diff options
35 files changed, 187 insertions, 66 deletions
@@ -5,7 +5,7 @@ Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of containers. Podman is based on libpod, a library for container lifecycle management that is also contained in this repository. The libpod library provides APIs for managing containers, pods, container images, and volumes. -* [Latest Version: 3.3.0](https://github.com/containers/podman/releases/latest) +* [Latest Version: 3.3.1](https://github.com/containers/podman/releases/latest) * Latest Remote client for Windows * Latest Remote client for macOS * Latest Static Remote client for Linux diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 9649e7abb..b9b94dbb3 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,17 @@ # Release Notes +## 3.3.1 +### Bugfixes +- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)). +- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances. +- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)). +- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. +- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)). +- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)). + +### API +- A large number of potential file descriptor leaks from improperly closing client connections have been fixed. + ## 3.3.0 ### Features - Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system. diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index ac0d06a07..3a89cfb87 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -40,7 +40,7 @@ func init() { flags.Uint64Var( &initOpts.CPUS, cpusFlagName, 1, - "Number of CPUs. The default is 1.", + "Number of CPUs", ) _ = initCmd.RegisterFlagCompletionFunc(cpusFlagName, completion.AutocompleteNone) @@ -57,7 +57,7 @@ func init() { flags.Uint64VarP( &initOpts.Memory, memoryFlagName, "m", 2048, - "Memory (in MB)", + "Memory in MB", ) _ = initCmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone) diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 7419f445e..92d0c41b1 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -50,11 +50,11 @@ Note: The -l is a convenience argument for **latest container**. You can also u of -l. ### Testing the httpd server -Now that we have the IP address of the container, we can test the network communication between the host +As we do not have the IP address of the container, we can test the network communication between the host operating system and the container using curl. The following command should display the index page of our containerized httpd server. ```console -curl http://<IP_address>:8080 +curl http://localhost:8080 ``` ### Viewing the container's logs @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.22.3 - github.com/containers/common v0.43.2 + github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 @@ -241,12 +241,11 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/buildah v1.22.3 h1:RomxwUa24jMcqzXQetpw4wGMfNlNZLhc9qwyoWHblwc= github.com/containers/buildah v1.22.3/go.mod h1:JVXRyx5Rkp5w5jwvaXe45kuHtyoxpERMjXrR45+3Wfg= github.com/containers/common v0.42.1/go.mod h1:AaF3ipZfgezsctDuhzLkq4Vl+LkEy7J74ikh2HSXDsg= -github.com/containers/common v0.43.2 h1:oSP5d5sDrq7OkoqLPVrLpi1LZOAwpTwOZXgPDHfmD0E= -github.com/containers/common v0.43.2/go.mod h1:BAoVyRYlxKZKAYpHcFMdrXlIZyzbJp9NwKTgadTd/Dg= +github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25 h1:zcFtn+MuCwpywchrRtZjFQxTJIcNb9vjlIeZktYgSzQ= +github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25/go.mod h1:NIymxA8e3mUVnLoeGFoDgIrJeUmVA/djOqgMmO112Qw= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.14.0/go.mod h1:SxiBKOcKuT+4yTjD0AskjO+UwFvNcVOJ9qlAw1HNSPU= -github.com/containers/image/v5 v5.15.0/go.mod h1:gzdBcooi6AFdiqfzirUqv90hUyHyI0MMdaqKzACKr2s= github.com/containers/image/v5 v5.15.2/go.mod h1:8jejVSzTDfyPwr/HXp9rri34n/vbdavYk6IzTiB3TBw= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= github.com/containers/image/v5 v5.16.0/go.mod h1:XgTpfAPLRGOd1XYyCU5cISFr777bLmOerCSpt/v7+Q4= @@ -261,9 +260,7 @@ github.com/containers/psgo v1.5.2 h1:3aoozst/GIwsrr/5jnFy3FrJay98uujPCu9lTuSZ/Cw github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU= github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM= github.com/containers/storage v1.32.6/go.mod h1:mdB+b89p+jU8zpzLTVXA0gWMmIo0WrkfGMh1R8O2IQw= -github.com/containers/storage v1.33.0/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= github.com/containers/storage v1.33.1/go.mod h1:FUZPF4nJijX8ixdhByZJXf02cvbyLi6dyDwXdIe8QVY= -github.com/containers/storage v1.34.0/go.mod h1:t6I+hTgPU0/tVxQ75vw406wDi/TXwYBqZp4QZV9N7b8= github.com/containers/storage v1.34.1/go.mod h1:FY2TcbfgCLMU4lYoKnlZeZXeH353TOTbpDEA+sAcqAY= github.com/containers/storage v1.35.0 h1:bNduWshYm1tq4IPJRC+zLs3VQ+1tbauU0CZBaqzPxw4= github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0oznMLzzRDQ8s20= @@ -589,7 +586,6 @@ github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= @@ -723,7 +719,6 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c= github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -763,7 +758,6 @@ github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= -github.com/opencontainers/selinux v1.8.3/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= github.com/opencontainers/selinux v1.8.4 h1:krlgQ6/j9CkCXT5oW0yVXdQFOME3NjKuuAZXuR6O7P4= github.com/opencontainers/selinux v1.8.4/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= github.com/openshift/imagebuilder v1.2.2-0.20210415181909-87f3e48c2656 h1:WaxyNFpmIDu4i6so9r6LVFIbSaXqsj8oitMitt86ae4= diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 847122929..cafa3c642 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package libpod @@ -1942,9 +1943,24 @@ func (c *Container) generateHosts(path string) (string, error) { } hosts := string(orig) hosts += c.getHosts() + + hosts = c.appendLocalhost(hosts) + return c.writeStringToRundir("hosts", hosts) } +// based on networking mode we may want to append the localhost +// if there isn't any record for it and also this shoud happen +// in slirp4netns and similar network modes. +func (c *Container) appendLocalhost(hosts string) string { + if !strings.Contains(hosts, "localhost") && + !c.config.NetMode.IsHost() { + hosts += "127.0.0.1\tlocalhost\n::1\tlocalhost\n" + } + + return hosts +} + // appendHosts appends a container's config and state pertaining to hosts to a container's // local hosts file. netCtr is the container from which the netNS information is // taken. diff --git a/libpod/container_internal_linux_test.go b/libpod/container_internal_linux_test.go index 1465ffbea..899f9bffd 100644 --- a/libpod/container_internal_linux_test.go +++ b/libpod/container_internal_linux_test.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package libpod @@ -7,6 +8,7 @@ import ( "os" "testing" + "github.com/containers/podman/v3/pkg/namespaces" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" ) @@ -68,3 +70,30 @@ func TestGenerateUserGroupEntry(t *testing.T) { } assert.Equal(t, group, "567:x:567:567\n") } + +func TestAppendLocalhost(t *testing.T) { + { + c := Container{ + config: &ContainerConfig{ + ContainerNetworkConfig: ContainerNetworkConfig{ + NetMode: namespaces.NetworkMode("slirp4netns"), + }, + }, + } + + assert.Equal(t, "127.0.0.1\tlocalhost\n::1\tlocalhost\n", c.appendLocalhost("")) + assert.Equal(t, "127.0.0.1\tlocalhost", c.appendLocalhost("127.0.0.1\tlocalhost")) + } + { + c := Container{ + config: &ContainerConfig{ + ContainerNetworkConfig: ContainerNetworkConfig{ + NetMode: namespaces.NetworkMode("host"), + }, + }, + } + + assert.Equal(t, "", c.appendLocalhost("")) + assert.Equal(t, "127.0.0.1\tlocalhost", c.appendLocalhost("127.0.0.1\tlocalhost")) + } +} diff --git a/libpod/network/devices.go b/libpod/network/devices.go index de6bb4efc..fc9aff337 100644 --- a/libpod/network/devices.go +++ b/libpod/network/devices.go @@ -2,12 +2,11 @@ package network import ( "fmt" - "os/exec" "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/pkg/util" - "github.com/containers/podman/v3/utils" "github.com/sirupsen/logrus" + "github.com/vishvananda/netlink" ) // GetFreeDeviceName returns a device name that is unused; used when no network @@ -52,12 +51,9 @@ func GetFreeDeviceName(config *config.Config) (string, error) { // RemoveInterface removes an interface by the given name func RemoveInterface(interfaceName string) error { - // Make sure we have the ip command on the system - ipPath, err := exec.LookPath("ip") + link, err := netlink.LinkByName(interfaceName) if err != nil { return err } - // Delete the network interface - _, err = utils.ExecCmd(ipPath, []string{"link", "del", interfaceName}...) - return err + return netlink.LinkDel(link) } diff --git a/libpod/network/network.go b/libpod/network/network.go index 805988432..3b81ce776 100644 --- a/libpod/network/network.go +++ b/libpod/network/network.go @@ -194,8 +194,9 @@ func removeNetwork(config *config.Config, name string) error { return errors.Wrapf(err, "failed to get live network names") } if util.StringInSlice(interfaceName, liveNetworkNames) { - if err := RemoveInterface(interfaceName); err != nil { - return errors.Wrapf(err, "failed to delete the network interface %q", interfaceName) + if err = RemoveInterface(interfaceName); err != nil { + // only log the error, it is not fatal + logrus.Infof("failed to remove network interface %s: %v", interfaceName, err) } } } diff --git a/pkg/cgroups/cgroups.go b/pkg/cgroups/cgroups.go index 9cb32a364..4bb8de69b 100644 --- a/pkg/cgroups/cgroups.go +++ b/pkg/cgroups/cgroups.go @@ -231,7 +231,10 @@ func getCgroupPathForCurrentProcess() (string, error) { for s.Scan() { text := s.Text() procEntries := strings.SplitN(text, "::", 2) - cgroupPath = procEntries[1] + // set process cgroupPath only if entry is valid + if len(procEntries) > 1 { + cgroupPath = procEntries[1] + } } if err := s.Err(); err != nil { return cgroupPath, err diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 262b09cad..c575212b1 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -89,6 +89,8 @@ type ImageRemoveOptions struct { All bool // Foce will force image removal including containers using the images. Force bool + // Confirms if given name is a manifest list and removes it, otherwise returns error. + LookupManifest bool } // ImageRemoveResponse is the response for removing one or more image(s) from storage diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index e8739615d..a88d38a10 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -521,6 +521,7 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie libimageOptions := &libimage.RemoveImagesOptions{} libimageOptions.Filters = []string{"readonly=false"} libimageOptions.Force = opts.Force + libimageOptions.LookupManifest = opts.LookupManifest if !opts.All { libimageOptions.Filters = append(libimageOptions.Filters, "intermediate=false") } diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index 666bc997d..1dd0686ac 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -306,7 +306,7 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri // ManifestRm removes the specified manifest list from storage func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (report *entities.ImageRemoveReport, rmErrors []error) { - return ir.Remove(ctx, names, entities.ImageRemoveOptions{}) + return ir.Remove(ctx, names, entities.ImageRemoveOptions{LookupManifest: true}) } // ManifestPush pushes a manifest list or image index to the destination diff --git a/pkg/domain/infra/tunnel/manifest.go b/pkg/domain/infra/tunnel/manifest.go index b8069405a..62634f561 100644 --- a/pkg/domain/infra/tunnel/manifest.go +++ b/pkg/domain/infra/tunnel/manifest.go @@ -85,7 +85,7 @@ func (ir *ImageEngine) ManifestRemove(ctx context.Context, names []string) (stri // ManifestRm removes the specified manifest list from storage func (ir *ImageEngine) ManifestRm(ctx context.Context, names []string) (*entities.ImageRemoveReport, []error) { - return ir.Remove(ctx, names, entities.ImageRemoveOptions{}) + return ir.Remove(ctx, names, entities.ImageRemoveOptions{LookupManifest: true}) } // ManifestPush pushes a manifest list or image index to the destination diff --git a/pkg/machine/libvirt/config.go b/pkg/machine/libvirt/config.go deleted file mode 100644 index 1ce5ab154..000000000 --- a/pkg/machine/libvirt/config.go +++ /dev/null @@ -1,6 +0,0 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin - -package libvirt - -type MachineVM struct { -} diff --git a/pkg/machine/libvirt/machine.go b/pkg/machine/libvirt/machine.go deleted file mode 100644 index e1aa1569b..000000000 --- a/pkg/machine/libvirt/machine.go +++ /dev/null @@ -1,17 +0,0 @@ -// +build amd64,linux arm64,linux amd64,darwin arm64,darwin - -package libvirt - -import "github.com/containers/podman/v3/pkg/machine" - -func (v *MachineVM) Init(name string, opts machine.InitOptions) error { - return nil -} - -func (v *MachineVM) Start(name string) error { - return nil -} - -func (v *MachineVM) Stop(name string) error { - return nil -} diff --git a/pkg/machine/libvirt/machine_unsupported.go b/pkg/machine/libvirt/machine_unsupported.go deleted file mode 100644 index 8b54440fe..000000000 --- a/pkg/machine/libvirt/machine_unsupported.go +++ /dev/null @@ -1,3 +0,0 @@ -// +build !amd64 amd64,windows - -package libvirt diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 38a16c3ef..dc7703724 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -278,6 +278,9 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { time.Sleep(wait) wait++ } + if err != nil { + return err + } fd, err := qemuSocketConn.(*net.UnixConn).File() if err != nil { diff --git a/pkg/machine/qemu/options_darwin_amd64.go b/pkg/machine/qemu/options_darwin_amd64.go index ee1036291..ff8d10db1 100644 --- a/pkg/machine/qemu/options_darwin_amd64.go +++ b/pkg/machine/qemu/options_darwin_amd64.go @@ -5,7 +5,7 @@ var ( ) func (v *MachineVM) addArchOptions() []string { - opts := []string{"-machine", "q35,accel=hvf:tcg"} + opts := []string{"-machine", "q35,accel=hvf:tcg", "-cpu", "host"} return opts } diff --git a/pkg/machine/qemu/options_darwin_arm64.go b/pkg/machine/qemu/options_darwin_arm64.go index 7513b3048..8c651584e 100644 --- a/pkg/machine/qemu/options_darwin_arm64.go +++ b/pkg/machine/qemu/options_darwin_arm64.go @@ -13,6 +13,7 @@ func (v *MachineVM) addArchOptions() []string { ovmfDir := getOvmfDir(v.ImagePath, v.Name) opts := []string{ "-accel", "hvf", + "-accel", "tcg", "-cpu", "cortex-a57", "-M", "virt,highmem=off", "-drive", "file=/usr/local/share/qemu/edk2-aarch64-code.fd,if=pflash,format=raw,readonly=on", diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index 9f676db1b..6a6397257 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -453,7 +453,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions s.ImageVolumeMode = "anonymous" } - s.Systemd = c.Systemd + s.Systemd = strings.ToLower(c.Systemd) s.SdNotifyMode = c.SdNotifyMode if s.ResourceLimits == nil { s.ResourceLimits = &specs.LinuxResources{} diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 95f90d4c1..27aaaba48 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -280,4 +280,32 @@ var _ = Describe("Podman manifest", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(1)) }) + + It("podman manifest rm should not remove referenced images", func() { + manifestList := "manifestlist" + imageName := "quay.io/libpod/busybox" + + session := podmanTest.Podman([]string{"pull", imageName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"manifest", "create", manifestList}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"manifest", "add", manifestList, imageName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"manifest", "rm", manifestList}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + //image should still show up + session = podmanTest.Podman([]string{"images"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring(imageName)) + Expect(session).Should(Exit(0)) + }) + }) diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 3213a839a..a1b25b723 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -176,4 +176,21 @@ WantedBy=multi-user.target Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) }) + + It("podman run --systemd arg is case insensitive", func() { + session := podmanTest.Podman([]string{"run", "--rm", "--systemd", "Always", ALPINE, "echo", "test"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(Equal("test")) + + session = podmanTest.Podman([]string{"run", "--rm", "--systemd", "True", ALPINE, "echo", "test"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(Equal("test")) + + session = podmanTest.Podman([]string{"run", "--rm", "--systemd", "False", ALPINE, "echo", "test"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should(Equal("test")) + }) }) diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats index b172bb917..bb4b5c13f 100644 --- a/test/system/255-auto-update.bats +++ b/test/system/255-auto-update.bats @@ -339,6 +339,8 @@ EOF } @test "podman auto-update using systemd" { + skip_if_journald_unavailable + generate_service alpine image cat >$UNIT_DIR/podman-auto-update-$cname.timer <<EOF @@ -386,7 +388,9 @@ EOF done if [[ -n "$failed_start" ]]; then - die "Did not find expected string '$expect' in journalctl output for $cname" + echo "journalctl output:" + sed -e 's/^/ /' <<<"$output" + die "Did not find expected string '$expect' in journalctl output for $cname" fi _confirm_update $cname $ori_image diff --git a/vendor/github.com/containers/common/libimage/disk_usage.go b/vendor/github.com/containers/common/libimage/disk_usage.go index edfd095a0..2cde09846 100644 --- a/vendor/github.com/containers/common/libimage/disk_usage.go +++ b/vendor/github.com/containers/common/libimage/disk_usage.go @@ -52,6 +52,10 @@ func (r *Runtime) DiskUsage(ctx context.Context) ([]ImageDiskUsage, error) { // diskUsageForImage returns the disk-usage baseistics for the specified image. func diskUsageForImage(ctx context.Context, image *Image, tree *layerTree) ([]ImageDiskUsage, error) { + if err := image.isCorrupted(""); err != nil { + return nil, err + } + base := ImageDiskUsage{ ID: image.ID(), Created: image.Created(), diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index b4623a870..ff7d546e9 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -74,7 +74,10 @@ func (i *Image) isCorrupted(name string) error { } if _, err := ref.NewImage(context.Background(), nil); err != nil { - return errors.Errorf("Image %s exists in local storage but may be corrupted: %v", name, err) + if name == "" { + name = i.ID()[:12] + } + return errors.Errorf("Image %s exists in local storage but may be corrupted (remove the image to resolve the issue): %v", name, err) } return nil } diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go index 26a04dad5..42461014d 100644 --- a/vendor/github.com/containers/common/libimage/runtime.go +++ b/vendor/github.com/containers/common/libimage/runtime.go @@ -161,8 +161,14 @@ type LookupImageOptions struct { // If set, do not look for items/instances in the manifest list that // match the current platform but return the manifest list as is. + // only check for manifest list, return ErrNotAManifestList if not found. lookupManifest bool + // If matching images resolves to a manifest list, return manifest list + // instead of resolving to image instance, if manifest list is not found + // try resolving image. + ManifestList bool + // If the image resolves to a manifest list, we usually lookup a // matching instance and error if none could be found. In this case, // just return the manifest list. Required for image removal. @@ -305,11 +311,14 @@ func (r *Runtime) lookupImageInLocalStorage(name, candidate string, options *Loo } return nil, err } - if options.lookupManifest { + if options.lookupManifest || options.ManifestList { if isManifestList { return image, nil } - return nil, errors.Wrapf(ErrNotAManifestList, candidate) + // return ErrNotAManifestList if lookupManifest is set otherwise try resolving image. + if options.lookupManifest { + return nil, errors.Wrapf(ErrNotAManifestList, candidate) + } } if isManifestList { @@ -532,6 +541,11 @@ type RemoveImagesOptions struct { // using a removed image. Use RemoveContainerFunc for a custom logic. // If set, all child images will be removed as well. Force bool + // LookupManifest will expect all specified names to be manifest lists (no instance look up). + // This allows for removing manifest lists. + // By default, RemoveImages will attempt to resolve to a manifest instance matching + // the local platform (i.e., os, architecture, variant). + LookupManifest bool // RemoveContainerFunc allows for a custom logic for removing // containers using a specific image. By default, all containers in // the local containers storage will be removed (if Force is set). @@ -591,13 +605,22 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem toDelete := []string{} // Look up images in the local containers storage and fill out // toDelete and the deleteMap. + switch { case len(names) > 0: + // prepare lookupOptions + var lookupOptions *LookupImageOptions + if options.LookupManifest { + // LookupManifest configured as true make sure we only remove manifests and no referenced images. + lookupOptions = &LookupImageOptions{lookupManifest: true} + } else { + lookupOptions = &LookupImageOptions{returnManifestIfNoInstance: true} + } // Look up the images one-by-one. That allows for removing // images that have been looked up successfully while reporting // lookup errors at the end. for _, name := range names { - img, resolvedName, err := r.LookupImage(name, &LookupImageOptions{returnManifestIfNoInstance: true}) + img, resolvedName, err := r.LookupImage(name, lookupOptions) if err != nil { appendError(err) continue diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index e554bac70..f840472cc 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -778,7 +778,7 @@ func (c *NetworkConfig) Validate() error { } } - if stringsEq(c.CNIPluginDirs, cniBinDir) { + if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) { return nil } diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 0068a9a17..481405a1a 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -262,7 +262,13 @@ default_sysctls = [ # Path to directory where CNI plugin binaries are located. # -#cni_plugin_dirs = ["/usr/libexec/cni"] +#cni_plugin_dirs = [ +# "/usr/local/libexec/cni", +# "/usr/libexec/cni", +# "/usr/local/lib/cni", +# "/usr/lib/cni", +# "/opt/cni/bin", +#] # The network name of the default CNI network to attach pods to. # diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 66531a2ba..b8dc21475 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -76,10 +76,12 @@ var ( "CAP_SYS_CHROOT", } - cniBinDir = []string{ + // It may seem a bit unconventional, but it is necessary to do so + DefaultCNIPluginDirs = []string{ + "/usr/local/libexec/cni", "/usr/libexec/cni", - "/usr/lib/cni", "/usr/local/lib/cni", + "/usr/lib/cni", "/opt/cni/bin", } @@ -207,7 +209,7 @@ func DefaultConfig() (*Config, error) { DefaultNetwork: "podman", DefaultSubnet: DefaultSubnet, NetworkConfigDir: cniConfig, - CNIPluginDirs: cniBinDir, + CNIPluginDirs: DefaultCNIPluginDirs, }, Engine: *defaultEngineConfig, Secrets: defaultSecretConfig(), diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go index 725e0bfc7..cf333744c 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go +++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go @@ -236,6 +236,7 @@ func DefaultProfile() *Seccomp { "madvise", "mbind", "memfd_create", + "memfd_secret", "mincore", "mkdir", "mkdirat", diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json index eeb41d5d8..c009134e3 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json +++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json @@ -242,6 +242,7 @@ "madvise", "mbind", "memfd_create", + "memfd_secret", "mincore", "mkdir", "mkdirat", diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 572fe9bbd..2e2d557e3 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.43.2" +const Version = "0.43.3-dev" diff --git a/vendor/modules.txt b/vendor/modules.txt index 3666ff40b..ab186c1e4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/util -# github.com/containers/common v0.43.2 +# github.com/containers/common v0.43.3-0.20210902095222-a7acc160fb25 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor |