| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
use the cgroup.controllers file instead of cgroup.subtree_control to
read the list of controllers available in the current cgroup.
Closes: https://github.com/containers/podman/issues/11931
[NO TESTS NEEDED] we have disabled this test in the CI because it is
difficult to know what controllers are going to be enabled for
rootless under all conditions we test.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Environment variables whose value contained an equal sign where
truncated
Fixes #11891
Signed-off-by: Jhon Honce <jhonce@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Podman stats is not supported for rootless cgroupv1 setups. The check
for this must be on the server side and not the client.
[NO NEW TESTS NEEDED] we cannot test this because remote and server are
always on the same machine in CI
Fixes #11909
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
| |
This fixes the autodetection of where to install the manpages
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The backend for `ps --sync` has been nonfunctional for a long
while now - probably since v2.0. It's questionable how useful the
flag is in modern Podman (the original case it was intended to
catch, Conmon gone via SIGKILL, should be handled now via pinging
the process with a signal to ensure it's still alive) but having
the ability to force a refresh of container state from the OCI
runtime is still useful.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a race where `conn.Close()` was called before `conn.CloseWrite()`.
In this case `CloseWrite` will fail and an useless error is printed. To
fix this we move the the `CloseWrite()` call to the same goroutine to
remove the race. This ensures that `CloseWrite()` is called before
`Close()` and never afterwards.
Also fixed podman-remote run where the STDIN was never was closed.
This is causing flakes in CI testing.
[NO TESTS NEEDED]
Fixes #11856
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
| |
Existing images.Build() bindings code panicked when field was not
initialized.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Try to cleanup dandling pid and machine socket if possible silently
before `rm`.
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Users can set --pids-limit to -1 now to set unlimited
pids limit for a container - this matches the convention.
[NO TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using play kube and generate kube, we need to support if bind
mounts have selinux options. As kubernetes does not support selinux in
this way, we tuck the selinux values into a pod annotation for
generation of the kube yaml. Then on play, we check annotations to see
if a value for the mount exists and apply it.
Fixes BZ #1984081
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
|
| |
|
|
|
|
|
| |
Remind user to check their remote linux connection or use podman
machine. Move the warning from bindings to cmd/podman.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Following commit ensures we silently return container id on `stop` if
container was never created in OCI runtime.
Following behaviour ensures that we are in parity with docker.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
| |
Use EvalSymlinks() to find the context directory, in case there's
shenanigans.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The go logic already prevents podman from joining the userns for machine
commands but the c shortcut code did not.
[NO TESTS NEEDED]
Fixes #11731
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
| |
Signed-off-by: Sankalp Rangare <sankalprangare786@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
If the command came from the underlying image, then we should
not include it in the generate yaml file.
Fixes: https://github.com/containers/podman/issues/11672
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |
|
|
|
|
|
|
| |
When performing an image build with play kube, we need to set the
context directory so things like file copies have the correct input
path.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce the removal of signatures in `podman save` to restore behavior
prior to the migration to libimage. We may consider improving on that
in the future. For details, please refer to the excellent summary by
@mtrmac [1].
[NO TESTS NEEDED] - manually verified but exisiting tests need some
further investigation (see [1]).
[1] https://github.com/containers/podman/pull/11669#issuecomment-925250264
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Release 3.4.0-rc2 (inc. backports)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently we add the default PATH, TERM and container from Podman
to every kubernetes.yaml file. These values should not be recorded
in the yaml files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There's a potential race around extremely short-running
containers and events with journald. Events may not be written
for some time (small, but appreciable) after they are received,
and as such we can fail to retrieve it if there is a sufficiently
short time between us writing the event and trying to read it.
Work around this by just retrying, with a 0.25 second delay
between retries, up to 4 times.
[NO TESTS NEEDED] because I have no idea how to reproduce this
race in CI.
Fixes #11633
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At this point and even though we are always improving the play and
generate kube functions, I would say it no longers needs to be denoted
as under development.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Docker adds the `sha256:` prefix to the image ID, so our compat endpoint
has to do this as well.
Fixes #11623
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug when remotely untagging an image via tag@digest.
The digest has been lost in the remote client and hence led
to a wrong behaviour on the server.
Fixes: #11557
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When no name is given for podman container runlabel it will default to
the image base name. However this can contain a tag. Since podman does
not accept container names with a colon the run command will fail if it
contains something like `podman run --name NAME ...`.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2004263
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |/
|
|
|
|
|
| |
Make sure setting machine image to `testing` pulls down the testing
stream, and not the next stream
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\
| |
| | |
[3.4] runtime: move pause process to scope
|
| | |
| |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 72534a74b3c2ff35ae1711a890406a6bce5fa44f)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
when running on a systemd with systemd, always try to move the pause
process to its own scope.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 9c1e27fdd536f6026efe3da4360755a3e9135ca8)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
we already know the path to the pause PID file, no need to calculate
it again.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit fa9728c5509f1ef3bb1c80055e89b910d9740efd)
|
| |/
|
|
|
|
|
|
|
|
|
| |
Finalizes the linked BZ to fix passing down custom authfiles during auto
updates. Also fixes the if-newer pull policy.
[NO TESTS NEEDED] for now validated manually. A new system test will be
added to the main branch shortly.
BZ: bugzilla.redhat.com/show_bug.cgi?id=2000943
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The builder can take a list of platforms in the Platforms field of its
BuildOptions argument, and we should definitely take advantage of that.
The `bud-multiple-platform-values` test from buildah exercises support
for this, so
[NO TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
| |
When `?all=garbage` is passed to an API endpoint schema validation fails
and err is nil. Wrapf uses err to create an error message causing a nil
pointer dereference.
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
| |
|
|
| |
Signed-off-by: Jelle van der Waa <jvanderwaa@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Follow https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source
for leading comment
* Add godoc strings for all exposed methods for IDE support
* Copy field godoc strings into generated code as function godoc string
* Remove unused/unnecessary fields from generator.go structures
* Cleanup code regarding template usage
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When we restart a container via podman restart or restart policy the
rootlessport process fails with `address already in use` because the
socketfile still exists.
This is a regression and was introduced in commit abdedc31a25e.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
Closes #11531
[NO TESTS NEEDED]
Signed-off-by: Hyeon Kim <simnalamburt@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jason Greene <jason.greene@redhat.com>
|
| |
|
|
|
|
|
| |
When using the defaut conection for podman machine ssh, use the default
username too.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that aarch64 fcos is an official thing, we no longer need to use the side repo (for lack of a better word). We can now use the same image lookup technique as x86_64. I removed the special lookup, moved the x86_64 lookup to generic arch, and removed the arch specific files that we no longer needed.
[NO TESTS NEEDED]
Signed-off-by: baude <baude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 21f396de6f5024abbf6edd2ca63edcb1525eefcc.
Changing the log endpoint is a breaking change we should not do in 3.4.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
`setConsoleMode` should do nothing if the handle is not a terminal. The proposed change is [exactly what `golang.org/x/term/IsTerminal()` does on Windows](https://cs.opensource.google/go/x/term/+/6886f2df:term_windows.go).
[NO TESTS NEEDED]
Signed-off-by: Anton Tykhyy <atykhyy@gmail.com>
|
| |\
| |
| | |
Refactor API server emphasis on logging
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* To aid in debugging log API request and response bodies at trace
level. Events can be correlated using the X-Reference-Id.
* Server now echos X-Reference-Id from client if set, otherwise
generates an unique id.
* Move logic for X-Reference-Id into middleware
* Change uses of Header.Add() to Set() when setting Content-Type
* Log API operations in Apache format using gorilla middleware
* Port server code to use BaseContext and ConnContext
Fixes #10053
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
Stop outputting 'healthy' on healthcheck
|
