When removing volumes with rm --volumes we want to only remove
volumes that were created with the container. Volumes created
separately via 'podman volume create' should not be removed.
Also ensure that --rm implies volumes will be removed.
Fixes#2441
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
If this doesn't match, we end up not being able to access named
volumes mounted into containers, which is bad. Use the same
validation that we use for other critical paths to ensure this
one also matches.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We want named volumes to be created in a subdirectory of the
c/storage graph root, the same as the libpod root directory is
now. As such, we need to adjust its location when the graph root
changes location.
Also, make a change to how we set the default. There's no need to
explicitly set it every time we initialize via an option - that
might conflict with WithStorageConfig setting it based on graph
root changes. Instead, just initialize it in the default config
like our other settings.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Based on user feedback, refine the "Out of scope" section regarding
`docker-compose`:
* Explain why Podman uses Kubernetes YAML.
* Explain how `podman-play-kube` and `podman-generate-kube` fit into the
picture.
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r259996507
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
CRIU creates a log file during checkpointing in .../userdata/dump.log.
The problem with this file is, is that CRIU injects a parasite code into
the container processes and this parasite code also writes to the same
log file. At this point a process from the inside of the container is
trying to access the log file on the outside of the container and
SELinux prohibits this. To enable writing to the log file from the
injected parasite code, this commit creates an empty log file and labels
the log file with c.MountLabel(). CRIU uses existing files when writing
it logs so the log file label persists and now, with the correct label,
SELinux no longer blocks access to the log file.
Signed-off-by: Adrian Reber <areber@redhat.com>
Allow adjusting number of locks in libpod.conf via an already
available knob we previously didn't expose in the default config
file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Make it easy for scripts to determine if an image removal
failure. If only errors were no such image exit with 1
versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Make it easy for scripts to determine if a container removal
fails versus the container did not exist.
If only errors were no such container exit with 1 versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
kube was erronously being added as main subcommand multiple
times. it should not be a subcommand as it should live under
either play or generate.
also removing the addition of the volume command from the commands.go
to eliminate a duplicate.
Signed-off-by: baude <bbaude@redhat.com>
Switch defaults for --layers, --force-rm and --pull-always
from buildah to podman.
Only override default values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We should just bind mount the original containers /etc/resolv.conf and /etchosts
into the new container. Changes in the resolv.conf and hosts should be seen
by all containers, This matches Docker behaviour.
In order to make this work the labels on these files need to have a shared
SELinux label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This seems to be a needless restriction. We make a copy of the
hosts /etc/resolv.conf file, so these changes to not modify the
host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>