diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-12-08 20:02:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-08 20:02:19 +0000 |
| commit | b8fde5c5b2a94beac20cd37cab0b59ea0124249c (patch) | |
| tree | ff3699646ba675a3ccf11b46b827e71ca06627ce | |
| parent | 2d7c4beffc38f72a49ae2e9d360d8ecc46ea76c5 (diff) | |
| parent | d46a82d218303c68aab0388b51d9ec1938b45b53 (diff) | |
| download | podman-b8fde5c5b2a94beac20cd37cab0b59ea0124249c.tar.gz podman-b8fde5c5b2a94beac20cd37cab0b59ea0124249c.tar.bz2 podman-b8fde5c5b2a94beac20cd37cab0b59ea0124249c.zip | |
Merge pull request #12549 from mheon/bump_344
Bump to v3.4.4
| -rw-r--r-- | RELEASE_NOTES.md | 6 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 2 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 2 | ||||
| -rw-r--r-- | pkg/specgenutil/specgen.go | 8 | ||||
| -rw-r--r-- | test/e2e/run_entrypoint_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/run_volume_test.go | 12 | ||||
| -rw-r--r-- | version/version.go | 2 |
7 files changed, 24 insertions, 9 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index b7579af03..a69f6684d 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,11 @@ # Release Notes +## 3.4.4 +### Bugfixes +- Fixed a bug where the `podman exec` command would, under some circumstances, print a warning message about failing to move `conmon` to the appropriate cgroup ([#12535](https://github.com/containers/podman/issues/12535)). +- Fixed a bug where named volumes created as part of container creation (e.g. `podman run --volume avolume:/a/mountpoint` or similar) would be mounted with incorrect permissions ([#12523](https://github.com/containers/podman/issues/12523)). +- Fixed a bug where the `podman-remote create` and `podman-remote run` commands did not properly handle the `--entrypoint=""` option (to clear the container's entrypoint) ([#12521](https://github.com/containers/podman/issues/12521)). + ## 3.4.3 ### Security - This release addresses CVE-2021-4024, where the `podman machine` command opened the `gvproxy` API (used to forward ports to `podman machine` VMs) to the public internet on port 7777. diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 19b4f8c62..29b1d4d8e 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -36,7 +36,7 @@ Epoch: 99 %else Epoch: 0 %endif -Version: 3.4.4 +Version: 3.4.5 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 8bd433427..eb05ca423 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2678,7 +2678,7 @@ func (c *Container) fixVolumePermissions(v *ContainerNamedVolume) error { return err } } - if err := os.Chmod(mountPoint, st.Mode()|0111); err != nil { + if err := os.Chmod(mountPoint, st.Mode()); err != nil { return err } stat := st.Sys().(*syscall.Stat_t) diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index eba173a81..4db25bef3 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -397,11 +397,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions s.WorkDir = c.Workdir if c.Entrypoint != nil { entrypoint := []string{} - if ep := *c.Entrypoint; len(ep) > 0 { - // Check if entrypoint specified is json - if err := json.Unmarshal([]byte(*c.Entrypoint), &entrypoint); err != nil { - entrypoint = append(entrypoint, ep) - } + // Check if entrypoint specified is json + if err := json.Unmarshal([]byte(*c.Entrypoint), &entrypoint); err != nil { + entrypoint = append(entrypoint, *c.Entrypoint) } s.Entrypoint = entrypoint } diff --git a/test/e2e/run_entrypoint_test.go b/test/e2e/run_entrypoint_test.go index 9560b1627..2246da104 100644 --- a/test/e2e/run_entrypoint_test.go +++ b/test/e2e/run_entrypoint_test.go @@ -103,7 +103,6 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run user entrypoint overrides image entrypoint and image cmd", func() { - SkipIfRemote("FIXME: podman-remote not handling passing --entrypoint=\"\" flag correctly") dockerfile := `FROM quay.io/libpod/alpine:latest CMD ["-i"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 59937b6c0..eca43680b 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -691,6 +691,18 @@ USER testuser`, fedoraMinimal) }) + It("podman run with named volume check if we honor permission of target dir", func() { + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + perms := session.OutputToString() + + session = podmanTest.Podman([]string{"run", "--rm", "-v", "test:/var/tmp", ALPINE, "stat", "-c", "%a %Y", "/var/tmp"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal(perms)) + }) + It("podman volume with uid and gid works", func() { volName := "testVol" volCreate := podmanTest.Podman([]string{"volume", "create", "--opt", "o=uid=1000", volName}) diff --git a/version/version.go b/version/version.go index 650afa9b0..cbede69d0 100644 --- a/version/version.go +++ b/version/version.go @@ -27,7 +27,7 @@ const ( // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -var Version = semver.MustParse("3.4.4-dev") +var Version = semver.MustParse("3.4.5-dev") // See https://docs.docker.com/engine/api/v1.40/ // libpod compat handlers are expected to honor docker API versions |