Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
move the conmon process to the conmon cgroup also on exec.
The previous implementation would fail to move the conmon process as
the systemd unit already exists so its creation would fail.
When the unit cannot be created, attempt to directly join the cgroup
instead.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Docker defines an option of "default" which means to
use the default network. We should support this with
the same code path as --network="".
This is important for compatibility with the Docker API.
Fixes: https://github.com/containers/podman/issues/8544
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* verify socat and podman binaries exist
* setup a sandboxed podman service
* run podman service with socat proxy to capture API stream
* clean up sandbox leaving the log files for review
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Looks like #7337 was fixed (by #8112). Reenable a disabled
test for it; and make it actually work. Confirmed that
newly-added test fails on d45676549 (the commit before #8112).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Previously, we always computed pause path from the Rootless
runtime directory. Problem: this does not match the behavior of
Libpod when the directory changes. Libpod will continue to use
the previous directory, cached in the database; Pause pidfiles
will swap to the new path. This is problematic when the directory
needs to exist to write the pidfile, and Libpod is what creates
the directory.
There are two potential solutions - allow the pause pidfile to
move and just make the directory when we want to write it, or use
the cached Libpod paths for a guaranteed location. This patch
does the second, because it seems safer - we will never miss a
previously-existing pidfile because the location is now
consistent.
Fixes#8539
Signed-off-by: Matthew Heon <mheon@redhat.com>
when formatting mount options into a string for the compat container create, the options need to be comma delimited.
Signed-off-by: baude <bbaude@redhat.com>
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close#7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
The `ancestor` option was missing an equal sign. Therefore
the completion did not work as expected.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Instead of being interpreted as an argument to the boolean flag,
the 'true' is being intepreted as the Podman command to be run -
so we're trying to run `podman true`, which does not exist. This
causes the cleanup command to fail when `--log-level=debug` is
set, so containers are not cleaned up or removed.
This problem is easily reproduced with any command combining the
`--rm`, `-d`, and `--log-level=debug` flags - the command will
execute and exit, but the container will not be removed.
Separate, but worth looking into later: the errors we get on
trying `podman true` with any flags are terrible - if you just
type `podman true` you get a quite sane "Unrecognized command"
error, but if you try `podman true --rm` you get an "unknown flag
--rm" error - which makes very little sense given the command
itself doesn't exist.
Signed-off-by: Matthew Heon <mheon@redhat.com>
The It("podman wait to pause|unpause condition"... test is
flaking every so often when a messages is sent in the second
function to a channel. It is my believe that in between the time
the first function sends a message to the channel and before it closes
the channel the second errChan=make() has happened. This would mean that
the fist function closes the second errChan, and then when the second
function sends a message to the second errChan, it fails and blows up with
the error you are seeing.
By creating a different variable for the second channel, we eliminate the race.
Fixes: https://github.com/containers/podman/issues/6518
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
