Previously, our approach was to inspect the volume, grab its
mountpoint, and tar that up, all in the CLI code. There's no
reason why that has to be in the CLI - if we move it into
Libpod, and add a REST endpoint to stream the tar, we can
enable it for the remote client as well.
As a bonus, previously, we could not properly handle volumes that
needed to be mounted. Now, we can mount the volume if necessary,
and as such export works with more types of volumes, including
volume drivers.
Signed-off-by: Matt Heon <mheon@redhat.com>
An artifact without the title annoation just gets the digest as name
which is less than ideal. While it is a decent default to avoid
conflicts users would like to configure the name.
With the name=abc option we will call the file abc in case of a signle
artifact and otherwise we use abc-x where x is the layer index starting
at 0 to avoid conflicts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the artifact has a single blob then use the dst path directly as
mount in case it does not exist.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
'noatime' flag disables updates to file access times when files are read. This can reduce unnecessary writes and improve performance, especially in read-heavy workloads. Previously, tmpfs did not recognize the 'noatime' mount option and would return an error.
With this change, tmpfs now properly accepts and handles the 'noatime' option.
Fixes: #26102
Signed-off-by: Arthur Wu <lion811004@gmail.com>
This patch adds a new endpoint to the REST API called "artifacts" with
the following methods:
- Add
- Extract
- Inspect
- List
- Pull
- Push
- Remove
This API will be utilised by the Podman bindings to add OCI Artifact
support to our remote clients.
Jira: https://issues.redhat.com/browse/RUN-2711
Signed-off-by: Lewis Roy <lewis@redhat.com>
podman's logic to parse excludes from `--ignorefile` is not consistent
with buildah, use code directly from imagebuilder.
Closes: https://github.com/containers/podman/issues/25746
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Added support for "podman buildx inspect". The goal was to replicate the default output from "docker buildx inspect" as
much as possible but a problem encountered was podman not supporting BuildKit. To replicate the output I resorted to
printing the statements with default values but only changed the driver name to use podman instead of docker. Since
there was no buildkit, gave it the value of "N/A" to depict it's not supported. For Platforms, I resorted to using
the emulated architectures found on your linux system + the host architecture of your local machine or podman server. The
bootstrap flag was also added but is considered a NOP since there is no buildkit container to run before running inspect.
An extra field was added to the HostInfo struct so when you run "podman info" the emulated architectures will show, this
was used so you can grab the information from the podman engine.
Fixes#13014
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
We should fully replace the options, now that we vendored the
libnetwork/resolvconf changes into podman this just works.
Fixes: #22399
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We like to append the host servers in that case so that we do not only
force dns.podman.
Fixes: #24713
Fixes: https://issues.redhat.com/browse/RHEL-83787
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Docker does not require `--type` to be passed, defaulting to
`type=volume` in cases where it's not passed. Do the same in our
volume parsing, and add a test to verify this works as expected.
Fixes#26101
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Currently setting log_tag from containers.conf will override any value
set via --log-opt tag=value option. This commit fixes this.
Fixes: https://github.com/containers/podman/issues/26236
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
Per Adrian Reber, the aarch64 kernel doesn't support the soft dirty bit
and support isn't expected anytime soon.
Ref: https://github.com/checkpoint-restore/criu/issues/2676
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When using `docker compose run --entrypoint ''`, docker sends
`"Entrypoint": []` in the JSON. Podman currently treats that
as `nil` and fallback to default image entrypoint.
This is not what is expected by the user. Instead, it should
not use any entrypoint.
This commit fixes it by properly propagating the `[]` downstream
to libpod.
Fixes: #26078
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When a container has no image, i.e. using rootfs like our new infra
containers then the Image function crashed trying to show the first 12
image ID chars. If there is no image simply show nothing there.
Fixes: #26224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Specifically, this does two things:
1. Turn on case-sensitive LIKE queries. Technically, this is not
specific to volumes, as it will also affect container and pod
lookups - but there, it only affects IDs. So `podman rm abc123`
will not be the same as `podman rm ABC123` but I don't think
anyone was manually entering uppercase SHA256 hash IDs so it
shouldn't matter.
2. Escape the _ and % characters in volume lookup queries. These
are SQLite wildcards, and meant that `podman volume rm test_1`
would also match `podman volume rm testa2` (or any character in
place of the underscore). This isn't done with pod and container
lookups, but again those just use LIKE for IDs - so technically
`podman volume rm abc_123` probably works and removes containers
with an ID matching that pattern... I don't think that matters
though.
Fixes#26168
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
After the system reboot, the Rootfs for infra-container can
be removed. This can happen when it is stored on tmpfs.
This commit recreates the infra-container directory which is
used for Rootfs for infra-container before mounting it.
Fixes: #26190
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The e2e tests for device access involving /dev/kmsg could fail
intermittently. This was due to a race condition where concurrent
writes to the kernel log buffer by other processes, while the test
was reading from /dev/kmsg, could cause the read to fail with ESPIPE.
Fixes: https://github.com/containers/podman/issues/23882
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
getAllDependencies() skips recursing into dependencies that are already
running, but BuildContainerGraph() expects a *complete* set of inputs
and returns an error if any are missing. Thus, podman will fail to start
a container with already-running direct dependencies that, in turn, have
their own dependencies.
None of the other callers of BuildContainerGraph() omit anything from
their list of containers, so follow the same approach here, and just
let startNode figure out if a start is actually needed.
Fixes: containers/podman-compose#921
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
Hard coding to none without checking containers.conf is not a good idea
as users who liked the previous behavior and the podman default behavior
of keeping the hosts entries can no longer do that.
With this commit they can set base_hosts_file = "/etc/hosts" to restore
the previous behavior.
Fixes: https://issues.redhat.com/browse/RHEL-92995
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Access to the cpuset cgroup controller is needed to run these tests.
Configuration on the CI workers prevents access to this controller
for rootless pods.
Signed-off-by: François Poirotte <clicky@erebot.net>