This reverts commit e133a06d2f4a3e94bfbd60b647046f2f515c9c24.
@nalind found a proper fix in c/storage [1] to address the performance
issue. So we really don't need the flag anymore. Note the flag has
never made it into any release.
[1] d76b3606fc
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Current error messages are really awful, and cause great
suffering every time someone adds a new subcommand. Let's
see if these are better.
Signed-off-by: Ed Santiago <santiago@redhat.com>
--tail=1 is not working f you restart a container with journald logging.
We see the exit status and then call into the logging a second time
causing all of the logs to print.
Removing the tail log on exited seems to fix the problem.
Fixes: https://github.com/containers/podman/issues/13098
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
There's a potential race condition where we attempt to attach to
a container immediately after it's been stopped, but before the
cleanup process has run on it. The existing code doesn't allow an
attach to containers in the Stopped state (cleanup process has
not run) but does allow an attach to containers in the Exited
state (cleanup process has run). This doesn't make very much
sense and there's no technical reason to restrict attach to only
Exited containers, so allow attaching to Stopped containers.
[NO NEW TESTS NEEDED] Testing this is very racy - we need to get
in before the cleanup process runs, which isn't really
deterministic when we're invoked from a script - like the CI
tests.
Signed-off-by: Matthew Heon <mheon@redhat.com>
For better docker compatibility we should use the bridge network mode as
default for rootless. This was already done previously but commit
535818414c2a introduced this regression in v4.0.
Since the apiv2 test are only run rootful we cannot catch this problem
in CI.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to inspect their podman virtual machines. This will be
helpful for debug and development alike, because more details about the
machine can be collected.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Bad code got committed by accident: test description on run_podman
line, not test line.
Did not seem to affect tests, but fix it anyway.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Resolves: GHSA-8c26-wmh5-6g9v - CVE-2022-27191
Podman doesn't seem to be directly affected as the logic in question
is not called.
golang.org/x/crypto@1baeb1ce contains the actual CVE fix. Using the
latest upstream commit to also include support for SHA-2.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Certain paths like `../containers/podman/machine/my-test/podman.sock`
do not exist when machine is not started, so removing a machine before
starting it will result in ENOENT which we should ignore cause these
paths do not exists
Closes: https://github.com/containers/podman/issues/13834
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Fixes: #13337
I added newline only on options IE Begin with "-"
[NO NEW TESTS NEEDED]
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`--mount` should allow setting driver specific options using
`volume-opt` when `type=volume` is set.
This ensures parity with docker's `volume-opt`.
Signed-off-by: Aditya R <arajan@redhat.com>
* Remove the statement that rootless --userns=auto does not work.
* Mention that --userns=keep-id consumes all subuids and subgids.
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Every weekday when the `check_cirrus_cron` github-actions
workflow runs. It checks the status of all cirrus-cron jobs. If a build
is found with a 'FAILED' status, it triggers an alert e-mail to be sent.
However, the `test_image_build` is marked as a manually-triggered,
resulting in a perpetual status of 'EXECUTING', even if there were
failures. Fix this by only allowing the problematic task to run in pull
requests without the `[CI:DOCS]` magic keyword.
Signed-off-by: Chris Evich <cevich@redhat.com>
The API endpoints should properly honour the `no_hosts=true` setting in
containers.conf.
Fixes#13719
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new flag to set the ipam-driver. Also adds a new ipam driver none
mode which only creates interfaces but does not assign addresses.
Fixes#13521
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Often distributions to not have newuidmap and netgidmap configured
to be setuid. If Podman fails to setup the user namespace, check to
see if these files doe not have the proper protection and tell the user.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
