This fixes#13756.
All the mechanics to create anonymous volumes is already present, but
there's still a validation preventing that path from being taken. We
remove the validation, which allows the volume to be created
successfully.
Signed-off-by: Andrew Aylett <andrew@aylett.co.uk>
--cap-add is useful when running a privileged container with UID != 0,
so that individual capabilities can be added to the container process.
Closes: https://github.com/containers/podman/issues/13449
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Building multi-arch images in a standardized way is complex. Some
of the builds themselves can take a really long time to run (over
an hour). Make changes easier to test inside a PR by adding
manually-triggered image-build tasks. These mirror most of the real
cron-triggered task, without actually pushing the final images.
Signed-off-by: Chris Evich <cevich@redhat.com>
Ensure a directory added to .containerignore on client is not included
in tar sent to remote podman API service
* Clean up podman invocations to not include duplicate --remote and
--url flags
* Use pkill vs. pgrep when cleaning up podman API service in tests
* Add exit code when logging error when testing
Closes#13535
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When you run podman-remote unsahre for example you currently get:
Error: unrecognized command `podman-remote unshare`
This is because we do not add the command to the cobra tree when we run
in remote mode. However this is a bad user experience since it is not
clear that the command is only supported for local podman. Users are
left wondering why this does not work and could think the documentation
is wrong.
To fix it we add a clear error message:
Error: cannot use command "podman-remote unshare" with the remote podman client
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
`podman play kube` creates a new volume for configmap, if same configmap
is applied again volume can be re-used, there is no need to remove and
re-create the volume again
Signed-off-by: Aditya R <arajan@redhat.com>
This PR further implements a more structured approach to handling the
files needed by machine. More files are now made as MachineFile which
can then have a symlink (using a shorter path) to them. Also added Set
and Get methods for many of the files.
The next part of the refactor will implement the use of symlinks on
MacOS.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
enable cgroup delegation when running as a systemd service so all the
available controllers are correctly detected.
Closes: https://github.com/containers/podman/issues/13710
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since netavark does not support dhcp yet we have to create a macvlan
network with a static subnet. Since we do not use the network to run
containers the actual subnet does not matter.
Also stop hard coding the network id. Unlike the cni backend the
netavark backend creates random ids that are not predictable.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you run podman on a non systemd system we should not try to move the
process under a new systemd scope.
[NO NEW TESTS NEEDED]
Ref #13703
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- removed: v1.9.0, v2.0.6
+ added: v3.4.0
(Cannot add v4 because there's no such image on quay. As soon
as one appears, we should add it.)
Add a workaround for a UTS namespace conflict new in v3.4
Signed-off-by: Ed Santiago <santiago@redhat.com>
The slirp4netns port forwarder was not updated to make use of the new
port format. This results in a problem when port ranges are used since
it does not read the range field from the port.
Update the logic to iterate through all ports with the range and
protocols. Also added a system test for port ranges with slirp4netns,
rootlesskit and the bridge network mode.
Fixes#13643
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the infra Inherit function was not properly passing pod volume information to new containers
alter the inherit function and struct to use the new `ConfigToSpec` function used in clone
pick and choose the proper entities from a temp spec and validate them on the spegen side rather
than passing directly to a config
resolves#13548
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
This won't actually be seen except by someone who takes the
time to clickety-click into Cirrus - but that's better than
not showing it at all.
Signed-off-by: Ed Santiago <santiago@redhat.com>
With podman4 we support netavark, however old versions will still use
cni. Since netavark and cni can conflict we should not mix them.
Remove the network setup from the inital podman command and create the
directories manually to prevent such conflicts.
Also the update to 4.0 changes the network db structure. While it is
compatible from 3.X to 4.0 it will fail the other way around. In this
test it will happen because the cleanup process still uses the old
podman while the network connect/disconnect test already changed the db
format. Therefore the cleanup process cannot see any networks and will
not tear it down. The following start will fail because the ip address
is already assigned.
Fixes#13679
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The hpcloud is not maintained anymore. nxadm is already part of the
dependency chain, so it won't add work for downstream packages.
While testing upcoming changes to the events-file backend, I noticed
that nxadm is shipping required fixes.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
