Fix the example for RemapGid from keep-id to keep-groups
Reflect the chnages to the support for keep-id in Containers as well
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
As found in #17828, image listing does not scale well with a growing
number of local images. Make use of recent improvements in libimage
that allow for computing the dangling and parent data with _one_ layer
tree. Prior, the layer tree had to be recomputed _twice_ for each
image.
[NO NEW TESTS NEEDED] as it's a non-functional performance change.
Fixes: #17828
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
By default go will not keep the stdout/err attach when executing
commands via exec.Command(). It is required to explicitly pass the
current stdout/err fds down to the child so we can see the error output
in the logs to debug #17966.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It turns out the restart is _not_ a stop+start but keeps certain
resources open and is subject to some timeouts that may differ across
distributions' default settings.
[NO NEW TESTS NEEDED] as I have absolutely no idea how to reliably cause
the failure/flake/race.
Also ignore ENOENTS of the CID file when removing a container which has
been identified of actually fixing #17607.
Fixes: #17607
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Finishing up the work started by @biergit in #17021
Updates the tutorial to explain the use of `-l/--latest`
and converts many of the examples to use `<container_id>`
as that works locally and remote while `-l` doesn't always.
Thanks for the start on this @biergit !
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Add a debug line to the wait to test to see which container
is being left behind after the cleaup where the race is happening.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When a userns is set we setup the network after the bind mounts, at the
point where resolv.conf is generated we do not yet know the subnet.
Just like the other dns servers for bridge networks we need to add the
ip later in completeNetworkSetup()
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2182052
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some key are available only for user scope while there are no keys that
are supported only for system. So, better to run in user scope
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
`Ping()` requires the DB lock, so we had to move it into a transaction
to fix#17859. Since we try to access the DB directly afterwards, I
prefer to let that fail instead of paying the cost of a transaction
which would lock the DB for _all_ processes.
[NO NEW TESTS NEEDED] as it's a hard to reproduce race.
Fixes: #17859
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
If a path (Yaml, ConfigMap, EnvFile) starts with a systemd path
specifier, treat the path as absolute
Add tests - unit, e2e and bats
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
...not CONTAINERS_CONF. At least for most tests.
Nearly every system test currently using CONTAINERS_CONF=tmpfile
should be using CONTAINERS_CONF_OVERRIDE.
Simple reason: runtime (crun/runc), database_backend (bolt/sqlite),
logger, and other important settings from /etc/c.conf are not
usually written into the tmpfile. Those tests, therefore, are
not running podman as configured on the system.
Much more discussion: #15413
This PR is a prerequisite for enabling sqlite system tests. For
the sake of simplicity and sanity, I choose to submit the sqlite
switch as a separate PR once this passes and merges.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It flakes once or twice a day:
VERSION=1.51.1 ./hack/install_golangci.sh
Installing golangci-lint v1.51.1 into ./bin/golangci-lint
golangci/golangci-lint info checking GitHub for tag 'v1.51.1'
golangci/golangci-lint crit unable to find 'v1.51.1' - use 'latest'
or see https://github.com/golangci/golangci-lint/releases for details
No visibility into why, and no special reason to believe that
retrying five seconds later will work, but it seems worth a try.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Race introduced in #16709, which changed 'top' to 'true', so
there was only a narrow window in which '.State.ConmonPod'
would be valid. Remove the race.
Fixes: #17882
Signed-off-by: Ed Santiago <santiago@redhat.com>
when looking for a machine, look it up locally first to prevent
accidental collision with non-podman machine vms. in the cast of
`podman machine ls`, only list podman machines found by json files
Enabled remove with force.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The os.IsNotExist() function comment mentions that new code should use
`errors.Is(err, fs.ErrNotExist)` instead.
The check was already in CI but used the wrong function name (extra s.)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If a container with an ID starting with "db1" exists, and a
container named "db1" also exists, and they are different
containers - if I run `podman inspect db1` the container named
"db1" should be inspected, and there should not be an error that
multiple containers matched the name or id "db1". This was
already handled by BoltDB, and now is properly managed by SQLite.
Fixes#17905
Signed-off-by: Matt Heon <mheon@redhat.com>
