| Commit message (Collapse) | Author | Age |
|\
| |
| | |
container: allow clone to an existing pod
|
| |
| |
| |
| |
| |
| | |
Closes: https://github.com/containers/podman/issues/3979
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| |/
|/| |
do not set the inheritable capabilities
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The kernel never sets the inheritable capabilities for a process, they
are only set by userspace. Emulate the same behavior.
Closes: CVE-2022-27649
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \
| | |
| | | |
import: allow users to set `--os`, `--arch` and `--variant` of image imports
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allows users to set `--os` , `--arch` and `--variant` of the image
created from the custom import.
Following is useful when user is already aware of the values which are
correct for their generated rootfs
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \ \
| | | |
| | | | |
fix compose test error in retry logic
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We cannot use local var outside of a function. We have to use a global
one.
Log: https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5970023511490560/html/compose_v2-podman-fedora-35-root-host.log.html
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
enable linters
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Numerous issues remain, especially in tests/e2e.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Still an unknown number remains but I am running out of patience.
Adding dots is not the best use of my time.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A number of cases looked suspicious, so I marked them with `FIXME`s to
leave some breadcrumbs.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make sure we're waiting for the ls container to finish to prevent
potential flakes or future regressions.
Spotted while enabling a linter.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |/ /
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Containers started with `--no-healthcheck` are configured to contain no
healthcheck and test configured as `NONE`. Podman shows wrong status as
such use cases.
Following commit fixes the faulty behavior of stauts field for
containers started with `--no-healthcheck`
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\ \
| | |
| | | |
podman system df: fix percent calculation
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The calculate the percentage we need floating point numbers. The current
code however casted the result of reclaimable/size to an int first.
Casting to an int in go will just discard the decimal points, thus the
result was either 0 or 1 so if multiplied by 100 it would show up as 0%
or 100%.
To fix this we have to multiply by 100 first before casting the result
to an int. Also add a check for div by zero which results in NaN and use
math.Round() to correctly round a number.
Ref #13516
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the pod tests was leaving a stray image behind,
causing scary red warnings in CI logs. Clean that up.
Also, now that #13541 has merged, use 'rmi --ignore' instead of
ignoring exit status from rmi
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \
| | |
| | | |
podman rmi --ignore
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add an `--ignore` flag to `podman image rm` to instruct ignoring image
if a specified image does not exist and to not throw an error. Other
commands (e.g., `podman container rm`) already support this flag.
Such an `--ignore` flag can come in handy in clean-up scripcts such as
the teardown phases in the Podman tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
fix compose test flake
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reading from the nc socket is flaky because docker-compose only starts
the containers. We cannot know at this point if the container did already
send the message. Give the container 5 seconds time to send the message
to prevent flakes.
This happened rarely with compose v1 but it looks like it will happen a
lot more with compose v2.
Example failure log:
https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6567556239589376/html/compose_v2-podman-fedora-35-rootless-host.log.html
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \
| | | |
| | | | |
vendor c/common@0ededd18a1f9
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to use different ipv6 subnets for the tests since they can
collide otherwise when the tests are run in parallel.
In the future we should rethink hardcoding subnets for ipv4/ipv6. This
will make it impossible to run these tests if the subnet is already used
on the host.
Example log: https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/5711403297275904/html/int-podman-fedora-35-root-host-netavark.log.html#t--podman-network-create-with-multiple-subnets-dual-stack-with-gateway-and-range--1
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
Deduplicate between Volumes and Mounts in compat API
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Compose v2 uses dashes as separators instead of hyphens. This
broke some tests that relied upon container names. Set the name
conditionally to make it safe for both.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|\ \ \
| |/ /
|/| | |
podman create: building local pause image: do not read ignore files
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure to ignore local {container,docker}ignore files when building a
local pause image. Otherwise, we may mistakenly not be able to copy
catatonit into the build container.
Fixes: #13529
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When podman generate systemd is invoked, it previously did not check if
container-prefix or pod-prefix are empty. When these are empty, the file name
starts with the separator, which is hyphen by default. This results in files
like '-containername.service'.
The code now checks if these prefixes are empty. If they are, the filename no
longer adds a separator. Instead, it uses name or ID of the container or pod.
Closes #13272
Signed-off-by: Nirmal Patel <npate012@gmail.com>
|
|\ \ \
| |/ /
|/| | |
Exit code change BZ #2052697
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* systemctl stop podman.service will now return exit code 0
* Update test framework to support JSON boolean and numeric values
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is a lot of unneeded code, k8s is the by far the biggest
dependency in podman. We should remove as much as possible so that we
only have the stuff left that we use.
This is just a quick skim over the code which removes a lot of the
generated code and many packages that are now unused.
I know that this will be impossible to properly review. I will try to
make smaller changes in follow up work.
Right now this reduces about 8 MB in binary size!!!
[NO NEW TESTS NEEDED] Hopefully existing tests will catch any problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
We only need a small part of the k8s dependencies but they are the
biggest dependencies in podman by far. Moving them into podman allows us
to remove the unnecessary parts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
test/e2e: add aardvark specific tests
|
| | |
| | |
| | |
| | |
| | | |
Co-authored-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|\ \ \
| | | |
| | | | |
vendor: update `c/buildah`, `c/image` and `c/storage`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All podman tests in CI expects exit code 125, which might not be true since exit code from runtime
is relayed as it is without any modification both in `buildah` and `podman`. Following behviour is seen when PR https://github.com/containers/buildah/pull/3809
added a test here https://github.com/containers/buildah/blob/main/tests/bud.bats#L3183 which relays exit code from runtime as it
is, in case of both `podman` and `buildah`. However apart from this test case no other test case was able to trigger this behviour hence
marking this test as an anomaly. Since its debatable if we should override this returned error number or not hence adding a note here.
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps
c/buildah to -> `v1.24.3-0.20220310160415-5ec70bf01ea5`
c/storage to -> `v1.38.3-0.20220308085612-93ce26691863`
c/image to -> `v5.20.1-0.20220310094651-0d8056ee346f`
Signed-off-by: Aditya R <arajan@redhat.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: LStandman <65296484+LStandman@users.noreply.github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow users to add annotions in the podman play kube command.
This PR Also fixes the fact that annotations in the pod spec were
not being passed down to containers.
Fixes: https://github.com/containers/podman/issues/12968
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add --context-dir option to podman play kube
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This option was requested so that users could specify alternate
locations to find context directories for each image build. It
requites the --build option to be set.
Partion Fix: https://github.com/containers/podman/issues/12485
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Fix handling of tmpfs-mode for tmpfs creation in compat mode
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The permissions on disk were wrong since we were not converting to
octal.
Fixes: https://github.com/containers/podman/issues/13108
[NO NEW TESTS NEEDED] Since we don't currently test using the docker
client
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Set default rule at the head of device configuration
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|