Remove dummy UID/GID mappings added when joining existing user
namespaces, which runc 1.1.11+ rejects as conflicting.
RUNC fix: https://github.com/opencontainers/runc/pull/4124Fixes#27148
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This commit implements the --replace functionality for the artifact add command,
allowing users to replace existing artifacts without having to manually remove
them first.
Changes made:
- Add Replace field to ArtifactAddOptions entity types
- Add --replace CLI flag with validation to prevent conflicts with --append
- Implement replace logic in ABI backend to remove existing artifacts before adding
- Update API handlers and tunnel implementation for podman-remote support
- Add comprehensive documentation and examples to man page
- Add e2e and system BATS tests for --replace functionality
- Fix code formatting in pkg/bindings/artifacts/types_pull_options.go:
* Reorder imports with proper spacing
* Fix function declaration spacing
* Convert spaces to proper tab indentation
* Remove extraneous blank lines
The --replace option follows the same pattern as other podman replace options
like 'podman container create --replace' and 'podman pod create --replace'.
It gracefully handles cases where no existing artifact exists (no error thrown).
Usage examples:
podman artifact add --replace quay.io/myimage/artifact:latest /path/to/file
podman artifact add --replace localhost/test/artifact /tmp/newfile.txt
Fixes: Implements requested --replace functionality for artifact add command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman wait by default waits for exit not removal as the man page
documents.
Fixes: 3a98b6dc0e ("test: Wait for killed container to avoid leak")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Bash will expand a signle ? to a file name which consists of a single
char, and thus if you have a file named "a" in the cwd it will add a as
argument which causes podman a ... to be executed which clearly fails
the test.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Added flags to point to TLS PEM files to use for exposing and connecting
to an encrypted remote API socket with server and client authentication.
* Added TLS fields for system connection ls templates.
* Added special "tls" format for system connection ls to list TLS fields
in human-readable table format.
* Updated remote integration and system tests to allow specifying a
"transport" to run the full suite against a unix, tcp, tls, or mtls
system service.
* Added system tests to verify basic operation of unix, tcp, tls, and mtls
services, clients, and connections.
Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
This commit implements automatic creation timestamp functionality for artifacts
as requested in GitHub issue #27081, allowing users to see when artifacts were created.
Changes made:
- Add org.opencontainers.image.created annotation with Unix nanoseconds timestamp during artifact creation
- Preserve original creation timestamp when using --append option
- Update artifact inspect and add man pages to document the new functionality
- Add comprehensive e2e and system BATS tests to verify creation timestamp behavior
- Store timestamp as integer (Unix nanoseconds) for programmatic access
The creation timestamp helps users understand artifact freshness, particularly
useful for AI models and other time-sensitive artifacts managed by tools like RamaLama.
Usage examples:
podman artifact add myartifact:latest /path/to/file # Creates with timestamp
podman artifact inspect myartifact:latest # Shows created annotation as integer
podman artifact add --append myartifact:latest /file2 # Preserves original timestamp
Fixes: https://github.com/containers/podman/issues/27081
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
On very slow systems it can be that it takes over 5s after the sleep
process was started and until the find_exec_pid_files function finds the
file. This was observed on a ppc64le machine by Red Hat QE.
Just making the sleep longer should fix that problem and it doesn't
really effect the total test time because we stop the container
afterwards so there is no extra delay added with this either.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On debian with an older we get this error instead:
fsconfig() failed: tmpfs: Unknown parameter 'noswap'
So handle that case as well to skip the test correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The full error message is:
failed to create idmapped mount: mount_setattr /tmp/CI_SKPI/podman_bats.RX6gD9/rootfs: invalid argument
So in order to match this account for the variable part.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The distro-integration tag was added for fedora openQA to only run a
subset of tests. However since it was added only a few new tests have
been labelled like that and in general a normal contributor or even
maintianer has no idea when to add this tag.
We also have been seeing several regressions getting into fedora that
these tests would have caught. As such I worked with Adam to enable all
tests for fedora openQA so we actually have proper coverage. This has
been working for a few weeks so I think we can dop these tags so
upstream does not need to bother with them at all.
https://pagure.io/fedora-qa/os-autoinst-distri-fedora/issue/373
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test pulled a new $IMAGE already because it runs the http server
container. So this doesn't striclty ensure the load works correctly.
Make sure to actually test the load of a different image, so we use
$PODMAN_NONLOCAL_IMAGE_FQN for that like another load test already
does.
I noticed this as the image pull on the webserver start flaked in
a openQA run. Using _prefetch should help to reduce the network pulls
here as it caches the image locally once it is pulled for the first
time.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is an unnecessary network connection that flakes from time to time.
Spawn our own local server instead and use that. That also allows to
check that the actual file content has been copied.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In the journald driver there is a bug where the network event
attributes are not preserved. This causes the network driver to be
missing and that in turn causes the ToHumanReadable() function to print
an empty line. Fix it by making sure we preserve the network driver in
the event attributes.
Fixes: https://issues.redhat.com/browse/RHEL-109790
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add --creds flag to podman create and podman run commands to support
registry authentication during image pulling.
Without this flag, users must perform a separate `podman pull
--creds/--cert-dir` first and then remember to specify `--pull=never`.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When conmon was killed podman rm -f currently fails but running it again
then works which doesn't really makes sense. We should properly remove
the contianer even if conmon is dead.
In fact the code already handles ErrConmonDead as stop error when we
remove the container but this error was never thrown anywhere. To fix
this throw ErrConmonDead instead of ErrInternal because that is not an
intenral error if something else killed conmon.
With this we can correctly cleanup and remove the container. The fact
that this works on the first try is important for quadlet units as they
only run the ExecStopPost= command once to remove it.
Fixes: #26640
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no reason for local and rmeote to use a different error that
just differs in quoting. Make them consitent to simplify the tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Updated helper function "find_exec_pid_files" and called it the "podman exec - leak check" test.
Fixes: #26616
Signed-off-by: Craig Spencer <craig.spencer812@gmail.com>
Prevent `podman volume export` from showing raw tar contents directly to the terminal (STDOUT). If not redirected and without output flag, error message is expected.
Fixes: #26506
Signed-off-by: Arthur Wu <lion811004@gmail.com>
I noticed recently when I made a typo that then auto-update errored but
it did not tell me which container was incorrect so I had to check all
containers myself. Include the container ID in the error to make it
clear which container has the issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For currently version of journalctl, --user option only works when
the persistent storage is enabled. So we need to check this option
before we use it. Otherwise a set of tests will failed with can
not find expected output from journalctl with rootless user.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
When generating Conmon's command line, we read containers.conf to
get log_size_max and used it if the container didn't override it.
However, `podman inspect` only reads from the container's own
config, and ignores containers.conf. Unify the way we determine
maximum log size with a single function and use it for both
inspect and containers.conf, and add a test for this behavior.
Fixes https://issues.redhat.com/browse/RHEL-96776
Signed-off-by: Matt Heon <mheon@redhat.com>
Unfortunately on a number of occasions, Podman has been released
officially with a `-dev` suffix in the version number. Assist in
catching this mistake at release time by the addition of a simple
conditional test. Note that it must be positively enabled by a
magic env. var. before executing the system tests.
Also (thanks to @lsm5) update the TMT test to trigger the new
condition for future Fedora releases.
Signed-off-by: Chris Evich <cevich@redhat.com>
As with `volume export`, this was coded up exclusively in cmd/
instead of in libpod. Move it into Libpod, add a REST endpoint,
add bindings, and now everything talks using the ContainerEngine
wiring.
Also similar to `volume export` this also makes things work much
better with volumes that require mounting - we can now guarantee
they're actually mounted, instead of just hoping.
Includes some refactoring of `volume export` as well, to simplify
its implementation and ensure both Import and Export work with
readers/writers, as opposed to just files.
Fixes#26409
Signed-off-by: Matt Heon <mheon@redhat.com>
