| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to maintain compatiblity with `moby API` we must the field
`errorDetail` which is primary error reporting field with stream.
Currently podman is using `error` which is already deprecated by moby.
Check: https://github.com/moby/moby/blob/master/pkg/jsonmessage/jsonmessage.go#L147
[NO NEW TESTS NEEDED]
We can't test this in podman CI since we dont have a docker client.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
| |
Returning 500 when copying to read-only destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
improve the heuristic to detect the scope that was created for the container.
This is necessary with systemd running as PID 1, since it moves itself
to a different sub-cgroup, thus stats would not account for other
processes in the same container.
Closes: https://github.com/containers/podman/issues/12400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
OCI runtimes may set the memory limits in different ways, e.g., crun
creates a sub-cgroup where the limits are applied, while runc applies
them directly on the created cgroup. Since there is standardization
on the cgroup path to use, just use the limit specified in the spec
file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
`crun status ctrid` outputs `No such file or directory` when container
is not there so podman much ack it.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
While trying to kill a container with a `signal` we cant do anything if
container is already dead so `exit` gracefully instead of trying to
delete container again. Get container status from runtime.
[ NO NEW TESTS NEEDED ]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a note to the generated kube yaml if we detect a
volume is being mounted. The note lets the user know
what needs to be done to avoid permission denied error
when trying to access the volume for an unprivileged
container.
Add the same note to the man pages.
NO NEW TESTS NEEDED
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
| |
Add missing `layer` entry to swagger docs for `/build`.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Non-podman clients do not set `layers` while making request. This is
supposed to be `true` bydefault but `non-podman-clients i.e Docker` dont
know about this field as a result they end up setting this values to
`false`. Causing builds to never use cache for layers.
Adds compatiblity for `docker SDK`.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Podman logs was defined twice, once for container logs and once for pod
logs. This causes problems with the shell completion. Also podman --help
showed this command twice.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
| |
Fix #12315
Signed-off-by: Michael Scherer <misc@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Wait for sshd to be ready before we return from start. This should make
podman machine ssh immediately available without any race conditions.
Fixes #11532
[NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure
if this fixes it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fixes #12329
[NO NEW TESTS NEEDED] podman machine
Signed-off-by: Michael Rödel <hello@mroedel.de>
|
| |
|
|
|
|
| |
*printf functions already support printing the errno string with %m
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
| |
there is already a function for opening a namespace path, reuse it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
| |
simplify code using auto cleanup functions
[NO NEW TESTS NEEDED] it is a refactoring of existing code
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`logs -f` with `journald` is supported only when `journald` events
backend is used. To pass system tests using `logs -f` in an environment
where `events_logger` is not set to `journald` in `containers.conf`,
this fix sets `--events-backend` or `--log-driver` temporally.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Honor custom `target` if specified while running or creating containers
with secret `type=mount`.
Example:
`podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest
bash`
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When reading logs from the journal, keep going after the container
exits, in case it gets restarted.
Events logged to the journal via the normal paths don't include
CONTAINER_ID_FULL, so don't bother adding it to the "history" event we
use to force at least one entry for the container to show up in the log.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/11255
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
make sure the /etc/mtab symlink is created inside the rootfs when /etc
is a symlink.
Closes: https://github.com/containers/podman/issues/12189
[NO NEW TESTS NEEDED] there is already a test case
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Docker/Moby always create the working directory, and some tools
rely on that behavior (example, woodpecker/drone).
Fixes #11842
Signed-off-by: Michael Scherer <misc@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to use the config network mode when no network mode was set. To
do so we have to keep the nsmode empty, MakeContainer() will use the
correct network mode from the config when needed.
Fixes #12248
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
| |
This resolves CVE-2021-41190
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
podman machine: use gvproxy for host.containers.internal
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let the gvproxy dns server handle the host.containers.internal entry.
Support for this is already added to gvproxy. [1]
To make sure the container uses the dns response from gvproxy we should
not add host.containers.internal to /etc/hosts in this case.
[NO NEW TESTS NEEDED] podman machine has no tests
Fixes #11642
[1] https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
Fix CVE-2021-4024 - v3.4 branch
|
| |/
|
|
|
|
|
|
|
|
|
| |
This resolves CVE-2021-4024, where an attacker could access the
API externally and forward any port they desired to the VM from
`podman machine`.
[NO NEW TESTS NEEDED] gvproxy is not tested directly at this
time.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
[3.4] systemd: replace multi-user with default.target
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Replace multi-user.target with default.target across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Backport of commit 9a10e2124bb11027fc71db4c495c116277b8b7e3.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
[v3.4] container create: fix --tls-verify parsing
|
| |/
|
|
|
|
|
|
|
|
|
| |
Make sure that the value is only set if specified on the CLI. c/image
already defaults to true but if set in the system context, we'd skip
settings in the registries.conf.
Backport of commit ff31f2264da.
Fixes: #11933
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Support env variables based on ConfigMaps sent in payload
|
| |/
|
|
|
|
| |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
| |\
| |
| | |
[v3.4] backport Flake fixes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[Backport #12343, which fixes the change in fedora-minimal image]
Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.
Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[Backport of #12323 into v3.4, to fix gating-test flakes]
we try hard to re-use the existing podman-pause.scope name when it
already exists, causing any sort of race errors when the already
existing scope is terminating.
There is no such a requirement though, so just try with a random
name.
Closes: https://github.com/containers/podman/issues/12065
[NO NEW TESTS NEEDED] it fixes a race in the CI
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[Backport of #12297 into v3.4, to fix gating-test failures]
Followup to #12229, in which I added a podman unshare for
flake debugging. Turns out that doesn't work in podman-remote.
It was not caught because CI doesn't run podman-remote rootless.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\|
| |
| | |
Backport #11976 to 3.4
|
| |/
|
|
|
|
|
|
|
|
|
| |
Need to use CGO for mDNS resolution, but cross builds need CGO disabled
See https://github.com/golang/go/issues/12524 for details
Note: Homebrew forumla will need to be updated to pick up this change
Fixes #10737
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Bump to v3.4.2
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch originally by Paul Holzinger (sourced from [1]).
This is necessary to get the tests to pass in order to include a
batch of other, related journald fixes in `podman logs`.
[1] https://github.com/containers/podman/pull/12274#issuecomment-967168173
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| | |
Signed-off-by: yahavi <yahavi@jfrog.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The cni plugins need access to /run/cni and the dnsname plugin needs
access to /run/containers.
The race condition was basically that a `podman stop` could either do the
cleanup itself or the spawned cleanup process would do the cleanup if it
was fast enough. The `podman stop` is executed on the host while the
podman cleanup process is executed in the "parent container". The parent
container contains older plugins than on the host. The dnsname plugin
before version 1.3 could error and this would prevent CNI from
doing a proper cleanup. The plugin errors because it could not find its
files in /run/containers. On my system the test always failed because
the cleanup process was always faster than the stop process. However in
the CI VMs the stop process was usually faster and so it failed only
sometimes.
Fixes #11558
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
