this patch included additonal host namespace checks when creating a ctr as well
as fixing of the tests to check /proc/self/ns/net
see #14461
Signed-off-by: cdoern <cdoern@redhat.com>
Save at most three images and sort them by size. The test started to
flake as _all_ local images were saved which is not neccessary.
Fixes: #14468
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
In #13466 the ability to force remove a machine while it's running was
added but it did not first stop the machine, all files get deleted but
the qemu VM would essentially be orphaned.
[NO NEW TESTS NEEDED]
Signed-off-by: Shane Smith <shane.smith@shopify.com>
In podman run --help, the message said megabyte, gigabyte, etc. In reality podman takes mebibytes, gibibytes, etc.
[CI:DOCS]
Signed-off-by: Karthik Elango <kelango@redhat.com>
the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace
and if not, returns the default which in the case of a network is slirp.
add a switch case for explicitly checking if the pod's network mode is host
and if so, return specgen.Host for the container
resolves#13763
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
The comma-separated podman load output isn't conducive for using the
subsequent images. For tarballs with multiple images, the comma
separator must be manually identified and a suitable range identified.
Docker CLI on the other hand, has one image identifier per line:
Loaded image: repo1/name1:latest
Loaded image: repo1/name1:tag1
Loaded image: repo2/name2:tag1
(as of Docker version 20.10.16, build aa7e414).
Switch `podman load` to this format for consistency and usability.
[NO NEW TESTS NEEDED]
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Add shell completion for paths inside the container or image. Currently
podman run IMAGE [TAB] only uses the default shell completion which
suggests paths on the host. This is fine for some cases but often the
user wants a path which only exists in the image/container.
This commits adds support for that. Both podman create/run can now
complete the paths from the image, podman cp ctr:... now completes paths
from the actual container.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This also unifies the documentation of `--publish` for `podman create`, `podman run`, and `podman pod create`.
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
Fixes#14021
Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior. This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected. Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).
Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".
Signed-off-by: Chris Evich <cevich@redhat.com>
As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`. This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.
Also, perform a mass-cleanup of the three files to make them easier
to read/maintain. Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.
Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch. This will greatly speed up the image build speed.
Signed-off-by: Chris Evich <cevich@redhat.com>
podmans remote API does not marshal infra's spec due to
the fact that if it did, all of those options would be available to
the users on the command line. This means we need to manually map "backwards"
some container spec items -> pod spec items before calling PodCreate, this was
one of them that was forgotten
resolves#14233
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
For consumers of the podman.sock who want a predictable way to find the
podman sock, we now include it under 'ConnectionConfig' in podman
machine inspect.
Fixes: #14231
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED] Removed `imageStream` hardcoded value that was set to
testing. Since podman4 is in the fcos trees, it should be removed. The
respective comments have also been removed.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
When podman-remote is used we should not resolve the default network
mode on the client. Defaults should be set on the server. In this case
this is important because we have different defaults for root/rootless.
So when the client is rootless and the server is root we must pick the
root default.
Note that this already worked when --network was set since we did not
parsed the flag in this case. To reproduce you need --network=default.
Also removed a unused function.
[NO NEW TESTS NEEDED] I tested it manually but I am not sure how I can
hook a test like this up in CI. The client would need to run as rootless
and the server as root or the other way around.
Fixes#14368
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test calls podman run -d followed by podman logs. There is no
guarantee the the container or conmon has written all its output.
Adding an extra podman wait should fix this.
Do not remove the -d to not print 1000 unnecessary lines in the logs.
Fixes#14362
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some of the targets overwrite $GOOS. Since podman-remote-static should
always build for linux we can force linux GOOS here.
Fixes#14201
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
v3.0.1 resolves GHSA-hp87-p4gw-j4gq - CVE-2022-28948.
While podman doesn't appear to be vulnerable to the CVE as the concerned
code isn't being called, this update should silence a dependabot alert.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When a container does not use the default podman netns, for example
--network none or --network ns:/path a restore would fail because the
specgen check validates that c.config.StaticMAC is nil but the
unmarshaller sets it to an empty slice.
While we could make the check use len() > 0 I feel like it is more
common to check with != nil for ip and mac addresses.
Adding omitempty tag makes the json marshal/unmarshal work correctly.
This should not cause any issues.
Fixes#14389
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Hardcoding the interface name is a bad idea. We have no control over the
actual interface name since the user can change it.
The correct thing is to read them from the network status. Since the
contianer can have more than one interface we have to add the RX/TX
values. The other values are currently not used.
For podman 5.0 we should change it so that the API can return the
statistics per interface and the client should sum the TX/RX for the
command output. This is what docker is doing.
Fixes#13824
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the volume does not exist we should output an error stating so and
not some generic one.
Fixes#14411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currenlty this ssh warning is printed everytime:
`Warning: Permanently added '[localhost]:33915' (ED25519) to the list of known hosts.`
Since this is very anoying and makes it harder to capture the actual
command output we should silence this. With log level error we will only
see the important messages from ssh.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>