aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/images/build.go6
-rw-r--r--cmd/podman/root.go4
-rw-r--r--docs/source/markdown/podman-attach.1.md2
-rw-r--r--docs/source/markdown/podman-build.1.md6
-rw-r--r--docs/source/markdown/podman-container-exists.1.md6
-rw-r--r--docs/source/markdown/podman-create.1.md16
-rw-r--r--docs/source/markdown/podman-generate-kube.1.md2
-rw-r--r--docs/source/markdown/podman-image-sign.1.md2
-rw-r--r--docs/source/markdown/podman-logs.1.md2
-rw-r--r--docs/source/markdown/podman-machine-list.1.md2
-rw-r--r--docs/source/markdown/podman-manifest-push.1.md8
-rw-r--r--docs/source/markdown/podman-mount.1.md2
-rw-r--r--docs/source/markdown/podman-network-create.1.md2
-rw-r--r--docs/source/markdown/podman-network-exists.1.md2
-rw-r--r--docs/source/markdown/podman-play-kube.1.md4
-rw-r--r--docs/source/markdown/podman-pod-logs.1.md2
-rw-r--r--docs/source/markdown/podman-pull.1.md2
-rw-r--r--docs/source/markdown/podman-run.1.md14
-rw-r--r--docs/source/markdown/podman-untag.1.md2
-rw-r--r--docs/source/markdown/podman-volume-exists.1.md2
-rw-r--r--docs/source/markdown/podman.1.md4
-rw-r--r--libpod/networking_linux.go7
-rw-r--r--libpod/runtime_ctr.go9
-rw-r--r--pkg/api/handlers/compat/images_build.go30
-rw-r--r--test/e2e/common_test.go8
-rw-r--r--test/e2e/containers_conf_test.go17
-rw-r--r--test/e2e/run_networking_test.go13
27 files changed, 93 insertions, 83 deletions
diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go
index f975cd6d5..cde050d5e 100644
--- a/cmd/podman/images/build.go
+++ b/cmd/podman/images/build.go
@@ -183,12 +183,6 @@ func buildFlags(cmd *cobra.Command) {
completion.CompleteCommandFlags(cmd, fromAndBudFlagsCompletions)
flags.SetNormalizeFunc(buildahCLI.AliasFlags)
if registry.IsRemote() {
- flag = flags.Lookup("isolation")
- buildOpts.Isolation = buildahDefine.OCI
- if err := flag.Value.Set(buildahDefine.OCI); err != nil {
- logrus.Errorf("Unable to set --isolation to %v: %v", buildahDefine.OCI, err)
- }
- flag.DefValue = buildahDefine.OCI
_ = flags.MarkHidden("disable-content-trust")
_ = flags.MarkHidden("cache-from")
_ = flags.MarkHidden("sign-by")
diff --git a/cmd/podman/root.go b/cmd/podman/root.go
index be6eacfc2..6d768c2e6 100644
--- a/cmd/podman/root.go
+++ b/cmd/podman/root.go
@@ -415,12 +415,12 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) {
_ = cmd.RegisterFlagCompletionFunc(runrootFlagName, completion.AutocompleteDefault)
runtimeFlagName := "runtime"
- pFlags.StringVar(&opts.RuntimePath, runtimeFlagName, "", "Path to the OCI-compatible binary used to run containers, default is /usr/bin/runc")
+ pFlags.StringVar(&opts.RuntimePath, runtimeFlagName, cfg.Engine.OCIRuntime, "Path to the OCI-compatible binary used to run containers.")
_ = cmd.RegisterFlagCompletionFunc(runtimeFlagName, completion.AutocompleteDefault)
// -s is deprecated due to conflict with -s on subcommands
storageDriverFlagName := "storage-driver"
- pFlags.StringVar(&opts.StorageDriver, storageDriverFlagName, "", "Select which storage driver is used to manage storage of images and containers (default is overlay)")
+ pFlags.StringVar(&opts.StorageDriver, storageDriverFlagName, "", "Select which storage driver is used to manage storage of images and containers")
_ = cmd.RegisterFlagCompletionFunc(storageDriverFlagName, completion.AutocompleteNone) //TODO: what can we recommend here?
tmpdirFlagName := "tmpdir"
diff --git a/docs/source/markdown/podman-attach.1.md b/docs/source/markdown/podman-attach.1.md
index b86b981d2..6340a9360 100644
--- a/docs/source/markdown/podman-attach.1.md
+++ b/docs/source/markdown/podman-attach.1.md
@@ -10,7 +10,7 @@ podman\-attach - Attach to a running container
## DESCRIPTION
**podman attach** attaches to a running *container* using the *container's name* or *ID*, to either view its ongoing output or to control it interactively.\
-The *container* can detached from (and leave it running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`. Configure the keys sequence using the **--detach-keys** OPTION, or specifying it in the `containers.conf` file: see **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)** for more information.
+The *container* can be detached from (and leave it running) using a configurable key sequence. The default sequence is `ctrl-p,ctrl-q`. Configure the keys sequence using the **--detach-keys** OPTION, or specifying it in the `containers.conf` file: see **[containers.conf(5)](https://github.com/containers/common/blob/master/docs/containers.conf.5.md)** for more information.
## OPTIONS
#### **--detach-keys**=**sequence**
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 474597938..a2e5cf587 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -29,7 +29,7 @@ still be used by other tools when manually preprocessing them via `cpp -E`.
When the URL is an archive, the contents of the URL is downloaded to a temporary
location and extracted before execution.
-When the URL is an Containerfile, the Containerfile is downloaded to a temporary
+When the URL is a Containerfile, the Containerfile is downloaded to a temporary
location.
When a Git repository is set as the URL, the repository is cloned locally and
@@ -364,7 +364,7 @@ Add an image *label* (e.g. label=*value*) to the image metadata. Can be used
multiple times.
Users can set a special LABEL **io.containers.capabilities=CAP1,CAP2,CAP3** in
-a Containerfile that specified the list of Linux capabilities required for the
+a Containerfile that specifies the list of Linux capabilities required for the
container to run properly. This label specified in a container image tells
Podman to run the container with just these capabilities. Podman launches the
container with just the specified capabilities, as long as this list of
@@ -711,7 +711,7 @@ than being relative to the host as it would be when run rootfull.
#### **--uts**=*how*
-Sets the configuration for UTS namespaces when the handling `RUN` instructions.
+Sets the configuration for UTS namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
that a new UTS namespace should be created, or it can be "host" to indicate
that the UTS namespace in which `podman` itself is being run should be reused,
diff --git a/docs/source/markdown/podman-container-exists.1.md b/docs/source/markdown/podman-container-exists.1.md
index d059276d7..cc5defe6b 100644
--- a/docs/source/markdown/podman-container-exists.1.md
+++ b/docs/source/markdown/podman-container-exists.1.md
@@ -23,21 +23,21 @@ The default is **false**.
## EXAMPLES
-Check if an container called "webclient" exists in local storage. Here, the container does exist.
+Check if a container called "webclient" exists in local storage. Here, the container does exist.
```
$ podman container exists webclient
$ echo $?
0
```
-Check if an container called "webbackend" exists in local storage. Here, the container does not exist.
+Check if a container called "webbackend" exists in local storage. Here, the container does not exist.
```
$ podman container exists webbackend
$ echo $?
1
```
-Check if an container called "ubi8-working-container" created via Buildah exists in local storage. Here, the container does not exist.
+Check if a container called "ubi8-working-container" created via Buildah exists in local storage. Here, the container does not exist.
```
$ podman container exists --external ubi8-working-container
$ echo $?
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 6d69b2628..ea3003d09 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -127,7 +127,7 @@ If the host uses cgroups v1, the default is set to **host**. On cgroups v2 the d
#### **--cgroups**=*mode*
Determines whether the container will create CGroups.
-Valid values are *enabled*, *disabled*, *no-conmon*, *split*, which the default being *enabled*.
+Valid values are *enabled*, *disabled*, *no-conmon*, *split*, with the default being *enabled*.
The *enabled* option will create a new cgroup under the cgroup-parent.
The *disabled* option will force the container to not create CGroups, and thus conflicts with CGroup options (**--cgroupns** and **--cgroup-parent**).
@@ -308,7 +308,7 @@ Set custom DNS servers. Invalid if using **--dns** and **--network** that is set
This option can be used to override the DNS
configuration passed to the container. Typically this is necessary when the
host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this
-is the case the **--dns** flags is necessary for every run.
+is the case the **--dns** flag is necessary for every run.
The special value **none** can be specified to disable creation of **/etc/resolv.conf** in the container by Podman.
The **/etc/resolv.conf** file in the image will be used without changes.
@@ -695,7 +695,7 @@ Valid _mode_ values are:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- - **mac=MAC**: Specify a static mac address address for this container.
+ - **mac=MAC**: Specify a static mac address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
@@ -715,7 +715,7 @@ Valid _mode_ values are:
- **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
- **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
- Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+ Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
#### **--network-alias**=*alias*
@@ -1028,7 +1028,7 @@ Podman will setup tmpfs mount points in the following directories:
It will also set the default stop signal to SIGRTMIN+3.
-This allow systemd to run in a confined container without any modifications.
+This allows systemd to run in a confined container without any modifications.
Note: On `SELinux` systems, systemd attempts to write to the cgroup
file system. Containers writing to the cgroup file system are denied by default.
@@ -1307,7 +1307,7 @@ Only the current container can use a private volume.
Note: Do not relabel system files and directories. Relabeling system content
might cause other confined services on your machine to fail. For these types
-of containers we recommend that disable SELinux separation. The option
+of containers we recommend disabling SELinux separation. The option
`--security-opt label=disable` disables SELinux separation for containers used in the build.
For example if a user wanted to volume mount their entire home directory into a
container, they need to disable SELinux separation.
@@ -1372,7 +1372,7 @@ the volume will not be able to change their privilege. By default volumes
are mounted with `nosuid`.
Mounting the volume with the noexec option means that no executables on the
-volume will be able to executed within the container.
+volume will be able to be executed within the container.
Mounting the volume with the nodev option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
@@ -1540,7 +1540,7 @@ $ podman create --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine
### Rootless Containers
-Podman runs as a non root user on most systems. This feature requires that a new enough version of shadow-utils
+Podman runs as a non-root user on most systems. This feature requires that a new enough version of shadow-utils
be installed. The shadow-utils package must include the newuidmap and newgidmap executables.
Note: RHEL7 and Centos 7 will not have this feature until RHEL7.7 is released.
diff --git a/docs/source/markdown/podman-generate-kube.1.md b/docs/source/markdown/podman-generate-kube.1.md
index 3586341a9..8cd35140e 100644
--- a/docs/source/markdown/podman-generate-kube.1.md
+++ b/docs/source/markdown/podman-generate-kube.1.md
@@ -6,7 +6,7 @@ podman-generate-kube - Generate Kubernetes YAML based on containers, pods or vol
**podman generate kube** [*options*] *container...* | *pod...* | *volume...*
## DESCRIPTION
-**podman generate kube** will generate Kubernetes YAML (v1 specification) from Podman containers, pods or volumes. Whether
+**podman generate kube** will generate Kubernetes YAML (v1 specification) from Podman containers, pods or volumes. Regardless of whether
the input is for containers or pods, Podman will always generate the specification as a Pod. The input may be in the form
of one or more containers, pods or volumes names or IDs.
diff --git a/docs/source/markdown/podman-image-sign.1.md b/docs/source/markdown/podman-image-sign.1.md
index 8758b8861..42ddd7eb2 100644
--- a/docs/source/markdown/podman-image-sign.1.md
+++ b/docs/source/markdown/podman-image-sign.1.md
@@ -56,7 +56,7 @@ The write (and read) location for signatures is defined in YAML-based
configuration files in /etc/containers/registries.d/ for root,
or $HOME/.config/containers/registries.d for non-root users. When you sign
an image, Podman will use those configuration files to determine
-where to write the signature based on the the name of the originating
+where to write the signature based on the name of the originating
registry or a default storage value unless overridden with the --directory
option. For example, consider the following configuration file.
diff --git a/docs/source/markdown/podman-logs.1.md b/docs/source/markdown/podman-logs.1.md
index 888279990..b8b0b44ba 100644
--- a/docs/source/markdown/podman-logs.1.md
+++ b/docs/source/markdown/podman-logs.1.md
@@ -20,7 +20,7 @@ any logs at the time you execute podman logs).
Follow log output. Default is false.
Note: If you are following a container which is removed `podman container rm`
-or removed on exit `podman run --rm ...`, then there is a chance the the log
+or removed on exit `podman run --rm ...`, then there is a chance that the log
file will be removed before `podman logs` reads the final content.
#### **--latest**, **-l**
diff --git a/docs/source/markdown/podman-machine-list.1.md b/docs/source/markdown/podman-machine-list.1.md
index b448f890a..d1333f1e2 100644
--- a/docs/source/markdown/podman-machine-list.1.md
+++ b/docs/source/markdown/podman-machine-list.1.md
@@ -39,7 +39,7 @@ Valid placeholders for the Go template are listed below:
| .VMType | VM type |
| .Port | SSH Port to use to connect to VM|
| .RemoteUsername | VM Username for rootless Podman |
-| .IdentityPath | Path to ssh identify file |
+| .IdentityPath | Path to ssh identity file |
#### **--help**
diff --git a/docs/source/markdown/podman-manifest-push.1.md b/docs/source/markdown/podman-manifest-push.1.md
index 38201555e..3a68f6228 100644
--- a/docs/source/markdown/podman-manifest-push.1.md
+++ b/docs/source/markdown/podman-manifest-push.1.md
@@ -78,22 +78,22 @@ Require HTTPS and verify certificates when talking to container registries. (def
**dir:**_path_
An existing local directory _path_ storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.
- $ podman manfiest push mylist:v1.11 dir:/tmp/mylist
+ $ podman manifest push mylist:v1.11 dir:/tmp/mylist
**docker://**_docker-reference_
An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in `$XDG_RUNTIME_DIR/containers/auth.json`, which is set using `(podman login)`. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `(docker login)`.
- $ podman manfiest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
+ $ podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
**docker-archive:**_path_[**:**_docker-reference_]
An image is stored in the `docker save` formatted file. _docker-reference_ is only used when creating such a file, and it must not contain a digest.
- $ podman manfiest push mylist:v1.11 docker-archive:/tmp/mylist
+ $ podman manifest push mylist:v1.11 docker-archive:/tmp/mylist
**docker-daemon:**_docker-reference_
An image in _docker-reference_ format stored in the docker daemon internal storage. _docker-reference_ must contain a tag.
- $ podman manfiest push mylist:v1.11 docker-daemon:registry.example.org/mylist:v1.11
+ $ podman manifest push mylist:v1.11 docker-daemon:registry.example.org/mylist:v1.11
**oci-archive:**_path_**:**_tag_
An image _tag_ in a directory compliant with "Open Container Image Layout Specification" at _path_.
diff --git a/docs/source/markdown/podman-mount.1.md b/docs/source/markdown/podman-mount.1.md
index a4ce25bce..33524029c 100644
--- a/docs/source/markdown/podman-mount.1.md
+++ b/docs/source/markdown/podman-mount.1.md
@@ -14,7 +14,7 @@ accessed from the host, and returns its location.
If you execute the command without any arguments, Podman will list all of the
currently mounted containers, including external containers. External containers are
-containers in container/storage by tools other then Podman. For example Buildah and
+containers in container/storage by tools other than Podman. For example Buildah and
CRI-O.
Rootless mode only supports mounting VFS driver, unless you enter the user namespace
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index d48509581..8a9b2f3cf 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -39,7 +39,7 @@ Additionally the `bridge` driver supports the following option:
The `macvlan` and `ipvlan` driver support the following options:
- `parent`: The host device which should be used for the macvlan interface. Defaults to the default route interface.
-- `mode`: This options sets the specified ip/macvlan mode on the interface.
+- `mode`: This option sets the specified ip/macvlan mode on the interface.
- Supported values for `macvlan` are `bridge`, `private`, `vepa`, `passthru`. Defaults to `bridge`.
- Supported values for `ipvlan` are `l2`, `l3`, `l3s`. Defaults to `l2`.
diff --git a/docs/source/markdown/podman-network-exists.1.md b/docs/source/markdown/podman-network-exists.1.md
index ee62a830e..44c145cd9 100644
--- a/docs/source/markdown/podman-network-exists.1.md
+++ b/docs/source/markdown/podman-network-exists.1.md
@@ -29,7 +29,7 @@ $ echo $?
$
```
-Check if an network called `webbackend` exists (the network does not actually exist).
+Check if a network called `webbackend` exists (the network does not actually exist).
```
$ podman network exists webbackend
$ echo $?
diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md
index 390058b4a..a056640e7 100644
--- a/docs/source/markdown/podman-play-kube.1.md
+++ b/docs/source/markdown/podman-play-kube.1.md
@@ -179,7 +179,7 @@ Valid _mode_ values are:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- - **mac=MAC**: Specify a static mac address address for this container.
+ - **mac=MAC**: Specify a static mac address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
@@ -198,7 +198,7 @@ Valid _mode_ values are:
- **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
- **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
- Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+ Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
#### **--no-hosts**
diff --git a/docs/source/markdown/podman-pod-logs.1.md b/docs/source/markdown/podman-pod-logs.1.md
index 5adcd9df5..bc38c33fd 100644
--- a/docs/source/markdown/podman-pod-logs.1.md
+++ b/docs/source/markdown/podman-pod-logs.1.md
@@ -22,7 +22,7 @@ By default `podman pod logs` retrieves logs for all the containers available wit
Follow log output. Default is false.
Note: If you are following a pod which is removed `podman pod rm`, then there is a
-chance the the log file will be removed before `podman pod logs` reads the final content.
+chance that the log file will be removed before `podman pod logs` reads the final content.
#### **--latest**, **-l**
diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md
index 6a1240269..fe4af44d3 100644
--- a/docs/source/markdown/podman-pull.1.md
+++ b/docs/source/markdown/podman-pull.1.md
@@ -17,7 +17,7 @@ podman pull copies an image from a registry onto the local machine. The command
*IMPORTANT: Images are stored in local image storage.*
## SOURCE
-SOURCE is the location from the container image is pulled from. It supports all transports from **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)**. If no transport is specified, the input is subject to short-name resolution and the `docker` (i.e., container registry) transport is used. For remote clients, `docker` is the only supported transport.
+SOURCE is the location from which the container image is pulled from. It supports all transports from **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)**. If no transport is specified, the input is subject to short-name resolution and the `docker` (i.e., container registry) transport is used. For remote clients, `docker` is the only supported transport.
```
# Pull from a container registry
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index b96abeaa2..241cb6d95 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -341,7 +341,7 @@ Set custom DNS servers. Invalid if using **--dns** with **--network** that is se
This option can be used to override the DNS
configuration passed to the container. Typically this is necessary when the
host DNS configuration is invalid for the container (e.g., **127.0.0.1**). When this
-is the case the **--dns** flags is necessary for every run.
+is the case the **--dns** flag is necessary for every run.
The special value **none** can be specified to disable creation of _/etc/resolv.conf_ in the container by Podman.
The _/etc/resolv.conf_ file in the image will be used without changes.
@@ -411,7 +411,7 @@ Note: the **--gidmap** flag cannot be called in conjunction with the **--pod** f
#### **--group-add**=*group|keep-groups*
-Add additional groups to assign to primary user running within the container process.
+Assign additional groups to the primary user running within the container process.
- `keep-groups` is a special flag that tells Podman to keep the supplementary group access.
@@ -722,7 +722,7 @@ Valid _mode_ values are:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- - **mac=MAC**: Specify a static mac address address for this container.
+ - **mac=MAC**: Specify a static mac address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
For example to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.
@@ -742,7 +742,7 @@ Valid _mode_ values are:
- **outbound_addr6=INTERFACE**: Specify the outbound interface slirp should bind to (ipv6 traffic only).
- **outbound_addr6=IPv6**: Specify the outbound ipv6 address slirp should bind to.
- **port_handler=rootlesskit**: Use rootlesskit for port forwarding. Default.
- Note: Rootlesskit changes the source IP address of incoming packets to a IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
+ Note: Rootlesskit changes the source IP address of incoming packets to an IP address in the container network namespace, usually `10.0.2.100`. If your application requires the real source IP address, e.g. web server logs, use the slirp4netns port handler. The rootlesskit port handler is also used for rootless containers when connected to user-defined networks.
- **port_handler=slirp4netns**: Use the slirp4netns port forwarding, it is slower than rootlesskit but preserves the correct source IP address. This port handler cannot be used for user-defined networks.
#### **--network-alias**=*alias*
@@ -1377,7 +1377,7 @@ The **Z** option tells Podman to label the content with a private unshared label
Note: Do not relabel system files and directories. Relabeling system content
might cause other confined services on your machine to fail. For these types
-of containers we recommend that disable SELinux separation. The option
+of containers we recommend disabling SELinux separation. The option
`--security-opt label=disable` disables SELinux separation for the container.
For example if a user wanted to volume mount their entire home directory into a
container, they need to disable SELinux separation.
@@ -1444,7 +1444,7 @@ the volume will not be able to change their privilege. By default volumes
are mounted with **nosuid**.
Mounting the volume with the **noexec** option means that no executables on the
-volume will be able to executed within the container.
+volume will be able to be executed within the container.
Mounting the volume with the **nodev** option means that no devices on the volume
will be able to be used by processes within the container. By default volumes
@@ -1920,7 +1920,7 @@ $ podman run --network net1:ip=10.89.1.5 --network net2:ip=10.89.10.10 alpine ip
### Rootless Containers
-Podman runs as a non root user on most systems. This feature requires that a new enough version of **shadow-utils**
+Podman runs as a non-root user on most systems. This feature requires that a new enough version of **shadow-utils**
be installed. The **shadow-utils** package must include the **newuidmap**(1) and **newgidmap**(1) executables.
Note: RHEL7 and Centos 7 will not have this feature until RHEL7.7 is released.
diff --git a/docs/source/markdown/podman-untag.1.md b/docs/source/markdown/podman-untag.1.md
index 8314e5f9b..0dd882a92 100644
--- a/docs/source/markdown/podman-untag.1.md
+++ b/docs/source/markdown/podman-untag.1.md
@@ -9,7 +9,7 @@ podman\-untag - Removes one or more names from a locally-stored image
**podman image untag** *image* [*name*[:*tag*]...]
## DESCRIPTION
-Remove one or more names from an image in the local storage. The image can be referred to by ID or reference. If a no name is specified, all names are removed the image. If a specified name is a short name and does not include a registry `localhost/` will be prefixed (e.g., `fedora` -> `localhost/fedora`). If a specified name does not include a tag `:latest` will be appended (e.g., `localhost/fedora` -> `localhost/fedora:latest`).
+Remove one or more names from an image in the local storage. The image can be referred to by ID or reference. If no name is specified, all names are removed from the image. If a specified name is a short name and does not include a registry, `localhost/` will be prefixed (e.g., `fedora` -> `localhost/fedora`). If a specified name does not include a tag, `:latest` will be appended (e.g., `localhost/fedora` -> `localhost/fedora:latest`).
## OPTIONS
diff --git a/docs/source/markdown/podman-volume-exists.1.md b/docs/source/markdown/podman-volume-exists.1.md
index dbdf0985c..28d42e987 100644
--- a/docs/source/markdown/podman-volume-exists.1.md
+++ b/docs/source/markdown/podman-volume-exists.1.md
@@ -28,7 +28,7 @@ $ echo $?
$
```
-Check if an volume called `mysql` exists (the volume does not actually exist).
+Check if a volume called `mysql` exists (the volume does not actually exist).
```
$ podman volume exists mysql
$ echo $?
diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md
index bb8f889f5..0fe30bf0f 100644
--- a/docs/source/markdown/podman.1.md
+++ b/docs/source/markdown/podman.1.md
@@ -217,7 +217,7 @@ Set default `--storage-opts` value.
#### **TMPDIR**
-Set the the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
+Set the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`.
#### **XDG_CONFIG_HOME**
@@ -373,7 +373,7 @@ The storage configuration file specifies all of the available container storage
When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults.
-If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default.
+If the **CONTAINERS_STORAGE_CONF** environment variable is set, then its value is used for the storage.conf file rather than the default.
## Rootless mode
Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 110f37b91..f3707a77d 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -1198,13 +1198,6 @@ func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNe
// get network status before we connect
networkStatus := c.getNetworkStatus()
- network, err := c.runtime.network.NetworkInspect(netName)
- if err != nil {
- return err
- }
- if !network.DNSEnabled && len(netOpts.Aliases) > 0 {
- return errors.Wrapf(define.ErrInvalidArg, "cannot set network aliases for network %q because dns is disabled", netName)
- }
// always add the short id as alias for docker compat
netOpts.Aliases = append(netOpts.Aliases, c.config.ID[:12])
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 6ee25c0ec..9ab12732f 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -254,15 +254,6 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
if err != nil {
return nil, err
}
- if len(opts.Aliases) > 0 {
- network, err := r.network.NetworkInspect(netName)
- if err != nil {
- return nil, err
- }
- if !network.DNSEnabled {
- return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set network aliases for network %q because dns is disabled", netName)
- }
- }
// assign interface name if empty
if opts.InterfaceName == "" {
for i < 100000 {
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 707551eab..cc9667202 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -22,6 +22,7 @@ import (
api "github.com/containers/podman/v4/pkg/api/types"
"github.com/containers/podman/v4/pkg/auth"
"github.com/containers/podman/v4/pkg/channel"
+ "github.com/containers/podman/v4/pkg/rootless"
"github.com/containers/storage/pkg/archive"
"github.com/docker/docker/pkg/jsonmessage"
"github.com/gorilla/schema"
@@ -300,7 +301,17 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
registry := query.Registry
isolation := buildah.IsolationDefault
if utils.IsLibpodRequest(r) {
- isolation = parseLibPodIsolation(query.Isolation)
+ var err error
+ isolation, err = parseLibPodIsolation(query.Isolation)
+ if err != nil {
+ utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "failed to parse isolation"))
+ return
+ }
+
+ // make sure to force rootless as rootless otherwise buildah runs code which is intended to be run only as root.
+ if isolation == buildah.IsolationOCI && rootless.IsRootless() {
+ isolation = buildah.IsolationOCIRootless
+ }
registry = ""
format = query.OutputFormat
} else {
@@ -698,22 +709,11 @@ func parseNetworkConfigurationPolicy(network string) buildah.NetworkConfiguratio
}
}
-func parseLibPodIsolation(isolation string) buildah.Isolation { // nolint
+func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { // nolint
if val, err := strconv.Atoi(isolation); err == nil {
- return buildah.Isolation(val)
- }
- switch isolation {
- case "IsolationDefault", "default":
- return buildah.IsolationDefault
- case "IsolationOCI":
- return buildah.IsolationOCI
- case "IsolationChroot":
- return buildah.IsolationChroot
- case "IsolationOCIRootless":
- return buildah.IsolationOCIRootless
- default:
- return buildah.IsolationDefault
+ return buildah.Isolation(val), nil
}
+ return parse.IsolationOption(isolation)
}
func extractTarFile(r *http.Request) (string, error) {
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 56f050665..796ae8141 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -719,6 +719,14 @@ func SkipIfRemote(reason string) {
Skip("[remote]: " + reason)
}
+func SkipIfNotRemote(reason string) {
+ checkReason(reason)
+ if IsRemote() {
+ return
+ }
+ Skip("[local]: " + reason)
+}
+
// SkipIfInContainer skips a test if the test is run inside a container
func SkipIfInContainer(reason string) {
checkReason(reason)
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 69eea580a..a23983623 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -304,9 +304,7 @@ var _ = Describe("Verify podman containers.conf usage", func() {
})
It("podman-remote test localcontainers.conf", func() {
- if !IsRemote() {
- Skip("this test is only for remote")
- }
+ SkipIfNotRemote("this test is only for remote")
os.Setenv("CONTAINERS_CONF", "config/containers-remote.conf")
// Configuration that comes from remote server
@@ -560,4 +558,17 @@ var _ = Describe("Verify podman containers.conf usage", func() {
inspect.WaitWithDefaultTimeout()
Expect(inspect.OutputToString()).To(Equal("disabled"))
})
+
+ It("podman containers.conf runtime", func() {
+ SkipIfRemote("--runtime option is not available for remote commands")
+ conffile := filepath.Join(podmanTest.TempDir, "container.conf")
+ err := ioutil.WriteFile(conffile, []byte("[engine]\nruntime=\"testruntime\"\n"), 0755)
+ Expect(err).ToNot(HaveOccurred())
+
+ os.Setenv("CONTAINERS_CONF", conffile)
+ result := podmanTest.Podman([]string{"--help"})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+ Expect(result.OutputToString()).To(ContainSubstring("Path to the OCI-compatible binary used to run containers. (default \"testruntime\")"))
+ })
})
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 87b1f143e..4868fbd01 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -867,4 +867,17 @@ EXPOSE 2004-2005/tcp`, ALPINE)
Expect(inspectOut[0].NetworkSettings.Networks).To(HaveLen(1))
Expect(inspectOut[0].NetworkSettings.Networks).To(HaveKey("podman"))
})
+
+ // see https://github.com/containers/podman/issues/12972
+ It("podman run check network-alias works on networks without dns", func() {
+ net := "dns" + stringid.GenerateNonCryptoID()
+ session := podmanTest.Podman([]string{"network", "create", "--disable-dns", net})
+ session.WaitWithDefaultTimeout()
+ defer podmanTest.removeCNINetwork(net)
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"run", "--network", net, "--network-alias", "abcdef", ALPINE, "true"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ })
})