Mainly this fixes an issue of using /dev/zero for block device examples.
Also:
* fix section title;
* remove separate cgroup v2 and v1 examples, only leaving one;
* break long lines.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The prior version talked about potential access to DBus, but this is a
bogus warning: default OS setups do not bind DBus to localhost or to an
abstract Unix socket. It is possible that the original author was
thinking of CVE-2020–15257, which affected containerd's abstract Unix
socket; they fixed it by switching to a named socket, just as DBus
always (?) has done.
Signed-off-by: Warren Young <wyoung@tangentsoft.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Git commit 0c3b5e433e26d6a8a99a0967be91be897bbdc068
added a comment that RemapUsers is deprecated.
Use UserNS=keep-id instead.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
podman system check --quick currently only skips layer contents, but
practically it's not much quicker than without the flag.
This changes the flag to also skip checking layer digests which speed up
the check significantly.
In some cases, it is useful to opt for a quicker check if we prioritize
detecting and fixing severe corruption and can tolerate minor damage.
The check option is derived from CRI-O's internal repair:
9e4d86d823/internal/lib/container_server.go (L860)
Signed-off-by: Sonny Sasaka <sonnysasaka@gmail.com>
Given I wrote this and I still mess it up on a regular basis, I
cannot be alone in forgetting whether "dst" or "dest" is the
correct short option for "destination". Let's just make both
valid, I don't see a reason not to.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Remove no longer correct statement that quadlet that does not translate
our own custom unit types
Fixes: e498c652 ("Quadlet - translate dependencies on other quadlet units")
Fixes: #26243
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit adds two new annotations named
io.podman.annotations.cpuset/$ctrname and
io.podman.annotations.memory-nodes/$ctrname
The first one allows restricting a container's execution to specific
CPU cores while the second restricts memory allocations to specific
NUMA memory nodes. They are also added automatically when the
--cpuset-cpus and --cpuset-mems options are used.
Fixes: containers#26172
Signed-off-by: François Poirotte <clicky@erebot.net>
runc is not the only runtime supporting --pre-checkpoint
crun commit 0683fec8b mentions
"This commit takes the interface as implemented in runc and implements it
for crun. "
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Previously, the HealthCheck exec session would not terminate on timeout, allowing the healthcheck to run indefinitely.
Fixes: https://issues.redhat.com/browse/RHEL-86096
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add `--swap` argument to `podman machine init` command.
Passing an int64 value to this flag will trigger the Podman machine
ignition file to be generated with a zram-generator.conf file containing
the --swap value as the zram-size argument.
This file is read by the zram-generator systemd service on boot
resulting in a zram swap device being created.
Fixes: https://github.com/containers/podman/issues/15980
Signed-off-by: Lewis Roy <lewis@redhat.com>
Bumps to Buildah v1.40.0 and adds the `--inherits-labels` option to
build and farm build man pages.
Also turn off the inherit-labels option test for now as it seems to be
rathr unhappy.
Issue for inherit-labels test failure: https://github.com/containers/podman/issues/25938
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
Table header in Pod units section was referring to podman container... instead of podman pod...
Signed-off-by: Andreas <43118918+eulores@users.noreply.github.com>
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.
Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
First, remove wrong sentence that says ports are forwarded dynamically
by default. That is wrong and contradicts what is written below.
Second, document that we also set --dns-forward and --map-guest-addr by
default. And lastly document the containers.conf field so users know
they are not forced to set the options on each command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fix links to other man-pages in podman-build.1.md.in
- Fix markup and add link to oci-hooks manpage in podman.1.md
Signed-off-by: Paul Lettich <paul.lettich@netknights.it>
It seems support was added into Buildah for no-new-privileges [1]
however the Podman build documentation was not updated.
Fixes#25731
[1] d4c661a774
Signed-off-by: Lewis Denny <lewis@redhat.com>
- Bzip2, not bzip
- Add Zstd
- List compression algorithms, not file extensions, to
decrease redundancy (and because the code doesn't actually
rely on file extensions)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We can now accept the other formats again.
This reverts commit 9e397d8e4d8d520cf48594c8b5bb126209897486.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit adds new --cdi-spec-dir global option. This
option is used to add additional CDI spec paths.
Signed-off-by: Micah Chambers (eos) <mchambers@anduril.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This adds support for the UpheldBy option in quadlet files. The UpheldBy option
is the counterpart to the Upholds option added in systemd v249 and is
similar to the existing WantedBy and RequiredBy options.
See https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Upholds=.
Signed-off-by: John Schug <john.ips.schug@gmail.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
