When podman restarts config values within the Engine are lost.
Add --hook-dirs arguments as appropriate to the cleanup command
so that hooks are preserved on restarts due to the on-restart setting
Tests: add a check that prestart/poststop hooks ran every time after 2
restarts.
`wait_for_restart_count` was re-used to wait for restarts and moved to
helpers file.
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Fixes: #17935
The conditions are always true so they can be removed. And in the case
of exportCheckpoint() the scope means addToTarFiles was overwritten and
thus when it looped over it later the slice was always empty.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This fixes an issue where multiple paths separated by a colon were
treated as a single path, contrary to what docs say and unlike how mask
option works.
Test was updated with a case that fails without this commit.
Signed-off-by: Šimon Škoda <ver4a@uncontrol.me>
When container is being removed, podman iterates
through its exec sessions and checks whether exec
session pid is still alive.
The problem is that the pid can be reused for other processes,
so that it may not belong to exec session.
In this scenario podman may kill another process
This commit prevents it by doing following changes:
- Adds the PIDData string to ExecSession struct. This string
is used to store additional context for a PID to later verify
that the PID killed by the podman is really the one started by
it.
- Adds new package called pidhandle which implements the methods
generating the PIDData, and killing the PID with the PIDData
ensuring the right PID is killed by verifying the metadata.
The new code uses pidfd_open and name_to_handle_at when available.
It fallbacks to process start-time get using the gopsutil package.
Fixes: #25104
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Get the timezone off the localtime symlink like systemd does it.
It is more efficient then fork/exec another command for it that may or
may not exits and the /etc/timezone files doesn't exist on most distros
so that is not a great fallback.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If you run timedatectl inside it will not show the correct timezone, it
seems systemd really wants a relative link which is also documented by
coreos[1]. Also we can just use path.Join() directly and don't have to
convert the path again on windows.
[1] https://docs.fedoraproject.org/en-US/fedora-coreos/time-zone/#_setting_the_time_zone_via_ignition
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It makes no sense to forward it, SIGSTOP cannot be handled by
userspace (like SIGKILL) and it didn't do anything before so this just
makes it more explicit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of catching all signals and then ignoring them inside the loop
again just don't register them in Notify() to begin with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the container is already removed do not log a warning as this happens
in parallel so it is possible the container was already removed. The
flake was shown in https://github.com/containers/podman/pull/26017.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Cgroup block I/O limits cannot be applied to character devices.
Ignore character devices in the inspect output.
Update the API tests to use the null block device `/dev/nullb0` (if
available) instead of `/dev/zero` for testing I/O limits.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In cases where systemd was not available, podman machine was erroring
out using timedatectl (it requires systemd). on other providers like
windows, we don't do any timezone detection so it seems valid to return
a "" for timezone. This fixes the first problem described #25950.
Fixes: https://github.com/containers/podman/issues/25950
Signed-off-by: Brent Baude <bbaude@redhat.com>
Machines configured to mount local paths containing
spaces failed to start on Hyper-V and silently failed
to mount the folder on macOS/Linux.
On Windows/hyperv, where local paths are mounted
running a 9p client inside the VM, the local host
path needs to be surrounding with quotation marks
before using in a `podman machine ssh ...` command.
A similar behavior happened on Linux/QEMU where the
path was used in a SSH command to mount the folder
using virtiofs. Quoting the path when buidling the
command arguments fixed the problem.
On macOS/libkit,applehv the path was written as is
in a systemd unit name to instruct how to mount it.
Escaping space chars so that they are are parsed
successfully fixed this:
```diff
-- enable path with spaces.mount
++ enable path\x20with\x20spaces.mount
```
Fixes https://github.com/containers/podman/issues/25500
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
In the instance where the user sends a signal, such as SIGINT (Ctl-c)
when a Podman Machine is in the middle of starting, make sure the state
doesn't get stuck in the "Currently Starting" status.
Resolves: #24416
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
If this fails we should know exactly what failed. The underlying
connection error might just be unexpected EOF or somthing which is not
helpful.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In the case of an Decoder error which is not EOF we loop forever, as the
Decoder stores some errors each next Decode() call will keep returning
the same error. Thus we loop forever until we run out of memory as each
error was stored in pullErrors array as described in [1].
Note this does not actually fix whatever causes the underlying
connection error in the issue, it just fixes the loop/memory leak.
[1] https://github.com/containers/podman/issues/25974
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add `--swap` argument to `podman machine init` command.
Passing an int64 value to this flag will trigger the Podman machine
ignition file to be generated with a zram-generator.conf file containing
the --swap value as the zram-size argument.
This file is read by the zram-generator systemd service on boot
resulting in a zram swap device being created.
Fixes: https://github.com/containers/podman/issues/15980
Signed-off-by: Lewis Roy <lewis@redhat.com>
Command `podman machine init` for Hyper-V machines invokes the command
`podman machine server9` and redirects it's output to a file. But the
file descriptor was closed before beeing used and the output file was
always empty.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The JSON decoder correctly cannot decode (overflow) negative values (e.g., `-1`) for fields of type `uint64`, as `-1` is used to represent `max` in `POSIXRlimit`. To handle this, we use `tmpSpecGenerator` to decode the request body. The `tmpSpecGenerator` replaces the `POSIXRlimit` type with a `tmpRlimit` type that uses the `json.Number` type for decoding values. The `tmpRlimit` is then converted into the `POSIXRlimit` type and assigned to the `SpecGenerator`.
This approach ensures compatibility with the Podman CLI and remote API, which already handle `-1` by casting it to `uint64` (`uint64(-1)` equals `MaxUint64`) to signify `max`.
Fixes: https://issues.redhat.com/browse/RUN-2859
Fixes: https://github.com/containers/podman/issues/24886
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The Docker `-XDELETE image/$name?force=true` endpoint only removes
containers using an image if they are in a non running state.
In Podman, when forcefully removing images we also forcefully delete
containers using the image including running containers.
This patch changes the Docker image force delete compat API to act like the
Docker API while maintaining commands like `podman rmi -f $imagename`
It also corrects the API return code returned when an image is requested
to be deleted with running containers using it.
Fixes: https://github.com/containers/podman/issues/25871
Signed-off-by: Lewis Roy <lewis@redhat.com>
