`systemd-tmpfiles` reads "user" configurations in
`/usr/share/user-tmpfiles.d` when `--user` mode is set.
User unit `systemd-tmpfiles-setup.service` can be enabled to alias
rootless socket through systemd-tmpfiles.
Signed-off-by: SeongChan Lee <foriequal@gmail.com>
Rootless Docker daemon exposes its API socket on
`$XDG_RUNTIME_DIR/docker.sock`. On tmpfiles.d, `%t` is same as
`$XDG_RUNTIME_DIR` in `--user` mode, and `/run` otherwise.
We can reuse the same config file for both mode with this change.
Signed-off-by: SeongChan Lee <foriequal@gmail.com>
This commit includes the initial addition of a .packit.yaml which will
run scratch builds for active Fedora releases which get the latest
Podman using Fedora's official packaging sources.
More packit integration to come in the future.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
I chose the version from podman-create. (This is unusual. podman-run
tends to have the better-maintained, more up-to-date version.)
Signed-off-by: Ed Santiago <santiago@redhat.com>
A NOP option. I chose the container word, of course, and the
word 'option' instead of 'flag'. I also hyphenated where needed.
I'm choosing to eliminate the "not on remote" text, because I
don't think it's true: podman-remote happily accepts that
flag on all those commands, including build. (It's marked
as hidden on build, but still accepted).
Signed-off-by: Ed Santiago <santiago@redhat.com>
For FreeBSD, we need the name of the 'network jail' which is the parent
of all containers in a pod. Having a separate jail for the network
configuration also simplifies the implementation of CNI plugins so we
use this pattern for solitary containers as well as pods.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Only on podman create and run: the --cpus option on container-clone
and pod-clone can probably be combined, but maybe later. pod-create
has unique wording that can't be combined.
This is a freebie to review: the text in both files was already
identical, and I made no changes to it. hack/markdown-preprocess-review
will agree, and show you no diffs, because there are none worth
seeing.
Signed-off-by: Ed Santiago <santiago@redhat.com>
`podman kube play` can create pods and containers from YAML
read from a URL poiniting to a YAML file.
For example: `podman kube play https://example.com/demo.yml`.
`podman kube down` can also teardown pods and containers created
from that YAML file by also reading YAML from a URL, provided the
YAML file the URL points to has not been changed or altered since
it was used to create pods and containers
Closes#14955
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
When using remote podman client, not all transports work as expected. So
document this limitation.
Fixes: containers/podman#15141
Signed-off-by: Tomas Volf <tomas.volf@showmax.com>
Support inspecting image healthcheck using docker supported
`.Config.HealthCheck` by aliasing field to `.HealthCheck`
Now supports
```Console
podman image inspect -f "{{.Config.Healthcheck}}" imagename
```
Closes: https://github.com/containers/podman/issues/14661
Signed-off-by: Aditya R <arajan@redhat.com>
When an unsupported limit on cgroups V1 rootless systems
is requested, podman prints an warning message and
ignores the option/flag.
```
Target options/flags:
--cpu-period, --cpu-quota, --cpu-rt-period, --cpu-rt-runtime,
--cpus, --cpu-shares, --cpuset-cpus, --cpuset-mems, --memory,
--memory-reservation, --memory-swap, --memory-swappiness,
--blkio-weight, --device-read-bps, --device-write-bps,
--device-read-iops, --device-write-iops, --blkio-weight-device
```
Related to https://github.com/containers/podman/discussions/10152
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Refactor the RawInput process of the `rm` and
`start` subcommands, like the other subcommands
such as `restart, stop, etc`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Much like --cidfile (#15414), --pod-id-file has two meanings.
One is used in pod-related commands, one in container ones.
Both meanings read the file, so the read/write split used
in --cidfile is not applicable here.
podman-pod-create keeps its --pod-id-file option because
that one cannot be refactored: that's the only command (now)
that writes a pod-id file.
Reviewable using hack/markdown-preprocess-review but I
did take some liberties with the #### args because they
were wrong. And, since I had to much with the description
text anyway (resulting in diffs), I also took the liberty
of cleaning up a double space.
Signed-off-by: Ed Santiago <santiago@redhat.com>
I've been doing the man-page cleanup distractedly, while
fighting other fires, and submitted some crap:
* #15339: I used single angle brackets, not double
* #15407: I only refactored --cert-dir from some man pages, not all
Easy to review with hack/markdown-preprocess-review, because all the
removed texts are identical. The only diff is that container-certs.d
is now a link.
Sorry about that. I'm going to spend more time being careful.
Signed-off-by: Ed Santiago <santiago@redhat.com>
the env vars are held in the spec rather than the config, so they need to be mapped manually. They are also of a different format so special handling needed to be added. All env from the parent container will now be passed to the clone.
resolves#15242
Signed-off-by: Charlie Doern <cdoern@redhat.com>
There are two meanings: one writes a cidfile, the other reads.
Split into two .md files.
This can be reviewed with hack/markdown-preprocess-review .
The main differences you'll see are all in cidfile.read:
1) I use the <<subcommand>> feature. This works nicely for
kill, pause/unpause, and stop. It works less nicely for
rm, because the man page will show "...and rm the container"
(a human might prefer to see "REMOVE the container"). Given
the benefit of this cleanup, I think this is a fine tradeoff.
2) I choose to include the "multiple times" text even on man pages
where it wasn't present before. I tested to make sure it works.
3) The #### line I choose is IMHO the best one.
Minor differences:
* I believe the "remove the container" text in podman-kill
and podman-stop is a copy/paste error. This PR fixes it.
* The only differences between the cidfile.write texts is
the #### line (my version is best) and a final period.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Refactor the --creds option. I went with the one in podman-pull
The main difference between all of them is the '####' line,
differences in the param descriptions. podman-pull had the
clearest one.
This is another one that hack/markdown-preprocess-review is
good for reviewing.
Signed-off-by: Ed Santiago <santiago@redhat.com>
After pulling/creating an image of a foreign platform, Podman will
happily use it when looking it up in the local storage and will not
pull down the image matching the host platform.
As discussed in #12682, the reasoning for it is Docker compatibility and
the fact that user already rely on the behavior. While Podman is now
emitting a warning when an image is in use not matching the local
platform, the documentation was lacking that information.
Fixes: #15300
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
