs of layers in an image (#3359)
|
|
- Fixed a bug where containers could not be restarted when
|
|
Conmon v2.0.3 or later was used
|
|
- Fixed a bug where Podman did not check image OS and
|
|
Architecture against the host when starting a container
|
|
- Fixed a bug where containers in pods did not function
|
|
properly with the Kata OCI runtime (#4353)
|
|
- Fixed a bug where `podman info --format '{{ json . }}' would
|
|
not produce JSON output (#4391)
|
|
- Fixed a bug where Podman would not verify if files passed to
|
|
--authfile existed (#4328)
|
|
- Fixed a bug where podman images --digest would not always
|
|
print digests when they were available
|
|
- Fixed a bug where rootless podman run could hang due to a
|
|
race with reading and writing events
|
|
- Fixed a bug where rootless Podman would print warning-level
|
|
logs despite not be instructed to do so (#4456)
|
|
- Fixed a bug where podman pull would attempt to fetch from
|
|
remote registries when pulling an unqualified image using the
|
|
docker-daemon transport (#4434)
|
|
- Fixed a bug where podman cp would not work if STDIN was a
|
|
pipe
|
|
- Fixed a bug where podman exec could stop accepting input if
|
|
anything was typed between the command being run and the exec
|
|
session starting (#4397)
|
|
- Fixed a bug where podman logs --tail 0 would print all lines
|
|
of a container's logs, instead of no lines (#4396)
|
|
- Fixed a bug where the timeout for slirp4netns was incorrectly
|
|
set, resulting in an extremely long timeout (#4344)
|
|
- Fixed a bug where the podman stats command would print CPU
|
|
utilizations figures incorrectly (#4409)
|
|
- Fixed a bug where the podman inspect --size command would not
|
|
print the size of the container's read/write layer if the
|
|
size was 0 (#4744)
|
|
- Fixed a bug where the podman kill command was not properly
|
|
validating signals before use (#4746)
|
|
- Fixed a bug where the --quiet and --format flags to podman ps
|
|
could not be used at the same time
|
|
- Fixed a bug where the podman stop command was not stopping
|
|
exec sessions when a container was created without a PID
|
|
namespace (--pid=host)
|
|
- Fixed a bug where the podman pod rm --force command was not
|
|
removing anonymous volumes for containers that were removed
|
|
- Fixed a bug where the podman checkpoint command would not
|
|
export all changes to the root filesystem of the container if
|
|
performed more than once on the same container (#4606)
|
|
- Fixed a bug where containers started with --rm would not be
|
|
automatically removed on being stopped if an exec session was
|
|
running inside the container (#4666)
|
|
* Misc
|
|
- The fixes to runtime directory path as root can cause strange
|
|
behavior if an upgrade is performed while containers are
|
|
running
|
|
- Updated vendored Buildah to v1.12.0
|
|
- Updated vendored containers/storage library to v1.15.4
|
|
- Updated vendored containers/image library to v5.1.0
|
|
- Kata Containers runtimes (kata-runtime, kata-qemu, and
|
|
kata-fc) are now present in the default libpod.conf, but will
|
|
not be available unless Kata containers is installed on the
|
|
system
|
|
- Podman previously did not allow the creation of containers
|
|
with a memory limit lower than 4MB. This restriction has been
|
|
removed, as the crun runtime can create containers with
|
|
significantly less memory
|
|
- Remove no longer needed workaround for *.5.md man page sources
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 12 14:30:34 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update podman to v1.6.4
|
|
- Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
|
|
- Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
|
|
- Suppress spurious log messages when running rootless Podman
|
|
- Update vendored containers/storage to v1.13.6
|
|
- Fix a deadlock related to writing events
|
|
- Do not use the journald event logger when it is not available
|
|
- Remove obsolete patch container-start-fix.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 13:05:29 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Add container-start-fix.patch to correct output of container-start to show container_name, not _id.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 21 07:21:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.6.2
|
|
* Features
|
|
- Added a --runtime flag to podman system migrate to allow the
|
|
OCI runtime for all containers to be reset, to ease transition
|
|
to the crun runtime on CGroups V2 systems until runc gains full
|
|
support
|
|
- The podman rm command can now remove containers in broken
|
|
states which previously could not be removed
|
|
- The podman info command, when run without root, now shows
|
|
information on UID and GID mappings in the rootless user
|
|
namespace
|
|
- Added podman build --squash-all flag, which squashes all layers
|
|
(including those of the base image) into one layer
|
|
- The --systemd flag to podman run and podman create now accepts
|
|
a string argument and allows a new value, always, which forces
|
|
systemd support without checking if the the container
|
|
entrypoint is systemd
|
|
* Bugfixes
|
|
- Fixed a bug where the podman top command did not work on
|
|
systems using CGroups V2 (#4192)
|
|
- Fixed a bug where rootless Podman could double-close a file,
|
|
leading to a panic
|
|
- Fixed a bug where rootless Podman could fail to retrieve some
|
|
containers while refreshing the state
|
|
- Fixed a bug where podman start --attach --sig-proxy=false would
|
|
still proxy signals into the container
|
|
- Fixed a bug where Podman would unconditionally use a
|
|
non-default path for authentication credentials (auth.json),
|
|
breaking podman login integration with skopeo and other tools
|
|
using the containers/image library
|
|
- Fixed a bug where podman ps --format=json and podman images
|
|
--format=json would display null when no results were returned,
|
|
instead of valid JSON
|
|
- Fixed a bug where podman build --squash was incorrectly
|
|
squashing all layers into one, instead of only new layers
|
|
- Fixed a bug where rootless Podman would allow volumes with
|
|
options to be mounted (mounting volumes requires root),
|
|
creating an inconsistent state where volumes reported as
|
|
mounted but were not (#4248)
|
|
- Fixed a bug where volumes which failed to unmount could not be
|
|
removed (#4247)
|
|
- Fixed a bug where Podman incorrectly handled some errors
|
|
relating to unmounted or missing containers in
|
|
containers/storage
|
|
- Fixed a bug where podman stats was broken on systems running
|
|
CGroups V2 when run rootless (#4268)
|
|
- Fixed a bug where the podman start command would print the
|
|
short container ID, instead of the full ID
|
|
- Fixed a bug where containers created with an OCI runtime that
|
|
is no longer available (uninstalled or removed from the config
|
|
file) would not appear in podman ps and could not be removed
|
|
via podman rm
|
|
- Fixed a bug where containers restored via podman container
|
|
restore --import would retain the CGroup path of the original
|
|
container, even if their container ID changed; thus, multiple
|
|
containers created from the same checkpoint would all share the
|
|
same CGroup
|
|
* Misc
|
|
- The default PID limit for containers is now set to 4096. It can
|
|
be adjusted back to the old default (unlimited) by passing
|
|
--pids-limit 0 to podman create and podman run
|
|
- The podman start --attach command now automatically attaches
|
|
STDIN if the container was created with -i
|
|
- The podman network create command now validates network names
|
|
using the same regular expression as container and pod names
|
|
- The --systemd flag to podman run and podman create will now
|
|
only enable systemd mode when the binary being run inside the
|
|
container is /sbin/init, /usr/sbin/init, or ends in systemd
|
|
(previously detected any path ending in init or systemd)
|
|
- Updated vendored Buildah to 1.11.3
|
|
- Updated vendored containers/storage to 1.13.5
|
|
- Updated vendored containers/image to 4.0.1
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 4 06:57:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.6.1
|
|
* Features
|
|
- The podman network create, podman network rm, podman network
|
|
inspect, and podman network ls commands have been added to
|
|
manage CNI networks used by Podman
|
|
- The podman volume create command can now create and mount
|
|
volumes with options, allowing volumes backed by NFS, tmpfs,
|
|
and many other filesystems
|
|
- Podman can now run containers without CGroups for better
|
|
integration with systemd by using the --cgroups=disabled flag
|
|
with podman create and podman run. This is presently only
|
|
supported with the crun OCI runtime
|
|
- The podman volume rm and podman volume inspect commands can now
|
|
refer to volumes by an unambiguous partial name, in addition to
|
|
full name (e.g. podman volume rm myvol to remove a volume named
|
|
myvolume) (#3891)
|
|
- The podman run and podman create commands now support the
|
|
--pull flag to allow forced re-pulling of images (#3734)
|
|
- Mounting volumes into a container using --volume, --mount, and
|
|
--tmpfs now allows the suid, dev, and exec mount options (the
|
|
inverse of nosuid, nodev, noexec) (#3819)
|
|
- Mounting volumes into a container using --mount now allows the
|
|
relabel=Z and relabel=z options to relabel mounts.
|
|
- The podman push command now supports the --digestfile option to
|
|
save a file containing the pushed digest
|
|
- Pods can now have their hostname set via podman pod create
|
|
--hostname or providing Pod YAML with a hostname set to podman
|
|
play kube (#3732)
|
|
- The podman image sign command now supports the --cert-dir flag
|
|
- The podman run and podman create commands now support the
|
|
--security-opt label=filetype:$LABEL flag to set the SELinux
|
|
label for container files
|
|
- The remote Podman client now supports healthchecks
|
|
* Bugfixes
|
|
- Fixed a bug where remote podman pull would panic if a Varlink
|
|
connection was not available (#4013)
|
|
- Fixed a bug where podman exec would not properly set terminal
|
|
size when creating a new exec session (#3903)
|
|
- Fixed a bug where podman exec would not clean up socket
|
|
symlinks on the host (#3962)
|
|
- Fixed a bug where Podman could not run systemd in containers
|
|
that created a CGroup namespace
|
|
- Fixed a bug where podman prune -a would attempt to prune images
|
|
used by Buildah and CRI-O, causing errors (#3983)
|
|
- Fixed a bug where improper permissions on the ~/.config
|
|
directory could cause rootless Podman to use an incorrect
|
|
directory for storing some files
|
|
- Fixed a bug where the bash completions for podman import threw
|
|
errors
|
|
- Fixed a bug where Podman volumes created with podman volume
|
|
create would not copy the contents of their mountpoint the
|
|
first time they were mounted into a container (#3945)
|
|
- Fixed a bug where rootless Podman could not run podman exec
|
|
when the container was not run inside a CGroup owned by the
|
|
user (#3937)
|
|
- Fixed a bug where podman play kube would panic when given Pod
|
|
YAML without a securityContext (#3956)
|
|
- Fixed a bug where Podman would place files incorrectly when
|
|
storage.conf configuration items were set to the empty string
|
|
(#3952)
|
|
- Fixed a bug where podman build did not correctly inherit
|
|
Podman's CGroup configuration, causing crashed on CGroups V2
|
|
systems (#3938)
|
|
- Fixed a bug where podman cp would improperly copy files on the
|
|
host when copying a symlink in the container that included a
|
|
glob operator (#3829)
|
|
- Fixed a bug where remote podman run --rm would exit before the
|
|
container was completely removed, allowing race conditions when
|
|
removing container resources (#3870)
|
|
- Fixed a bug where rootless Podman would not properly handle
|
|
changes to /etc/subuid and /etc/subgid after a container was
|
|
launched
|
|
- Fixed a bug where rootless Podman could not include some
|
|
devices in a container using the --device flag (#3905)
|
|
- Fixed a bug where the commit Varlink API would segfault if
|
|
provided incorrect arguments (#3897)
|
|
- Fixed a bug where temporary files were not properly cleaned up
|
|
after a build using remote Podman (#3869)
|
|
- Fixed a bug where podman remote cp crashed instead of reporting
|
|
it was not yet supported (#3861)
|
|
- Fixed a bug where podman exec would run as the wrong user when
|
|
execing into a container was started from an image with
|
|
Dockerfile USER (or a user specified via podman run --user)
|
|
(#3838)
|
|
- Fixed a bug where images pulled using the oci: transport would
|
|
be improperly named
|
|
- Fixed a bug where podman varlink would hang when managed by
|
|
systemd due to SD_NOTIFY support conflicting with Varlink
|
|
(#3572)
|
|
- Fixed a bug where mounts to the same destination would
|
|
sometimes not trigger a conflict, causing a race as to which
|
|
was actually mounted
|
|
- Fixed a bug where podman exec --preserve-fds caused Podman to
|
|
hang (#4020)
|
|
- Fixed a bug where removing an unmounted container that was
|
|
unmounted might sometimes not properly clean up the container
|
|
(#4033)
|
|
- Fixed a bug where the Varlink server would freeze when run in a
|
|
systemd unit file (#4005)
|
|
- Fixed a bug where Podman would not properly set the $HOME
|
|
environment variable when the OCI runtime did not set it
|
|
- Fixed a bug where rootless Podman would incorrectly print
|
|
warning messages when an OCI runtime was not found (#4012)
|
|
- Fixed a bug where named volumes would conflict with, instead of
|
|
overriding, tmpfs filesystems added by the --read-only-tmpfs
|
|
flag to podman create and podman run
|
|
- Fixed a bug where podman cp would incorrectly make the target
|
|
directory when copying to a symlink which pointed to a
|
|
nonexistent directory (#3894)
|
|
- Fixed a bug where remote Podman would incorrectly read STDIN
|
|
when the -i flag was not set (#4095)
|
|
- Fixed a bug where podman play kube would create an empty pod
|
|
when given an unsupported YAML type (#4093)
|
|
- Fixed a bug where podman import --change improperly parsed CMD
|
|
(#4000)
|
|
- Fixed a bug where rootless Podman on systems using CGroups V2
|
|
would not function with the cgroupfs CGroups manager
|
|
- Fixed a bug where rootless Podman could not correctly identify
|
|
the DBus session address, causing containers to fail to start
|
|
(#4162)
|
|
- Fixed a bug where rootless Podman with slirp4netns networking
|
|
would fail to start containers due to mount leaks
|
|
* Misc
|
|
- Significant changes were made to Podman volumes in this
|
|
release. If you have pre-existing volumes, it is strongly
|
|
recommended to run podman system renumber after upgrading.
|
|
- Version 0.8.1 or greater of the CNI Plugins is now required for
|
|
Podman
|
|
- Version 2.0.1 or greater of Conmon is strongly recommended
|
|
- Updated vendored Buildah to v1.11.2
|
|
- Updated vendored containers/storage library to v1.13.4
|
|
- Improved error messages when trying to create a pod with no
|
|
name via podman play kube
|
|
- Improved error messages when trying to run podman pause or
|
|
podman stats on a rootless container on a system without
|
|
CGroups V2 enabled
|
|
- TMPDIR has been set to /var/tmp by default to better handle
|
|
large temporary files
|
|
- podman wait has been optimized to detect stopped containers
|
|
more rapidly
|
|
- Podman containers now include a ContainerManager annotation
|
|
indicating they were created by libpod
|
|
- The podman info command now includes information about
|
|
slirp4netns and fuse-overlayfs if they are available
|
|
- Podman no longer sets a default size of 65kb for tmpfs
|
|
filesystems
|
|
- The default Podman CNI network has been renamed in an attempt
|
|
to prevent conflicts with CRI-O when both are run on the same
|
|
system. This should only take effect on system restart
|
|
- The output of podman volume inspect has been more closely
|
|
matched to docker volume inspect
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 5 15:26:01 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
|
|
|
|
- Add katacontainers as a recommended package, and include it as an
|
|
additional OCI runtime in the configuration.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 2 12:02:44 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Add patch for CVE-2019-10214. bsc#1144065
|
|
+ CVE-2019-10214.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 27 08:04:20 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
|
|
|
|
- Update podman to v1.5.1
|
|
* Features
|
|
- The hostname of pods is now set to the pod's name
|
|
* Bugfixes
|
|
- Fixed a bug where podman run and podman create did not honor the --authfile
|
|
option (#3730)
|
|
- Fixed a bug where containers restored with podman container restore
|
|
--import would incorrectly duplicate the Conmon PID file of the original container
|
|
- Fixed a bug where podman build ignored the default OCI runtime configured
|
|
in libpod.conf
|
|
- Fixed a bug where podman run --rm (or force-removing any running container
|
|
with podman rm --force) were not retrieving the correct exit code (#3795)
|
|
- Fixed a bug where Podman would exit with an error if any configured hooks
|
|
directory was not present
|
|
- Fixed a bug where podman inspect and podman commit would not use the
|
|
correct CMD for containers run with podman play kube
|
|
- Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
|
|
- Fixed a bug where the podman events command with the --since or --until
|
|
options could take a very long time to complete
|
|
* Misc
|
|
- Rootless Podman will now inherit OCI runtime configuration from the root
|
|
configuration (#3781)
|
|
- Podman now properly sets a user agent while contacting registries (#3788)
|
|
|
|
- Add zsh completion for podman commands
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 14 08:26:22 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.5.0
|
|
* Features
|
|
- Podman containers can now join the user namespaces of other
|
|
containers with --userns=container:$ID, or a user namespace at
|
|
an arbitary path with --userns=ns:$PATH
|
|
- Rootless Podman can experimentally squash all UIDs and GIDs in
|
|
an image to a single UID and GID (which does not require use of
|
|
the newuidmap and newgidmap executables) by passing
|
|
--storage-opt ignore_chown_errors
|
|
- The podman generate kube command now produces YAML for any bind
|
|
mounts the container has created (#2303)
|
|
- The podman container restore command now features a new flag,
|
|
--ignore-static-ip, that can be used with --import to import a
|
|
single container with a static IP multiple times on the same
|
|
host
|
|
- Added the ability for podman events to output JSON by
|
|
specifying --format=json
|
|
- If the OCI runtime or conmon binary cannot be found at the
|
|
paths specified in libpod.conf, Podman will now also search for
|
|
them in the calling user's path
|
|
- Added the ability to use podman import with URLs (#3609)
|
|
- The podman ps command now supports filtering names using
|
|
regular expressions (#3394)
|
|
- Rootless Podman containers with --privileged set will now mount
|
|
in all host devices that the user can access
|
|
- The podman create and podman run commands now support the
|
|
--env-host flag to forward all environment variables from the
|
|
host into the container
|
|
- Rootless Podman now supports healthchecks (#3523)
|
|
- The format of the HostConfig portion of the output of podman
|
|
inspect on containers has been improved and synced with Docker
|
|
- Podman containers now support CGroup namespaces, and can create
|
|
them by passing --cgroupns=private to podman run or podman
|
|
create
|
|
- The podman create and podman run commands now support the
|
|
--ulimit=host flag, which uses any ulimits currently set on the
|
|
host for the container
|
|
- The podman rm and podman rmi commands now use different exit
|
|
codes to indicate 'no such container' and 'container is
|
|
running' errors
|
|
- Support for CGroups V2 through the crun OCI runtime has been
|
|
greatly improved, allowing resource limits to be set for
|
|
rootless containers when the CGroups V2 hierarchy is in use
|
|
* Bugfixes
|
|
- Fixed a bug where a race condition could cause podman restart
|
|
to fail to start containers with ports
|
|
- Fixed a bug where containers restored from a checkpoint would
|
|
not properly report the time they were started at
|
|
- Fixed a bug where podman search would return at most 25
|
|
results, even when the maximum number of results was set higher
|
|
- Fixed a bug where podman play kube would not honor capabilities
|
|
set in imported YAML (#3689)
|
|
- Fixed a bug where podman run --env, when passed a single key
|
|
(to use the value from the host), would set the environment
|
|
variable in the container even if it was not set on the host
|
|
(#3648)
|
|
- Fixed a bug where podman commit --changes would not properly
|
|
set environment variables
|
|
- Fixed a bug where Podman could segfault while working with
|
|
images with no history
|
|
- Fixed a bug where podman volume rm could remove arbitrary
|
|
volumes if given an ambiguous name (#3635)
|
|
- Fixed a bug where podman exec invocations leaked memory by not
|
|
cleaning up files in tmpfs
|
|
- Fixed a bug where the --dns and --net=container flags to podman
|
|
run and podman create were not mutually exclusive (#3553)
|
|
- Fixed a bug where rootless Podman would be unable to run
|
|
containers when less than 5 UIDs were available
|
|
- Fixed a bug where containers in pods could not be removed
|
|
without removing the entire pod (#3556)
|
|
- Fixed a bug where Podman would not properly clean up all CGroup
|
|
controllers for created cgroups when using the cgroupfs CGroup
|
|
driver
|
|
- Fixed a bug where Podman containers did not properly clean up
|
|
files in tmpfs, resulting in a memory leak as containers
|
|
stopped
|
|
- Fixed a bug where healthchecks from images would not use
|
|
default settings for interval, retries, timeout, and start
|
|
period when they were not provided by the image (#3525)
|
|
- Fixed a bug where healthchecks using the HEALTHCHECK CMD format
|
|
where not properly supported (#3507)
|
|
- Fixed a bug where volume mounts using relative source paths
|
|
would not be properly resolved (#3504)
|
|
- Fixed a bug where podman run did not use authorization
|
|
credentials when a custom path was specified (#3524)
|
|
- Fixed a bug where containers checkpointed with podman container
|
|
checkpoint did not properly set their finished time
|
|
- Fixed a bug where running podman inspect on any container not
|
|
created with podman run or podman create (for example, pod
|
|
infra containers) would result in a segfault (#3500)
|
|
- Fixed a bug where healthcheck flags for podman create and
|
|
podman run were incorrectly named (#3455)
|
|
- Fixed a bug where Podman commands would fail to find targets if
|
|
a partial ID was specified that was ambiguous between a
|
|
container and pod (#3487)
|
|
- Fixed a bug where restored containers would not have the
|
|
correct SELinux label
|
|
- Fixed a bug where Varlink endpoints were not working properly
|
|
if more was not correctly specified
|
|
- Fixed a bug where the Varlink PullImage endpoint would crash if
|
|
an error occurred (#3715)
|
|
- Fixed a bug where the --mount flag to podman create and podman
|
|
run did not allow boolean arguments for its ro and rw options
|
|
(#2980)
|
|
- Fixed a bug where pods did not properly share the UTS
|
|
namespace, resulting in incorrect behavior from some utilities
|
|
which rely on hostname (#3547)
|
|
- Fixed a bug where Podman would unconditionally append
|
|
ENTRYPOINT to CMD during podman commit (and when reporting CMD
|
|
in podman inspect) (#3708)
|
|
- Fixed a bug where podman events with the journald events
|
|
backend would incorrectly print 6 previous events when only new
|
|
events were requested (#3616)
|
|
- Fixed a bug where podman port would exit prematurely when a
|
|
port number was specified (#3747)
|
|
- Fixed a bug where passing . as an argument to the --dns-search
|
|
flag to podman create and podman run was not properly clearing
|
|
DNS search domains in the container
|
|
* Misc
|
|
- Updated vendored Buildah to v1.10.1
|
|
- Updated vendored containers/image to v3.0.2
|
|
- Updated vendored containers/storage to v1.13.1
|
|
- Podman now requires conmon v2.0.0 or higher
|
|
- The podman info command now displays the events logger being in
|
|
use
|
|
- The podman inspect command on containers now includes the ID of
|
|
the pod a container has joined and the PID of the container's
|
|
conmon process
|
|
- The -v short flag for podman --version has been re-added
|
|
- Error messages from podman pull should be significantly clearer
|
|
- The podman exec command is now available in the remote client
|
|
- The podman-v1.5.0.tar.gz file attached is podman packaged for
|
|
MacOS. It can be installed using Homebrew.
|
|
- Use new conmon package as direct dependency
|
|
- Remove internal conmon package
|
|
- Update libpod.conf to support latest path discovery feature for
|
|
`runc` and `conmon` binaries.
|
|
- Re-enable 32bit build
|
|
|
|
--------------------------------------------------------------------
|
|
Tue Jul 30 07:46:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on
|
|
SLE (bsc#1143386)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 25 09:20:47 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update libpod.conf to use correct infra_command
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 18 10:12:43 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update libpod.conf to use better versioned pause container
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 17 14:53:38 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update libpod.conf to use official kubic pause container
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 10 13:55:09 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
|
|
|
|
- Update libpod.conf to match latest features set:
|
|
detach_keys, lock_type, runtime_supports_json
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 8 10:46:43 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
|
|
|
|
- Add podman-remote varlink client
|
|
- Update podman to v1.4.4
|
|
* Features
|
|
- Podman now has greatly improved support for containers using multiple OCI
|
|
runtimes. Containers now remember if they were created with a different
|
|
runtime using --runtime and will always use that runtime
|
|
- The cached and delegated options for volume mounts are now allowed for
|
|
Docker compatability (#3340)
|
|
- The podman diff command now supports the --latest flag
|
|
* Bugfixes
|
|
- Fixed a bug where rootless Podman would attempt to use the entire root
|
|
configuration if no rootless configuration was present for the user,
|
|
breaking rootless Podman for new installations
|
|
- Fixed a bug where rootless Podman's pause process would block SIGTERM,
|
|
preventing graceful system shutdown and hanging until the system's init
|
|
send SIGKILL
|
|
- Fixed a bug where running Podman as root with sudo -E would not work after
|
|
running rootless Podman at least once
|
|
- Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
|
|
were being ignored
|
|
- Fixed a bug where images with no layers could not properly be displayed
|
|
and removed by Podman
|
|
- Fixed a bug where locks were not properly freed on failure to create a
|
|
container or pod
|
|
- Fixed a bug where podman cp on a single file would create a directory at
|
|
the target and place the file in it (#3384)
|
|
- Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
|
|
hexadecimal address instead of a container's mounts
|
|
- Fixed a bug where rootless Podman would not add an entry to container's
|
|
/etc/hosts files for their own hostname (#3405)
|
|
- Fixed a bug where podman ps --sync would segfault (#3411)
|
|
- Fixed a bug where podman generate kube would produce an invalid ports
|
|
configuration (#3408)
|
|
* Misc
|
|
- Updated containers/storage to v1.12.13
|
|
- Podman now performs much better on systems with heavy I/O load
|
|
- The --cgroup-manager flag to podman now shows the correct default setting
|
|
in help if the default was overridden by libpod.conf
|
|
- For backwards compatability, setting --log-driver=json-file in podman run
|
|
is now supported as an alias for --log-driver=k8s-file. This is considered
|
|
deprecated, and json-file will be moved to a new implementation in the
|
|
future ([#3363](https://github.com/containers/libpo\
|
|
d/issues/3363))
|
|
- Podman's default libpod.conf file now allows the crun OCI runtime to be
|
|
used if it is installed
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 26 11:24:32 UTC 2019 - Robert Frohl <rfrohl@suse.com>
|
|
|
|
- Update podman to v1.4.2
|
|
- Fixed a bug where Podman could not run containers using an older version of
|
|
Systemd as init
|
|
- Updated vendored Buildah to v1.9.0 to resolve a critical bug with
|
|
Dockerfile RUN instructions
|
|
- The error message for running podman kill on containers that are not
|
|
running has been improved
|
|
- Podman remote client can now log to a file if syslog is not available
|
|
- The podman exec command now sets its error code differently based on
|
|
whether the container does not exist, and the command in the container does
|
|
not exist
|
|
- The podman inspect command on containers now outputs Mounts JSON that matches
|
|
that of docker inspect, only including user-specified volumes and
|
|
differentiating bind mounts and named volumes
|
|
- The podman inspect command now reports the path to a container's OCI spec
|
|
with the OCIConfigPath key (only included when the container is initialized
|
|
or running)
|
|
- The podman run --mount command now supports the bind-nonrecursive option for
|
|
bind mounts
|
|
- Fixed a bug where podman play kube would fail to create containers due to an
|
|
unspecified log driver
|
|
- Fixed a bug where Podman would fail to build with musl libc
|
|
- Fixed a bug where rootless Podman using slirp4netns networking in an
|
|
environment with no nameservers on the host other than localhost would
|
|
result in nonfunctional networking
|
|
- Fixed a bug where podman import would not properly set environment
|
|
variables, discarding their values and retaining only keys
|
|
- Fixed a bug where Podman would fail to run when built with Apparmor support
|
|
but run on systems without the Apparmor kernel module loaded
|
|
- Remote Podman will now default the username it uses to log in to remote
|
|
systems to the username of the current user
|
|
- Podman now uses JSON logging with OCI runtimes that support it, allowing for
|
|
better error reporting
|
|
- Updated vendored containers/image to v2.0
|
|
- Update conmon to v0.3.0
|
|
- Support OOM Monitor under cgroup V2
|
|
- Add config binary and make target for configuring conmon with a go library
|
|
for importing values
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 24 09:36:12 UTC 2019 - Robert Frohl <rfrohl@suse.com>
|
|
|
|
- update dependency for slirp4netns to 0.3.0 or newer
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 11 06:43:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.4.0:
|
|
- The podman checkpoint and podman restore commands can now be
|
|
used to migrate containers between Podman installations on
|
|
different systems
|
|
- The podman cp command now supports a pause flag to pause
|
|
containers while copying into them
|
|
- The remote client now supports a configuration file for
|
|
pre-configuring connections to remote Podman installations
|
|
- Fixed CVE-2019-10152 - The podman cp command improperly
|
|
dereferenced symlinks in host context
|
|
- Fixed a bug where podman commit could improperly set
|
|
environment variables that contained = characters
|
|
- Fixed a bug where rootless Podman would sometimes fail to start
|
|
containers with forwarded ports
|
|
- Fixed a bug where podman version on the remote client could
|
|
segfault
|
|
- Fixed a bug where podman container runlabel would use
|
|
/proc/self/exe instead of the path of the Podman command when
|
|
printing the command being executed
|
|
- Fixed a bug where filtering images by label did not work
|
|
- Fixed a bug where specifying a bing mount or tmpfs mount over
|
|
an image volume would cause a container to be unable to start
|
|
- Fixed a bug where podman generate kube did not work with
|
|
containers with named volumes
|
|
- Fixed a bug where rootless Podman would receive permission
|
|
denied errors accessing conmon.pid
|
|
- Fixed a bug where podman cp with a folder specified as target
|
|
would replace the folder, as opposed to copying into it
|
|
- Fixed a bug where rootless Podman commands could double-unlock
|
|
a lock, causing a crash
|
|
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
|
|
mounts, causing errors when using the Kata containers runtime
|
|
- Fixed a bug where podman exec would fail on older kernels
|
|
- The podman commit command is now usable with the Podman remote
|
|
client
|
|
- The --signature-policy flag (used with several image-related
|
|
commands) has been deprecated
|
|
- The podman unshare command now defines two environment
|
|
variables in the spawned shell: CONTAINERS_RUNROOT and
|
|
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
|
|
storage for rootless containers
|
|
- Updated vendored containers/storage and containers/image
|
|
libraries with numerous bugfixes
|
|
- Updated vendored Buildah to v1.8.3
|
|
- Podman now requires Conmon v0.2.0
|
|
- The podman cp command is now aliased as podman container cp
|
|
- Rootless Podman will now default init_path using root Podman's
|
|
configuration files (/etc/containers/libpod.conf and
|
|
/usr/share/containers/libpod.conf) if not overridden in the
|
|
rootless configuration
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 7 11:48:27 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Add fuse-overlayfs dependency to support overlay based rootless image
|
|
manipulations
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 29 14:16:08 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.3.2:
|
|
- Fixed a bug where podman would fail to run if a volume was
|
|
mounted over an image volume
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 22 07:04:24 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.3.1:
|
|
- The podman cp command can now read input redirected to STDIN, and output to
|
|
STDOUT instead of a file, using - instead of an argument.
|
|
- The Podman remote client now displays version information from both the
|
|
client and server in podman version
|
|
- The podman unshare command has been added, allowing easy entry into the
|
|
user namespace set up by rootless Podman (allowing the removal of files
|
|
created by rootless Podman, among other things)
|
|
- Fixed a bug where Podman containers with the --rm flag were removing
|
|
created volumes when they were automatically removed
|
|
- Fixed a bug where container and pod locks were incorrectly marked as
|
|
released after a system reboot, causing errors on container and pod removal
|
|
- Fixed a bug where Podman pods could not be removed if any container in the
|
|
pod encountered an error during removal
|
|
- Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
|
|
encounter a race condition during removal, potentially failing to remove
|
|
the pod CGroup
|
|
- Fixed a bug where the podman container checkpoint and podman container
|
|
restore commands were not visible in the remote client
|
|
- Fixed a bug where podman remote ps --ns would not print the container's
|
|
namespaces
|
|
- Fixed a bug where removing stopped containers with healthchecks could cause
|
|
an error
|
|
- Fixed a bug where the default libpod.conf file was causing parsing errors
|
|
- Fixed a bug where pod locks were not being freed when pods were removed,
|
|
potentially leading to lock exhaustion
|
|
- Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
|
|
containers, create an inconsistent state rendering the container unusable
|
|
- The remote Podman client now uses the Varlink bridge to establish remote
|
|
connections by default
|
|
- Update conmon to 0.2.0 and switched to containers/conmon upstream project
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 17 12:08:37 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
|
|
shortcut through systemd-mini-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 16 15:04:52 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
|
|
|
|
- Update podman to v1.3.0
|
|
* Podman now supports container restart policies! The --restart-policy flag
|
|
on podman create and podman run allows containers to be restarted after
|
|
they exit. Please note that Podman cannot restart containers after a system
|
|
reboot - for that, see our next feature
|
|
* Podman podman generate systemd command was added to generate systemd unit
|
|
files for managing Podman containers
|
|
* The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
|
|
be populated by global options passed to the podman runlabel command,
|
|
allowing custom storage configurations to be passed into containers run
|
|
with runlabel
|
|
* The podman play kube command now allows File and FileOrCreate volumes
|
|
* The podman pod prune command was added to prune unused pods
|
|
* Added the podman system migrate command to migrate containers using older
|
|
configurations to allow their use by newer Libpod versions
|
|
* Podman containers now forward proxy-related environment variables from the
|
|
host into the container with the --http-proxy flag (enabled by default)
|
|
* Read-only Podman containers can now create tmpfs filesystems on /tmp,
|
|
/var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
|
|
* The podman init command was added, performing all container pre-start tasks
|
|
without starting the container to allow pre-run debugging
|
|
- Update conmon to cri-o v1.14.1
|
|
- Update libpod.conf to match latest feature set
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 1 14:05:35 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update to podman 1.2.0
|
|
* Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
|
|
* The podman events command was added to show a stream of significant events
|
|
* The podman ps command now supports a --watch flag that will refresh its output on a given interval
|
|
* The podman image tree command was added to show a tree representation of an image's layers
|
|
* The podman logs command can now display logs for multiple containers at the same time
|
|
* The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
|
|
* The podman images command can now filter images by reference
|
|
* The podman system df command was added to show disk usage by Podman
|
|
* The --add-host option can now be used by containers sharing a network namespace
|
|
* The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
|
|
* Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
|
|
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
|
|
* The podman runlabel command now supports the --replace option to replace containers using the name requested
|
|
* Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
|
|
* The podman play kube command now supports the HostPath and VolumeMounts YAML fields
|
|
* Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
|
|
* The podman version command now supports the {{ json . }} template (which outputs JSON)
|
|
* Podman can now forward ports using the SCTP protocol
|
|
- Update conmon to cri-o 1.14.0
|
|
- Stop building for i586 (not supported by upstream, does not build)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 22 21:02:05 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
|
|
|
|
- Change default libpod.conf configuration file: use the runtimes
|
|
section to allow users to specify different OCI runtimes. This
|
|
allows user to choose which runtime to use on a per container
|
|
basis.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 19 13:15:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Add 'apparmor-parser' to list of requires (boo#1123387)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 16 08:33:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Scriptlets contain sh-compatible code, so drop -p /bin/bash.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 8 09:47:25 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- podman-cni-config: remove artificial conflicts with kubelet
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 7 15:22:22 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Disable build with PIE on ppc64le to avoid boo#1098017
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 6 14:07:01 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update to v1.1.2
|
|
* Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
|
|
* Fixed a bug where the --label option to podman create and podman run was missing the -l alias
|
|
* Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir
|
|
* Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output
|
|
* Fixed a bug where the podman cp command would automatically extract .tar files copied into the container
|
|
* The podman container stop command is now usable with the Podman remote client
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 4 11:27:03 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
|
|
|
|
- Update to v1.1.1
|
|
* Update release notes for v1.1.1
|
|
* Pull image for runlabel if not local
|
|
* Fix SystemExec completion race
|
|
* Fix link inconsistencies in man pages
|
|
* Verify that used OCI runtime supports checkpoint
|
|
* Should be defaulting to pull not pull-always
|
|
* podman-commands script: refactor
|
|
* Move Alias lines to descriptions of commands
|
|
* Fix usage messages for podman image list, rm
|
|
* Fix -s to --storage-driver in baseline test
|
|
* No podman container ps command exists
|
|
* Allow Exec API user to override streams
|
|
* fix up a number of misplace commands
|
|
* rootless, new[ug]idmap: on failure add output
|
|
* [ci skip] Critical note about merge bot
|
|
* podman port fix output
|
|
* Fix ignored --time argument to podman restart
|
|
* secrets: fix fips-mode with user namespaces
|
|
* Fix four errors tagged by Cobra macro debugging
|
|
* Clean up man pages to match commands
|
|
* Add debugging for errors to Cobra compatibility macros
|
|
* Command-line input validation: reject unused args
|
|
* Fix ignored --stop-timeout flag to 'podman create'
|
|
* fixup! Incorporate review feedback
|
|
* fixup! missed some more:
|
|
* fixup! Correction to 'checkpoint'
|
|
* Followup to #2456: update examples, add trust
|
|
* podman create: disable interspersed opts
|
|
* fix up a number of misplace commands
|
|
* Add a task to Cirrus gating to build w/o Varlink
|
|
* Skip checkpoint/restore tests on Fedora for now
|
|
* Fix build for non-Varlink-tagged Podman
|
|
* Remove restore as podman subcommand
|
|
* Better usage synopses for subcommands
|
|
* Bump gitvalidation epoch
|
|
* Bump to v1.2.0-dev
|
|
* Centralize setting default volume path
|
|
* Ensure volume path is set appropriately by default
|
|
* Move all storage configuration defaults into libpod
|
|
* rename pod when we have a name collision with a container
|
|
* podman remote-client readme
|
|
- Update package to ship varlink required files
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 27 09:01:41 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update to v1.1.0
|
|
* Added --latest and --all flags to podman mount and podman umount
|
|
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
|
|
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
|
|
* Added an alias -f for the --format flag of the podman info and podman version commands
|
|
* Added an alias -s for the --size flag of the podman inspect command
|
|
* Added the podman system info and podman system prune commands
|
|
* Added the podman cp command to copy files between containers and the host
|
|
* Added the --password-stdin flag to podman login
|
|
* Added the --all-tags flag to podman pull
|
|
* The --rm and --detach flags can now be used together with podman run
|
|
* The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
|
|
* Added the podman system renumber command to handle lock changes
|
|
* The --net=host and --dns flags for podman run and podman create no longer conflict
|
|
* Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:
|
|
* Various bugfixes - full changelog https://github.com/containers/libpod/releases/tag/v1.1.0
|
|
- Removed obsolete patch containers-libpod-pull-2225.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 26 17:17:32 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update to conmon from cri-o v1.13.1
|
|
* oci: read conmon process status
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 19 15:35:30 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Upgrade to v1.0.1
|
|
* rootless: join both userns and mount namespace with --pod
|
|
* rootless: create the userns immediately when creating a new pod
|
|
* Preserve exited state across reboot
|
|
* podman image prune -- implement all flag
|
|
* Add varlink support for prune
|
|
* Make --quiet work in podman create/run
|
|
* rootless: fix --pid=host without --privileged
|
|
* podman-inspect: don't ignore errors
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de>
|
|
|
|
- Fix rootless mode with AppArmor
|
|
https://github.com/containers/libpod/pull/2225
|
|
Add patch containers-libpod-pull-2225.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 28 10:32:38 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Stop using conmon from random git commits, use cri-o releases
|
|
- Update to conmon from cri-o v1.13.0
|
|
* Solve gh#containers/libpod#527
|
|
- Tidy up .gitignore files from podman-1.0.0.tar.xz
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer <jmassaguerpla@suse.com>
|
|
|
|
- Update requirement to go1.11 to stay in sync with CaaSP4 and use the same
|
|
version as k8s and cri-o to prevent "weird" issues because of the go version
|
|
(we had problems mixing go1.5 and go1.6 in the past)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 16 09:42:52 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update libpod.conf to better align with upstream defaults [boo#1122024]
|
|
- Require catatonit for new --init flag
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Upgrade to v1.0.0
|
|
* The podman exec command now includes a --workdir option to set working directory for the executed command
|
|
* The podman create and podman run commands now support the --init flag to use a minimal init process in the container
|
|
* Added the podman image sign command to GPG sign images
|
|
* The podman run --device flag now accepts directories, and will added any device nodes in the directory to the container
|
|
* Added the podman play kube command to create pods and containers from Kubernetes pod YAML
|
|
* Rootless containers now unconditionally use postrun cleanup processes, ensuring resources are freed when the container stops
|
|
* Pulling images has been parallelized, allowing individual layers to be pulled in parallel
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 8 11:20:42 UTC 2019 - Richard Brown <rbrown@suse.com>
|
|
|
|
- Update to v0.12.1.2
|
|
* Rootless Podman now creates the storage.conf, libpod.conf, and mounts.conf configuration files automatically in ~/.config/containers/ for ease of reconfiguration
|
|
* The podman pod create command can expose ports in the pod's network namespace, allowing public services to be created in pods
|
|
* The podman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flag
|
|
* The podman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connections
|
|
* The podman version command now has a --format flag to produce machine-readable output
|
|
* Added the podman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or ID
|
|
* The podman ps --pod flag now has a short alias, -p
|
|
* The podman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectively
|
|
* The podman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errors
|
|
* Added the podman volume set of commands for creating and managing local-only named volumes
|
|
* Added the podman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and pods
|
|
* The podman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 18 09:40:40 UTC 2018 - Marco Vedovati <mvedovati@suse.com>
|
|
|
|
- Update package summary and description
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 7 07:42:47 UTC 2018 - Adrian Schröter <adrian@suse.de>
|
|
|
|
- add dependency to iptables, build fails otherwise
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 16 08:22:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Changelog for v0.11.1.1 (2018-11-15)
|
|
* Increase pidWaitTimeout to 60s
|
|
* rootless: call IsRootless just once
|
|
* Add space between num & unit in images output
|
|
* Better document rootless containers
|
|
* info: add rootless field
|
|
* Do not hide errors when creating container with UserNSRoot
|
|
* correct assignment of networkStatus
|
|
* rootless: default to fuse-overlayfs when available
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 13 07:17:16 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Require golang >= 1.10.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 9 07:46:46 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Changelog for v0.11.1 (2018-11-08)
|
|
* update seccomp.json
|
|
* Touch up --log* options and daemons in man pages
|
|
* Don't fail if /etc/passwd or /etc/group does not exists
|
|
* Properly set Running state when starting containers
|
|
* If a container ceases to exist in runc, set exit status
|
|
* rootless: mount /sys/fs/cgroup/systemd from the host
|
|
* rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
|
|
* Add hostname to /etc/hosts
|
|
* Remove conmon cgroup before pod cgroup for cgroupfs
|
|
* Make kill, pause, and unpause parallel.
|
|
* Fix long image name handling
|
|
* Make restart parallel and add --all
|
|
* rootless: do not add an additional /run to runroot
|
|
* rootless: avoid hang on failed slirp4netns
|
|
* Fix setting of version information
|
|
* runtime: do not allow runroot longer than 50 characters
|
|
* attach: fix attach when cuid is too long
|
|
* truncate command output in ps by default
|
|
* make various changes to ps output
|
|
* Use two spaces to pad PS fields
|
|
* fix bug in rm -fa parallel deletes
|
|
* Ensure test container in running state
|
|
* Add tests for selinux labels
|
|
* Add --max-workers and heuristics for parallel operations
|
|
* Increase security and performance when looking up groups
|
|
* run prepare in parallel
|
|
* runlabel: run any command
|
|
* Explain the device format in man pages
|
|
* Add --all and --latest to checkpoint/restore
|
|
* Use more reliable check for rootless for firewall init
|
|
* Make podman ps fast
|
|
* Support auth file environment variable in podman build
|
|
* fix environment variable parsing
|
|
* Use the CRIU version check in checkpoint/restore
|
|
* Handle http/https in registry given to login/out
|
|
* correct stats err with non-running containers
|
|
* Make rm faster
|
|
* Fix man page to show info on storage
|
|
|
|
- Changelog for v0.10.1.3 (2018-10-17)
|
|
* Vendor in new new buildah/ci
|
|
* Fix podman in podman
|
|
|
|
- Changelog for v0.10.1.2 (2018-10-17)
|
|
* Fix CGroup paths used for systemd CGroup mount
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 30 06:57:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Require slirp4netns to enable networking for unprivileged network namespaces
|
|
aka networking for rootless podman.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 17 06:07:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Changelog for v0.10.1.1 (2018-10-16)
|
|
* Mount proper cgroup for systemd to manage inside of the container.
|
|
* volume: resolve symlinks in paths
|
|
* volume: write the correct ID of the container in error messages
|
|
* Support auth file environment variable & add change to man pages
|
|
* Generate a passwd file for users not in container
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 12 06:43:30 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Changelog for v0.10.1 (2018-10-11)
|
|
* Sort all command flags
|
|
* rootless: detect when user namespaces are not enabled
|
|
* Log an otherwise ignored error from joining a net ns
|
|
* Update manpages for --ip flag
|
|
* Add --ip flag and plumbing into libpod
|
|
* Document --net as an alias of --network in podman run & create
|
|
* rootless: report more error messages from the startup phase
|
|
* rootless: fix an hang on older versions of setresuid/setresgid
|
|
* fix runlabel functions based on QA feedback
|
|
* Stop containers in parallel fashion
|
|
* runlabel: execute /proc/self/exe and avoid recursion
|
|
* Ensure resolv.conf has the right label and path
|
|
* completions: add checkpoint/restore completions
|
|
* Add support to checkpoint/restore containers
|
|
* selinux: drop superflous relabel
|
|
* rootless: always set XDG_RUNTIME_DIR
|
|
* Address review comments and fix ps output
|
|
* Disable SELinux labeling if --privileged
|
|
* Implement pod varlink bindings
|
|
* Add --all flag to podman kill
|
|
* Add container runlabel command
|
|
* run complex image names with short names
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 1 05:51:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Update conmon to 4cd5a7c60349be0678d9f1b0657683324c1a2726 and fetch
|
|
it from its new home https://github.com/kubernetes-sigs/cri-o.
|
|
|
|
- Changelog for v0.9.3.1 (2018-09-25)
|
|
* Disable problematic SELinux code causing runc issues
|
|
|
|
- Changelog for v0.9.3 (2018-09-21)
|
|
* Add --mount option for `create` & `run` command
|
|
* Don't mount /dev/shm if the user told you --ipc=none
|
|
* rootless: error out if there are not enough UIDs/GIDs available
|
|
* Add new field to libpod to indicate whether or not to use labelling
|
|
* Bind Mounts should be mounted read-only when in read-only mode
|
|
* report when rootless
|
|
* Don't crash if an image has no names
|
|
|
|
- Changelog for v0.9.2 (2018-09-14)
|
|
* Don't mount /dev/* if user mounted /dev
|
|
* rootless: do not raise an error if the entrypoint is specified
|
|
* Add a way to disable port reservation
|
|
* Do not set rlimits if we are rootless
|
|
* Add --interval flag to podman wait
|
|
* Add `podman rm --volumes` flag
|
|
* Explicitly set default CNI network name in libpod.conf
|
|
|
|
- Changelog for v0.9.1.1 (2018-09-10)
|
|
* Replace existing iptables handler with firewall code
|
|
* Vendor CNI plugins firewall code
|
|
* Fix displaying size on size calculation error
|
|
|
|
- Changelog for v0.9.1 (2018-09-07)
|
|
* Fix pod sharing for utsmode
|
|
* Respect user-added mounts over default spec mounts
|
|
* use layer cache when building images
|
|
* Start pod infra container when pod is created
|
|
* Fix up libpod.conf man pages and referencese to it.
|
|
* We should fail Podman with ExitCode 125 by default
|
|
* Add CRI logs parsing to podman logs
|
|
* rmi remove all not error when no images are present
|
|
* rootless, create: support --pod
|
|
* rootless, run: support --pod
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 3 06:04:26 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Changelog for v0.8.5 (2018-08-31)
|
|
* Add proper support for systemd inside of podman
|
|
* We are mistakenly seeing repos as registries.
|
|
* Up time between checks for podman wait
|
|
* Turn on test debugging
|
|
* Add support for remote commands
|
|
* fixup A few language changes and subuid(5)
|
|
* Make the documentation of user namespace options in podman-run clearer
|
|
* catch command-not-found errors
|
|
* don't print help message for usage errors
|
|
* docs: consistent format for example
|
|
* docs: consistent headings
|
|
* docs: make HISTORY consistent
|
|
* docs: fix headers
|
|
* varlink: fix --timeout usage
|
|
* run/create: reserve `-h` flag for hostname
|
|
* podman,varlink: inform user about --timeout 0
|
|
* rootless: show an error when stats is used
|
|
* rootless: show an error when pause/unpause are used
|
|
* rootless: unexport GetUserNSForPid
|
|
* rootless, exec: use the new function to join the userns
|
|
* rootless: fix top
|
|
* rootless: add new function to join existing namespace
|
|
* Do not set max open files by default if we are rootless
|
|
* Set default max open files in spec
|
|
* Resolve /etc/resolv.conf before reading
|
|
* document `--rm` semantics
|
|
* rootless, search: do not create a new userns
|
|
* rootless, login, logout: do not create a new userns
|
|
* rootless, kill: do not create a new userns
|
|
* rootless, stop: do not create a new userns
|
|
* Fix manpage to note how multiple filters are combined
|
|
* Fix handling of multiple filters in podman ps
|
|
* Fix Mount Propagation
|
|
* docs: add containers-mounts.conf(5)
|
|
* docs: use "containers-" prefix for registries and storage
|
|
* rootless: fix --pid=host
|
|
* rootless: fix --ipc=host
|
|
* spec: bind mount /sys only when userNS are enabled
|
|
* rootless, tests: add test for --uts=host
|
|
* rootless: don't use kill --all
|
|
* rootless: exec handle processes that create an user namespace
|
|
* rootless: fix exec
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 27 06:05:18 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.8.4 (2018-08-24)
|
|
* Swap from FFJSON to easyjson
|
|
* rootless: allow to override policy.json by the user
|
|
* add completion for --pod in run and create
|
|
* Fixed formatting and lowered verbosity of pod ps
|
|
* Do not try to enable AppArmor in rootless mode
|
|
* Reveal information about container capabilities
|
|
* Fixing network ns segfault
|
|
* Change pause container to infra container
|
|
* Added option to share kernel namespaces in libpod and podman
|
|
* Add podman pod top
|
|
* Include pod stats and top in commands/completions
|
|
* Fix syntax description of --ulimit command
|
|
* Properly translate users into runc format for exec
|
|
* rootless: fix --net host --privileged
|
|
* Fixed segfault in stats where container had netNS none or from container
|
|
* Enable pod stats with short ID and name
|
|
* Touch up cert-dir in man pages
|
|
* Support Attach subcommand in pypodman
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 20 06:40:02 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.8.3 (2018-08-17)
|
|
* Switch from github.com/projectatomic to github.com/containers
|
|
* Mention that systemd is the default cgroup manager
|
|
* Fix handling of socket connection refusal.
|
|
* podman: fix --uts=host
|
|
* podman pod stats
|
|
* Added reason to PodContainerError
|
|
* Add Pod API to varlink.
|
|
* Revert "spec: bind mount /sys only for rootless containers"
|
|
* Document STORAGE_DRIVER and STORAGE_OPTS environment variable
|
|
* Create pod CGroups when using the systemd cgroup driver
|
|
* Switch systemd default CGroup parent to machine.slice
|
|
* spec: bind mount /sys only for rootless containers
|
|
* Add create and pull commands
|
|
* rootless: not require userns for help/version
|
|
* pkg/apparmor: use a pipe instead of a tmp file
|
|
* podman in rootless mode will only work with cgroupfs at this point.
|
|
* when searching, survive errors for multiple registries
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 13 06:32:40 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.8.2.1 (2018-08-11)
|
|
* Ensure pod inspect is locked and validity-checked
|
|
* Swap default CGroup manager to systemd
|
|
|
|
- Changelog for v0.8.2 (2018-08-10)
|
|
* We need to sort mounts so that one mount does not over mount another.
|
|
* search name should include registry
|
|
* removeContainer: fix deadlock
|
|
* Add FFJSON to build container
|
|
* Add FFJSON generation to makefile
|
|
* Fixed a bug setting dependencies on the wrong container
|
|
* Always connect to the stdout and stderr of stream
|
|
* apparmor: respect "unconfined" setting
|
|
* oci.go: syslog: fix debug formatting
|
|
* add podman pod inspect
|
|
* Fix CGroupFS cgroup manager cgroup creation for pods
|
|
* Pass newly-added --log-level flag to Conmon
|
|
* Cleanup man pages
|
|
* Improve ps handling of container start/stop time
|
|
* rootless: fix user lookup if USER= is not set
|
|
* Add dpkg support for returning oci/conmon versions
|
|
* Have info print conmon/oci runtime information
|
|
* Better pull error for fully-qualified images
|
|
* Add Runc and Conmon versions to Podman Version
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 9 10:20:19 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add a dedicated conmon for podman as the requirements on the specific
|
|
version started to differ from the ones of CRI-O. This change implies
|
|
dropping the requirement on the cri-o package.
|
|
|
|
- Add libpod.conf as a new source to allow tweaking the search paths
|
|
for openSUSE. This change makes execution slightly faster.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 6 06:27:09 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.8.1 (2018-08-03)
|
|
* Added ps --pod option
|
|
* clarify pull error message
|
|
* Man page fixes found by https://pagure.io/ManualPageScan
|
|
* rootless: do not segfault if the parent already died
|
|
* Document the properties of DefaultTransport a bit better.
|
|
* Add --force to podman umount to force the unmounting of the rootfs
|
|
* network: add support for rootless network with slirp4netns
|
|
* Add documentations on how to setup /etc/subuid and /etc/subgid
|
|
* podman rmi shouldn't delete named referenced images
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 30 05:45:52 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.7.4 (2018-07-27)
|
|
* Add pod pause/unpause
|
|
* Fix up docker compatibility messages
|
|
* Fix handling of Linux network namespaces
|
|
* Cleanup descriptions and help information
|
|
* Add pod kill
|
|
* Added pod restart
|
|
* podman: allow to specify the IPC namespace to join
|
|
* podman: allow to specify the UTS namespace to join
|
|
* podman: allow to specify the PID namespace to join
|
|
* podman: allow to specify the userns to join
|
|
* spec: allow container:NAME network mode
|
|
* Add libpod namespace to config
|
|
* Add missing runtime.go lines to set namespace
|
|
* Set namespace for new pods/containers based on runtime
|
|
* Add --namespace flag to Podman
|
|
* Update documentation for the State interface
|
|
* Ensure pods are part of the set namespace when added
|
|
* Enforce namespace checks on container add
|
|
* Add container and pod namespaces to configs
|
|
* AppArmor: runtime check if it's enabled on the host
|
|
* Add format descriptors infor to podman top
|
|
* docs/podman-top: fix typo and whitespace
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 23 06:18:32 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.7.3 (2018-07-20)
|
|
* Podman load/tag/save prepend localhost when no repository is present
|
|
* Pod ps now uses pod.Status()
|
|
* Added pod start and stop
|
|
* rootless: support a per-user mounts.conf
|
|
* secrets: parse only one mounts configuration file
|
|
* rootless: allow a per-user registries.conf file
|
|
* rootless: allow a per-user storage.conf file
|
|
* rootless, docs: document the libpod.conf file used in rootless mode
|
|
* podman-top: use containers/psgo
|
|
* oci: keep exposed ports busy and leak the fd into conmon
|
|
* Fix ps filter with key=value labels
|
|
* rootless: require subids to be present
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 16 05:37:36 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.7.2 (2018-07-13)
|
|
* Only print container size JSON if --size was requested
|
|
* Don't print rootfs and rw sizes if they're empty
|
|
* Major fixes to podman ps --format=json output
|
|
* Ignore running containers in ps exit-code filters
|
|
* rootless: correctly propagate the exit status from the container
|
|
* rootless: unshare mount namespace
|
|
* Need to wait for container to exit before completing run/start completes
|
|
* If proxy fails then then signal should be sent to the main process
|
|
* fix pull image that includes a sha
|
|
* Added full podman pod ps, with tests and man page
|
|
* Podman pod create/rm commands with man page and tests.
|
|
* Added created time to pod state
|
|
* Support multiple networks
|
|
* podman rmi should only untag image if parent of another
|
|
* build: enable ostree in containers/storage when available
|
|
* podman/libpod: add default AppArmor profile
|
|
* rootless: propagate errors from GetRootlessRuntimeDir()
|
|
* rootless: resolve the user home directory
|
|
* rootless: fix when argv[0] is not an absolute path
|
|
* urfave/cli: fix regression in short-opts parsing
|
|
* Add --volumes-from flag to podman run and create
|
|
* Mask /proc/keys to protect information leak about keys on host
|
|
* Podman stats with no containers listed is the same as podman stats --all
|
|
|
|
- install missing podman (1) manpage
|
|
|
|
- podman-rpmlintrc: ignore missing-call-to-setgroups-before-setuid wari
|
|
|
|
- install bash completion at /usr/share/bash-completion/completions
|
|
|
|
- buildmode=pie: build position independent code
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 9 05:47:32 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.7.1 (2018-07-06)
|
|
* Block use of /proc/acpi from inside containers
|
|
* Remove per-container CGroup parents
|
|
* rootless: add /run/user/$UID to the lookup paths
|
|
* rootless: add function to retrieve the original UID
|
|
* rootless: always set XDG_RUNTIME_DIR
|
|
* rootless: set XDG_RUNTIME_DIR also for state and exec
|
|
* urfave/cli: fix parsing of short opts
|
|
* docs: Follow man-pages(7) suggestions for SYNOPSIS
|
|
* Allow multiple mounts
|
|
|
|
- re-enable varlink support (build conditional)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 2 05:53:26 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.6.5 (2018-06-29)
|
|
* Fix built-in volume issue with podman run/create
|
|
* Add `podman container cleanup` to CLI
|
|
* Allow multiple containers and all for umount
|
|
* Returning joining namespace error should not be fatal
|
|
* Test to verify overlay quotas work, show container overhead on quota
|
|
* Remove the --registry flag from podman search
|
|
* utils: fix endless write of resize event
|
|
* Start prints UUID or container name that user inputs on success
|
|
* Fix podman hangs when detecting startup error in container attached mode
|
|
* podman-build --help: update description
|
|
* docs: add documentation for rootless containers
|
|
* Add --authfile to podman search
|
|
* Add podman-image and podman-container man page links
|
|
* make varlink optional for podman
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 25 05:58:20 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.6.4 (2018-06-22)
|
|
* Point podman-refresh at the right manpage
|
|
* Add bash completions for podman refresh
|
|
* Add manpages for podman refresh
|
|
* Add podman refresh command
|
|
* Add information about the configuration files to the install docs
|
|
* Add unittests and fix bugs
|
|
* Podman history now prints out intermediate image IDs
|
|
* Add cap-add and cap-drop to build man page
|
|
* Fix image volumes access and mount problems on restart
|
|
* Add carriage return to log message when using --tty flag
|
|
* Added --sort to ps
|
|
* Fix podman build -q
|
|
* Add extra debug so we can tell apart postdelete hooks
|
|
* TLS verify is skipped per registry.
|
|
* Add --all,-a flag to podman images
|
|
* top: make output tabular
|
|
* Add more network info ipv4/ipv6 and be more compatible with docker
|
|
* Do not run iptablesDNS workaround on IPv6 addresses
|
|
* Added --tls-verify functionality to podman search, with tests
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 18 05:46:23 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.6.3 (2018-06-15)
|
|
* podman: use a different store for the rootless case
|
|
* podman: do not use Chown in rootless mode
|
|
* network: do not attempt to create a network in rootless mode
|
|
* oci: do not set resources in rootless mode
|
|
* oci: do not use hooks in rootless mode
|
|
* oci: do not set the cgroup path in Rootless mode
|
|
* spec: change mount options for /dev/pts in rootless mode
|
|
* container: do not add shm in rootless mode
|
|
* podman: provide a default UID mapping when non root
|
|
* podman: accept option --rootfs to use exploded images
|
|
* When setting a memory limit, also set a swap limit
|
|
* Fix cleaning up network namespaces on detached ctrs
|
|
* Implement --latest for ps
|
|
* Added --sort flag to podman image
|
|
* add podman container and image command
|
|
* rmi: remove image if all tags are specified
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 11 06:22:30 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.6.2 (2018-06-08)
|
|
* Vendor in latest buildah code
|
|
* Update epoch to fix validation problems
|
|
* Touch up whitespace issue in build man
|
|
* Add disable-content flag info to man page for build
|
|
* podman-run: clean up some formatting issues
|
|
* Remove SELinux transition rule after conmon is started.
|
|
* Add --all flag even though it is a noop so scripts will work
|
|
* podman-varlink: log timeouts
|
|
* bash completion: remove shebang
|
|
* Vendor in latest containers/storage
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 8 14:26:33 UTC 2018 - dcassany@suse.com
|
|
|
|
- Make use of %license macro
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 5 13:36:00 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.6.1 (2018-06-01)
|
|
* Fix lable handling
|
|
* runtime: add /usr/libexec/podman/conmon to the conmon paths
|
|
* varlink build
|
|
* Add OnBuild support for podman build
|
|
* return all inspect info for varlink containerinspect
|
|
* hooks/exec: Allow successful reaps for 0s post-kill timeouts
|
|
* fix panic with podman pull
|
|
* Remove --net flag and make it an alias for --network
|
|
* Clear all caps, except the bounding set, when --user is specified.
|
|
Fix: bsc#1097970 CVE-2018-10856
|
|
* do not allow port related args to be used with --network=container:
|
|
* sort containers and images by create time
|
|
* Cleanup man pages
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 29 12:35:47 UTC 2018 - parlt@suse.com
|
|
|
|
- Changelog for v0.5.4 (2018-05-25):
|
|
* Make references to the Process part of Spec conditional
|
|
* save and load should support multi-tag for docker-archive
|
|
* Implement python podman create and start
|
|
* Set Entrypoint from image only if not already set
|
|
* Update podman build to match buildah bud functionality
|
|
* Fix handling of command in images
|
|
* Add support for Zulu timestamp parsing
|
|
* Clarify using podman build with a URL, Git repo, or archive.
|
|
* podman create, start, getattachsocket
|
|
* oci-hooks.5: Discuss directory precedence and monitoring
|
|
* Tighten the security on the podman varlink socket
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 22 10:16:03 UTC 2018 - parlt@suse.com
|
|
|
|
- Changelog for v0.5.3 (2018-05-18):
|
|
* troubleshooting: Add console syntax highlighting
|
|
* Refresh pods when refreshing podman state
|
|
* Add per-pod CGroups
|
|
* Add pod state
|
|
* hooks: Fix monitoring of multiple directories
|
|
* Add Troubleshooting guide
|
|
* Add python3 package to podman
|
|
* libpod: fix panic when using -t and the process fails to start
|
|
* Allow push/save without image reference
|
|
* Fix podman inspect bash completions
|
|
* Support pulling Dockerfile from http
|
|
* add more bash completions
|
|
* implement varlink commit
|
|
* fix segfault for podman push
|
|
* Add the Podman Logo
|
|
* hooks: Add package support for extension stages
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 14 08:33:11 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Changelog for v0.5.2 (2018-05-11):
|
|
* Fix varlink remove image force
|
|
* Do not error trying to remove cgroups that don't exist
|
|
* Remove parent cgroup we create with cgroupfs
|
|
* Place Conmon and Container in separate CGroups
|
|
* Add --cgroup-manager flag to Podman binary
|
|
* Major fixes to systemd cgroup handling
|
|
* Add validation for CGroup parents. Pass CGroups path into runc
|
|
* varlink info
|
|
* Dont eat the pull error message for varlink
|
|
* podman push should honor registries.conf
|
|
* alphabetize the varlink methods, types, and errors in the docs
|
|
* Add missing newline to podman port
|
|
* Fix calculation of RunningFor in ps json output
|
|
* Should not error out if container no longer exists in oci
|
|
* Make invalid state nonfatal when cleaning up in run
|
|
* podman, userNS: configure an intermediate mount namespace
|
|
* networking, userNS: configure the network namespace after create
|
|
* Begin wiring in USERNS Support into podman
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 7 05:42:24 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Remove runtime dependency on buildah, which isn't required anymore as
|
|
libpod vendors in buildah's code directly.
|
|
|
|
- Changelog for v0.5.1 (2018-05-04):
|
|
* Fix pulling from secure registry
|
|
* Optionally init() during container restart
|
|
* bashcompletion enhancements
|
|
* Add directory for systemd socket and service if not present
|
|
* varlink containers
|
|
* Make podman commit to localhost rather then docker.io
|
|
* Do not print unnecessary Buildah details during commit
|
|
* Fix podman logout --all flag
|
|
* podman should assign a host port to -p when omitted
|
|
* libpod.conf: Podman's conmon path on openSUSE
|
|
* correct varlink command in service file
|
|
* Make ':' a restricted character for file names
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 30 06:53:09 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Update podman to v0.4.4:
|
|
* Use buildah commit and bud in podman
|
|
* Remove systemd-cat support
|
|
* Add --default-mounts-file hidden flag
|
|
* Add isolation note to build man page
|
|
* Strip transport from image name when looking for local image
|
|
* Do not eat error messages from pullImage
|
|
* Modify --user flag for podman create and run
|
|
* add libpod.conf man page
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 23 08:37:57 UTC 2018 - parlt@suse.com
|
|
|
|
- Update podman to v0.4.3:
|
|
* podman push without destination image
|
|
* Add make .git target
|
|
* Fix tests for podman run --attach
|
|
* Vendor in latest containers/image and contaners/storage
|
|
* It is OK to start an already running container (with no attach)
|
|
* Allow podman start to attach to a running container
|
|
* regression: tls verify should be set on registries.conf if insecure
|
|
* ip validation game too strong
|
|
* reverse host field order (ip goes first) - fix host string split to permit IPv6
|
|
* Allow podman to exit exit codes of removed containers
|
|
* validate dns-search values prior to creation
|
|
* Add WaitContainerReady for wait for docker registry ready
|
|
* podman pull should always try to pull
|
|
* Allow the use of -i/-a on any container
|
|
* Fix secrets patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 17 06:44:19 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Require golang >= 1.9.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 17 06:19:33 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Update podman to v0.4.2:
|
|
* Allowing attaching stdin to non-interactive containers
|
|
* Fix terminal attach
|
|
* Fix locking interaction in batched Exec() on container
|
|
* Force host UID/GID mapping when creating containers
|
|
* Do not lock all containers during pod kill
|
|
* Do not lock all containers during pod start
|
|
* Make pod stop lock one container at a time
|
|
* Containers transitioning to stop should not break stats
|
|
* Add -i to exec for compatibility reasons
|
|
* Unescape characters in inspect JSON format output
|
|
* Use buildah commit for podman commit
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 9 07:48:52 UTC 2018 - parlt@suse.com
|
|
|
|
- Update podman to v0.4.1:
|
|
* Remove image via storage if a buildah container is associated
|
|
* Add hooks support to podman
|
|
* Run images with no names
|
|
* Prevent a potential race when stopping containers
|
|
* Only allocate tty when -t
|
|
* Add conmon-pidfile flag to bash completions/manpages
|
|
* --entrypoint= should delete existing entrypoint
|
|
* Do not require Init() before Start()
|
|
* Ensure dependencies are running before initializing containers
|
|
* Add container dependencies to Inspect output
|
|
* Vendor in latest containers/image
|
|
* Change errorf to warnf in warning removing ctr storage
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 5 06:40:07 UTC 2018 - asarai@suse.com
|
|
|
|
- Split out podman's basic CNI configuration to podman-cni-config, to avoid
|
|
breaking Kubernetes clusters due to misconfigured networking. On openSUSE we
|
|
still install this configuration so things "just work" there.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 3 05:41:54 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Update podman to v0.3.5:
|
|
* Allow sha256: prefix for input
|
|
* Add secrets patch to podman
|
|
* Only start containers that are not running in pod start
|
|
* Check for duplicate names when generating new container and pod names.
|
|
* podman: new option --conmon-pidfile=
|
|
* Remove dependency on kubernetes
|
|
* Vendor in lots of kubernetes stuff to shrink image size
|
|
* cmd/podman/run.go: Error nicely when no image found
|
|
* Update containers/storage to pick up overlay driver fix
|
|
* First tag, untag THEN reload the image
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 26 05:57:07 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Update podman to v0.3.4:
|
|
* Make container env variable conditional
|
|
* Small manpage reword
|
|
* Document .containerenv in manpages. Move it to /run.
|
|
* Add .containerenv file
|
|
* Removing tagged images change in behavior
|
|
* Image library stage 4 - create and commit
|
|
* Add 'podman restart' asciinema
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 19 09:47:24 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Remove old (redundant) source archive.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 17 10:36:53 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Do not compile commit hash into binary. `podman version` will not print
|
|
the commit number as we are now following official releases.
|
|
|
|
- Change tar naming from commit to version to facilitate updates via the
|
|
_service file.
|
|
|
|
- Update podman to v0.3.3. This update includes several fixes and a new
|
|
configuration file, libpod.conf. By default, this config will be
|
|
installed to /usr/share/containers and /etc/containers, whereas podman
|
|
will always use the latter if present. The config in
|
|
/usr/share/containers can be used to check for new config options and
|
|
will be replaced with each package update. The libpod.conf config can
|
|
be used to tweak some run-time paths of conmon, runc, etc., which is a
|
|
more flexible approach than hard-coding those paths in podman.
|
|
|
|
Changelog:
|
|
* Update containers/image
|
|
* Add restart to main podman manpage
|
|
* Add podman restart to podman bash completions and commands
|
|
* Make manpage more clear
|
|
* Add 'podman restart' command
|
|
* Remove ability to specify mount label when mounting
|
|
* Add signal proxying to podman run, start, and attach
|
|
* We should not allow a user to mount a container with a different label
|
|
* We should not have a default workdir
|
|
* Add additional debug logging
|
|
* Implement container restarting
|
|
* sleep does not catch SIGTERM
|
|
* Include tmpfs in inspect
|
|
* Add run and search to commands page
|
|
* Add new default location for conmon
|
|
* podman-images: return correct image list
|
|
* Remove crio.conf references from manpages
|
|
* Fix a potential race around container removal in ps
|
|
* podman ps command string too long
|
|
* Podman load can pull in compressed files
|
|
* Fix Conmon error to display Conmon paths
|
|
* Add support to load runtime configuration from config file
|
|
* Add default libpod config file
|
|
* Change conmon and runtime paths to arrays
|
|
* Update containers/storage to fix locking bug
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 15 15:24:23 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add requirement on cni-plugins to avoid potential issues in the
|
|
future.
|
|
feature#crio
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 6 11:00:09 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add run-time requirement on buildah to support `podman build`.
|
|
feature#crio
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 6 08:01:37 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Fix typo when setting the git commit at compile time.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 3 14:20:06 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Update podman to v0.3.1:
|
|
* allow DNS resolution in containers
|
|
* Adjust podman logs error message for clarity
|
|
* Instead of erroring on exit file not being found, warn
|
|
* podman logs -f: does not detect container stop or rm
|
|
* Fix issue with podman logs on fresh containers
|
|
* Replace usage of runc with runtime
|
|
* Handle removing containers with active exec sessions
|
|
* Ensure that Cleanup() will not run on active containers
|
|
* Add tracking for exec session IDs
|
|
* Add tracking for container exec sessions to DB
|
|
* Small fixes to container Exec
|
|
* docs/podman-info.1.md update man page
|
|
* Update containers/storage
|
|
* podman info add registries
|
|
* podman stats add networking
|
|
* CNIPluginDir: check "/usr/lib/cni"
|
|
* remove build alias
|
|
* Restrict top output to container's pids only
|
|
* ps displays incorrect exit code
|
|
* podman load dont panic when no repotags
|
|
* Do not override user mounts
|
|
* Tagging an image alias by shortname
|
|
* Add support for --no-new-privs
|
|
* podman ps json output use batched ops
|
|
* CreateContainerStorage by image id
|
|
* Implement --image-volumes for create and run
|
|
* Add ability to start containers in a pod
|
|
* Add kill and stop for pods
|
|
* Add pod status command
|
|
* Add tests and cleanup
|
|
* Implement podman run option --cgroup-parent
|
|
* Inspect output should be in array form
|
|
* Add --time alias to manpages
|
|
* Alias --time to --timeout for 'podman stop'
|
|
* Resolve contention between copr and fedora repos
|
|
* Ensure we don't repeatedly poll disk for exit codes
|
|
* Change uptime format in `podman info` to human-readable
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 10:25:14 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Replace macro by the entire URL in the spec file.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 20 14:29:54 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add podman-rpmlintrc to ignore "explicit-lib-dependency" warnings. Those are
|
|
intentional as we must include the libcontainers-* packages.
|
|
+ podman-rpmlintrc
|
|
|
|
- Update to podman v0.2.1 (change to semantic version scheme):
|
|
* Run podman inside a podman container
|
|
* Add FFJSON encoding/decoding for our container structs
|
|
* images --all developer note
|
|
* Add podman version
|
|
* Touch up tutorial location and install reqs
|
|
* No registries warning
|
|
* Return imageid from podman pull
|
|
* Squash logged errors from failed SQL rollbacks
|
|
* Privileged containers should inherit host devices
|
|
* Disable default Seccomp profile with privileged containers
|
|
* Make libpod build on 32-bit systems
|
|
* Add buckets for all containers and all pods
|
|
* Containers in a pod can only join namespaces in that pod
|
|
* Change json to match docker inspect
|
|
* Honor ENTRYPOINT in image
|
|
* Fix libpod to use given CGroup parent instead of a hardcoded one
|
|
* podman logs: fix tailing
|
|
* Allow removing pods with running containers if --force is given
|
|
* Match podman inspect output to docker inspect
|
|
* Touchup podman kill manpage
|
|
* Change stop signal default to SIGTERM
|
|
* Add podman search command
|
|
* sysfs should be mounted rw for privileged
|
|
* Need to add LISTEN_PID environment variable to conmon command
|
|
* Add authfile, cert-dir and creds params to build
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 9 15:55:16 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add requirement on libcontainers-common, which now provides the
|
|
/etc/containers/policy.json config.
|
|
- Use golang-packaging macros.
|
|
- Set version to +git%{rev_list} scheme as there's no official release yet.
|
|
- Spec file cleanups via spec-cleaner.
|
|
- Add requirement on libcontainers-{common,image,storage}, which provide
|
|
configuration files, manpages and debugging tools useful and required by
|
|
podman.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 7 08:51:16 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Fix typo to provide the correct package.
|
|
- Replace tabs with spaces.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 5 06:40:05 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 1 12:38:03 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowed
|
|
because you cannot make hardlinks between certain partitions.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 30 15:33:21 UTC 2018 - vrothberg@suse.com
|
|
|
|
- Add podman package: podman is a simple client only tool to help with
|
|
debugging issues when daemons such as CRI runtime and the kubelet are not
|
|
responding or failing.
|