| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Podman machine is only intended for amd64 and arm64 architectures, set
the correct buildtags so that the `pkg/machine`, `pkg/machine/qemu` and
`pkg/machine/libvirt` packages compile correctly.
[NO TESTS NEEDED]
Fixes #10625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately --pre-checkpointing never worked as intended and recent
changes to runc have shown that it is broken.
To create a pre-checkpoint CRIU expects the paths between the
pre-checkpoints to be a relative path. If having a previous checkpoint
it needs the be referenced like this: --prev-images-dir ../parent
Unfortunately Podman was giving runc (and CRIU) an absolute path.
Unfortunately, again, until March 2021 CRIU silently ignored if
the path was not relative and switch back to normal checkpointing.
This has been now fixed in CRIU and runc and running pre-checkpoint
with the latest runc fails, because runc already sees that the path is
absolute and returns an error.
This commit fixes this by giving runc a relative path.
This commit also fixes a second pre-checkpointing error which was just
recently introduced.
So summarizing: pre-checkpointing never worked correctly because CRIU
ignored wrong parameters and recent changes broke it even more.
Now both errors should be fixed.
[NO TESTS NEEDED]
Signed-off-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Adrian Reber <adrian@lisas.de>
|
| |
|
|
|
|
|
|
|
|
| |
when looking up the container cgroup, ignore named hierarchies since
containers running systemd as payload will create a sub-cgroup and
move themselves there.
Closes: https://github.com/containers/podman/issues/10602
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
[v3.2] vendor containers/common@v0.38.9
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The fixes will allow for creating containers with a corrupted image in
which case the image will be repulled.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1966872
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| |/
|/| |
[v3.2] rootless: fix fast join userns path
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit ab886328357184cd0a8375a5dedf816ba91789f9 changed the path for
the pause.pid file but didn't update the same path in the C code.
This prevented Podman to take the fast path when the userns is already
created and to join it without re-execing itself.
Fix the path in the C code as well so we can join the rootless
user+mount namespace without having to re-exec Podman.
[NO TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 11badab046d32c0dce40b28707ee3bb72678e36e)
|
| |\
| |
| | |
[v3.2] vendor containers/common@v0.38.7
|
| |/
|
|
|
|
|
|
|
| |
* libimage: pull: turn image-lookup errors non-fatal
Prevents https://bugzilla.redhat.com/show_bug.cgi?id=1966872 from being
introduced with v3.2.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Correct qemu options for Intel macs
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On intel macs, we need to accel=hvf to work correctly.
Fixes: #10555
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| |/
|/| |
[v3.2] vendor containers/common@v0.38.6
|
| |/
|
|
|
|
|
| |
Fixes the seccomp-profile regression in v3.2
Fixes: #10556
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Bump to v3.2.0
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Creating a macvlan network with the subnet or ipRange option should set
the ipam plugin type to `host-local`. We also have to insert the default
route.
Fixes #10283
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The containers /etc/resolv.conf allways preserved the ipv6 nameserves
from the host even when the container did not supported ipv6. Check
if the cni result contains an ipv6 address or slirp4netns has ipv6
support enabled and only add the ipv6 nameservers when this is the case.
The test needs to have an ipv6 nameserver in the hosts /etc/hosts but we
should never mess with this file on the host. Therefore the test is
skipped when no ipv6 is detected.
Fixes #10158
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
This prevents goroutine leak:
If background context were used then push operation would continue even
if client aborted request by closing connection.
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\
| |
| | |
[v.3.2] events: support disjunctive filters
|
| |/
|
|
|
|
|
|
|
|
| |
While different filters are applied in conjunction, the same filter (but
with different values) should be applied in disjunction. This allows,
for instance, to query the events of two containers.
Fixes: #10507
Backport-of: commit 37f39eefee72ec4fb6c6bd71642e9d384c448387
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
[v3.2] System tests: add :Z to volume mounts
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
selinux-policy-34.9-1.fc34 breaks a behavior we've relied on
since (at least) January 2020:
- Revert "Add permission open to files_read_inherited_tmp_files()
interface"
That's probably the correct thing to do, but it breaks our
existing tests. Solution: add ':Z' where needed.
Tested on Ed's laptop, which has the offending selinux-policy
as of 2021-05-31. Tests pass root and rootless. (I mention
this because tests will obviously pass in CI, which has a
much older selinux-policy).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| |
| |
| | |
vrothberg/v3.2-cherry-pick-53072184192e9952daa3a84bc6f55c15e9ea352e
[v3.2] generate systemd: make mounts portable
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 748826fc88fc fixed a bug where slow mounting of the runroot was
causing issues when the units are started at boot. The fix was to add
the container's runroot to the required mounts; the graph root has been
added as well.
Hard-coding the run- and graphroot to the required mounts, however,
breaks the portability of units generated with --now. Those units are
intended to be running on any machine as, theoreticaly, any user.
Make the mounts portable by using the `%t` macro for the run root.
Since the graphroot's location varies across root and ordinary users,
drop it from the list of required mounts. The graphroot was not causing
issues.
Fixes: #10493
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
vendor containers/storage@v1.31.3
|
| |/
|
|
|
|
|
|
| |
* store: ReloadIfChanged propagates errors from Modified()
* store: load additional image stores once
* store: fix graphLock reload
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
vendor containers/common@v0.38.5
|
| |/
|
|
|
|
| |
* pull: don't resolve short names on explicit docker:// reference
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
[CI:DOCS] Bump to v3.2.0-RC3
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Backports for v3.2.0-RC3
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure all containers exit after start
There is a race condition in that container could still be running when
we attempt to remove them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
All of the tests has an assumption that RunLsContainer and RunLsContainerInPod completes
the container before returning. But since the container is running
in back ground mode, the container could be still running before tools
attempt to remove it. Removing the "-d" from the command fixes the
container to match the assumption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Point to containers-certs.d(5) for details on the default paths, the
lookup logic and the structure of these directories. Previously, the
man pages stated that the default path would be in `/etc/containers/...`
which is not entirely and a red herring for users (see #10116).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/10444
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ErrOCIRuntimeNotFound error is misleading. Try to make it more
understandable to the user that the OCI Runtime IE crun or runc is not
missing, but the command they attempted to run within the container is
missing.
[NO TESTS NEEDED] Regular tests should handle this.
Fixes: https://github.com/containers/podman/issues/10432
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/9893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have race conditions where a container can be removed
by two different processes when running podman --remove rm.
It can be cleaned up in the API or by the conmon executing
podman container cleanup.
When we fail to remove a container that does not exists we should
not be printing errors or warnings, we should just debug the fact.
[NO TESTS NEEDED] Since this is a race condition it is difficult to
test.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
* Log the routing table output at Trace vs. Debug level. Reduce noise
in debugging output.
* Tweak SDNotify message to report Warn when it fails. Previously
failures were silent.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
libimage now supports events which `libpod.Runtime` now uses for image
events.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
<MH: Removed vendor bits, kept other changes>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
A conversation on the customer portal suggests that to add an extra note
about the requirement of XDG_RUNTIME_DIR to be set.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to copy files into and out of running containers
within the host pidnamespace, the code was attempting to join the
host pidns again, and getting an error. This was causing the podman
cp command to fail. Since we are already in the host pid namespace,
we should not be attempting to join. This PR adds a check to see if
the container is in NOT host pid namespace, and only then attempts to
join.
Fixes: https://github.com/containers/podman/issues/9985
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
[CI:DOCS] Bump to v3.2.0-RC2
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
