aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--RELEASE_NOTES.md63
-rw-r--r--cmd/podman/shared/create.go5
-rw-r--r--libpod/define/errors.go4
-rw-r--r--libpod/runtime.go54
-rw-r--r--libpod/runtime_img.go7
5 files changed, 129 insertions, 4 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 69244bb09..f55fd9b18 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,68 @@
# Release Notes
+## 1.5.0
+### Features
+- Podman containers can now join the user namespaces of other containers with `--userns=container:$ID`, or a user namespace at an arbitary path with `--userns=ns:$PATH`
+- Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the `newuidmap` and `newgidmap` executables) by passing `--storage-opt ignore_chown_errors`
+- The `podman generate kube` command now produces YAML for any bind mounts the container has created ([#2303](https://github.com/containers/libpod/issues/2303))
+- The `podman container restore` command now features a new flag, `--ignore-static-ip`, that can be used with `--import` to import a single container with a static IP multiple times on the same host
+- Added the ability for `podman events` to output JSON by specifying `--format=json`
+- If the OCI runtime or `conmon` binary cannot be found at the paths specified in `libpod.conf`, Podman will now also search for them in the calling user's path
+- Added the ability to use `podman import` with URLs ([#3609](https://github.com/containers/libpod/issues/3609))
+- The `podman ps` command now supports filtering names using regular expressions ([#3394](https://github.com/containers/libpod/issues/3394))
+- Rootless Podman containers with `--privileged` set will now mount in all host devices that the user can access
+- The `podman create` and `podman run` commands now support the `--env-host` flag to forward all environment variables from the host into the container
+- Rootless Podman now supports healthchecks ([#3523](https://github.com/containers/libpod/issues/3523))
+- The format of the `HostConfig` portion of the output of `podman inspect` on containers has been improved and synced with Docker
+- Podman containers now support CGroup namespaces, and can create them by passing `--cgroupns=private` to `podman run` or `podman create`
+- The `podman create` and `podman run` commands now support the `--ulimit=host` flag, which uses any ulimits currently set on the host for the container
+- The `podman rm` and `podman rmi` commands now use different exit codes to indicate 'no such container' and 'container is running' errors
+- Support for CGroups V2 through the `crun` OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use
+
+### Bugfixes
+- Fixed a bug where a race condition could cause `podman restart` to fail to start containers with ports
+- Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at
+- Fixed a bug where `podman search` would return at most 25 results, even when the maximum number of results was set higher
+- Fixed a bug where `podman play kube` would not honor capabilities set in imported YAML ([#3689](https://github.com/containers/libpod/issues/3689))
+- Fixed a bug where `podman run --env`, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host ([#3648](https://github.com/containers/libpod/issues/3648))
+- Fixed a bug where `podman commit --changes` would not properly set environment variables
+- Fixed a bug where Podman could segfault while working with images with no history
+- Fixed a bug where `podman volume rm` could remove arbitrary volumes if given an ambiguous name ([#3635](https://github.com/containers/libpod/issues/3635))
+- Fixed a bug where `podman exec` invocations leaked memory by not cleaning up files in tmpfs
+- Fixed a bug where the `--dns` and `--net=container` flags to `podman run` and `podman create` were not mutually exclusive ([#3553](https://github.com/containers/libpod/issues/3553))
+- Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available
+- Fixed a bug where containers in pods could not be removed without removing the entire pod ([#3556](https://github.com/containers/libpod/issues/3556))
+- Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the `cgroupfs` CGroup driver
+- Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped
+- Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image ([#3525](https://github.com/containers/libpod/issues/3525))
+- Fixed a bug where healthchecks using the `HEALTHCHECK CMD` format where not properly supported ([#3507](https://github.com/containers/libpod/issues/3507))
+- Fixed a bug where volume mounts using relative source paths would not be properly resolved ([#3504](https://github.com/containers/libpod/issues/3504))
+- Fixed a bug where `podman run` did not use authorization credentials when a custom path was specified ([#3524](https://github.com/containers/libpod/issues/3524))
+- Fixed a bug where containers checkpointed with `podman container checkpoint` did not properly set their finished time
+- Fixed a bug where running `podman inspect` on any container not created with `podman run` or `podman create` (for example, pod infra containers) would result in a segfault ([#3500](https://github.com/containers/libpod/issues/3500))
+- Fixed a bug where healthcheck flags for `podman create` and `podman run` were incorrectly named ([#3455](https://github.com/containers/libpod/pull/3455))
+- Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod ([#3487](https://github.com/containers/libpod/issues/3487))
+- Fixed a bug where restored containers would not have the correct SELinux label
+- Fixed a bug where Varlink endpoints were not working properly if `more` was not correctly specified
+- Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred ([#3715](https://github.com/containers/libpod/issues/3715))
+- Fixed a bug where the `--mount` flag to `podman create` and `podman run` did not allow boolean arguments for its `ro` and `rw` options ([#2980](https://github.com/containers/libpod/issues/2980))
+- Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname ([#3547](https://github.com/containers/libpod/issues/3547))
+- Fixed a bug where Podman would unconditionally append `ENTRYPOINT` to `CMD` during `podman commit` (and when reporting `CMD` in `podman inspect`) ([#3708](https://github.com/containers/libpod/issues/3708))
+- Fixed a bug where `podman events` with the `journald` events backend would incorrectly print 6 previous events when only new events were requested ([#3616](https://github.com/containers/libpod/issues/3616))
+- Fixed a bug where `podman port` would exit prematurely when a port number was specified ([#3747](https://github.com/containers/libpod/issues/3747))
+- Fixed a bug where passing `.` as an argument to the `--dns-search` flag to `podman create` and `podman run` was not properly clearing DNS search domains in the container
+
+### Misc
+- Updated vendored Buildah to v1.10.1
+- Updated vendored containers/image to v3.0.2
+- Updated vendored containers/storage to v1.13.1
+- Podman now requires conmon v2.0.0 or higher
+- The `podman info` command now displays the events logger being in use
+- The `podman inspect` command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process
+- The `-v` short flag for `podman --version` has been re-added
+- Error messages from `podman pull` should be significantly clearer
+- The `podman exec` command is now available in the remote client
+
## 1.4.4
### Bugfixes
- Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index 1aa2412b0..84cba4b75 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -627,6 +627,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod.
return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
}
+ // Check for explicit dns-search domain of ''
+ if c.Changed("dns-search") && len(c.StringSlice("dns-search")) == 0 {
+ return nil, errors.Errorf("'' is not a valid domain")
+ }
+
// Validate domains are good
for _, dom := range c.StringSlice("dns-search") {
if dom == "." {
diff --git a/libpod/define/errors.go b/libpod/define/errors.go
index a4368a9aa..9d532263c 100644
--- a/libpod/define/errors.go
+++ b/libpod/define/errors.go
@@ -107,4 +107,8 @@ var (
// ErrOCIRuntimeNotFound indicates the OCI runtime attempted to invoke a command
// that was not found
ErrOCIRuntimeNotFound = errors.New("OCI runtime command not found error")
+
+ // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH)
+ // is out of date for the current podman version
+ ErrConmonOutdated = errors.New("outdated conmon version")
)
diff --git a/libpod/runtime.go b/libpod/runtime.go
index 38bfac8ba..83799a52b 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -1,6 +1,7 @@
package libpod
import (
+ "bytes"
"context"
"fmt"
"io/ioutil"
@@ -8,6 +9,8 @@ import (
"os/exec"
"os/user"
"path/filepath"
+ "regexp"
+ "strconv"
"strings"
"sync"
"syscall"
@@ -739,11 +742,43 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) {
return manager, nil
}
+// probeConmon calls conmon --version and verifies it is a new enough version for
+// the runtime expectations podman currently has
+func probeConmon(conmonBinary string) error {
+ cmd := exec.Command(conmonBinary, "--version")
+ var out bytes.Buffer
+ cmd.Stdout = &out
+ err := cmd.Run()
+ if err != nil {
+ return err
+ }
+ r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)
+
+ matches := r.FindStringSubmatch(out.String())
+ if len(matches) != 4 {
+ return errors.Wrapf(err, "conmon version changed format")
+ }
+ major, err := strconv.Atoi(matches[1])
+ if err != nil || major < 1 {
+ return define.ErrConmonOutdated
+ }
+ // conmon used to be shipped with CRI-O, and was versioned along with it.
+ // even though the conmon that came with crio-1.9 to crio-1.15 has a higher
+ // version number than conmon 1.0.0, 1.0.0 is newer, so we need this check
+ minor, err := strconv.Atoi(matches[2])
+ if err != nil || minor > 9 {
+ return define.ErrConmonOutdated
+ }
+
+ return nil
+}
+
// Make a new runtime based on the given configuration
// Sets up containers/storage, state store, OCI runtime
func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// Find a working conmon binary
foundConmon := false
+ foundOutdatedConmon := false
for _, path := range runtime.config.ConmonPath {
stat, err := os.Stat(path)
if err != nil {
@@ -752,6 +787,11 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
if stat.IsDir() {
continue
}
+ if err := probeConmon(path); err != nil {
+ logrus.Warnf("conmon at %s invalid: %v", path, err)
+ foundOutdatedConmon = true
+ continue
+ }
foundConmon = true
runtime.conmonPath = path
logrus.Debugf("using conmon: %q", path)
@@ -761,13 +801,21 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) {
// Search the $PATH as last fallback
if !foundConmon {
if conmon, err := exec.LookPath("conmon"); err == nil {
- foundConmon = true
- runtime.conmonPath = conmon
- logrus.Debugf("using conmon from $PATH: %q", conmon)
+ if err := probeConmon(conmon); err != nil {
+ logrus.Warnf("conmon at %s is invalid: %v", conmon, err)
+ foundOutdatedConmon = true
+ } else {
+ foundConmon = true
+ runtime.conmonPath = conmon
+ logrus.Debugf("using conmon from $PATH: %q", conmon)
+ }
}
}
if !foundConmon {
+ if foundOutdatedConmon {
+ return errors.Wrapf(define.ErrConmonOutdated, "please update to v1.0.0 or later")
+ }
return errors.Wrapf(define.ErrInvalidArg,
"could not find a working conmon binary (configured options: %v)",
runtime.config.ConmonPath)
diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go
index 4055734eb..20dee4080 100644
--- a/libpod/runtime_img.go
+++ b/libpod/runtime_img.go
@@ -28,6 +28,7 @@ import (
// RemoveImage deletes an image from local storage
// Images being used by running containers can only be removed if force=true
func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool) (string, error) {
+ var returnMessage string
r.lock.Lock()
defer r.lock.Unlock()
@@ -93,7 +94,11 @@ func (r *Runtime) RemoveImage(ctx context.Context, img *image.Image, force bool)
err = errStorage
}
}
- return img.ID(), err
+ for _, name := range img.Names() {
+ returnMessage = returnMessage + fmt.Sprintf("Untagged: %s\n", name)
+ }
+ returnMessage = returnMessage + fmt.Sprintf("Deleted: %s", img.ID())
+ return returnMessage, err
}
// Remove containers that are in storage rather than Podman.
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-15 10:20:43 +0000