| Commit message (Collapse) | Author | Age |
... | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
enable staticcheck linter
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
There is no reason to mark them directly as deprecated since we still
have to use them as long as we want to support 3.X calls. The
staticcheck linter is complaining about the Deprecated comment but that
doesn't make sense in this context. There is no good way to only exclude
a single check with golangci-lint.
I renamed the function with a V3 suffix to make clear that we only use
this for backwards compat.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix many problems reported by the staticcheck linter, including many
real bugs!
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
golang.org/x/crypto/ssh/terminal is deprecated. The package was moved to
golang.org/x/term. golang.org/x/crypto/ssh/terminal was already just
calling golang.org/x/term itslef so there are no functional changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
specgen-volumes: parse `--mount` using csv-reader instead of split.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Following commit ensures that csv escaping is supported while using
inline `--mount=type=......` flag with `podman run` by using
`encoding/csv` to parse options instead of performing a `split.String(`
by `comma`.
Closes: https://github.com/containers/podman/issues/13922
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Switch all rootful to rootfull
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[CI:DOCS] Run codespell on code
|
| | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| | | | | |
| | | | | | |
system tests: add assert(), and start using it
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Problem: the system test 'is()' checker was poorly thought out.
For example, there is no way to check for inequality or for
absence of a substring.
Solution, step 1: introduce new assert(), copied almost verbatim
from buildah, where it has been successful in addressing the
gaps in is().
The logical next step is to search the tests for 'die' and
for 'run', looking for negative assertions which we can
replace with assert(). There were a lot, and in the process
I found a number of ugly bugs in the tests themselves. I've
taken the liberty of fixing these.
Important note: at this time we have both assert() and is().
Replacing all instances of is() would be impossible to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
podman container clone -f
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
add the option -f to force remove the parent container if --destory is specified
resolves #13917
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
Cirrus: Fix missing git-enforced runtime identity
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Newer versions of git (like `2.35`) fail on certain operations (like
`rebase` and `am`) without a local identity. Add a fake one from the
start, with a clearly identifiable test-value to avoid problems at
runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \ \
| |_|_|_|_|/ /
|/| | | | | | |
Workaround criu re-linking output in system test
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When run on an F36 host using netavark/aardvark-dns, for whatever
underlying reason most checkpoint/restore tests are emitting an error
similar to:
`criu: Symbol `__rseq_offset' has different size in shared object,
consider re-linking`
This extraneous output is causing the basic checkpoint system test to
fail. Since, all other testing of checkpoint/restore feature is
passing (also with the extraneous message) loosen the system test
sensitivity to match.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Vendor
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
Revert "container,inspect: convert Entrypoint to array instead of a string
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It seems this breaks older version of `podman-remote` users hence it
looks like this patch would be a better candidate for podman `5.0`
Problem
* Client with `4.0` cannot interact with a server of `4.1`
Plan this patch for podman `5.0`
This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix using --network-backend on podman-remote
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When this option was added to the e2e tests, there was no CI Automation
support for running remote tests w/ netavark. When added, many
e2e test errors/failures are generated due to this option not being
valid for the remote client. Fix this in the tests by conditionally
adding the option if the test is running the remote client.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix size-check to display more context
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When going through the rebase+build loop, the repository state won't
match the exact branch or PR history. This results in the `Building:
XYZSHA` indications being entirely useless. Fix this by at least
including the title line of the commit being built. This will allow a
human to make sense of any size-check failure WRT their view of history.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | | |
Fix upgrade tests assuming storage.conf exists
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On F36 / podman 4, at the time of this commit there is no
`/etc/containers/storage.conf` installed by default. Since the
test volume-mounts this file into the container, it was failing. Fix
this by using a conditional volume-mount based on the file existing (or
not).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
Optimization: skip tests in some circumstances
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A common pattern is to submit PRs that update only tests or docs.
When the only changes are to test/e2e, there is no point in running
test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally,
and similarly for a bunch of other tests (alt, cross, apiv2, ...)
And when the only changes are under docs/ , there is no point in
running any of the above.
Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
[CI:DOCS] Update release notes for v4.0.3 and v3.4.7
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also update README and ensure we point to v4.0.3 as the latest
release, instead of v3.4.7 (which is newer chronologically but
not by actual version).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| | | |
| | | | |
Add support for checkpoint image
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The patch introduces the following test cases:
1. An attempt to checkpoint a container that does not exist should fail.
2. Checkpoint of a running container with --create-image should create a
checkpoint image.
3. A single checkpoint image can be used to restore multiple containers,
each with a different name.
4. Restoring multiple containers from checkpoint images with a single
restore command.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is an enhancement proposal for the checkpoint / restore feature of
Podman that enables container migration across multiple systems with
standard image distribution infrastructure.
A new option `--create-image <image>` has been added to the
`podman container checkpoint` command. This option tells Podman to
create a container image. This is a standard image with a single layer,
tar archive, that that contains all checkpoint files. This is similar to
the current approach with checkpoint `--export`/`--import`.
This image can be pushed to a container registry and pulled on a
different system. It can also be exported locally with `podman image
save` and inspected with `podman inspect`. Inspecting the image would
display additional information about the host and the versions of
Podman, criu, crun/runc, kernel, etc.
`podman container restore` has also been extended to support image
name or ID as input.
Suggested-by: Adrian Reber <areber@redhat.com>
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The changes in this commit have been generated with the following
commands:
go get github.com/checkpoint-restore/checkpointctl
make vendor
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
|\ \ \
| | | |
| | | | |
Buildah Vendor Treadmill: the script
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the script I've been using (and tweaking) for the past
two weeks. It's ready for general review and use, with the
proviso that there are still corner cases I haven't tested.
See https://github.com/containers/podman/wiki/Buildah-Vendor-Treadmill
for an overview and instructions.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
containers/dependabot/go_modules/github.com/fsnotify/fsnotify-1.5.2
Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.2
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.1...v1.5.2)
---
updated-dependencies:
- dependency-name: github.com/fsnotify/fsnotify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| | | |
| | | | |
systemd socket activation: check listener
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
activation.Listeners() can return an net.Listener array which contains
nil entries if it cannot listen on the given fds. This can cause podman
to panic so we should check the we have non nil net.Listener first.
[NO NEW TESTS NEEDED] No idea how to reproduce this.
Fixes #13911
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Since the listener is already an interface there is no reason to use a
extra pointer for it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor c/common
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update the recent events-log changes to fix the build error.
[NO NEW TESTS NEEDED] since there's no functional change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
[CI:DOCS] podman build --pull=*missing*
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
Document the *missing* pull policy in `podman build`.
Fixes: #13864
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Fix e2e tests referencing generic env. var.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use of `$DEBUG` is highly likely to clash. Fortunately this one is in
a very specific/special context, so a rename fix should be perfectly
adequate.
See also https://github.com/containers/automation/pull/96
and https://github.com/containers/podman/issues/13932
Signed-off-by: Chris Evich <cevich@redhat.com>
|