when deciding to create a user namespace, check for CAP_SYS_ADMIN
instead of looking at the euid.
[NO TESTS NEEDED] Needs nested Podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when creating a user namespace, attempt to create it first by copying
the current mappings and then fallback to the other methods:
1) use newidmap tools and ...
2) create a user namespace with a single user mapped.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
It is possible that a container is removed between fetching the
initial list of containers and the second access during conversion.
Closes#10120
[NO TESTS NEEDED]
Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
In libpod/image.Image.Remove(), if the attempt to find the image's
parent fails for any reason, log a warning and proceed as though it
didn't have one instead of failing, which would leave us unable to
remove the image without resetting everything.
In libpod/Runtime.RemoveImage(), if we can't determine if an image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove
all images, if we encounter an error checking if a given image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
- Persist CDIDevices in container config
- Add e2e test
- Log HasDevice error and add additional condition for safety
Signed-off-by: Sebastian Jug <seb@stianj.ug>
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes#8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes#10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This time we are checking if the function actually succeeded,
otherwise we will report an error.
Also if we did not get the id, report unexpected failure.
[NO TESTS NEEDED] Still no good way to test this, but manually.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When our multierror contains just one error, don't extract its text only
to rewrap it, because doing so discards any stack trace information that
might have been added closer to where the error actually originated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We have a race condition where podman build can fail
but still return an exit code of 0. This PR ensures
that as soon as the build fails, the failed flag is set
eliminating the race.
Fixes: https://github.com/containers/podman/issues/10029
[NO TESTS NEEDED] Tests of failed builds are already in place, and
the elimination of the race should be enough.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We originally added this in the *very early* days of Podman,
before a proper persistent state was written, so we had something
to test with. It was retained after the original SQLite state
(and current BoltDB state) were written so it could be used for
testing Libpod in unit tests with no requirement for on-disk
storage. Well, such unit tests never materialized, and if we were
to write some now the requirement to have a temporary directory
for storing data on disk is not that bad. I can basically
guarantee there are no users of this in the wild because, even if
you managed to figure out how to configure it when we don't
document it, it's completely unusable with Podman since all your
containers and pods will disappear every time Podman exits.
Given all this, and since it's an ongoing maintenance burden I no
longer wish to deal with, let's just remove it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Swagger documentation reported that the API endpoint /pods/create
returned 200 while the as-built code returned 201. 201 is more
correct so documentation updated.
Tests already checked for 201 so no updated needed.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add validation for manifest name
* Always return an array for manifests even if empty
* Add missing return in df handler when returning error. Caused an
additional null to be written to client crashing python decoder.
When c/image is refactored to include manifests, manifest endpoints should
be revisited.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
[NO TESTS NEEDED]
force bitsSize==64 so that the string is always parsed to a uint64
instead of using the native int size, that could be not big enough on
32 bits arches.
Closes: https://github.com/containers/podman/issues/9979
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
libpod df handler missing a return after writing error to client. This
caused a null to be appended to JSON and crashed python decoder.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Volumes endpoints for HTTP compat and libpod APIs allowed
usage of list HTTP endpoint filter funcs. Documentation in
case of compat API does not allow that. This commit aligns
code with the documentation and also ligns libpod with compat API.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Changed reference in swagger to correct struture that was being
returned.
* Added summary to ManifestAddLibpod to clean up generated web site
* Added serve target to Makefile, to aid in debugging generated
web site
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Add a new --rootless-cni option to podman unshare to also join the
rootless-cni network namespace. This is useful if you want to connect
to a rootless container via IP address. This is only possible from the
rootless-cni namespace and not from the host namespace. This option also
helps to debug problems in the rootless-cni namespace.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
