| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor podman commands that have drifted from using
c/common report pkg. Report pkg is needed to implement
go template functions.
Removed obsolete code from podman which exists in c/common.
Latest template library added default newlines and method to
remove them. Incorporated needed changes in c/common PR below.
Depends on https://github.com/containers/common/pull/624
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983
Signed-off-by: Jhon Honce <jhonce@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Podman uses the volume option map to check if it has to mount the volume
or not when the container is started. Commit 28138dafcc39 added to uid
and gid options to this map, however when only uid/gid is set we cannot
mount this volume because there is no filesystem or device specified.
Make sure we do not try to mount the volume when only the uid/gid option
is set since this is a simple chown operation.
Also when a uid/gid is explicity set, do not chown the volume based on
the container user when the volume is used for the first time.
Fixes #10620
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10614
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10621
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Permission of volume should match the directory it is being mounted on.
Fixes: https://github.com/containers/podman/issues/10188
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The container name should have the slirp interface ip set in /etc/hosts
and not the gateway ip. Commit c8dfcce6db0a introduced this regression.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1972073
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
As discussed in #10710, the additional checks for podman-exec added by
commit 666f555aa52b are extremely flaky and appear in nearly every PR
I have see this week.
Let's temporarily disable the checks and reenable them on #10710 is
fixed.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When starting a process with `podman exec -it` the terminal is resized
after the process is started. To fix this allow exec start to accept the
terminal height and width as parameter and let it resize right before
the process is started.
Fixes #10560
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We should create the /etc/mtab->/proc/mountinfo link
so that mount command will work within the container.
Docker does this by default.
Fixes: https://github.com/containers/podman/issues/10263
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix a bug in `podman-cp` to forbid copying directories to files.
Previously, the directory was copied to the parent directory of the file
which is wrong.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Network connect/disconnect has to call the cni plugins when the network
namespace is already configured. This is the case for `ContainerStateRunning`
and `ContainerStateCreated`. This is important otherwise the network is
not attached to this network namespace and libpod will throw errors like
`network inspection mismatch...` This problem happened when using
`docker-compose up` in attached mode.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
| |
This reverts commit 9647d88449f44028c9b870af74e5e44cb819ff9d. We
reverted the API bump (was a mistake, should have been left at
3.1.0) and now we need to revert the test changes.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
a9cb824981db3fee6b8445b29e513c89e9b9b00b changed the expectations of the
dockerfile parameter to be json data however it's a string. In order to
support both, let's attempt json and fall back to a string if the json
parsing fails.
Closes #10660
Signed-off-by: Alex Schultz <aschultz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix a bug in remote events where only one event would be sent if when
streaming is turned off. The source of the bug was that the handler
attempted to implement the streaming logic and did it wrong. The fix is
rather simple by removing this logic from the handler and let the events
backend handle streaming.
Fixes: #10529
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is race condition in the remote client attach logic. Because the
resize api call was handled in an extra goroutine the container was
started before the resize call happend. To fix this we have to call
resize in the same goroutine as attach. When the first resize is done
start a goroutine to listen on SIGWINCH in the background and resize
again if the signal is received.
Fixes #9859
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
| |
Certain event meta data was lost when converting the remote events to
libpod events and vice versa. Enable the skipped system tests for
remote.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a race in the k8s-file logs driver. When "following" the logs,
Podman will print the container's logs until the end. Previously,
Podman logged until the state transitioned into something non-running
which opened up a race with the container still running, possibly in
the "stopping" state.
To fix the race, log until we've seen the wait event for the specific
container. In that case, conmon will have finished writing all logs to
the file, and Podman will read it until EOF.
Further tweak the integration tests for testing `logs -f` on a running
container. Previously, the test only checked for one of two lines
stating that there was a race. Indeed the race was in using `run --rm`
where a log file may be removed before we could fully read it.
Fixes: #10596
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Image prune --filter is fully implemented in the api, http api
yet not connected with the cli execution. User trying to use
filters does not see the effect. This commit adds glue code to enable
possiblity of using --filter in prune in the cli execution.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
podman-remote build has to handle multiple different locations
for the Containerfile. Currently this works in local mode but not
when using podman-remote.
Fixes: https://github.com/containers/podman/issues/9871
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
crun 0.20.1 changed an error message that we relied on. Deal
with it by accepting the old and new message.
Also (unrelated): sneak in some doc fixes to get rid of
nasty go-md2man warnings that have crept into man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
<MH: Fixed cherry-pick conflicts>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
when looking up the container cgroup, ignore named hierarchies since
containers running systemd as payload will create a sub-cgroup and
move themselves there.
Closes: https://github.com/containers/podman/issues/10602
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Creating a macvlan network with the subnet or ipRange option should set
the ipam plugin type to `host-local`. We also have to insert the default
route.
Fixes #10283
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containers /etc/resolv.conf allways preserved the ipv6 nameserves
from the host even when the container did not supported ipv6. Check
if the cni result contains an ipv6 address or slirp4netns has ipv6
support enabled and only add the ipv6 nameservers when this is the case.
The test needs to have an ipv6 nameserver in the hosts /etc/hosts but we
should never mess with this file on the host. Therefore the test is
skipped when no ipv6 is detected.
Fixes #10158
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
While different filters are applied in conjunction, the same filter (but
with different values) should be applied in disjunction. This allows,
for instance, to query the events of two containers.
Fixes: #10507
Backport-of: commit 37f39eefee72ec4fb6c6bd71642e9d384c448387
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
selinux-policy-34.9-1.fc34 breaks a behavior we've relied on
since (at least) January 2020:
- Revert "Add permission open to files_read_inherited_tmp_files()
interface"
That's probably the correct thing to do, but it breaks our
existing tests. Solution: add ':Z' where needed.
Tested on Ed's laptop, which has the offending selinux-policy
as of 2021-05-31. Tests pass root and rootless. (I mention
this because tests will obviously pass in CI, which has a
much older selinux-policy).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Make sure all containers exit after start
There is a race condition in that container could still be running when
we attempt to remove them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
All of the tests has an assumption that RunLsContainer and RunLsContainerInPod completes
the container before returning. But since the container is running
in back ground mode, the container could be still running before tools
attempt to remove it. Removing the "-d" from the command fixes the
container to match the assumption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10444
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ErrOCIRuntimeNotFound error is misleading. Try to make it more
understandable to the user that the OCI Runtime IE crun or runc is not
missing, but the command they attempted to run within the container is
missing.
[NO TESTS NEEDED] Regular tests should handle this.
Fixes: https://github.com/containers/podman/issues/10432
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
libimage now supports events which `libpod.Runtime` now uses for image
events.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
<MH: Removed vendor bits, kept other changes>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to copy files into and out of running containers
within the host pidnamespace, the code was attempting to join the
host pidns again, and getting an error. This was causing the podman
cp command to fail. Since we are already in the host pid namespace,
we should not be attempting to join. This PR adds a check to see if
the container is in NOT host pid namespace, and only then attempts to
join.
Fixes: https://github.com/containers/podman/issues/9985
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update containers common to the latest HEAD. Some bug fixes in libimage
forced us to have a clearer separation between ordinary images and
manifest lists. Hence, when looking up manifest lists without recursing
into any of their instances, we need to use `LookupManifestList()`.
Also account for some other changes in c/common (e.g., the changed order
in the security labels).
Further vendor the latest HEAD from Buildah which is required to get the
bud tests to pass.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
<MH: Stripped out vendor bits - just left remaining changes>
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
image prune: remove unused images only with `--all`
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
Add host.containers.internal entry into container's etc/hosts
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds the entry `host.containers.internal` to the `/etc/hosts`
file within a new containers filesystem. The ip address is determined by
the containers networking configuration and points to the gateway address
for the containers networking namespace.
Closes #5651
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
Add support for cli network prune --filter flag
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\ \ \
| | | |
| | | | |
fix system upgrade tests
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Fix many FIXMEs in the upgrade tests. Also add a basic test for pods.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
Add host.serviceIsRemote to podman info results
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Developers asked for a deterministic field to verify if podman is
running via API or linked directly to libpod library.
$ podman info --format '{{.Host.ServiceIsRemote}}'
false
$ podman-remote info --format '{{.Host.ServiceIsRemote}}'
true
$ podman --remote info --format '{{.Host.ServiceIsRemote}}'
true
* docs/conf.py formatted via black
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
podman image tree: restore previous behavior
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The initial version of libimage changed the order of layers which has
now been restored to remain backwards compatible.
Further changes:
* Fix a bug in the journald logging which requires to strip trailing
new lines from the message. The system tests did not pass due to
empty new lines. Triggered by changing the default logger to
journald in containers/common.
* Fix another bug in the journald logging which embedded the container
ID inside the message rather than the specifid field. That surfaced
in a preceeding whitespace of each log line which broke the system
tests.
* Alter the system tests to make sure that the k8s-file and the
journald logging drivers are executed.
* A number of e2e tests have been changed to force the k8s-file driver
to make them pass when running inside a root container.
* Increase the timeout in a kill test which seems to take longer now.
Reasons are unknown. Tests passed earlier and no signal-related
changes happend. It may be CI VM flake since some system tests but
other flaked.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| | |
The added test in 30544f225e73 is flaking. Podman inspect is always
working so we have to check the pid instead.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a container is automatically restarted due its restart policy and
the container used the slirp4netns netmode, the slirp4netns process
died. This caused the container to lose network connectivity.
To fix this we have to start a new slirp4netns process.
Fixes #8047
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
