| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These tests were originally enabled in a situation where CI provided
false-positive results. Now that has been corrected, these tests all
fail under a CGv1 container environment with the error:
```
Error: unable to load cgroup at
/machine.slice/libpod-e4f...086.scope/libpod_parent/libpod-fbd...425:
cgroup deleted
```
This commit simply disables the tests under this specific environment.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This becomes a problem on hosts with upgraded policies. Ref:
https://github.com/containers/podman/issues/10522
Also, made a small change to compose-test setup to reduce runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
| |
Ref:
https://github.com/containers/podman/pull/10829#issuecomment-881355983
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Libpod images pull changes
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added quiet param to docs to limit stream output. Formatted JSON.
fixes #10612
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
|
|\ \
| | |
| | | |
Enable docker-py compat. testing w/ ignored result
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Significant bitrot results in almost immediate test failure. This
commit adds only the very basic, bare-minimum needed to get them
started.
***TESTING RESULTS ARE IGNORED***
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
Fix rootless cni dns without systemd stub resolver
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a host uses systemd-resolved but not the resolved stub resolver the
following symlinks are created: `/etc/resolv.conf` ->
`/run/systemd/resolve/stub-resolv.conf` -> `/run/systemd/resolve/resolv.conf`.
Because the code uses filepath.EvalSymlinks we put the new resolv.conf
to `/run/systemd/resolve/resolv.conf` but the `/run/systemd/resolve/stub-resolv.conf`
link does not exists in the mount ns.
To fix this we will walk the symlinks manually until we reach the first
one under `/run` and use this for the resolv.conf file destination.
This fixes a regression which was introduced in e73d4829900c.
Fixes #11222
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Fixed healthcheck default values when container created via compat API
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #11225
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
after the init containers pr merged, it was suggested to use `once`
instead of `oneshot` containers as it is more aligned with other
terminiology used similarily.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \ \
| | | |
| | | | |
Run codespell to fix spelling
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO TESTS NEEDED] Just fixing spelling.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Endpoint /build logs an info entry when a client uses the wrong
Content-Type for build payload. Given Content-Type is ignored and
assumed to be "application/x-tar".
Endpoint /libpod/build will fail unless "application/x-tar" or
"application/tar" is given for Content-Type. "application/tar" will
be logged as an info entry.
Fixes #11012
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `ls` command is not intended for this purpose and may behave in
unexpected ways, leading to false positive or negative results. Update
the tests to use the purpose built `test` command instead.
Also added several *TODO* comments for possible future testing
enhancements.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update test to confirm the negative-case, proving the `--privileged`
"option is required" for this character device to be present in a
container (including rootless).
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This test has been failing for a long time but nobody noticed because CI
doesn't have the device node (nested-VM support was disabled). After
having enabled nested VM support, tests fail due to some unknown
special-handling of this device.
Fix both problems by removing the `skip()` and switching to a more generic
device which is only present when `--privileged` is used.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add until filter to podman pod ps
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit adds additional until filter to podman pod ps (ls/list).
Additionally, it also adds descriptions for podman pod ps filters available
via http api.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add support for pod inside of user namespace.
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add the --userns flag to podman pod create and keep
track of the userns setting that pod was created with
so that all containers created within the pod will inherit
that userns setting.
Specifically we need to be able to launch a pod with
--userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Skip cgroup-parent test due to frequent flakes
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Ref: https://github.com/containers/podman/issues/11165
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
This test flakes on almost every PR, so skip it for now until
someone can fix it, see #11175.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Alias build to buildx, so it won't fail
|
| |/
| |
| |
| |
| |
| | |
Add hidden --load and --progress flag as well.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
The slirp4netns path can be set in the config file or with
--network-cmd-path. Podman info should read the version information
correctly and not use PATH in this case. Also show the slirp4netns
version information to root users.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\
| |
| | |
auto-update: simple rollback
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for simple rollbacks during `podman auto-update`. Rollbacks
are enabled by default. If a systemd unit cannot be restarted after an
update, the previous image will be retagged and the unit will be
restarted a second time.
Add system tests for rollbacks. Also fix a bug in the restart sequence;
we have to use the channel to actually know whether the restart was
successful or not.
NOTE: To make rollbacks really useful, users must run their containers
with `--sdnotify=container` such that the containers send the ready
message over the (mounted) socket. This way, restarting the systemd
units during auto update will block until the message has been received
(or a timeout kicked in).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Execution domains tell Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries
compiled under other UNIX-like operating systems.
Reference: https://man7.org/linux/man-pages/man2/personality.2.html
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
|\ \
| |/
|/| |
implement init containers in podman
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
this is the first pass at implementing init containers for podman pods.
init containersare made popular by k8s as a way to run setup for pods
before the pods standard containers run.
unlike k8s, we support two styles of init containers: always and
oneshot. always means the container stays in the pod and starts
whenever a pod is started. this does not apply to pods restarting.
oneshot means the container runs onetime when the pod starts and then is
removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
Handle timezone on server containers.conf
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/11124
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@localhost.localdomain>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently if you execute podman unpause --all, podman pause --all
Podman shows attempts to unpause containers that are not paused
and prints an error. This PR catches this error and only prints errors if
a paused container was not able to be unpaused.
Currently if you execute podman pause --all or podman kill --all, Podman
Podman shows attempts to pause or kill containers that are not running
and prints an error. This PR catches this error and only prints errors if
a running container was not able to be paused or killed.
Also change printing of multiple errors to go to stderr and to prefix
"Error: " in front to match the output of the last error.
Fixes: https://github.com/containers/podman/issues/11098
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Do not add an entry to /etc/hosts with `--net=host`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To match Docker's behavior, in the `--net=host` case, we need to
use the host's `/etc/hosts` file, unmodified (without adding an
entry for the container). We will still respect hosts from
`--add-host` but will not make any automatic changes.
Fortuntely, this is strictly a matter of removal and refactoring
as we already base our `/etc/hosts` on the host's version - just
need to remove the code that added entries when net=host was set.
Fixes #10319
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
stats: add a interval parameter to cli and api stats streaming
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Renamed podman pod stats test specs to distinguish them from podman stats tests.
podman stats tests where disabled by a +build flag.
Fix podman stats format test, add negative test.
Fix podman stats cli command, exit non-zero on invalid format string.
Add tests for podman stats interval flag.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
|
|\ \ \
| | | |
| | | | |
Only support containers stats using cgroups v2
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Compat API: Fix healthcheck status and healthcheck config
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes:
- Do not show healthcheck status if not available or if container
status is "created" (Docker behaviour)
- Show healthcheck configuration if present (Config.Healthcheck)
Tests:
- Ensure State.Health is not present if container status is "created"
- Ensure Config.Healthcheck is present and values correct
- Ensure State.Health is present if container started
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman info takes >20s on Gentoo, because equery is s..l..o..w.
qfile is much faster and, I suspect, present in most Gentoo
installations, so let's try it first.
And, because packageVersion() was scarily unmaintainable,
refactor it. Define a simple (string) list of packaging tools
to query (rpm, dpkg, ...) and iterate until we find one that
works.
IMPORTANT NOTE: the Debian (and, presumably, Ubuntu) query does not
include version number! There is no standard way on Debian to get
a package version from a file path, you can only do it via pipes
of chained commands, and I have no desire to implement that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix rootless port forwarding with network dis-/connect
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The rootlessport forwarder requires a child IP to be set. This must be a
valid ip in the container network namespace. The problem is that after a
network disconnect and connect the eth0 ip changed. Therefore the
packages are dropped since the source ip does no longer exists in the
netns.
One solution is to set the child IP to 127.0.0.1, however this is a
security problem. [1]
To fix this we have to recreate the ports after network connect and
disconnect. To make this work the rootlessport process exposes a socket
where podman network connect/disconnect connect to and send to new child
IP to rootlessport. The rootlessport process will remove all ports and
recreate them with the new correct child IP.
Also bump rootlesskit to v0.14.3 to fix a race with RemovePort().
Fixes #10052
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
test: move container process to a sub-cgroup
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
move the container to a sub-cgroup before creating a sibling
hierarchy.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently we override the SELinux labels specified by the user
if the container is runing a kata container or systemd container.
This PR fixes to use the label specified by the user.
Fixes: https://github.com/containers/podman/issues/11100
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|