summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* compat: add layer caching compatiblity for non podman clientsAditya Rajan2021-12-06
| | | | | | | | | | | | | Non-podman clients do not set `layers` while making request. This is supposed to be `true` bydefault but `non-podman-clients i.e Docker` dont know about this field as a result they end up setting this values to `false`. Causing builds to never use cache for layers. Adds compatiblity for `docker SDK`. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
* fix duplicated logs commandPaul Holzinger2021-12-06
| | | | | | | | | | Podman logs was defined twice, once for container logs and once for pod logs. This causes problems with the shell completion. Also podman --help showed this command twice. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Change error message for compatibility with dockerMichael Scherer2021-12-06
| | | | | | Fix #12315 Signed-off-by: Michael Scherer <misc@redhat.com>
* podman machine start wait for sshPaul Holzinger2021-12-06
| | | | | | | | | | | | Wait for sshd to be ready before we return from start. This should make podman machine ssh immediately available without any race conditions. Fixes #11532 [NO NEW TESTS NEEDED] I could not reproduce the issue so I am not sure if this fixes it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix: take absolute path for dd on apple siliconetenzy2021-12-06
| | | | | | | | Fixes #12329 [NO NEW TESTS NEEDED] podman machine Signed-off-by: Michael Rödel <hello@mroedel.de>
* rootless: drop strerror(errno) callsGiuseppe Scrivano2021-12-06
| | | | | | *printf functions already support printing the errno string with %m Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: reuse existing open_namespace functionGiuseppe Scrivano2021-12-06
| | | | | | there is already a function for opening a namespace path, reuse it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootless: use auto cleanup functionsGiuseppe Scrivano2021-12-06
| | | | | | | | simplify code using auto cleanup functions [NO NEW TESTS NEEDED] it is a refactoring of existing code Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Set flags to test 'logs -f' with journald driverHironori Shiina2021-12-06
| | | | | | | | | | | | | `logs -f` with `journald` is supported only when `journald` events backend is used. To pass system tests using `logs -f` in an environment where `events_logger` is not set to `journald` in `containers.conf`, this fix sets `--events-backend` or `--log-driver` temporally. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* secret: honor custom target for secrets with runAditya Rajan2021-12-06
| | | | | | | | | | | Honor custom `target` if specified while running or creating containers with secret `type=mount`. Example: `podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash` Signed-off-by: Aditya Rajan <arajan@redhat.com>
* journald logs: keep reading until the journal's endNalin Dahyabhai2021-12-06
| | | | | | | | | | | When reading logs from the journal, keep going after the container exits, in case it gets restarted. Events logged to the journal via the normal paths don't include CONTAINER_ID_FULL, so don't bother adding it to the "history" event we use to force at least one entry for the container to show up in the log. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Error logs --follow if events-backend != journald, event-logger=journaldDaniel J Walsh2021-12-06
| | | | | | Fixes: https://github.com/containers/podman/issues/11255 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod: create /etc/mtab safelyGiuseppe Scrivano2021-12-06
| | | | | | | | | | | make sure the /etc/mtab symlink is created inside the rootfs when /etc is a symlink. Closes: https://github.com/containers/podman/issues/12189 [NO NEW TESTS NEEDED] there is already a test case Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Always create working directory when using compat APIMichael Scherer2021-12-06
| | | | | | | | | | | | | Docker/Moby always create the working directory, and some tools rely on that behavior (example, woodpecker/drone). Fixes #11842 Signed-off-by: Michael Scherer <misc@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Fix network mode in play kubePaul Holzinger2021-12-06
| | | | | | | | | | | | | | We need to use the config network mode when no network mode was set. To do so we have to keep the nsmode empty, MakeContainer() will use the correct network mode from the config when needed. Fixes #12248 Signed-off-by: Paul Holzinger <pholzing@redhat.com> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Bump to containers/image v5.17.0Matthew Heon2021-12-06
| | | | | | This resolves CVE-2021-41190 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Update release notes for changes already in branchMatthew Heon2021-12-06
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #12517 from Luap99/machine-dnsOpenShift Merge Robot2021-12-06
|\ | | | | podman machine: use gvproxy for host.containers.internal
| * podman machine: use gvproxy for host.containers.internalPaul Holzinger2021-12-06
|/ | | | | | | | | | | | | | | | Let the gvproxy dns server handle the host.containers.internal entry. Support for this is already added to gvproxy. [1] To make sure the container uses the dns response from gvproxy we should not add host.containers.internal to /etc/hosts in this case. [NO NEW TESTS NEEDED] podman machine has no tests Fixes #11642 [1] https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #12497 from mheon/fix_2021_4024OpenShift Merge Robot2021-12-03
|\ | | | | Fix CVE-2021-4024 - v3.4 branch
| * Swap bind address for gvproxy to localhost-onlyMatthew Heon2021-12-03
|/ | | | | | | | | | | This resolves CVE-2021-4024, where an attacker could access the API externally and forward any port they desired to the VM from `podman machine`. [NO NEW TESTS NEEDED] gvproxy is not tested directly at this time. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #12463 from vrothberg/backport-12449OpenShift Merge Robot2021-12-01
|\ | | | | [3.4] systemd: replace multi-user with default.target
| * systemd: replace multi-user with default.targetValentin Rothberg2021-12-01
|/ | | | | | | | | | | | Replace multi-user.target with default.target across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Backport of commit 9a10e2124bb11027fc71db4c495c116277b8b7e3. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12451 from vrothberg/backport-12064OpenShift Merge Robot2021-11-30
|\ | | | | [v3.4] container create: fix --tls-verify parsing
| * container create: fix --tls-verify parsingValentin Rothberg2021-11-30
|/ | | | | | | | | | | Make sure that the value is only set if specified on the CLI. c/image already defaults to true but if set in the system context, we'd skip settings in the registries.conf. Backport of commit ff31f2264da. Fixes: #11933 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12447 from jakub-dzon/env-config-maps-backportOpenShift Merge Robot2021-11-30
|\ | | | | Support env variables based on ConfigMaps sent in payload
| * Support env variables based on ConfigMaps sent in payloadJakub Dzon2021-11-30
|/ | | | | | Fixes #12363 Signed-off-by: Jakub Dzon <jdzon@redhat.com>
* Merge pull request #12383 from edsantiago/flake_fixesOpenShift Merge Robot2021-11-22
|\ | | | | [v3.4] backport Flake fixes
| * fix CIValentin Rothberg2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [Backport #12343, which fixes the change in fedora-minimal image] Our fedora-minimal image on Quay bases on fedora-minimal:latest which starting with F35 removed a number of binaries that our CI depends on. Fix that by pulling `fedora-minimal:34` from the Fedora registry directly. Once the build bot on Quay has been disabled, we move the image over there to make sure that it will not change over time. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * utils: use podman-pause-$RANDOM.scope nameGiuseppe Scrivano2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Backport of #12323 into v3.4, to fix gating-test flakes] we try hard to re-use the existing podman-pause.scope name when it already exists, causing any sort of race errors when the already existing scope is terminating. There is no such a requirement though, so just try with a random name. Closes: https://github.com/containers/podman/issues/12065 [NO NEW TESTS NEEDED] it fixes a race in the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * Network test: fix podman-remote-rootless corner caseEd Santiago2021-11-22
| | | | | | | | | | | | | | | | | | | | [Backport of #12297 into v3.4, to fix gating-test failures] Followup to #12229, in which I added a podman unshare for flake debugging. Turns out that doesn't work in podman-remote. It was not caught because CI doesn't run podman-remote rootless. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #12327 from zeha/backport-11976OpenShift Merge Robot2021-11-17
|\| | | | | Backport #11976 to 3.4
| * Use CGO_ENABLED=1 when building natively on darwinJhon Honce2021-11-17
|/ | | | | | | | | | | Need to use CGO for mDNS resolution, but cross builds need CGO disabled See https://github.com/golang/go/issues/12524 for details Note: Homebrew forumla will need to be updated to pick up this change Fixes #10737 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #12274 from mheon/bump_342OpenShift Merge Robot2021-11-12
|\ | | | | Bump to v3.4.2
| * Bump to v3.4.3-devMatthew Heon2021-11-12
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Bump to v3.4.2v3.4.2Matthew Heon2021-11-12
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add release notes for v3.4.2Matthew Heon2021-11-12
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix partial log line handling with journald log driverMatthew Heon2021-11-12
| | | | | | | | | | | | | | | | | | | | | | Patch originally by Paul Holzinger (sourced from [1]). This is necessary to get the tests to pass in order to include a batch of other, related journald fixes in `podman logs`. [1] https://github.com/containers/podman/pull/12274#issuecomment-967168173 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Fix Zsh completion command documentationYahav Itzhak2021-11-12
| | | | | | | | Signed-off-by: yahavi <yahavi@jfrog.com>
| * Fix flake in upgrade testsPaul Holzinger2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cni plugins need access to /run/cni and the dnsname plugin needs access to /run/containers. The race condition was basically that a `podman stop` could either do the cleanup itself or the spawned cleanup process would do the cleanup if it was fast enough. The `podman stop` is executed on the host while the podman cleanup process is executed in the "parent container". The parent container contains older plugins than on the host. The dnsname plugin before version 1.3 could error and this would prevent CNI from doing a proper cleanup. The plugin errors because it could not find its files in /run/containers. On my system the test always failed because the cleanup process was always faster than the stop process. However in the CI VMs the stop process was usually faster and so it failed only sometimes. Fixes #11558 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * VOLUME must be declared after RUN chown commandJindrich Novy2021-11-12
| | | | | | | | | | | | | | | | | | | | Podman and Docker will not commit changes via RUN command of a VOLUME directory, so we need to chown path first. Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266 Signed-off-by: Jindrich Novy <jnovy@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * podman-generate-kube - remove empty structs from YAMLBoaz Shuster2021-11-12
| | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
| * Exclude already built sources for static buildSascha Grunert2021-11-12
| | | | | | | | | | | | | | | | | | We now do not copy the `bin` directory to the target nix sources to avoid skipping the build because "everything is up to date". Fixes https://github.com/containers/podman/issues/12198 Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
| * Match .c files in MakefileIan Wienand2021-11-12
| | | | | | | | | | | | | | Ensure that rebuilds happen when .c files are updated in the source tree. Signed-off-by: Ian Wienand <iwienand@redhat.com>
| * shm_lock: Handle ENOSPC better in AllocateSemaphoreIan Wienand2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When starting a container libpod/runtime_pod_linux.go:NewPod calls libpod/lock/lock.go:AllocateLock ends up in here. If you exceed num_locks, in response to a "podman run ..." you will see: Error: error allocating lock for new container: no space left on device As noted inline, this error is technically true as it is talking about the SHM area, but for anyone who has not dug into the source (i.e. me, before a few hours ago :) your initial thought is going to be that your disk is full. I spent quite a bit of time trying to diagnose what disk, partition, overlay, etc. was filling up before I realised this was actually due to leaking from failing containers. This overrides this case to give a more explicit message that hopefully puts people on the right track to fixing this faster. You will now see: $ ./bin/podman run --rm -it fedora bash Error: error allocating lock for new container: allocation failed; exceeded num_locks (20) [NO NEW TESTS NEEDED] (just changes an existing error message) Signed-off-by: Ian Wienand <iwienand@redhat.com>
| * Minor test tweaksEd Santiago2021-11-12
| | | | | | | | | | | | | | | | | | | | - remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth only 'NO NEW TESTS NEEDED' will work. - add a debugging aid for #11871, in which bodhi tests time out in nslookup. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * pod/container create: resolve conflicts of generated namesValentin Rothberg2021-11-12
| | | | | | | | | | | | | | | | | | | | | | Address the TOCTOU when generating random names by having at most 10 attempts to assign a random name when creating a pod or container. [NO TESTS NEEDED] since I do not know a way to force a conflict with randomly generated names in a reasonable time frame. Fixes: #11735 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * Add some information about disabling SELinux when using system volumesDaniel J Walsh2021-11-12
| | | | | | | | | | | | | | | | | | | | | | A comment was made on internal mailing list about confusion on SELinux labeling of volumes. This PR makes it a little more clear about when you should or should not relabel. We need a similar comment in podman pod create, but it does not support --security-opt processing yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]Jhon Honce2021-11-12
| | | | | | | | | | | | | | | | Only log API access entries when --log-level set to Info or below. Fixes #12181 Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * tweak a couple of flag descriptions in help outputNalin Dahyabhai2021-11-12
| | | | | | | | | | | | Descriptions of flags don't need to start with whitespace of their own. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-22 13:44:31 +0000