aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| * | | Add support for --userns=nomapDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From a security point of view, it would be nice to be able to map a rootless usernamespace that does not use your own UID within the container. This would add protection against a hostile process escapping the container and reading content in your homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #13972 from Luap99/staticcheckOpenShift Merge Robot2022-04-22
|\ \ \ \ | |_|_|/ |/| | | enable staticcheck linter
| * | | silence deprecated warnings for manifest functionsPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no reason to mark them directly as deprecated since we still have to use them as long as we want to support 3.X calls. The staticcheck linter is complaining about the Deprecated comment but that doesn't make sense in this context. There is no good way to only exclude a single check with golangci-lint. I renamed the function with a V3 suffix to make clear that we only use this for backwards compat. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | enable staticcheck linterPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix many problems reported by the staticcheck linter, including many real bugs! Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | move golang.org/x/crypto/ssh/terminal to golang.org/x/termPaul Holzinger2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | golang.org/x/crypto/ssh/terminal is deprecated. The package was moved to golang.org/x/term. golang.org/x/crypto/ssh/terminal was already just calling golang.org/x/term itslef so there are no functional changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #13969 from flouthoc/mount-csv-parsingOpenShift Merge Robot2022-04-22
|\ \ \ \ | | | | | | | | | | specgen-volumes: parse `--mount` using csv-reader instead of split.
| * | | | specgen-volumes: parse --mount using csv-reader instead of split by commaAditya R2022-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following commit ensures that csv escaping is supported while using inline `--mount=type=......` flag with `podman run` by using `encoding/csv` to parse options instead of performing a `split.String(` by `comma`. Closes: https://github.com/containers/podman/issues/13922 Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | Merge pull request #13964 from rhatdan/rootfullOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | |_|_|_|/ |/| | | | Switch all rootful to rootfull
| * | | | Switch all rootful to rootfullDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are inconsistent on the name, we should stick with rootfull. [NO NEW TESTS NEEDED] Existing tests should handle this and no tests for machines exists yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13971 from rhatdan/codespellOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | | | | | | | | | | | | [CI:DOCS] Run codespell on code
| * | | | | Run codespell on codeDaniel J Walsh2022-04-22
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #13935 from edsantiago/bats_assertOpenShift Merge Robot2022-04-22
|\ \ \ \ \ | | | | | | | | | | | | system tests: add assert(), and start using it
| * | | | | system tests: add assert(), and start using itEd Santiago2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: the system test 'is()' checker was poorly thought out. For example, there is no way to check for inequality or for absence of a substring. Solution, step 1: introduce new assert(), copied almost verbatim from buildah, where it has been successful in addressing the gaps in is(). The logical next step is to search the tests for 'die' and for 'run', looking for negative assertions which we can replace with assert(). There were a lot, and in the process I found a number of ugly bugs in the tests themselves. I've taken the liberty of fixing these. Important note: at this time we have both assert() and is(). Replacing all instances of is() would be impossible to review. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | | Merge pull request #13943 from cdoern/cloneOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | podman container clone -f
| * | | | | | podman container clone -fcdoern2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the option -f to force remove the parent container if --destory is specified resolves #13917 Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | | | | | Merge pull request #13956 from cevich/fix_git_idOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Cirrus: Fix missing git-enforced runtime identity
| * | | | | | Cirrus: Fix missing git-enforced runtime identityChris Evich2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Newer versions of git (like `2.35`) fail on certain operations (like `rebase` and `am`) without a local identity. Add a fake one from the start, with a clearly identifiable test-value to avoid problems at runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #13958 from cevich/fix_system_criu_relinkOpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | |_|_|_|_|/ / |/| | | | | | Workaround criu re-linking output in system test
| * | | | | | Workaround criu re-linking output in system testChris Evich2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When run on an F36 host using netavark/aardvark-dns, for whatever underlying reason most checkpoint/restore tests are emitting an error similar to: `criu: Symbol `__rseq_offset' has different size in shared object, consider re-linking` This extraneous output is causing the basic checkpoint system test to fail. Since, all other testing of checkpoint/restore feature is passing (also with the extraneous message) loosen the system test sensitivity to match. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | | Merge pull request #13938 from rhatdan/VENDOROpenShift Merge Robot2022-04-22
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Vendor
| * | | | | | | vendor in latest containers/(storage,common,image)Daniel J Walsh2022-04-21
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #13963 from flouthoc/revert-entrypoint-compatOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Revert "container,inspect: convert Entrypoint to array instead of a string
| * | | | | | Revert "container,inspect: convert Entrypoint to array instead of a string"Aditya R2022-04-22
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems this breaks older version of `podman-remote` users hence it looks like this patch would be a better candidate for podman `5.0` Problem * Client with `4.0` cannot interact with a server of `4.1` Plan this patch for podman `5.0` This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0. Signed-off-by: Aditya R <arajan@redhat.com>
* | | | | | Merge pull request #13957 from cevich/fix_remote_netavarkOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix using --network-backend on podman-remote
| * | | | | | Fix using --network-backend on podman-remoteChris Evich2022-04-21
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When this option was added to the e2e tests, there was no CI Automation support for running remote tests w/ netavark. When added, many e2e test errors/failures are generated due to this option not being valid for the remote client. Fix this in the tests by conditionally adding the option if the test is running the remote client. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #13955 from cevich/fix_size_checkOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix size-check to display more context
| * | | | | | Fix size-check to display more contextChris Evich2022-04-21
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the rebase+build loop, the repository state won't match the exact branch or PR history. This results in the `Building: XYZSHA` indications being entirely useless. Fix this by at least including the title line of the commit being built. This will allow a human to make sense of any size-check failure WRT their view of history. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #13960 from cevich/fix_upgradeOpenShift Merge Robot2022-04-21
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Fix upgrade tests assuming storage.conf exists
| * | | | | Fix upgrade tests assuming storage.conf existsChris Evich2022-04-21
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On F36 / podman 4, at the time of this commit there is no `/etc/containers/storage.conf` installed by default. Since the test volume-mounts this file into the container, it was failing. Fix this by using a conditional volume-mount based on the file existing (or not). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | Merge pull request #13936 from edsantiago/can_you_believe_ed_wants_to_skip_testsOpenShift Merge Robot2022-04-21
|\ \ \ \ \ | |_|/ / / |/| | | | Optimization: skip tests in some circumstances
| * | | | Optimization: skip tests in some circumstancesEd Santiago2022-04-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A common pattern is to submit PRs that update only tests or docs. When the only changes are to test/e2e, there is no point in running test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally, and similarly for a bunch of other tests (alt, cross, apiv2, ...) And when the only changes are under docs/ , there is no point in running any of the above. Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #13954 from mheon/update_release_notesOpenShift Merge Robot2022-04-21
|\ \ \ \ | |/ / / |/| | | [CI:DOCS] Update release notes for v4.0.3 and v3.4.7
| * | | Update release notes for v4.0.3 and v3.4.7Matthew Heon2022-04-21
|/ / / | | | | | | | | | | | | | | | | | | | | | Also update README and ensure we point to v4.0.3 as the latest release, instead of v3.4.7 (which is newer chronologically but not by actual version). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #13505 from rst0git/checkpoint-image-1OpenShift Merge Robot2022-04-21
|\ \ \ | | | | | | | | Add support for checkpoint image
| * | | Add checkpoint image testsRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The patch introduces the following test cases: 1. An attempt to checkpoint a container that does not exist should fail. 2. Checkpoint of a running container with --create-image should create a checkpoint image. 3. A single checkpoint image can be used to restore multiple containers, each with a different name. 4. Restoring multiple containers from checkpoint images with a single restore command. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
| * | | Add support for checkpoint imageRadostin Stoyanov2022-04-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an enhancement proposal for the checkpoint / restore feature of Podman that enables container migration across multiple systems with standard image distribution infrastructure. A new option `--create-image <image>` has been added to the `podman container checkpoint` command. This option tells Podman to create a container image. This is a standard image with a single layer, tar archive, that that contains all checkpoint files. This is similar to the current approach with checkpoint `--export`/`--import`. This image can be pushed to a container registry and pulled on a different system. It can also be exported locally with `podman image save` and inspected with `podman inspect`. Inspecting the image would display additional information about the host and the versions of Podman, criu, crun/runc, kernel, etc. `podman container restore` has also been extended to support image name or ID as input. Suggested-by: Adrian Reber <areber@redhat.com> Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
| * | | Update github.com/checkpoint-restore/checkpointctlRadostin Stoyanov2022-04-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | The changes in this commit have been generated with the following commands: go get github.com/checkpoint-restore/checkpointctl make vendor Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | | Merge pull request #13937 from edsantiago/buildah_vendor_treadmill_scriptOpenShift Merge Robot2022-04-21
|\ \ \ | | | | | | | | Buildah Vendor Treadmill: the script
| * | | Buildah Vendor Treadmill: the scriptEd Santiago2022-04-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the script I've been using (and tweaking) for the past two weeks. It's ready for general review and use, with the proviso that there are still corner cases I haven't tested. See https://github.com/containers/podman/wiki/Buildah-Vendor-Treadmill for an overview and instructions. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #13949 from ↵OpenShift Merge Robot2022-04-21
|\ \ \ | | | | | | | | | | | | | | | | containers/dependabot/go_modules/github.com/fsnotify/fsnotify-1.5.2 Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.2
| * | | Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.2dependabot[bot]2022-04-21
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.5.1...v1.5.2) --- updated-dependencies: - dependency-name: github.com/fsnotify/fsnotify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | Merge pull request #13950 from Luap99/systemd-activationOpenShift Merge Robot2022-04-21
|\ \ \ | | | | | | | | systemd socket activation: check listener
| * | | systemd socker activation: check listenerPaul Holzinger2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | activation.Listeners() can return an net.Listener array which contains nil entries if it cannot listen on the given fds. This can cause podman to panic so we should check the we have non nil net.Listener first. [NO NEW TESTS NEEDED] No idea how to reproduce this. Fixes #13911 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | | system service: remove unnecessary pointer to listnerPaul Holzinger2022-04-21
| |/ / | | | | | | | | | | | | | | | | | | Since the listener is already an interface there is no reason to use a extra pointer for it. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #13945 from vrothberg/vendor-commonOpenShift Merge Robot2022-04-21
|\ \ \ | | | | | | | | vendor c/common
| * | | vendor c/commonValentin Rothberg2022-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the recent events-log changes to fix the build error. [NO NEW TESTS NEEDED] since there's no functional change. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | | Merge pull request #13952 from vrothberg/fix-13864OpenShift Merge Robot2022-04-21
|\ \ \ \ | |_|/ / |/| | | [CI:DOCS] podman build --pull=*missing*
| * | | [CI:DOCS] podman build --pull=*missing*Valentin Rothberg2022-04-21
|/ / / | | | | | | | | | | | | | | | | | | Document the *missing* pull policy in `podman build`. Fixes: #13864 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #13934 from cevich/fix_debugOpenShift Merge Robot2022-04-20
|\ \ \ | |_|/ |/| | Fix e2e tests referencing generic env. var.
| * | Fix e2e tests referencing generic env. var.Chris Evich2022-04-20
|/ / | | | | | | | | | | | | | | | | | | | | Use of `$DEBUG` is highly likely to clash. Fortunately this one is in a very specific/special context, so a rename fix should be perfectly adequate. See also https://github.com/containers/automation/pull/96 and https://github.com/containers/podman/issues/13932 Signed-off-by: Chris Evich <cevich@redhat.com>