| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Patch originally by Paul Holzinger (sourced from [1]).
This is necessary to get the tests to pass in order to include a
batch of other, related journald fixes in `podman logs`.
[1] https://github.com/containers/podman/pull/12274#issuecomment-967168173
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: yahavi <yahavi@jfrog.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cni plugins need access to /run/cni and the dnsname plugin needs
access to /run/containers.
The race condition was basically that a `podman stop` could either do the
cleanup itself or the spawned cleanup process would do the cleanup if it
was fast enough. The `podman stop` is executed on the host while the
podman cleanup process is executed in the "parent container". The parent
container contains older plugins than on the host. The dnsname plugin
before version 1.3 could error and this would prevent CNI from
doing a proper cleanup. The plugin errors because it could not find its
files in /run/containers. On my system the test always failed because
the cleanup process was always faster than the stop process. However in
the CI VMs the stop process was usually faster and so it failed only
sometimes.
Fixes #11558
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Podman and Docker will not commit changes via RUN command
of a VOLUME directory, so we need to chown path first.
Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
We now do not copy the `bin` directory to the target nix sources to
avoid skipping the build because "everything is up to date".
Fixes https://github.com/containers/podman/issues/12198
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
| |
|
|
|
|
|
| |
Ensure that rebuilds happen when .c files are updated in the source
tree.
Signed-off-by: Ian Wienand <iwienand@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When starting a container libpod/runtime_pod_linux.go:NewPod calls
libpod/lock/lock.go:AllocateLock ends up in here. If you exceed
num_locks, in response to a "podman run ..." you will see:
Error: error allocating lock for new container: no space left on device
As noted inline, this error is technically true as it is talking about
the SHM area, but for anyone who has not dug into the source (i.e. me,
before a few hours ago :) your initial thought is going to be that
your disk is full. I spent quite a bit of time trying to diagnose
what disk, partition, overlay, etc. was filling up before I realised
this was actually due to leaking from failing containers.
This overrides this case to give a more explicit message that
hopefully puts people on the right track to fixing this faster. You
will now see:
$ ./bin/podman run --rm -it fedora bash
Error: error allocating lock for new container: allocation failed; exceeded num_locks (20)
[NO NEW TESTS NEEDED] (just changes an existing error message)
Signed-off-by: Ian Wienand <iwienand@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
- remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth
only 'NO NEW TESTS NEEDED' will work.
- add a debugging aid for #11871, in which bodhi tests time out
in nslookup.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Address the TOCTOU when generating random names by having at most 10
attempts to assign a random name when creating a pod or container.
[NO TESTS NEEDED] since I do not know a way to force a conflict with
randomly generated names in a reasonable time frame.
Fixes: #11735
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A comment was made on internal mailing list about confusion on SELinux
labeling of volumes. This PR makes it a little more clear about when
you should or should not relabel.
We need a similar comment in podman pod create, but it does not support
--security-opt processing yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Only log API access entries when --log-level set to Info or below.
Fixes #12181
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
| |
Descriptions of flags don't need to start with whitespace of their own.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The returned error was not checked, thus the test could hang forever
since it blocks on the log channel.
Also handle unexpectedEOF like EOF.
Fixes #12176
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
the --cgroups=split test changes the current cgroup as it creates a
sub-cgroup. This can cause a race condition in tests that are reading
the current cgroup.
Closes: https://github.com/containers/podman/issues/11191
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
Instead using the OS-wide system default policy, use
the one in this repo, and adjust the expected results
(as well as making the test stricter).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
| |
... to include all fields.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
| |
Should not change behavior, just to set a consistent
precedent for code introduced in future commits.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
| |
This PR fixes the case when the API return HTTP 409 response. Where the
API return the body format different then for other HTTP error codes.
Signed-off-by: Ondra Machacek <omachace@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Future testing needs dictate rootless (in addition to root) users are
able to ssh to localhost. Add ssh-key generation commands for the
rootless user, and authorize their public key.
Minor: Also remove update of `/etc/sub{uid,gid}` files, since this is
now done automatically by `{user,group}add` commands.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
|
|
|
|
|
| |
Update documentation on how the default podman machine distribution,
FCOS, is updated.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is a cosmetic change. The help message for `podman version` is in
title case whereas all other command help messages are not in title
case. This stands out as inconsistent when looking at the output of
`podman help`.
Signed-off-by: Praveen Kumar <praveen+git@kumar.in>
|
| |
|
|
|
|
| |
The page contains a wrong 'stop' command example.
Signed-off-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
|
| |
|
|
|
|
|
|
|
| |
A restored container still had the state set to 'Checkpointed: true'
which seems wrong if it running again.
[NO NEW TESTS NEEDED]
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 6b3b0a17c625bdf71b0ec8b783b288886d8e48d7 introduced a check for
the PID file before attempting to move the PID to a new scope.
This is still vulnerable to TOCTOU race condition though, since the
PID file or the PID can be removed/killed after the check was
successful but before it was used.
Closes: https://github.com/containers/podman/issues/12065
[NO NEW TESTS NEEDED] it fixes a CI flake
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
check that the pause pid exists before trying to move it to a separate
scope.
Closes: https://github.com/containers/podman/issues/12065
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously this test used an ad-hoc timeout mechanism to synchronize
with output of the container ID. However, depending on runtime
conditions this may not correctly correspond with complete startup
of the systemd process. Consequently this test fails under some
conditions with an error like:
`System has not been booted with systemd as init system (PID 1). Can't
operate. Failed to connect to bus: Host is down`
Fix this by using the more appropriate `WaitContainerReady()`
against output from system startup, close to finalization. In this way,
the test status command cannot run until systemd is fully operational.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
do not start up a dbus daemon if it is not already running.
[NO NEW TESTS NEEDED] the fix is in a dependency.
Closes: https://github.com/containers/podman/issues/9727
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Duplicate Address Detection slows the ipv6 setup down for 1-2 seconds.
Since slirp4netns is run it is own namespace and not directly routed
we can skip this to make the ipv6 address immediately available.
We change the default to make sure the slirp tap interface gets the
correct value assigned so DAD is disabled for it.
Also make sure to change this value back to the original after slirp4netns
is ready in case users rely on this sysctl.
Fixes #11062
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following problems regarding `logs --tail` with the journald log
driver are fixed:
- One more line than a specified value is displayed.
- '--tail 0' displays all lines while the other log drivers displays
nothing.
- Partial lines are not considered.
- If the journald events backend is used and a container has exited,
nothing is displayed.
Integration tests that should have detected the bugs are also fixed. The
tests are executed with json-file log driver three times without this
fix.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We should only use the Containerfiles/Dockerfiles found in the context
directory.
Fixes: https://github.com/containers/podman/issues/12054
[NO NEW TESTS NEEDED] It is difficult to setup a test for this in the
CI/CD system, but build tests should find if this PR broke anything.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
Setting these environment variables can cause issues with custom CNI
plugins, see #12083.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
LGTM alert:
Off-by-one index comparison against length may lead to out-of-bounds read.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
| |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
On Docker this is ignored, and it should be on Podman as
well. This is documented in the man page.
Fixes: https://github.com/containers/podman/issues/12002
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
- change the type to forking to allow fork.
- add default.target for user systemd service
Signed-off-by: Easton Man <manyang.me@outlook.com>
|
| |
|
|
|
|
|
|
|
| |
When looking for a cursor that matches the first journal entry for a
given container, wait and try to find it using exponential backoff.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
Made changes so that if the pod contains all exited containers and only infra is running, remove the pod.
resolves #11713
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |
|
|
|
|
| |
...and fix one instance where there was no check
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we interrupt pod removal between removing containers and
removing the whole pod, the infra ID was still in the DB, and
most pod operations would try to retrieve the infra container
(and would this fail). Clear the infra ID from the DB just before
we remove all containers to prevent this.
Fixes #12034
[NO NEW TESTS NEEDED] This is a very narrow race and I have no
idea how to repro it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If podman uses Workdir="/" or the workdir specified in the image, it
should not add it to the yaml.
If Podman find environment variables in the image, they should not
get added to the yaml.
If the container or pod do not have changes to SELinux we should not
print seLinuxOpt{}
If the container or pod do not change any dns options the yaml should
not have a dnsOption={}
If the container is not privileged it should not have privileged=false
in the yaml.
Fixes: https://github.com/containers/podman/issues/11995
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
fuse-overlayfs is usually the package name.
Signed-off-by: Junichi Uekawa <dancer@debian.org>
|
| |
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |\
| |
| | |
[v3.4] backport networking fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When run as rootless the podman network reload command tries to reload
the rootlessport ports because the childIP could have changed.
However if the containers has no ports we should skip this instead of
printing a warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
