| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We are resolving the homedir of the user in many different
places. This Patch consolodates them to use container/storage
version.
This PR also fixes a failure mode when the homedir does not
exists, and the user sets a root path. In this situation
podman should continue to work. Podman does not require a users
homedir to exist in order to run.
Finally the rootlessConfigHomeDirOnce and rootlessRuntimeDirOnce
were broken, because if an error ever happened, they would not be recorded
the second time, and "" would be returned as the path.
Fixes: https://github.com/containers/podman/issues/8131
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Cirrus: Use F33 VM image
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Includes disk-space increase for all Fedora images to accommodate
the static-build job disk space requirements. This job substantially
leverages task-cache, which was previously failing to restore early on
in the Cirrus-CI task setup, due to disk-space limitations.
Also simplify .cirrus.yml slightly by removing an unncessary setup
and run directory change step.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On several occasions, fatal task failures were observed
during the upload of artifacts after a otherwise successful
testing. Prior to this commit, most tasks were storing both
logs and binary artifacts. Avoid possible major inconveniences
of upload failures, by only collecting binary artifacts when
necessary.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As of this commit, in Fedora 33, without without `CAP_NET_ADMIN` and
`CAP_NET_RAW`, require setting `net.ipv3.ping_group_range` in order for
the `ping` command to work inside a container. However, not all images
`ping` are created equal. For whatever reason, the busybox version in
the busybox container image, does not function. Switch to the Alpine
image's busybox ping, which seems to work fine.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| |/
|/| |
Add network aliases for containers to DB
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As part of this, we need two new functions, for retrieving all
aliases for a network and removing all aliases for a network,
both required to test.
Also, rework handling for some things the tests discovered were
broken (notably conflicts between container name and existing
aliases).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The original interface only allowed retrieving aliases for a
specific network, not for all networks. This will allow aliases
to be retrieved for every network the container is present in,
in a single DB operation.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the database backend for network aliases. Aliases are
additional names for a container that are used with the CNI
dnsname plugin - the container will be accessible by these names
in addition to its name. Aliases are allowed to change over time
as the container connects to and disconnects from networks.
Aliases are implemented as another bucket in the database to
register all aliases, plus two buckets for each container (one to
hold connected CNI networks, a second to hold its aliases). The
aliases are only unique per-network, to the global and
per-container aliases buckets have a sub-bucket for each CNI
network that has aliases, and the aliases are stored within that
sub-bucket. Aliases are formatted as alias (key) to container ID
(value) in both cases.
Three DB functions are defined for aliases: retrieving current
aliases for a given network, setting aliases for a given network,
and removing all aliases for a given network.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/storage-1.23.9
Bump github.com/containers/storage from 1.23.8 to 1.23.9
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.23.8 to 1.23.9.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.23.8...v1.23.9)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
debarshiray/wip/rishi/exec_test-use-containsubstring
Improve error messages from failing tests
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Using a function like ContainSubstring or Equal is better because if
the test fails it will log a descriptive error that includes the
actual string generated during the test. This is more helpful than a
function like BeTrue that will only indicate that an assertion failed
without giving further details of the failure.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
| |\ \ \ \
| | | | |
| | | | | |
Add tip re. typical root cause of "Exec format error" to troubleshooting.md
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Michael Vorburger <mike@vorburger.ch>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
[CI:DOCS] add a PR template
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add a pull-request template that points to the section in the
contributing guidelines and to remind users to use the `[CI:DOCS]`
prefix if applicable.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Change http ConnState actions between new and active
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently it double counts connections because it's incrementing the
total for both the new and active states. Based on the comments, we
should only count new connections for the total count and perform the
timer stop actions when the connection has transitioned to an active
state.
Closes #8208
Signed-off-by: Alex Schultz <aschultz@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Make volume filters inclusive
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters.
This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint
Closes #6765
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS]Add Urvashi to podman OWNERS
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Lets add Urvashi to podman OWNERS so she can review and merge PRs.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Use osusergo build tag for static build
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
We now use the `osusergo` build tag to not use the glibc functions which
occur in the warnings but them from golang the os/user package.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
docs: Mention mounts.conf location for non-root users
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
|
| |\ \ \ \ \ \ \
| |_|_|_|_|/ /
|/| | | | | | |
Add test/apiv2/rest_api tests to make target
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* renamed old API tests to not be discovered, they do not pass
* Updated the API tests to use a pristine storage configuration
* Skipped attach test, it needs to be re-written
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
fedora rootless cpu settings
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
fedora does not have the the ability in rootless to set cpu limits.
this requires a simple fix for fedora 33 to pass ci tests.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | | |
debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME
Test $HOME when it's parent is bind mounted with --userns=keep-id
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When --userns=keep-id is used, Podman is supposed to set up the home
directory of the user inside the container to match that on the host
as long as the home directory or any of its parents are marked as
volumes to be bind mounted into the container.
Currently, the test only considers the case where the home directory
itself is bind mounted into the container. It doesn't cover the Podman
code that walks through all the bind mounts looking for ancestors in
case the home directory itself wasn't specified as a bind mount.
Therefore, this improves the existing test added in commit
6ca8067956128585 ("Setup HOME environment when using --userns=keep-id")
Note that this test can't be run as root. The home directory of the
root user is /root, and it's parent is /. Bind mounting the entire /
from the host into the container prevents it from starting:
Error: openat2 ``: No such file or directory: OCI not found
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Update README.md
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Typo
Signed-off-by: JJ Asghar <jjasghar@gmail.com>
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
specgen: add support for ambient capabilities
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if --userns=keep-id is specified and not --user is specified, take the
unprivileged capabilities code path so that ambient capabilities are
honored in the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if the username is specified in the USER:GROUP form, make sure we only
check for USER.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if the kernel supports ambient capabilities (Linux 4.3+), also set
them when running with euid != 0.
This is different that what Moby does, as ambient capabilities are
never set.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
Allow users to mount with unbindable flag
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allow users to specify unbindable on volume command line
Switch internal mounts to rprivate to help prevent leaks.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Centralize cores and period/quota conversion code
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Match build pull functionality with Docker's
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a continuation of #8189 and #8085.
When doing a `docker build` command, if the `--pull` command is not specified
or set to `false` the pullOption used is `PullifMissing`. This causes the
build to pull the image only if it is not present in local storage. It also will
raise an error if the image is not found in the registry (or the registry is down),
even if the image is present in local storage.
If the `--pull` command IS specified or specified with an argument of `true`, the
build will always pull the image from the registries. This uses the pullOption
`PullAlways`. It also will raise an error if the image is not found in the registry,
even if the image is present in local storage.
These changes now brings the pull functionality for `podman build` into line
with `docker build`.
However, I consider this to be a breaking change. Previously if you did
`podman build --pull`, `podman build` or `podman build --pull = true`, then
the image would be pulled from the registry if there was not an image in
local storage or if the image in the registry was newer than the one in
local storage. An error would *NOT* be raised if there was not an image in
the registry or the registry was down as long as there was a copy in the local
storage. An error would be raised if the image could not be retrieved from
both the registry and local storage. This is the PullOption `PullIfNewer`.
I believe this also differs from what Buildah does at this time but I'm too
beat to chase that down at the moment.
Personally I'd like to use the `PullIfNewer` for at least `--pull` and
`--pull=true` so that you don't get an error if the registry has a network
hiccup and the image is already stored locally. But this differs from Docker.
I'd like to post scrum about this at our next stand up to make sure we're
all on the same page about the ramifications of this change.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/containers/storage-1.23.8
Bump github.com/containers/storage from 1.23.7 to 1.23.8
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.23.7 to 1.23.8.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.23.7...v1.23.8)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
specgen, cgroup2: check whether memory swap is enabled
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add a similar check to what we do on cgroup v1.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
refactor function into two separate ones.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
