When initing a podman machine, we match core's UID to the UID of the user on the host. If the UID is in the subUID range, the machine throws an error. Check if the UID is within the default range for /etc/subuid (10000:1000000), and if it is, we adjust the range to not include it.
Signed-off-by: Ashley Cui <acui@redhat.com>
Podman's container-name generation depends on the global RNG state being
properly initialized (seeded). Should this not happen for some reason
(or it's seeded with a static value), podman will generate the exact
same repeating sequence of container names (assuming no clashes with
existing containers). Add a test to confirm this is always the case.
Signed-off-by: Chris Evich <cevich@redhat.com>
GetSystemDefaultProvider reworked to fetch provider value from
the config file.
Additional environment variable CONTAINERS_MACHINE_PROVIDER is
supported to override the config for testing purposes.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
fix some issues with the handling of errors, we print an error only
when there is already one set to be returned. Also the first error is
not printed, since it is reported back to the caller of the function.
Improve some messages with more context that can be helpful when
things go wrong.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
go swagger has a flat namespace so it doesn't handle name conflicts at
all. The libpod info response uses the Info struct from some docker dep
instead. Because we cannot change the docker dependency simply rename
the Info struct, but only via swagger comment not the go actual struct.
I verified locally that this works.
Fixes#18228
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
...it never worked as intended. Cron job has been deleted.
(Note: this is not the same as the *buildah* treadmill, #13808,
which continues to be active and necessary)
Signed-off-by: Ed Santiago <santiago@redhat.com>
By default podman save tries to write to /dev/stdout, this file doe snot
exists on windows and cannot be opened. Instead we should just use fd 1
in such case.
[NO NEW TESTS NEEDED]
Fixes#18147
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We can now use the new API for creating files and directories without
setting the umask to allow parallel usage of those methods.
This patch also bumps c/common for that.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Ref: https://pkg.go.dev/math/rand@go1.20#Seed
Note: For `runtime_test.go`, this test-case was never actually doing
what appears as it's intent . Fixing it to work as intended would be
require incredibly libpod-invasive changes. Do the least-worse thing and
simply confirm that consecutive generated names are different.
Signed-off-by: Chris Evich <cevich@redhat.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we encounter an error while pushing a manifest list, don't claim
that we encountered an error while adding an item to the list.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Found a typo today while reading documentation.
Simple enough change :-)
Signed-off-by: Mike Eisemann <me@michaeleisemann.com>
Signed-off-by: AndroidKitKat <me@michaeleisemann.com>
Add actual tests (for expected errors, not just exit-status) to
the "push to local registry with authorization" test. As it is
now, if the registry is unreachable, the test passes a number
of steps and only fails later, with a misleading diagnostic.
Followup to, but does not fix, #18286
Signed-off-by: Ed Santiago <santiago@redhat.com>
...at least as many as possible. "run/exec -it" make no sense
in a CI environment; I believe the vast majority of these are
the result of fingers typing on autopilot, then copy/pasting
cascades from those. This PR gets rid of as many -it/-ti as
possible. Some are still needed for testing purposes.
Y'all have no idea how much I hate #10927 (the "no logs from conmon"
flake). This does not fix the underlying problem, nor does it even
eliminate the flake (The "exec terminal doesn't hang" test needs
to keep the -ti flag, and that's one of the most popular flakers).
But this at least reduces the scope of the problem. It also removes
a ton of nasty orange "input device is not a TTY" warnings from logs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the connection remove call must be done inside the function that is
returned so that we wait until the user confirmed it.
Fixes#18330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The long term goal was to provide the customer a way to turn on the
preexec_hooks processing of script by having some kind of configuration
that could be read. I had tried putting it into containers.conf to
start, but that turned out to be unyieldly quickly and time is of
the essence for this fix. That is mostly due to the fact that this
code is preexecution and in C, the conatiners.conf file is read in
Go much further down the stack.
After first trying this process using an ENVVAR, I have
thought it over and chatted with others and will now look for a
/etc/containers/podman_preexec_hooks.txt file to exist. If the admin
had put one in there, we will then process the files in the
directories `/usr/libexec/podman/pre-exec-hooks`
and `/etc/containers/pre-exec-hooks`.
Thoughts/suggestions gratefully accepted. This will be a 8.8/9.2 ZeroDay
fix and will need to be backported to the v4.4.1-rhel branch.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
system reset it says it will delete containers, images, networks, etc...
However it will also delete the graphRoot and runRoot directories.
Normally this is not an issue, however in same cases these directories
were set to the users home directory or some other important system
directory.
As first step simply show the directories that are configured and thus
will be deleted by reset. As future step we could implement some
safeguard will will not delete some known important directories however
I tried to keep it simple for now.
[NO NEW TESTS NEEDED]
see #18349 and #18295
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
