summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Revert "Switch all rootful to rootfull"Ashley Cui2022-04-25
| | | | | | | | | | This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee. We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #13988 from rhatdan/apiv2OpenShift Merge Robot2022-04-25
|\ | | | | Allow filtering of "removing", it is a valid status
| * Allow filtering of "removing", it is a valid statusDaniel J Walsh2022-04-24
|/ | | | | | | | | Do not use a list of statuses outside of libpod to validate container statuses. Removing status was never added to the list. Fixes: https://github.com/containers/podman/issues/13986 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13980 from lsm5/switch-sha256OpenShift Merge Robot2022-04-23
|\ | | | | libpod/networking_linux.go: switch to sha256 hash generation
| * libpod/networking_linux.go: switch to sha256 hashesLokesh Mandvekar2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | SHA-1 is prone to collisions. This will likely break connectivity between old containers started before update and containers started after update. It will also fail to cleanup old netns. A reboot will fix this, so a reboot is recommended after update. [NO NEW TESTS NEEDED] Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #13973 from Luap99/linter-reviveOpenShift Merge Robot2022-04-23
|\ \ | | | | | | replace golint with revive linter
| * | replace golint with revive linterPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | golint, scopelint and interfacer are deprecated. golint is replaced by revive. This linter is better because it will also check for our error style: `error strings should not be capitalized or end with punctuation or a newline` scopelint is replaced by exportloopref (already endabled) interfacer has no replacement but I do not think this linter is important. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13959 from cevich/fix_apiv2OpenShift Merge Robot2022-04-23
|\ \ \ | |_|/ |/| | Fix hang in apiv2 test_connect
| * | Fix hang in test_connectChris Evich2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | Starting the podman service in debug-mode causes aardvark to run in debug mode. This does unexpected things with file-descriptors leading to a test-hang. Thanks to @Luap99 for the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Increase verbosity and sequencing of APIv2 testingChris Evich2022-04-22
|/ / | | | | | | | | | | | | | | | | | | | | The default verbosity level does not show the classes or function names. This makes it difficult to debug problems like hangs. Also, separate the bats and python-based tests into two sections. This allows for easier debugging, since isolation can be done in `runner.sh` rather than mucking with the `Makefile`. Lastly, update the logformatter script to `autoflush stdout` (thanks @edsantiago). Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #13976 from rhatdan/rootlessOpenShift Merge Robot2022-04-22
|\ \ | | | | | | Update test to run network check in both rootless and rootfull mode
| * | Update test to run network check in both rootless and rootfull modeDaniel J Walsh2022-04-22
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13975 from ↵OpenShift Merge Robot2022-04-22
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/fsnotify/fsnotify-1.5.3 Bump github.com/fsnotify/fsnotify from 1.5.2 to 1.5.3
| * | | Bump github.com/fsnotify/fsnotify from 1.5.2 to 1.5.3dependabot[bot]2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.2 to 1.5.3. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.2...v1.5.3) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | Merge pull request #13974 from ↵OpenShift Merge Robot2022-04-22
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | containers/dependabot/go_modules/github.com/container-orchestrated-devices/container-device-interface-0.4.0 Bump github.com/container-orchestrated-devices/container-device-interface from 0.3.2 to 0.4.0
| * | | Bump github.com/container-orchestrated-devices/container-device-interfacedependabot[bot]2022-04-22
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/container-orchestrated-devices/container-device-interface](https://github.com/container-orchestrated-devices/container-device-interface) from 0.3.2 to 0.4.0. - [Release notes](https://github.com/container-orchestrated-devices/container-device-interface/releases) - [Commits](https://github.com/container-orchestrated-devices/container-device-interface/compare/v0.3.2...v0.4.0) --- updated-dependencies: - dependency-name: github.com/container-orchestrated-devices/container-device-interface dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #13918 from Luap99/hostsOpenShift Merge Robot2022-04-22
|\ \ \ | | | | | | | | use etchosts package from c/common
| * | | test/system: add containers.conf test for new /etc/hosts optionsPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | Improve /etc/hosts documentationPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the documentation for /etc/hosts options --add-host and --no-hosts. Also make sure that all references use the same text for consistency. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | shared netns and --add-host should conflictPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because /etc/hosts is shared for all containers with a shared network namespace you should not be able to add hosts from a joined container. Only the primary netns container can set the hosts. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | network dis-/connect: update /etc/hostsPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we connect or disconnect from a network we also have to update /etc/hosts to ensure we only have valid entries in there. This also fixes problems with docker-compose since this makes use of network connect/disconnect. Fixes #12533 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | libpod: fix c.Hostname() to respect the utsNsCtrPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we lookup the hostname for a given container we have to check if the container is joined to another utsns and use this hostname then instead. This fixes a problem where the `hostname` command would use the correct name but /etc/hostname would contain a different name. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | use etchosts package from c/commonPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the new logic from c/common to create the hosts file. This will help to better allign the hosts files between buildah and podman. Also this fixes several bugs: - remove host entries when container is stopped and has a netNsCtr - add entries for containers in a pod - do not duplicate entries in the hosts file - use the correct slirp ip when an userns is used Features: - configure host.containers.internal entry in containers.conf - configure base hosts file in containers.conf Fixes #12003 Fixes #13224 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13881 from rhatdan/usernsOpenShift Merge Robot2022-04-22
|\ \ \ \ | |_|_|/ |/| | | Add support for --userns=nomap
| * | | Add support for --userns=nomapDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From a security point of view, it would be nice to be able to map a rootless usernamespace that does not use your own UID within the container. This would add protection against a hostile process escapping the container and reading content in your homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13972 from Luap99/staticcheckOpenShift Merge Robot2022-04-22
|\ \ \ \ | |_|_|/ |/| | | enable staticcheck linter
| * | | silence deprecated warnings for manifest functionsPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no reason to mark them directly as deprecated since we still have to use them as long as we want to support 3.X calls. The staticcheck linter is complaining about the Deprecated comment but that doesn't make sense in this context. There is no good way to only exclude a single check with golangci-lint. I renamed the function with a V3 suffix to make clear that we only use this for backwards compat. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | move golang.org/x/crypto/ssh/terminal to golang.org/x/termPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | golang.org/x/crypto/ssh/terminal is deprecated. The package was moved to golang.org/x/term. golang.org/x/crypto/ssh/terminal was already just calling golang.org/x/term itslef so there are no functional changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13969 from flouthoc/mount-csv-parsingOpenShift Merge Robot2022-04-22
|\ \ \ \ | | | | | | | | | | specgen-volumes: parse `--mount` using csv-reader instead of split.
| * | | | specgen-volumes: parse --mount using csv-reader instead of split by commaAditya R2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following commit ensures that csv escaping is supported while using inline `--mount=type=......` flag with `podman run` by using `encoding/csv` to parse options instead of performing a `split.String(` by `comma`. Closes: https://github.com/containers/podman/issues/13922 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #13964 from rhatdan/rootfullOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | |_|_|_|/ |/| | | | Switch all rootful to rootfull
| * | | | Switch all rootful to rootfullDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are inconsistent on the name, we should stick with rootfull. [NO NEW TESTS NEEDED] Existing tests should handle this and no tests for machines exists yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13971 from rhatdan/codespellOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Run codespell on code
| * | | | | Run codespell on codeDaniel J Walsh2022-04-22
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13935 from edsantiago/bats_assertOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | | | | | | | | | | | | system tests: add assert(), and start using it
| * | | | | system tests: add assert(), and start using itEd Santiago2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: the system test 'is()' checker was poorly thought out. For example, there is no way to check for inequality or for absence of a substring. Solution, step 1: introduce new assert(), copied almost verbatim from buildah, where it has been successful in addressing the gaps in is(). The logical next step is to search the tests for 'die' and for 'run', looking for negative assertions which we can replace with assert(). There were a lot, and in the process I found a number of ugly bugs in the tests themselves. I've taken the liberty of fixing these. Important note: at this time we have both assert() and is(). Replacing all instances of is() would be impossible to review. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #13943 from cdoern/cloneOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman container clone -f
| * | | | | | podman container clone -fcdoern2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the option -f to force remove the parent container if --destory is specified resolves #13917 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | | Merge pull request #13956 from cevich/fix_git_idOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Cirrus: Fix missing git-enforced runtime identity
| * | | | | | Cirrus: Fix missing git-enforced runtime identityChris Evich2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Newer versions of git (like `2.35`) fail on certain operations (like `rebase` and `am`) without a local identity. Add a fake one from the start, with a clearly identifiable test-value to avoid problems at runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #13958 from cevich/fix_system_criu_relinkOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Workaround criu re-linking output in system test
| * | | | | | Workaround criu re-linking output in system testChris Evich2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When run on an F36 host using netavark/aardvark-dns, for whatever underlying reason most checkpoint/restore tests are emitting an error similar to: `criu: Symbol `__rseq_offset' has different size in shared object, consider re-linking` This extraneous output is causing the basic checkpoint system test to fail. Since, all other testing of checkpoint/restore feature is passing (also with the extraneous message) loosen the system test sensitivity to match. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #13938 from rhatdan/VENDOROpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Vendor
| * | | | | | | vendor in latest containers/(storage,common,image)Daniel J Walsh2022-04-21
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #13963 from flouthoc/revert-entrypoint-compatOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Revert "container,inspect: convert Entrypoint to array instead of a string
| * | | | | | Revert "container,inspect: convert Entrypoint to array instead of a string"Aditya R2022-04-22
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems this breaks older version of `podman-remote` users hence it looks like this patch would be a better candidate for podman `5.0` Problem * Client with `4.0` cannot interact with a server of `4.1` Plan this patch for podman `5.0` This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | Merge pull request #13957 from cevich/fix_remote_netavarkOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix using --network-backend on podman-remote
| * | | | | | Fix using --network-backend on podman-remoteChris Evich2022-04-21
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When this option was added to the e2e tests, there was no CI Automation support for running remote tests w/ netavark. When added, many e2e test errors/failures are generated due to this option not being valid for the remote client. Fix this in the tests by conditionally adding the option if the test is running the remote client. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #13955 from cevich/fix_size_checkOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix size-check to display more context