| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Fix handling of tmpfs-mode for tmpfs creation in compat mode
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The permissions on disk were wrong since we were not converting to
octal.
Fixes: https://github.com/containers/podman/issues/13108
[NO NEW TESTS NEEDED] Since we don't currently test using the docker
client
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Use github.com/vbauerster/mpb/v7 in pkg/machine
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We already use v7 in c/image so podman should use the same version to
prevent duplication.
This saves 170 KB binary size.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |/ /
|/| | |
use gopkg.in/yaml.v2 instead of v3
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many dependencies already import gopkg.in/yaml.v2, podman is the only
user of the v3 version except github.com/stretchr/testify but this is
only a testing dependency so it will not end up in the binary.
This change reduces the podman binary size from 54740 to 54260 KB on my
system.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Set default rule at the head of device configuration
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/docker/distribution-2.8.1incompatible
Bump github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.0+incompatible to 2.8.1+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.0...v2.8.1)
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |/ /
|/| | |
Improve agent install message to add restart instructions
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
|\ \ \
| | | |
| | | | |
machine rm -f stops and removes machine
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If you want to remove a running machine, you can now pass the --force/-f
to podman machine rm and the machine will be stopped and removed without
confirmations.
Fixes: #13448
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] troubleshooting.md: mention "podman unshare chown 0:0 path"
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Mention the command "podman unshare chown 0:0 dir1/a"
that changes file ownership to the regular user's UID and GID on
the host.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Skip flaky pprof tests
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
pprof tests are way too flaky, and are causing problems for
community contributors who don't have privs to press Re-run.
There has been no activity or interest in fixing the bug,
and it's not something I can fix. So, just disable the test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Move secret-verify-leak containerfile into its own Directory
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Secret-verify-leak is causing flakes, when running in parallel tests.
This is because remote secrets are copied into the context directory to
send to the API server, and secret-verify-leak is doing a COPY * and
then checking if the temporary secret file ends up in the container or
not. Since all the temporary files are prefixed with
"podman-build-secret", this test checks if podman-build-secret is in the
image. However, when run in parallel with other tests, other temporary
podman-build-secrets might be in the context dir. Moving
secret-verify-leak into its own directory makes sure that the context
dir is used only by this one test.
Also renamed Dockerfile -> Containerfile and cleaned up unused
Containerfiles.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Inspect network info of a joined network namespace
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes: https://github.com/containers/podman/issues/13150
Signed-off-by: 😎 Mostafa Emami <mustafaemami@gmail.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
MacOS improvements
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | | |
* Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu.
* Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Add ExitCommandDelay configuration use in API exec handler
|
| | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Rover van der Noort <s.r.vandernoort@student.tudelft.nl>
|
|\ \ \
| | | |
| | | | |
[CI:DOCS] troubleshooting.md: Improve language and fix typos
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
[CI:DOCS] DISTRO_PACKAGE.md: List the packaging changes for v4
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED]
Co-authored-by: Ashley Cui <ashleycui16@gmail.com>
Co-authored-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \ \
| |/ / /
|/| | | |
[CI:DOCS] RELEASE_PROCESS.md: cosmetic fix
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Follow up to pr#13416
Insert line breaks to get rid of the horizontal scroll bar.
Resolves: https://github.com/containers/podman/pull/13416#discussion_r818991807
Co-authored-by: Ashley Cui <acui@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
`podman machine rm` removes the mounted socket file on macOS
|
| |/ /
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
|
|\ \ \
| | | |
| | | | |
Move all python tests to pytest
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Throw an error if kube yaml has duplicate ctr names
|
|/ /
| |
| |
| |
| |
| |
| | |
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \
| | |
| | | |
libpod: pods do not use cgroups if --cgroups=disabled
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
do not attempt to use cgroups with pods if the cgroups are disabled.
A similar check is already in place for containers.
Closes: https://github.com/containers/podman/issues/13411
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
RELEASE_PROCESS.md: build artifacts locally
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The current PR process for release bump has the HEAD commit which bumps
version/version.go to the form `release+1-dev`. This makes Cirrus
publish release artifacts with `release+1-dev` and not `release`.
For example, the msi generated at https://cirrus-ci.com/task/5403901196238848
says podman-v4.0.3-dev.msi .
Building locally by checking out the released tag would generate the
correct artifacts and would also be faster and more convenient.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| |/ /
|/| | |
deps: bump to race-free `c/image` and `c/storage` along with test to verify `concurrent/parallel` builds
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Invoking parallel/concurrent builds from podman race against each other
following behviour was fixed in
https://github.com/containers/storage/pull/1153 and https://github.com/containers/image/pull/1480
Test verifies if following bug is fixed in new race-free API or not.
Read more about this issue, see bz 2055487 for more details.
More details here: https://github.com/containers/buildah/pull/3794 and https://github.com/containers/podman/pull/13339
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bump c/image to upstream main/9a9cd9 so podman could use new race-free
code.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |/
| |
| |
| |
| |
| |
| | |
Bump c/storage to main/d06b0f so we podman could use new `race-free`
`AddNames` and `RemoveNames` api
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| |/
|/| |
container: workdir resolution must consider `symlink` if explicitly configured
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While resolving `workdir` we mostly create a `workdir` when `stat`
fails with `ENOENT` or `ErrNotExist` however following cases are not
true when user explicitly specifies a `workdir` while `running` using
`--workdir` which tells `podman` to only use workdir if its exists on
the container. Following configuration is implicity set with other
`run` mechanism like `podman play kube`
Problem with explicit `--workdir` or similar implicit config in `podman play
kube` is that currently podman ignores the fact that workdir can also be
a `symlink` and actual `link` could be valid.
Hence following commit ensures that in such scenarios when a `workdir`
is not found and we cannot create a `workdir` podman must perform a
check to ensure that if `workdir` is a `symlink` and `link` is resolved
successfully and resolved link is present on the container then we
return as it is.
Docker performs a similar behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\
| |
| | |
Use storage that better supports rootless overlayfs
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned
(as of linux 5.16.0, I believe) how to support rootless users. Previously,
rootless users had to use these storage.conf(5) settings:
* storage.driver=vfs (aka STORAGE_DRIVER=vfs), or
* storage.driver=overlay (aka STORAGE_DRIVER=overlay),
storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs
(aka STORAGE_OPTS=/usr/bin/fuse-overlayfs)
Now that a third backend is available, setting only:
* storage.driver=overlay (aka STORAGE_DRIVER=overlay)
https://github.com/containers/podman/issues/13123 reported EXDEV errors
during the normal operation of their container. Tracing it out, the
problem turned out to be that their container was being mounted without
'userxattr'; I don't fully understand why, but mount(8) mentions this is
needed for rootless users:
> userxattr
>
> Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
> This is useful for unprivileged mounting of overlayfs.
https://github.com/containers/storage/pull/1156 found and fixed the issue
in podman, and this just pulls in that via
go get github.com/containers/storage@ebc90ab
go mod vendor
make vendor
Closes https://github.com/containers/podman/issues/13123
Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
|