| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
| |
They should work on all distros.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
podman events --format {{.ID}} was not working since the template was
converted to a range but we only render each event individually.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
| |
Fixes log follow operations since corresponding k8s-file backend was previously dropped
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/15626
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
| |
Fixes #15569.
Signed-off-by: Doug Rabson <dfr@rabson.org>
|
| |
|
|
|
|
|
|
|
| |
The format used for setting the bind-mount-options annotations
in the kube yaml was incorrect and caused k8s to throw an error
when trying to play the generated kube yaml.
Fix the annotation format to match the rules of k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
| |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jason Ertel <jason.ertel@securityonionsolutions.com>
|
| |
|
|
| |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we get a SIGTERM immediately after Conmon starts but before we
record its PID in the database, we end up leaking a Conmon and
associated OCI runtime process. Inhibit shutdown using the logic
we originally wrote to prevent similar issues during container
creation to prevent this problem.
[NO NEW TESTS NEEDED] No real way to test this I can think of.
Fixes #15557
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
| |
Signed-off-by: patrycja-guzik <patrycja.k.guzik@gmail.com>
|
| |
|
| |
Signed-off-by: Stefano Figura <stefano@figura.im>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
if we are running in a container in the root cgroup, Podman tries to
move itself to a sub-cgroup. This could be a problem in a setup where
the cgroups are not writeable, so just log a debug message and
continue, since anyway it is a best-effort operation.
Closes: https://github.com/containers/podman/issues/15498
[NO NEW TESTS NEEDED]
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Don't add the same annotations as the pod yaml to the
service yaml as it is not needed.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Change only the compat API, so we don't force a breaking change
on Libpod API users.
Partial fix for #15485
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
| |
Allow the pkginstaller makefile target to take advantage of Podman's version binary, alleviating the need to manually set Podman's version (and inevitably forgetting to do so). This means the pkginstaller Makefile will automatically detect what version of Podman we're packaging.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
the `podman save` command was failing on windows due to the use of a
colon between the drive letter and first directory. the check was
intended for Linux and not windows.
Fixes #15247
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
| |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add three new capabilities that would otherwise be reported as unknown.
Also add an e2e test making sure that `podman top` knows all
capabilities of the current kernel. I refrained from adding a system
test since this may blow up in gating tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/15251
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
When using remote podman client, not all transports work as expected. So
document this limitation.
Fixes: containers/podman#15141
Signed-off-by: Tomas Volf <tomas.volf@showmax.com>
|
| |
|
|
| |
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
|
| |
|
|
|
|
|
|
| |
the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone.
resolves #15242
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Hoang Thanh VO <111461555+ht-vo@users.noreply.github.com>
|
| |
|
|
| |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |
|
|
|
|
| |
Replace TODO comment with helpful hint for future maintainers.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/15309
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Ignore .DS_Store, a MacOS metadata file created by the OS.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
systemd expects the value of the option to be `no` instead, but this is
already the default behavior. This fixes the following warning when
running `systemctl status` on the unit:
Failed to parse service restart specifier, ignoring: never
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
|
| |\
| |
| |
| |
| | |
openshift-cherrypick-robot/cherry-pick-15516-to-v4.2
[v4.2] Handle an already connected network in libpod API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Compat: Treat already attached networks as a no-op
Applies only to containers in created state. Maintain error in running state.
Co-authored-by: Alessandro Rossi <al.rossi87@gmail.com>
Co-authored-by: Brent Baude <bbaude@redhat.com>
Co-authored-by: Jason T. Greene <jason.greene@redhat.com>
Signed-off-by: Alessandro Rossi <al.rossi87@gmail.com>
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| |/
|/| |
[v4.2] [CI:DOCS] Cirrus: Update meta task for EC2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Copied from: https://github.com/containers/aardvark-dns/pull/207
Fixes: #15502
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| | |
| | | |
podman image trust overhaul, incl. sigstore
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The apiv2 test hardcoded the tag of the alpine image.
Remove it to unblock CI.
Fixes: #15388
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We are unmarshaling and re-marshaling JSON, which can _silently_ drop data
with the Go design decision.data.
Try harder, by using json.RawMessage at least for the data we care about.
Alternatively, this could use json.Decoder.DisallowUnknownFields.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... to go from top to bottom.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sigstoreSigned does not have GPG IDs, so we add N/A in that column.
NOTE: this does not show the use-sigstore-attachments value from
registries.d.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
requirements
Currently
- the output uses the first entry's type, even if the requirements are different
(notably signedBy + sigstoreSIgned)
- all public keys IDs are collected to a single line, even if some of them
are interchangeable, and some are required (e.g. two signedBy requirements
could require an image to be signed by (redhatProd OR redhatBeta) AND (vendor1 OR vendor2)
So, stop collapsing the requirements, and return a separate entry for each one. Multiple
GPG IDs on a single line used to mean AND or OR, now they always mean AND.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do the registries.d lookup once, separately from building
an entry, so that we can share it across entries.
Also prepare a separate res to allow adding multiple entries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
... instead of taking a shortcut, e.g. not listing any keys if they are required.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Just so that we don't have a boolean-named function returning a struct.
Also reorder the parameters to have the container first, and the lookup
key second.
Shoud not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that it is the primary return value of a small function,
the long name only makes reading harder.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will evetually allow us to use it for the default scope
as well, which currently uses a simplified version.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add at least a basic unit test for the various entry types.
So that we don't have to actually deal with GPG keys and /usr/bin/gpg*,
parametrize the code with a gpgIDReader , and pass a fake one
in the unit test.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
