In the remote environment, this test will be failed,
because an error message is different from the local environment.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Basically, in the timeout loop where we checked for new CID
on the restarted container, we were running 'podman inspect'
(not 'inspect --format ID'), and comparing full hundred-line
output against single-line CID string.
While I'm in here, add 'c_' prefix to container to make it
easier for my old eyes to recognize "oh, that's a container name"
vs "is that a name? a SHA? a woozle?"
Signed-off-by: Ed Santiago <santiago@redhat.com>
As the title says. Bumping to address:
CVE-2024-1753
https://issues.redhat.com/browse/RHEL-26761
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
This release branch is tracking RHEL 8.6/9.0 and therefore has no need
to execute any CI testing on F35/Ubuntu. Worse, going forward these
releases contain golang versions incompatible with future CVE backports.
Remove them.
Signed-off-by: Chris Evich <cevich@redhat.com>
Commit 3e7ca842a manually patched runc/libcontainer in vendor, which is
OK but creates a maintenance problem down the line.
Instead, let's
- create a branch[1] based on runc commit used here;
- backport the CVE-2024-21626 fixes;
- vendor the above branch here.
As a side note, all this mess could have been avoided if
https://github.com/opencontainers/runc/pull/3508 was backported
to a stable runc branch. Alas, this was never requested.
[1] https://github.com/projectatomic/runc/tree/podman-v4.2.0-rhel
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Someone please revert this once quay search is fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
<MH: Cherry-pick into v4.2.0-rhel to fix CI>
Signed-off-by: Matt Heon <mheon@redhat.com>
We can't bump runc in this branch, it brings in too many other
things that won't build on this old Golang (this branch is still
on v1.16).
So, instead, backport the runc patches to this older runc.
The good news: We vendor very little of runc, so this was not all
that difficult.
Signed-off-by: Matt Heon <mheon@redhat.com>
systemd expects the value of the option to be `no` instead, but this is
already the default behavior. This fixes the following warning when
running `systemctl status` on the unit:
Failed to parse service restart specifier, ignoring: never
Addresses: https://issues.redhat.com/browse/OCPBUGS-14284
[NO NEW TESTS NEEDED]
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
Cherry-pick #15788 to v4.2.0-rhel branch per RHBZ 2157930
In view of https://github.com/containers/storage/pull/1337, do this:
for f in $(git grep -l stringid.GenerateNonCryptoID | grep -v '^vendor/'); do
sed -i 's/stringid.GenerateNonCryptoID/stringid.GenerateRandomID/g' $f;
done
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
follow-up to 6886e80b45caae27dda81a9b44d8dd179c414580
when "podman -rm -f" is used on a container in "stopping" state, also
make sure it is terminated before removing it from the local storage.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 4cf06fe7e074cb9a09670f8308ade12f30bb958d)
check that the container has a valid pid before attempting to use
kill($PID, 0) on it. If the PID==0, it means the container is already
stopped.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 494db3e166d80ee5fad2a49195339fa0b6a4842b)
Docker's newer clients popuates `cacheFrom` and `cacheTo` parameter
by default as empty array for all commands but buildah's design of
distributed cache expects this to be a repo not image hence parse
only the first populated repo and igore if empty array.
Signed-off-by: Aditya R <arajan@redhat.com>
do not allow removing containers that are in the stopping state,
otherwise it can lead to a race condition where a "podman rm" removes
the container from the storage while another process is stopping the
same container.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2155828
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 6886e80b45caae27dda81a9b44d8dd179c414580)
There's no guarantee that the searched image will be returned, so only
make sure that "alpine" is mentioned somewhere.
Fixes: #16248
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When restarting a container, clean up the healthcheck state by removing
the old log on disk. Carrying over the old state can lead to various
issues, for instance, in a wrong failing streak and hence wrong
behaviour after the restart.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2144754
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Emergency import of https://github.com/containers/buildah/pull/4377
required because the ubi8 image changed behind our backs.
On podman main, this commit will be reverted by Ed's
treadmill as soon as a new buildah is vendored into podman.
On side branches, the human doing the vendoring will need to
perform manual surgery. I hope the instructions are good enough.
Signed-off-by: Ed Santiago <santiago@redhat.com>
There was a bug on s390x related to clone syscall argument order.
C/storage PR #1423 fixes it; this vendors into Podman to close
the loop and complete the fix.
Fixes RHBZ 2140084
Signed-off-by: Matthew Heon <mheon@redhat.com>
