The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
The rootfs that gets created needs to have an SELinux label that containers
can write to. Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This subcommand is so that users can get a nice commented version of the
ocid configuration file. This comes from the "current" version of the
configuration (allowing somone to get their custom configuration as a
file). It also has a --default option.
In addition, update the tests to use `ocid config` so that we test this
setup (the loading and saving of the options).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This lessens the Docker requirement for creating sandboxes (with the
requirement only existing for the actual image pulling that is done when
adding a container to a pod). The interface was chosen to match the
--conmon interface, so that the location of the pause binary can be
chosen by a user.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
In several places, we previously didn't output the $output of the
failing command, leading to confusion when debugging. A proper fix is to
alias oci{c,d} in helpers.sh like runC does, but that can come later.
Signed-off-by: Aleksa Sarai <asarai@suse.de>