| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\
| |
| | |
[v3.4] fix CVE-2022-1227
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Vendor in the backports for psgo. Note that we cannot use psgo v1.7.1+
as v1.7.2 bumped too many dependencies.
Hence psgo has a v1.7.1-fedora branch that will be used for Podman v3.4.x
for Fedora. The v3.4.2-rhel branch uses c/storage v1.36.x so we need a
separate branches in psgo for Fedora and RHEL.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\|
| |
| | |
[CI:DOCS] Bump to v3.4.6
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Bump to v3.4.5
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
aafa80918a245edcbdaceb1191d749570f1872d0 introduced the regression.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 640c2d53a88f46e997d4e5a594cfc85a57e74d36)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The kernel never sets the inheritable capabilities for a process, they
are only set by userspace. Emulate the same behavior.
Closes: CVE-2022-27649
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit aafa80918a245edcbdaceb1191d749570f1872d0)
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| |/
|/| |
[v3.4 backport] Bump golang.org/x/crypto to 7b82a4e
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191
Podman doesn't seem to be directly affected as the logic in question
is not called.
golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the
latest upstream commit to also include support for SHA-2.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
Backport of https://github.com/containers/podman/pull/13536 to 3.4
|
| |/
|
|
| |
Signed-off-by: Dan Čermák <dcermak@suse.com>
|
| |\
| |
| | |
Bump github.com/prometheus/client_golang to v1.11.1
|
| |/
|
|
|
|
| |
Resolves: CVE-2022-21698
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[v.3.4] vendor containers/common@v0.44.5
|
| |/
|
|
|
|
|
| |
Backports for github.com/containers/podman/issues/11997
to fix a performance regression when listing images.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\
| |
| | |
Fix AssertionError: 'alpine' not found in 'docker.io/docker/desktop-kubernetes'
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Found images being returned which do have "Alpine" in the description.
However, test fails because podman truncates the field. Disabling test
since this is a long-term maintenance branch.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We've got some python tests running in CI, and they're really hard
to troubleshoot. This PR:
1) colorizes python unittest lines (ok / skipped / fail), and
2) links to source files
The color is nice for skimming, but it's the linking that might
make it much easier to diagnose future failures.
(Context: failure today in test/python/docker/compat/test_images.py)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It looks like some descriptions have changed on the docker registry
where we had been searching for images that include 'alpine'. We are
now seeing an image in the initial list that has 'alpine' in its
description.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
|
| |
For the since and after imagve filter tests, instead of using the
read-only cache of images, we just use the empty r/w store. We then
build three images that are strictly predictable.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
Makefile: fix darwin detection
|
| |/
|
|
|
|
|
| |
NATIVE_GOOS does not exist in the 3.4 branch, only on main.
Fixes my backport #12327. Verified to fix #12975 (again) for me.
Signed-off-by: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
|
| |\
| |
| | |
[v3.4] buildah bud tests: skip failing tests
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[backport of #12818]
Emergency workaround for github's deprecation of git://
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Two buildah tests rely on 'git://' URLs. These now fail. They
have been fixed in the buildah repo[1] but it will take time
to vendor that in. ITM, we need to get CI passing. Skip those
two failing tests.
[1] https://github.com/containers/buildah/pull/3701
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| |/
|/| |
[v3.4] System tests: fix RHEL8 gating tests
|
| |/
|
|
|
|
|
| |
Add a fix for RHEL8 gating tests. This resolves yet another
journald/file events/logger mismatch bug.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
[3.4] Backport podman machine ls
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When using custom output formats like table, some of the booleans
introduced for json format were not initialized correctly (wrong).
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |/
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\
| |
| | |
Bump to v3.4.4
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Users should be able to override containers entrypoint using
`--entrypoint ""` following works fine for podman but not for podman
remote.
Specgen ignores empty argument for entrypoint so make specgen honor
empty arguments.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |/
|
|
|
|
|
|
| |
While trying to match permissions of target directory podman adds
extra `0111` which should not be needed if target path does not have
execute permission.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |\
| |
| | |
[3.4] Fix failing tests
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the flake reported in #9597 with a workaround to at least stop
wasting energy until the root cause has been found and fixed.
It seems that a remote run returns before the container has transitioned
into the `exited` state which ultimately breaks a subsequent remote
start with attach.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
| |
It's failing pretty reliably now, so much so that gating tests
will be unlikely to pass.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
[v3.4] backport: utils: reintroduce moveToCgroup
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit ee62711136339c5daf38e38859227d85b06fc32a introduced the
regression.
It was mistakenly removed as part of a cleanup, but this code is
needed by another code path, where we move conmon for the exec session
to the same cgroup used by conmon for the process.
Closes: https://github.com/containers/podman/issues/12535
[NO NEW TESTS NEEDED] it fixes a regression in the CI
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
