In local Podman, the frontend interprets the error and exit code
given by the Exec API to determine the appropriate exit code to
set for Podman itself; special cases like a missing executable
receive special exit codes.
Exec for the remote API, however, has to do this inside Libpod
itself, as Libpod will be directly queried (via the Inspect API
for exec sessions) to get the exit code. This was done correctly
when the exec session started properly, but we did not properly
handle cases where the OCI runtime fails before the exec session
can properly start. Making two error returns that would otherwise
not set exit code actually do so should resolve the issue.
Fixes#6893
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
when setting up the user namespace do not ignore errors from
newuidmap/newgidmap if there are mappings configured.
The single user mapping is a fallback only when there are not mappings
specified for the user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Test flakes mentioned in #6987 might be caused by uncorrect closing of file descriptor.
Fix the code to close file descriptors for podman run since it may close those used by other processes.
Signed-off-by: Qi Wang <qiwan@redhat.com>
The logic for `podman rmi --force` includes a bit of code that
will remove Libpod containers using Libpod's container removal
logic - this ensures that they're cleanly and completely removed.
For other containers (Buildah, CRI-O, etc) we fall back to
manually removing the containers using the image from c/storage.
Unfortunately, our logic for invoking the Podman removal function
had an error, and it did not properly handle cases where we were
force-removing an image with >1 name. Force-removing such images
by ID guarantees their removal, not just an untag of a single
name; our code for identifying whether to remove containers did
not proper detect this case, so we fell through and deleted the
Podman containers as storage containers, leaving traces of them
in the Libpod DB.
Fixes#7153
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
- New test for #6991 - passwd file is writable even when
run with --userns=keep-id
- Enable another keep-id test, commented out due to #6593
- New test for podman system df
Also, independently, removed this line:
apt-get -y upgrade conmon
...because it's causing CI failures, probably because of the
boothole CVE, probably because the Ubuntu grub update was
rushed out. I believe it is safe to remove this, because
both Ubuntu 19 and 20 report:
conmon is already the newest version (2.0.18~1).
Signed-off-by: Ed Santiago <santiago@redhat.com>
The initial version of the new port code mistakenly restricted
this, so un-restrict it. We still need to maintain the map of
container ports, unfortunately (need to verify if the port in
question is a duplicate, for example).
Fixes#7062
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We are returning bogus data in podman-remote images --format json.
This change will match the same data returned my podman images --format json.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently if you give a bogus flag to --format it will crash
the formatter. With this change we will get a nice error.
podman images --format '{{ bogus }}'
Error: template: list:1: function "bogus" not defined
versus
/bin/podman.old images --format '{{ bogus }}'
panic: template: list:1: function "bogus" not defined
goroutine 1 [running]:
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The "podman wait to pause|unpause condition" test is failing
several times a day, always a flake. Issue #6518.
Disable it until the cause can be identified and fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Problem: formatted logs no longer have live links to sources
in error-report lines.
Cause: script was searching for '/libpod'.
Solution: make it more flexible.
Signed-off-by: Ed Santiago <santiago@redhat.com>
`podman image search` returned wrong results for the image "Description" as
it was mapped to the wrong field ("ID") in the search results.
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
For some reason we were overwriting memory when handling both
--pid=host and --ipc=host. Simplified the code to handle this
correctly, and add test to make sure it does not happen again.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When copying from a URL, podman will download and create a context
directory in a temporary file. The problem was that this directory
was being removed as soon as the function that created it was returned.
Later the build code would look for content in the temporary directory
and fail to find it, blowing up the build.
By pulling the extraction code back into the build function, we keep the
temporary directory around until the build completes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Tests for #7094, in which symlinks in a volume would
cause chown errors and nonrunnable containers.
Tests for environment variable precedence, now
include --env-host and proxy settings
Fix a bug caught by covscan in helpers.t ('source'
path would fail if path included spaces).
Fix podman-run man page: it was incorrect in stating
precedence between in-image environment and --env-host.
Fixes: #7099
Signed-off-by: Ed Santiago <santiago@redhat.com>
There are many use cases where you want to just mount an image
without creating a container on it. For example you might want
to just examine the content in an image after you pull it for
security analysys. Or you might want to just use the executables
on the image without running it in a container.
The image is mounted readonly since we do not want people changing
images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>