Using golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
+ some manual cleanup in libpod/lock/shm/shm_lock_test.go as it
generated an unused variable
+ restored one removed comment
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Added log_path variable in containers/common, User sets default log path in containers.conf under the `[containers]` section.
The directory has to exist beforehand. Container logs go under this directory, sub-directories named with the container id
and inside the sub-directory a ctr.log file will be created where the container logs for the corresponding container will go.
This path can be overridden by using the `--log-opt` flag.
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
- Add specific check for empty device modes in ParseDevice function
- Change error message from 'invalid device mode: ' to 'empty device mode in device specification: <device>'
- Include full device specification in error message for better context
- Add test cases for empty device mode scenarios
- Resolves issue where '/dev/fuse::' provided unhelpful error message
Fixes#26629
Signed-off-by: Devashish08 <devashish.cs025@gmail.com>
The field allows users to specify a custom stop signal (e.g., SIGUSR1) per container.
If defined, it overrides the default stop signal (SIGTERM) or that defined in the image metadata.
Fixes: #25389
Signed-off-by: Arthur Wu <lion811004@gmail.com>
An artifact without the title annoation just gets the digest as name
which is less than ideal. While it is a decent default to avoid
conflicts users would like to configure the name.
With the name=abc option we will call the file abc in case of a signle
artifact and otherwise we use abc-x where x is the layer index starting
at 0 to avoid conflicts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In case something other than a block device is supplied, podman proceeds
to apply settings for a block device with the same minor:major.
For example, "--blkio-weight-device /dev/zero:123" (alas, this is taken
literally from podman-update(1) EXAMPLES section) sets blkio weight
for /dev/ram5. Instead, it should error out since /dev/zero is not a
block device.
Add an appropriate check.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Refactor these functions to
- avoid repetition of common code (mostly stat of block device path);
- perform early return if nothing is to be done;
- remove some excessive nesting.
It also improves some error messages.
This is a preparation for the next commit.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Currently setting log_tag from containers.conf will override any value
set via --log-opt tag=value option. This commit fixes this.
Fixes: https://github.com/containers/podman/issues/26236
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
This commit adds two new annotations named
io.podman.annotations.cpuset/$ctrname and
io.podman.annotations.memory-nodes/$ctrname
The first one allows restricting a container's execution to specific
CPU cores while the second restricts memory allocations to specific
NUMA memory nodes. They are also added automatically when the
--cpuset-cpus and --cpuset-mems options are used.
Fixes: containers#26172
Signed-off-by: François Poirotte <clicky@erebot.net>
This commit removes the code to build a local pause
image from the Containerfile. It is replaced with
code to find the catatonit binary and include it in
the Rootfs.
This removes the need to build a local pause container
image.
The same logic is also applied to createServiceContainer
which is originally also based on the pause image.
Fixes: #23292
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.
Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
> pkg/specgen/generate/oci_freebsd.go:15:2: ST1019: package "github.com/opencontainers/runtime-spec/specs-go" is being imported more than once (staticcheck)
> "github.com/opencontainers/runtime-spec/specs-go"
> ^
> pkg/specgen/generate/oci_freebsd.go:16:2: ST1019(related information): other import of "github.com/opencontainers/runtime-spec/specs-go" (staticcheck)
> spec "github.com/opencontainers/runtime-spec/specs-go"
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
> pkg/specgen/generate/namespaces_freebsd.go:60:9: S1002: should omit comparison to bool constant, can be simplified to !jail.NeedVnetJail() (staticcheck)
> return jail.NeedVnetJail() == false
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These two:
> libpod/container_internal_freebsd.go:183:33: Error return value of `c.runtime.state.UpdateContainer` is not checked (errcheck)
> c.runtime.state.UpdateContainer(nsCtr)
> ^
> pkg/specgen/generate/config_freebsd.go:51:12: Error return value is not checked (errcheck)
> addDevice(g, resolvedDevicePath)
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
No change in functionality.
I might be missing something here, but it appears to be unfinished and
unused.
Fixes: bbd085ad1e ("Podman Pod Create --cpus and --cpuset-cpus flags")
Fixes: 2d86051893 ("Pod Device-Read-BPS support")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added by commit 84e42877a ("make lint: re-enable revive"),
making nolintlint became almost useless.
Remove the ungodly amount of unused nolint annotations.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit adds new --cdi-spec-dir global option. This
option is used to add additional CDI spec paths.
Signed-off-by: Micah Chambers (eos) <mchambers@anduril.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
GoLang sets unset values to the default value of the type. This means that the destination of the log is an empty string and the count and size are set to 0. However, this means that size and count are unbounded, and this is not the default behavior.
Fixes: https://github.com/containers/podman/issues/25473
Fixes: https://issues.redhat.com/browse/RHEL-83262
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]
This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new `podman machine cp` subcommand to allow users to copy files or
directories between a running Podman Machine and their host.
Tests cover the following cases:
- Copy a file from the host machine to the VM
- Copy a directory from the host machine to the VM
- Copy a file from the VM to the host machine
- Copy a directory from the VM to the host machine
- Copy a file to a directory
- Copy a directory to a file
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Fixes: https://github.com/containers/podman/issues/25002
Also add the ability to inspect containers for
UseImageHosts and UseImageHostname.
Finally fixed some bugs in handling of --no-hosts for Pods,
which I descovered.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We now handle CDI qualified names being passed to resources.limits. The
support for that was already in libpod as of ab7f6095a17bd50477c30fc8c127a8604b5693a6
when passed via the devices list. this just hooks the kube yaml parser
up to it.
Additionally we introduce `podman.io/device` that accepts device paths
as names and is transparently translated to mimick --device. This allows
bringing arbitrary devices into the container via similar, although
incompatible with, k8s mechanics:
```yaml
resources:
requests:
podman.io/device=/dev/kmsg: 1
```
Fixes: https://github.com/containers/podman/issues/17833
Signed-off-by: Robert Günzler <r@gnzler.io>
Introduce a new option "size" to configure the maximum size of the
user namespace configured by keep-id.
Closes: https://github.com/containers/podman/issues/24837
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add --hosts-file flag to container create, container run and pod create
* Add HostsFile field to pod inspect and container inspect results
* Test BaseHostsFile config in containers.conf
Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
This matches the behavior of other volume and mount types. Image
volumes and volumes/mounts from the `--volumes-from` flag should
be overridden by actual user-specified named volumes and mounts,
but this was not true for overlay mounts. Fortunately, our
duplicate-mount detection logic still works, so we got a good
error message at least.
The fix is simple - extend our supersede logic, which currently
only works with named volumes and mounts, to also work with
overlay mounts.
Fixes#24555
Signed-off-by: Matt Heon <mheon@redhat.com>
This way has a huge disadvantage: The user will not see an error when he
uses a non-existent option. Another disadvantage is, that if we add more
options within podman, they might collide with the names chosen by
plugins. Such issues might be hard to debug.
The advantage is that the usage is very nice:
--network bridge:opt1=val1,opt2=val2.
Alternatively, we could put this behind `opt=`, which is harder to use,
but would solve all issues above:
--network bridge:opt=opt1=val1,opt=opt2=val2
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
