First, remove wrong sentence that says ports are forwarded dynamically
by default. That is wrong and contradicts what is written below.
Second, document that we also set --dns-forward and --map-guest-addr by
default. And lastly document the containers.conf field so users know
they are not forced to set the options on each command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fix links to other man-pages in podman-build.1.md.in
- Fix markup and add link to oci-hooks manpage in podman.1.md
Signed-off-by: Paul Lettich <paul.lettich@netknights.it>
It seems support was added into Buildah for no-new-privileges [1]
however the Podman build documentation was not updated.
Fixes#25731
[1] d4c661a774
Signed-off-by: Lewis Denny <lewis@redhat.com>
- Bzip2, not bzip
- Add Zstd
- List compression algorithms, not file extensions, to
decrease redundancy (and because the code doesn't actually
rely on file extensions)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We can now accept the other formats again.
This reverts commit 9e397d8e4d8d520cf48594c8b5bb126209897486.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit adds new --cdi-spec-dir global option. This
option is used to add additional CDI spec paths.
Signed-off-by: Micah Chambers (eos) <mchambers@anduril.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This adds support for the UpheldBy option in quadlet files. The UpheldBy option
is the counterpart to the Upholds option added in systemd v249 and is
similar to the existing WantedBy and RequiredBy options.
See https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Upholds=.
Signed-off-by: John Schug <john.ips.schug@gmail.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new Retry= and RetryDelay= options
to quadlet.go which result in --retry and --retry-delay
usage in podman run, image and build commands.
This allows configuring the retry logic in the systemd
files.
Fixes: #25109
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The current max size is defined as `maxSecretSize = 512000` in
`github.com/containers/common/blob/main/pkg/secrets/secrets.go`.
Signed-off-by: Alexander Gramiak <agrambot@gmail.com>
The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.
It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.
The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.
The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.
The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.
The remote API is also extended to handle Env and EnvUnset.
Fixes: #24875
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Our calculation is just wrong and the way the entire API is designed it
cannot work. This is the same interface as docker is using and they have
the same bug there. So simply document this as known problem, in case
users complain we at least have something to point to.
An actual fix might be possible but not without reworking the full API
and because this is exposed in the docker compat and libpod REST API we
cannot really change it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]
This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The `podman system reset` removes the `RunDirectory` directory as part of the machine reset, where `podman.sock` is usually stored.
Fixes: https://issues.redhat.com/browse/RHEL-71320
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
A user has reported that a previously used URL in our Introduction
documentation is no longer working. It apparently has missing files and
so forth. We now use a Containerfile that is more reliable and less
chance of change.
Fixes: #25449
Signed-off-by: Brent Baude <bbaude@redhat.com>
according to the conversation in #18193, we only support plain tar or
gzipped tar as input.
Fixes: #18193
Signed-off-by: Brent Baude <bbaude@redhat.com>
A user reported that it was a surprise to receive an unsupported os
error when trying to use `podman machine os apply` with WSL machines.
This is intentional however the documentation needed to be updated to
explicitly state why (it is not based on FCOS).
Fixes: #25435
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit adds the "secret" Event type and emits
"create" and "remove" events for this Event type
when Secret is created or removed.
This can be used for example by podman interfaces to
view and manage secrets.
Fixes: #24030
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Add a new `podman machine cp` subcommand to allow users to copy files or
directories between a running Podman Machine and their host.
Tests cover the following cases:
- Copy a file from the host machine to the VM
- Copy a directory from the host machine to the VM
- Copy a file from the VM to the host machine
- Copy a directory from the VM to the host machine
- Copy a file to a directory
- Copy a directory to a file
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Add the ability to remove all artifacts with a --all|-a option in podman
artifact rm.
Fixes: https://issues.redhat.com/browse/RUN-2512
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add a new command to extract the blob content of the artifact store to a
local path.
Fixes https://issues.redhat.com/browse/RUN-2445
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
like images and containers, it could be handy to have a --noheading
option that removes the headings on the output.
Signed-off-by: Brent Baude <bbaude@redhat.com>
added a --no-trunc flag to artifact ls, which follows what images has
done. by default now, the ls output will have the shortened 12
character digest. the --no-trunc will output the full digest.
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman artifact add now supports two new command line switches.
--type string that describes the type of artifact
--annotation string slice in the form of key=val
These new options allow users to "tag" information in on their artifacts
for any number of purposes down the line
RUN-2446
Signed-off-by: Brent Baude <bbaude@redhat.com>
The `podman system prune` command is able to remove build containers that were created during the build, but were not removed because the build terminated unexpectedly.
By default, build containers are not removed to prevent interference with builds in progress. Use the **--build** flag when running the command to remove build containers as well.
Fixes: https://issues.redhat.com/browse/RHEL-62009
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
