We previously enforced this for security reasons, but as Dan has
explained on several occasions, it's not very valuable there
(it's trivially easy to bypass) and it does seriously annoy folks
trying to use named volumes. Flip the default from 'on' to 'off'.
This is a backport from the master branch to v1.9 branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
FIPS Mode is failing, because we are attempting to mount the backend
directory from the wrong spot. The parameter is supposed to be
the container image mountpoint not the runtime directory.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
To terminate a connection of varlink, say after sending a file, we need to send a message containing a delimiter of ':' so the client knows to hang up.
Fixes: #6237
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add a system test to make sure that pidfile and cidfile are being
generated. Podman regressed in master and given 1.9 will be supported
for a while, let's make extra sure we're catching potential on these
flags early.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Currently we are setting the maximum limits for rootful podman containers,
no reason not to set them by default for rootless users as well
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
commit 788fdc685b00dee5ccb594bef845204250c4c123 introduced a race
where the target process dies before the child process opens the
namespace files. Move the open before the fork so if it fails the
parent process can attempt to join a different container instead of
failing.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 89d4940a3787ccc871c92950a79347efc0d5c58c)
The same channel is written to by two different goroutines.
Use a different channel for each of them so to avoid writing to a
closed channel.
Closes: https://github.com/containers/libpod/issues/6018
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 6d545bb2f773ff996ce28e0b6608380206835004)
Adds check to parse normalized name and create docker archive dst reference
for tagged untagged image. Relevant test case added.
Signed-off-by: Sujil02 <sushah@redhat.com>
instead of using the container log path to derive where to put the healthchecks, we now put them into the rundir to avoid collision of health check log files when the log path is set by user.
Fixes: #5915
Signed-off-by: Brent Baude <bbaude@redhat.com>
This will fix a couple of issues caused by the move to containers.conf
If a libpod.conf file still exists, we will ignore its events_logger
definition and use "file"
If you are running rootless on cgroupsV1 we will default to host cgroupns.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
open the namespace file descriptors inside of the child process.
Closes: https://github.com/containers/libpod/issues/5873
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 788fdc685b00dee5ccb594bef845204250c4c123)
