The path was missing a slash between the libexec path and the binary
name. This was never noticed because the code already falls back to a
builtt-in pause process.
Fixes: 71f96c2e6ff7 ("rootless: define LIBEXECPODMAN")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently --tmpdir changes the location of the pause.pid file. this
causes issues because the c code in pkg/rootless does not know about
that. I tried to fix this[1] by fixing the c code to not use the
shortcut. While this fix worked it will result in many pause processes
leaking in the integrration tests.
Commit ab88632 added this behavior but following the disccusion it was
never the intention that we end up having more than one pause process.
The issues that was trying to fix was caused by somthing else AFAICT,
the main problem seems to be that the pause.pid file parent directory
may not be created when we try to create the pid file so it failed with
ENOENT. This patch fixes it by creating this directory always and revert
the change to no longer depend on the tmpdir value.
With this commit we now always use XDG_RUNTIME_DIR/libpod/tmp/pause.pid
for all podman processes. This allows the c shortcut to work reliably
and should therefore improve perfomance over my other approach.
A system test is added to ensure we see the right behavior and that
podman system migrate actually stops the pause process. Thanks to Ed
Santiago for the improved test to make it work for both `catatonit` and
`podman pause`.
This should fix the issues with namespace missmatches that we can see in
CI as flakes.
[1] https://github.com/containers/podman/pull/18057Fixes#18057
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Windows: Flush machine config writes before renaming
Windows: Previously this code was changed to improve atomicity by changing
the persitence approach to a two-step process (write + rename).
However, the first-step write operation was not fully flushed,
leading to the possibility of incomplete writes.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
It's nearly impossible for humans to tell semantic-version differences
by looking at a commit sha. Since all the actions in question come from
github, there's little security/safety benefit to using SHAs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Buildah uses a different logic to pass environment variable to executor
now after: https://github.com/containers/buildah/pull/4702/files so
podman should same logic and pass env by reference.
Signed-off-by: Aditya R <arajan@redhat.com>
Bump containers/(storage, common, buildah and image)
Changes since 2023-01-01:
- skip mount-cache-selinux-long-name test under remote, with
a FIXME requesting that someone see if it can be made to work.
- skip six tests that fail under rootless-remote
- add new --build-arg-file option:
- update man page
Squash of:
* cf56eb1865
* 561f082772
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
Ensure that we are actually looking up the service container
ID and actually removing it during kube teardown for the --wait
use case. This ensures that we don't have a service container waiting
around in removing state before we return from kube play in the remote
case.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The `UserNS` key will replace the `RemapGid`, `RemapUid`, `RemapUidSize`
and `RemapUsers` options which are therefore marked as deprecated by
this commit.
Closes#17984
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
The "podman pull by digest and list --all" e2e test pulls an image using
a tagged reference when an image with the same ID is already present in
a read-only additional image store.
This causes a new image record to be created in read-write storage.
The test then removes this entry, pulls the image again using a digested
reference, and then expects the image to not have any tagged names in it
when it goes to look at it again.
Newer containers/storage will ensure that at the point when the
read-write image record is created, that it includes all of the data
items and naming information from the read-only copy of the image, so
that this information doesn't appear to be lost.
Change the test to use "untag" instead of "rmi", which should pass with
either the older or newer containers/storage.
The test is checking that `podman images` doesn't choke when it
encounters a digested name attached to an image, so the difference in
behavior between containers/storage versions is irrelevant.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Principally because 'make completion' fails if we transitively
bring in a new cobra, but also, none of the other tests are
meaningful under the treadmill.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Since commit f250560a8043 the play kube command uses its own network.
this is racy be design because we create the network followed by
creating/running pod/containers. This means in the meantime another
prune or reset process could wipe out the network config because we have
to share the network config directory by design in the test.
The problem is we only have one host netns which is shared between
tests. If the network config dir is not shared we cannot make conflict
checks for interface names and ip address. This results in different
tests trying to use the same interface and/or ip address which will
cause runtime failures in CNI and netavark.
The only solution I see is to make sure only the reset/prune tests are
using a custom network dir. This makes sure they do not wipe configs
that are otherwise required by other parallel running tests.
Fixes#17946
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
