Fixes: https://github.com/containers/podman/issues/9582
This PR also adds tests to make sure SELinux labels match the runtime,
or if init is specified works with the correct label.
Add tests for selinux kvm/init labels
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It took a lot to figure out exactly how this should work, but I
think I finally have it. My initial versions of this created the
directory with the same owner as the user the container was run
with, which was rather complicated - but after review against
Docker, I have determined that is incorrect, and it's always made
as root:root 0755 (Ubuntu's Docker, which I was using to try and
test, is a snap - and as such it was sandboxed, and not actually
placing directories it made in a place I could find?). This makes
things much easier, since I just need to parse out source
directories for binds and ensure they exist.
Fixes#9510
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This will allow installation of the manpages without the need to rebuild
them in the installation stage of distro packaging.
[NO TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The compatibility endpoint for listing containers should have the
summarized network configuration with it.
Fixes: #9529
Signed-off-by: baude <bbaude@redhat.com>
Docker api expects secrets endpoint to have a version field. So, the
version field is added into the compat endpoint only. The version field
is always 1, since Docker uses the version to keep track of updates to
the secret, and currently we cannot update a secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Some log tests were duplicated, and some didn't need to be repeated for
every driver. Also, added some comments
Signed-off-by: Ashley Cui <acui@redhat.com>
Currently podman is ignoreing the build --timestamp flag.
This PR fixes this for local and remote clients.
Fixes: https://github.com/containers/podman/issues/9569
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Move the core of renaming logic into the DB. This guarantees a
lot more atomicity than we have right now (our current solution,
removing the container from the DB and re-creating it, is *VERY*
not atomic and prone to leaving a corrupted state behind if
things go wrong. Moving things into the DB allows us to remove
most, but not all, of this - there's still a potential scenario
where the c/storage rename fails but the Podman rename succeeds,
and we end up with a mismatched state.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
To be able to reuse common checkpoint/restore functions this commit
moves code to pkg/checkpoint/crutils.
This commit has not functional changes. It only moves code around.
[NO TESTS NEEDED] - only moving code around
Signed-off-by: Adrian Reber <areber@redhat.com>
checkpointctl contains common code to work with checkpoint images in
Podman, CRI-O and Kubernetes.
Use functions and definitions from checkpointctl where possible.
Signed-off-by: Adrian Reber <areber@redhat.com>
The compatibility endpoint for build labels should be of type dict (not
list). For backwards compatibility, we support both.
Fixes: #9517
Signed-off-by: baude <bbaude@redhat.com>
The rest of this document claims that the argument is called '--time',
not '--timeout', and that the value is expressed in seconds. As
currently written, the example (which ostensibly runs the API service
for 5 seconds) uses the '--timeout' spelling (which actually does work,
as an undocumented alias) and passes a value of '5000', which is more
than an hour. Fix both.
[NO TESTS NEEDED] as this is a simple documentation change.
Signed-off-by: Will Thompson <wjt@endlessos.org>
* Introduce sub-package compat to meet packaging and import requirements
* Update documenation for running tests
* Add requirements.txt to improve IDE support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
While I wasn't looking, some completely unreadable cruft
crept in here, and it's totally my fault: I never knew
you could pass JSON to a GET query. Everyone who DID
know that, did so, but had to URL-escape it into a
completely gobbledygook mess to make curl happy.
Solution: trivial, do the URL-escaping in 't' itself. I
just never realized that was needed.
I'm so sorry. I hope this helps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The storage can easily be corrupted when a build or pull process (or any
process *writing* to the storage) has been killed. The corruption
surfaces in Podman reporting that a given layer could not be found in
the layer tree. Those errors must not be fatal but only logged, such
that the image removal may continue. Otherwise, a user may be unable to
remove an image.
[NO TESTS NEEDED] as I do not yet have a reliable way to cause such a
storage corruption.
Reported-in: https://github.com/containers/podman/issues/8148#issuecomment-787598940
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Docker allows both the old `map[string]map[string]bool`
and the newer `map[string][]string` for the filter param
so we should too.
Fixes#9526
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
