Remove dummy UID/GID mappings added when joining existing user
namespaces, which runc 1.1.11+ rejects as conflicting.
RUNC fix: https://github.com/opencontainers/runc/pull/4124Fixes#27148
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove unused 'name' parameter from ConvertPod and reorder ConvertContainer
parameters to match other Convert functions (unitFile, unitsInfoMap, isUser).
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This commit implements the --replace functionality for the artifact add command,
allowing users to replace existing artifacts without having to manually remove
them first.
Changes made:
- Add Replace field to ArtifactAddOptions entity types
- Add --replace CLI flag with validation to prevent conflicts with --append
- Implement replace logic in ABI backend to remove existing artifacts before adding
- Update API handlers and tunnel implementation for podman-remote support
- Add comprehensive documentation and examples to man page
- Add e2e and system BATS tests for --replace functionality
- Fix code formatting in pkg/bindings/artifacts/types_pull_options.go:
* Reorder imports with proper spacing
* Fix function declaration spacing
* Convert spaces to proper tab indentation
* Remove extraneous blank lines
The --replace option follows the same pattern as other podman replace options
like 'podman container create --replace' and 'podman pod create --replace'.
It gracefully handles cases where no existing artifact exists (no error thrown).
Usage examples:
podman artifact add --replace quay.io/myimage/artifact:latest /path/to/file
podman artifact add --replace localhost/test/artifact /tmp/newfile.txt
Fixes: Implements requested --replace functionality for artifact add command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The 'name' parameter was unused in both ConvertNetwork and ConvertVolume functions.
Remove the parameter entirely and update all function calls accordingly.
This fixes revive linter warnings:
- pkg/systemd/quadlet/quadlet.go:961:47: unused-parameter: parameter 'name' seems to be unused
- pkg/systemd/quadlet/quadlet.go:1050:45: unused-parameter: parameter 'name' seems to be unused
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Since Go 1.18, any is a type alias for interface{}. After commit 8631032556
there is still one last instance of interface{} left -- replace it
manually.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The code which comment refers to was removed by commit 2e4e1bb97c
("podman machine ssh handling"), so the comment is no longer valid.
Remove it.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Added flags to point to TLS PEM files to use for exposing and connecting
to an encrypted remote API socket with server and client authentication.
* Added TLS fields for system connection ls templates.
* Added special "tls" format for system connection ls to list TLS fields
in human-readable table format.
* Updated remote integration and system tests to allow specifying a
"transport" to run the full suite against a unix, tcp, tls, or mtls
system service.
* Added system tests to verify basic operation of unix, tcp, tls, and mtls
services, clients, and connections.
Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
This commit implements automatic creation timestamp functionality for artifacts
as requested in GitHub issue #27081, allowing users to see when artifacts were created.
Changes made:
- Add org.opencontainers.image.created annotation with Unix nanoseconds timestamp during artifact creation
- Preserve original creation timestamp when using --append option
- Update artifact inspect and add man pages to document the new functionality
- Add comprehensive e2e and system BATS tests to verify creation timestamp behavior
- Store timestamp as integer (Unix nanoseconds) for programmatic access
The creation timestamp helps users understand artifact freshness, particularly
useful for AI models and other time-sensitive artifacts managed by tools like RamaLama.
Usage examples:
podman artifact add myartifact:latest /path/to/file # Creates with timestamp
podman artifact inspect myartifact:latest # Shows created annotation as integer
podman artifact add --append myartifact:latest /file2 # Preserves original timestamp
Fixes: https://github.com/containers/podman/issues/27081
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For exec and attach use an upgrade request which the server responds
with HTTP 101 status. Since go 1.12 the Body can be casted to an
io.Writer and then use that to write to the server.
This does however not allow us to skip the ugly hack of overwriting
the default dialContext() because the ReadWriterCloser on the body
does not allow us to call CloseWrite() which is critical to correctly
close the stdin side. So we still have to extract the underlying
net.Conn for that.
Using the cast response.Body is important because the underlying http
lib reads from the socket to parse the header and response code of
course and it is possible that it read more content than needed that is
kept in its buffer but because we then only directly read from the
connection it was possible we miss the first few bytes of the message.
This should fix the issue and hopefully also some long standing
podman-remote missing output flakes in CI.
Fixes: #26951
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When `/proc/sys/fs/binfmt_misc` is not mounted, filepath.WalkDir may return
fs.ErrNotExist errors. These should be handled gracefully and return nil
instead of causing a panic.
Signed-off-by: Peiyuan Song <squallatf@gmail.com>
Using golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
+ some manual cleanup in libpod/lock/shm/shm_lock_test.go as it
generated an unused variable
+ restored one removed comment
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Split the monolithic Build() function into focused helper functions.
- Add a TempFileManager for proper temporary file lifecycle management.
This refactoring is in preparation for implementing a local build API.
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
If the `Mount` option inside a quadlet is missing the source=... part,
the code today panics with the following message.
```
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/containers/podman/v5/pkg/systemd/quadlet.handleStorageSource(0xc000140de0?, 0x1d?, {0x0?, 0x1?}, 0x5634e39e233e?, 0x10?)
...
```
This commit checks for the missing source and returns an error to avoid the panic.
Signed-off-by: Jakob Meier <mail@jakobmeier.ch>
For ConfigMap and Secret kube play volumes podman populates the data
from the yaml. However the volume content is not controlled by us and we
can be tricked following a symlink to a file on the host instead.
Fixes: CVE-2025-9566
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The container/stats endpoint was unimplemented. Copy over the structure
from the Linux endpoint handler, albeit with most of the stats
unpopulated. This is similar to how "podman stats" returns very little
info on FreeBSD. On the other hand, some orchestration tools will query
the stats endpoint to check liveness of a container, so it's useful to
implement it even though some fields are unimplemented for now.
Signed-off-by: Mark Johnston <mark.johnston@klarasystems.com>
