If someone runs podman as a user (uid) that is not defined in the container
we want generate a passwd file so that getpwuid() will work inside of container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We were encountering sync issues with the map, so swap to a
thread-safe channel and convert into a map when we output
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
As of now, there is no way to debug podman clean up processes.
They are started by conmon with no stdout/stderr and log nowhere.
This allows us to actually figure out what is going on when a
cleanup process runs.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Add the --ip flag back with bash completions. Manpages still
missing.
Add plumbing to pass appropriate the appropriate option down to
libpod to connect the flag to backend logic added in the previous
commits.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
the issue is caused by the Go Runtime that messes up with the process
signals, overriding SIGSETXID and SIGCANCEL which are used internally
by glibc. They are used to inform all the threads to update their
stored uid/gid information. This causes a hang on the set*id glibc
wrappers since the handler installed by glibc is never invoked.
Since we are running with only one thread, we don't really need to
update other threads or even the current thread as we are not using
getuid/getgid before the execvp.
Closes: https://github.com/containers/libpod/issues/1625
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Prior, we were stopping containers serially. So if a container had a default
timeout of 10 seconds and there were five containers being stopped, the operation
would take roughly 50 seconds. If we stop these containers in parallel, the operation
should be roughly 10 seconds and change which is a significant speed up at scale.
Signed-off-by: baude <bbaude@redhat.com>
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Grab latest fixes from subpackages
Including fixes for usernamespace chowning retaining file attributes
Better logging of error messages.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Execute /proc/self/exe instead of podman. This makes the runlabel
command more portable as it works for binaries outside the path as
well as for local builds.
Also, avoid redundantly executing the runlabel command by setting
the PODMAN_RUNLABEL_NESTED environment variable to "1". Podman
now checks for this variable before executing the runlabel command
and will throw an error in case the variable is set.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Don't waste GCE VM resources for 30-min of testing,
when verify would fail after 3-minutes. This is
the simpelest mechanism to save cloud CPU-time
while GCE is under trial-status (can not set quotas).
Signed-off-by: Chris Evich <cevich@redhat.com>
