Specifically, this does two things:
1. Turn on case-sensitive LIKE queries. Technically, this is not
specific to volumes, as it will also affect container and pod
lookups - but there, it only affects IDs. So `podman rm abc123`
will not be the same as `podman rm ABC123` but I don't think
anyone was manually entering uppercase SHA256 hash IDs so it
shouldn't matter.
2. Escape the _ and % characters in volume lookup queries. These
are SQLite wildcards, and meant that `podman volume rm test_1`
would also match `podman volume rm testa2` (or any character in
place of the underscore). This isn't done with pod and container
lookups, but again those just use LIKE for IDs - so technically
`podman volume rm abc_123` probably works and removes containers
with an ID matching that pattern... I don't think that matters
though.
Fixes#26168
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
After the system reboot, the Rootfs for infra-container can
be removed. This can happen when it is stored on tmpfs.
This commit recreates the infra-container directory which is
used for Rootfs for infra-container before mounting it.
Fixes: #26190
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The e2e tests for device access involving /dev/kmsg could fail
intermittently. This was due to a race condition where concurrent
writes to the kernel log buffer by other processes, while the test
was reading from /dev/kmsg, could cause the read to fail with ESPIPE.
Fixes: https://github.com/containers/podman/issues/23882
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
getAllDependencies() skips recursing into dependencies that are already
running, but BuildContainerGraph() expects a *complete* set of inputs
and returns an error if any are missing. Thus, podman will fail to start
a container with already-running direct dependencies that, in turn, have
their own dependencies.
None of the other callers of BuildContainerGraph() omit anything from
their list of containers, so follow the same approach here, and just
let startNode figure out if a start is actually needed.
Fixes: containers/podman-compose#921
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
Hard coding to none without checking containers.conf is not a good idea
as users who liked the previous behavior and the podman default behavior
of keeping the hosts entries can no longer do that.
With this commit they can set base_hosts_file = "/etc/hosts" to restore
the previous behavior.
Fixes: https://issues.redhat.com/browse/RHEL-92995
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Access to the cpuset cgroup controller is needed to run these tests.
Configuration on the CI workers prevents access to this controller
for rootless pods.
Signed-off-by: François Poirotte <clicky@erebot.net>
This commit adds two new annotations named
io.podman.annotations.cpuset/$ctrname and
io.podman.annotations.memory-nodes/$ctrname
The first one allows restricting a container's execution to specific
CPU cores while the second restricts memory allocations to specific
NUMA memory nodes. They are also added automatically when the
--cpuset-cpus and --cpuset-mems options are used.
Fixes: containers#26172
Signed-off-by: François Poirotte <clicky@erebot.net>
When podman restarts config values within the Engine are lost.
Add --hook-dirs arguments as appropriate to the cleanup command
so that hooks are preserved on restarts due to the on-restart setting
Tests: add a check that prestart/poststop hooks ran every time after 2
restarts.
`wait_for_restart_count` was re-used to wait for restarts and moved to
helpers file.
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Fixes: #17935
This fixes an issue where multiple paths separated by a colon were
treated as a single path, contrary to what docs say and unlike how mask
option works.
Test was updated with a case that fails without this commit.
Signed-off-by: Šimon Škoda <ver4a@uncontrol.me>
This commit introduces TMT test jobs triggered via packit to run system
tests on testing-farm infrastructure. Tests are run for
Fedora 41, 42 and rawhide on x86_64. The same
test plan will be reused by Fedora for bodhi, zuul and fedora-ci gating
tests. Packit will handle syncing of test plan and sources from upstream
to downstream.
Packit failure notification has also been updated to be less noisy and
let people know they are free to ignore any failures.
TODO:
1. Enable jobs for CentOS Stream and aarch64 envs.
2. Enable separate set of jobs for release branches as they need to be
tested with official distro packages, not with bleeding-edge
packages.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The tests for device I/O limits were using `/dev/zero`,
which is not a block device suitable for these cgroup
controls.
Update the tests to use `/dev/nullb0` if it exists.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The tests were incorrectly using `/dev/zero`. These options are
intended to set I/O limits on specific block devices.
The test already sets up a loopback device, so reuse it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Cgroup block I/O limits cannot be applied to character devices.
Ignore character devices in the inspect output.
Update the API tests to use the null block device `/dev/nullb0` (if
available) instead of `/dev/zero` for testing I/O limits.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The JSON decoder correctly cannot decode (overflow) negative values (e.g., `-1`) for fields of type `uint64`, as `-1` is used to represent `max` in `POSIXRlimit`. To handle this, we use `tmpSpecGenerator` to decode the request body. The `tmpSpecGenerator` replaces the `POSIXRlimit` type with a `tmpRlimit` type that uses the `json.Number` type for decoding values. The `tmpRlimit` is then converted into the `POSIXRlimit` type and assigned to the `SpecGenerator`.
This approach ensures compatibility with the Podman CLI and remote API, which already handle `-1` by casting it to `uint64` (`uint64(-1)` equals `MaxUint64`) to signify `max`.
Fixes: https://issues.redhat.com/browse/RUN-2859
Fixes: https://github.com/containers/podman/issues/24886
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
