if the volume is mounted with "idmap", there should not be any mapping
using the user namespace mappings since this is done at runtime using
the "idmap" kernel feature.
Closes: https://github.com/containers/podman/issues/22228
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The way `podman login` works by default is fundamentally different
from `docker login` and this causes a lot of confusion, and I
have seen multiple bad suggestions for ways to address this
such as setting `XDG_RUNTIME_DIR`.
Let's document up front how to write to the persistent path.
Signed-off-by: Colin Walters <walters@verbum.org>
Emergency update to get pasta 03-26. Also gives us crun 1.14.4.
One unexplained difference: fc39 and rawhide now create:
/run/log/journal/SOMETHING/system.journal
...and the SOMETHING is o-rwx. This triggers journalctl to spit out a warning:
Hint: You are currently not seeing messages from the system.
Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
Pass -q to turn off this notice.
...which in turn causes ExitCleanly() to fail.
It is not clear who/what is creating this journal directory, or
why it allofasudden started just now. Workaround is to add -q
to journalctl in one test.
One more difference, another test now requires SYSLOG capability.
VM package info:
https://github.com/containers/automation_images/pull/342
Signed-off-by: Ed Santiago <santiago@redhat.com>
There has been various issues with vfkit exiting with
"Error: vfkit exited unexpectedly with exit code 1"
Among other reasons, this can be caused by vfkit being
built without the com.apple.security.virtualization
entitlement, and this can also happen when running
vfkit.x86_64 on Apple silicon hardware.
At the moment, the vfkit logs are not available, so there is no easy way
to know what's happening. This PR redirects vfkit stdout/stderr to
podman's log when --log-level debug is used.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
This process is easy/quick to do but critically important. It ensures
that CI will always remain available in the event a CVE (or otherwise)
backport is required. These jobs are all actively monitored daily, and
their execution ensures the CI VM images are forever preserved.
Signed-off-by: Chris Evich <cevich@redhat.com>
This is needed on the off-chance that some tool or a human suggests
updating the minimum version to 1.21 or later. Since doing so would
cause Fedora and Debian to start behaving differently WRT builds.
Signed-off-by: Chris Evich <cevich@redhat.com>
Useful to tell whether containers are being made with pasta or
slirp4netns by default. Info is bloated enough already that I
don't really have concerns about shoving more into it.
Fixes#22172
Signed-off-by: Matt Heon <mheon@redhat.com>
This factors out the check for cgroupsv2 unified mode into a
platform-specific file and stops podman from generating a (harmless)
warning every time it is run on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
creating vsocks in windows requires admin privileges. there could be
some workarounds made in the future,but the general deal has
always been, you need to be admin. lets enforce this with an error
until those work-arounds can be implemented.
Signed-off-by: Brent Baude <bbaude@redhat.com>
I believe the previous code meant to use cmd.Run instead of cmd.Start.
The issue is that cmd.Start returns before the command has finished
executing, so the conditional body checking for the stderr of the
command never gets executed.
Raise the cmd.Start up into it's own conditional, which is checking for
whether the process could be started. Then we consume stderr, check for
some specific strings in the output, and then finally continue on with
the rest of the code.
Signed-off-by: Keith Johnson <kj@ubergeek42.com>
The packit alias `fedora-latest` points to the latest branched version
(regardless if released or not).
So, this configuration should work without issues through Fedora 40
release and should account for all branches until Fedora 41 release.
Ref: https://packit.dev/docs/configuration#aliases
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Windows is not guaranteed to have the SSH feature installed, so prefer the use
of the built-in ssh client for all operations other than podman machine ssh,
which requires terminal pty logic. This restores previous behavior in 4.x.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Fix following issues:
- create container API handler ignores Annotations from HostConfig
- inspect container API handler does not provide Annotations as
part of HostConfig
Signed-off-by: diplane <diplane3d@gmail.com>
this pr fixes two hyperv bugs. previous podman 5 versions of hyperv
failed to actually remove the vm from hyperv when machine rm -f was
called.
also fixes an annoying bug where removal of the hyperv ignition entries
were failing because this can only be done (with the current api) when
the vm is running. new api in latest libhvee fixes this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Packit now has recently added support to enable downstream PR updates to
CentOS Stream packages.
Ref:
https://packit.dev/docs/configuration/upstream/propose_downstream#syncing-the-release-to-centos-stream
CentOS Stream support is still in its early stages but this change
should be safe to add to upstream packit config.
Whenever there's a new Podman release, the rpm maintainer would need to
run `packit propose-downstream` using the packit CLI (not github
comment) to actually create the downstream update PR.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The cgroupv1 warning uses PODMAN_IGNORE_CGROUPSV1_WARNING in the code
while the text says PODMAN_CGROUPSV1_WARNING.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Follow up to 493179be45 which only fixed the issue on the server despite
me trying to fix it on the client as well, with this change here we
always correctly unset the default on the remote client as the
root/rootless status will be wrong.
This means it is enough for users to either have a new server or client
with the bug fix which should make the update process easier.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
