| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
do not force a value of OOMScoreAdj=0 if it is wasn't specified by the
user.
Closes: https://github.com/containers/podman/issues/13731
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes #13756.
All the mechanics to create anonymous volumes is already present, but
there's still a validation preventing that path from being taken. We
remove the validation, which allows the volume to be created
successfully.
Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
|
|\ \ \
| | | |
| | | | |
Add build test for .containerignore tar file
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Ensure a directory added to .containerignore on client is not included
in tar sent to remote podman API service
* Clean up podman invocations to not include duplicate --remote and
--url flags
* Use pkill vs. pgrep when cleaning up podman API service in tests
* Add exit code when logging error when testing
Closes #13535
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
fix pod volume passing and alter infra inheritance
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the infra Inherit function was not properly passing pod volume information to new containers
alter the inherit function and struct to use the new `ConfigToSpec` function used in clone
pick and choose the proper entities from a temp spec and validate them on the spegen side rather
than passing directly to a config
resolves #13548
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--cap-add is useful when running a privileged container with UID != 0,
so that individual capabilities can be added to the container process.
Closes: https://github.com/containers/podman/issues/13449
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you run podman-remote unsahre for example you currently get:
Error: unrecognized command `podman-remote unshare`
This is because we do not add the command to the cobra tree when we run
in remote mode. However this is a bad user experience since it is not
clear that the command is only supported for local podman. Users are
left wondering why this does not work and could think the documentation
is wrong.
To fix it we add a clear error message:
Error: cannot use command "podman-remote unshare" with the remote podman client
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
`podman play kube` creates a new volume for configmap, if same configmap
is applied again volume can be re-used, there is no need to remove and
re-create the volume again
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/
|
|
| |
Signed-off-by: John Matthews <jwmatthews@gmail.com>
|
|
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/13324
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Fixes errors from 'manifest push' being dropped in remote case
|
| |
| |
| |
| | |
Signed-off-by: John Matthews <jwmatthews@gmail.com>
|
|\ \
| | |
| | | |
libpod, event: generate a valid event on container `rename` operation
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Following commit ensures that podman generates a valid event on `podman
container rename` where event specifies that it is a rename event and
container name swtichted to the latest name.
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
WalkDir should be faster the Walk, since we often do
not need to stat files.
[NO NEW TESTS NEEDED] Existing tests should find errors.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Resolves #13629 Add RegistryAuthHeader to manifest push
|
| |
| |
| |
| | |
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
|
|\ \
| | |
| | | |
Remove error stutter
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When podman gets an error it prints out "Error: " before
printing the error string. If the error message starts with
error, we end up with
Error: error ...
This PR Removes all of these stutters.
logrus.Error() also prints out that this is an error, so no need for the
error stutter.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ /
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| | |
aafa80918a245edcbdaceb1191d749570f1872d0 introduced the regression.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
Add Context Directory to tar
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman build fails on remote build when using a relative context directory.
This is because the context dir was not being added to the tar, so when remote
the compat build function would not be able to stat the contextDir.
resolves #13293
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
|\ \ \
| | | |
| | | | |
container: allow clone to an existing pod
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
Closes: https://github.com/containers/podman/issues/3979
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| |/ /
|/| | |
do not set the inheritable capabilities
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The kernel never sets the inheritable capabilities for a process, they
are only set by userspace. Emulate the same behavior.
Closes: CVE-2022-27649
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
import: allow users to set `--os`, `--arch` and `--variant` of image imports
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allows users to set `--os` , `--arch` and `--variant` of the image
created from the custom import.
Following is useful when user is already aware of the values which are
correct for their generated rootfs
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
enable linters
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Numerous issues remain, especially in tests/e2e.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make sure we're waiting for the ls container to finish to prevent
potential flakes or future regressions.
Spotted while enabling a linter.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Containers started with `--no-healthcheck` are configured to contain no
healthcheck and test configured as `NONE`. Podman shows wrong status as
such use cases.
Following commit fixes the faulty behavior of stauts field for
containers started with `--no-healthcheck`
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The calculate the percentage we need floating point numbers. The current
code however casted the result of reclaimable/size to an int first.
Casting to an int in go will just discard the decimal points, thus the
result was either 0 or 1 so if multiplied by 100 it would show up as 0%
or 100%.
To fix this we have to multiply by 100 first before casting the result
to an int. Also add a check for div by zero which results in NaN and use
math.Round() to correctly round a number.
Ref #13516
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor c/common@0ededd18a1f9
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We need to use different ipv6 subnets for the tests since they can
collide otherwise when the tests are run in parallel.
In the future we should rethink hardcoding subnets for ipv4/ipv6. This
will make it impossible to run these tests if the subnet is already used
on the host.
Example log: https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5711403297275904/html/int-podman-fedora-35-root-host-netavark.log.html#t--podman-network-create-with-multiple-subnets-dual-stack-with-gateway-and-range--1
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When podman generate systemd is invoked, it previously did not check if
container-prefix or pod-prefix are empty. When these are empty, the file name
starts with the separator, which is hyphen by default. This results in files
like '-containername.service'.
The code now checks if these prefixes are empty. If they are, the filename no
longer adds a separator. Instead, it uses name or ID of the container or pod.
Closes #13272
Signed-off-by: Nirmal Patel <npate012@gmail.com>
|
|\ \
| | |
| | | |
Exit code change BZ #2052697
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is a lot of unneeded code, k8s is the by far the biggest
dependency in podman. We should remove as much as possible so that we
only have the stuff left that we use.
This is just a quick skim over the code which removes a lot of the
generated code and many packages that are now unused.
I know that this will be impossible to properly review. I will try to
make smaller changes in follow up work.
Right now this reduces about 8 MB in binary size!!!
[NO NEW TESTS NEEDED] Hopefully existing tests will catch any problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
We only need a small part of the k8s dependencies but they are the
biggest dependencies in podman by far. Moving them into podman allows us
to remove the unnecessary parts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
test/e2e: add aardvark specific tests
|
| | |
| | |
| | |
| | |
| | | |
Co-authored-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
|
|\ \ \
| | | |
| | | | |
Set default rule at the head of device configuration
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|