| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Thibault Gagnaux <tgagnaux@gmail.com>
|
| |
|
|
|
|
|
| |
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
do not attempt to use cgroups with pods if the cgroups are disabled.
A similar check is already in place for containers.
Closes: https://github.com/containers/podman/issues/13411
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While resolving `workdir` we mostly create a `workdir` when `stat`
fails with `ENOENT` or `ErrNotExist` however following cases are not
true when user explicitly specifies a `workdir` while `running` using
`--workdir` which tells `podman` to only use workdir if its exists on
the container. Following configuration is implicity set with other
`run` mechanism like `podman play kube`
Problem with explicit `--workdir` or similar implicit config in `podman play
kube` is that currently podman ignores the fact that workdir can also be
a `symlink` and actual `link` could be valid.
Hence following commit ensures that in such scenarios when a `workdir`
is not found and we cannot create a `workdir` podman must perform a
check to ensure that if `workdir` is a `symlink` and `link` is resolved
successfully and resolved link is present on the container then we
return as it is.
Docker performs a similar behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\
| |
| | |
[4.0] do not set the inheritable capabilities
|
| | |
| |
| |
| |
| |
| |
| | |
aafa80918a245edcbdaceb1191d749570f1872d0 introduced the regression.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 640c2d53a88f46e997d4e5a594cfc85a57e74d36)
|
| |/
|
|
|
|
|
|
|
|
| |
The kernel never sets the inheritable capabilities for a process, they
are only set by userspace. Emulate the same behavior.
Closes: CVE-2022-27649
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit aafa80918a245edcbdaceb1191d749570f1872d0)
|
| |\
| |
| | |
[v4.0] Add Windows installer support for upgrades
|
| | |
| |
| |
| |
| |
| | |
Fixes duplicate installer entries after multiple installs
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| | |
| | | |
[v4.0] vendor c/common@v0.47.5
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.
Backport of commit 57cdc21b0057.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
[v4.0 backport] bump to race-free `c/image` and `c/storage` along with test to verify `concurrent/parallel` builds
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Invoking parallel/concurrent builds from podman race against each other
following behviour was fixed in
containers/storage#1153 and containers/image#1480
Test verifies if following bug is fixed in new race-free API or not.
Read more about this issue, see bz 2055487 for more details.
Test manually backported from: containers@63f92d0
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bump c/image to upstream v5.19.2 so podman could use new race-free
code.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| | |
Bump c/storage to v1.38.3 so podman could use new `race-free`
`AddNames` and `RemoveNames` api
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \
| |/
|/| |
Bump github.com/prometheus/client_golang to v1.11.1
|
| |/
|
|
|
|
| |
Resolves: CVE-2022-21698
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
[v4.0] Backport handling of incompatible machines
|
| | |
| |
| |
| |
| |
| | |
Start in a reduced mode for recovery, warn, and provide instructions to recreate them
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you want to remove a running machine, you can now pass the --force/-f
to podman machine rm and the machine will be stopped and removed without
confirmations.
Fixes: #13448
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |/
|
|
|
|
|
|
| |
* Enable support of virtfs in Podman and darwin. At the time of this writing, it requires a special patch not yet included in upstream qemu.
* Prefer to use a specially built qemu to support virtfs. The qemu is installed under libexec/podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
[v4.0] Backport: Fix windows win-sshproxy build
|
| |/
|
|
|
|
|
|
|
| |
Github no longer supports the unauthenticated git protocol, so switch
to using https instead.
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\
| |
| | |
[v4.0] Backport Set default rule at the head of dev config
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backports: #13421 Set default rule at the head of device configuration
by @hshiina
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
This has been requested to backport and to include in RHEL 8.6 and 9.0.
The exception process is underway.
Addresses these BZs for the backport:
https://bugzilla.redhat.com/show_bug.cgi?id=2059296
https://bugzilla.redhat.com/show_bug.cgi?id=2062835
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
|
| |\
| |
| | |
Release v4.0.2
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |/
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\
| |
| | |
V4reverts
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit fc5cf812c81a10f8a021aae11df5f12ab2a6f6f6.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/
|
|
|
|
| |
This reverts commit ca980c2e024bd33f4be3a33bb1dbb22c86bfe072.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| |
| |
| | |
Romain-Geissler-1A/backport-connection-implies-remote
Option --url and --connection should imply --remote.
|
| |/
|
|
|
|
| |
Closes #13242
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
|
| |\
| |
| | |
Bump to v4.0.1
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We could remove the container running the volume plugins, before
the containers using the volume plugins; this could cause
unmounting the volumes to fail because the plugin could not be
contacted.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The CONTAINERS_CONF environment variable can be used to override the
configuration file, which is useful for testing. However, at the moment
this variable is not propagated to conmon. That means in particular, that
conmon can't propagate it back to podman when invoking its --exit-command.
The mismatch in configuration between the starting and cleaning up podman
instances can cause a variety of errors.
This patch also adds two related test cases. One checks explicitly that
the correct CONTAINERS_CONF value appears in conmon's environment. The
other checks for a possible specific impact of this bug: if we use a
nonstandard name for the runtime (even if its path is just a regular crun),
then the podman container cleanup invoked at container exit will fail.
That has the effect of meaning that a container started with -d --rm won't
be correctly removed once complete.
Fixes #12917
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This comment refers to overiding $PODMAN although the code below does
nothing of the sort. Presumbly the comment has been outdated by altering
the containers.conf / $CONTAINERS_CONF instead.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We're running into problems that are impossible to diagnose
because we have no idea if the SUT is using netavark or CNI.
We've previously run into similar problems with runc/crun,
or cgroups 1/2.
This adds a one-line 'echo' with important system info. Now,
when viewing a full test log, it will be possible to view
system settings in one glance.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a extra `See 'podman command --help'` to the error output.
With this patch you now get:
```
$ podman run -h
Error: flag needs an argument: 'h' in -h
See 'podman run --help'
```
Fixes #13082
Fixes #13002
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
To prevent duplication and potential bugs we should use the same
GetRuntimeDir function that is used in c/common.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
`podman play kube` tries to build images even if `--build` is set to
false so lets honor that and make `--build` , `true` by default so it
matches the original behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
When a test which creates a network fail it will not remove the network.
The teardown logic should remove the networks. Since there is no --all
option for network rm we use network prune --force.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This primarily served to protect us against shutting down the
Libpod runtime while operations (like creating a container) were
happening. However, it was very inconsistently implemented (a lot
of our longer-lived functions, like pulling images, just didn't
implement it at all...) and I'm not sure how much we really care
about this very-specific error case?
Removing it also removes a lot of potential deadlocks, which is
nice.
[NO NEW TESTS NEEDED]
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When removing a container created with a --volumes-from a container
created with a built in volume, we complain if the original container
still exists. Since this is an expected state, we should not complain
about it.
Fixes: https://github.com/containers/podman/issues/12808
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
