We do not use any special netns path for the netns=none case, however
callers that inspect that may still wish to join the netns path directly
without extra work to figure out /proc/$pid/ns/net.
Fixes#16716
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
And lo, a miracle occurred. Containerized checkpoint tests are
no longer hanging. Reenable them.
(Followup miracle: tests are still passing, after a year of not
running!)
Closes: #15015
Signed-off-by: Ed Santiago <santiago@redhat.com>
The intention of --read-only-tmpfs=fals when in --read-only mode was to
not allow any processes inside of the container to write content
anywhere, unless the caller also specified a volume or a tmpfs. Having
/dev and /dev/shm writable breaks this assumption.
Fixes: https://github.com/containers/podman/issues/12937
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Re-names HyperV function that was copied from the applehv
implementation and not changed. Makes the function a method of
`HyperVMachine`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Lock the machine when stopping, removing or changing its attributes to
make sure write accesses are serialized which should prevent a number of
issues and inconsistencies reported.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This shares code with 'container top' which runs ps on the host,
filtering for the containers that are part of the pod.
(*Container).jailName is modified to take into account the possiblity
that the container is in a pod - this also fixes stats reporting for
pods on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Create a new GitHub Action that builds and signs the Mac pkginstaller. The action also uploads the installers to the release, and updates the shasums file.
This action is triggered on release creation, but it can also be triggered manually via a workflow dispatch.
Signed-off-by: Ashley Cui <acui@redhat.com>
In certain cases REGISTRY_AUTH_FILE is set but the auth file
does not exists yet, do not throw error unless user specified
a file directly using --authfile.
Fixes: https://github.com/containers/podman/issues/18405
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Some issues reported in the podman github project contains a
question instead of a bug report or feature request. Make it
easier for users to find a place to ask questions.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Breaks some of the code in QEMU's `VirtProvider` implementation located
at `pkg/machine/qemu/config.go` into its own functions. Aids in
improving the readability of the code.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Lock the VM on start. If the machine is in the "starting" state we know
that a previous start has failed and guide the user into resolving the
issue.
Concurrent starts will busy wait and return the expected "already
running" error.
NOTE: this change is only looking at the start issue (#18662). Other
commands such as stop and update should also lock and will be updated
in a future change. I expect the underlying issue to apply to all
machine providers, not only QEMU. It's desirable to aim for extending
the machine interface to also allow to `Lock()` and `Unlock()`. After
acquiring the lock, the VM should automatically be reloaded/updated.
[NO NEW TESTS NEEDED]
Fixes: #18662
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
On FreeBSD, config.Spec.Linux and config.Spec.Process.Capabilities are
nil pointers so this just avoids dereferencing these pointers in that
case.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
HPC Community asked for this support specifically for using GPUs
within containers. Nvidia requires the correct shared library to
to be present in the directory that matches the device mounted
into the container. These libraries have random suffixes based
on versions of the installed libraries on the host.
podman run --mount type=glob:src=/usr/lib64/nvidia\*:ro=true. This helps
quadlets be more portable for this use case.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
