do not start up a dbus daemon if it is not already running.
[NO NEW TESTS NEEDED] the fix is in a dependency.
Closes: https://github.com/containers/podman/issues/9727
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Duplicate Address Detection slows the ipv6 setup down for 1-2 seconds.
Since slirp4netns is run it is own namespace and not directly routed
we can skip this to make the ipv6 address immediately available.
We change the default to make sure the slirp tap interface gets the
correct value assigned so DAD is disabled for it.
Also make sure to change this value back to the original after slirp4netns
is ready in case users rely on this sysctl.
Fixes#11062
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The following problems regarding `logs --tail` with the journald log
driver are fixed:
- One more line than a specified value is displayed.
- '--tail 0' displays all lines while the other log drivers displays
nothing.
- Partial lines are not considered.
- If the journald events backend is used and a container has exited,
nothing is displayed.
Integration tests that should have detected the bugs are also fixed. The
tests are executed with json-file log driver three times without this
fix.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
Trying to restore a container that was started with '--ipc host' fails
with:
Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified
We already fixed this exact same error message for containers started
with '--privileged'. The previous fix was to check if the to be restored
container is a privileged container (c.config.Privileged). Unfortunately
this does not work for containers started with '--ipc host'.
This commit changes the check for a privileged container to check if
both the ProcessLabel and the MountLabel is actually set and only then
re-uses those labels.
Signed-off-by: Adrian Reber <areber@redhat.com>
This will change mount of /dev within container to noexec, making
containers slightly more secure.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We should only use the Containerfiles/Dockerfiles found in the context
directory.
Fixes: https://github.com/containers/podman/issues/12054
[NO NEW TESTS NEEDED] It is difficult to setup a test for this in the
CI/CD system, but build tests should find if this PR broke anything.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Kernel memory option has been depracated in runtime-spec, It is
believed that it will not work properly on certain kernels. runc
ignores it.
This PR removes documentation of the flag and also prints a warning if
a user uses it.
[NO NEW TESTS NEEDED]
Helps Fix: https://github.com/containers/podman/issues/12045
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Following commit makes sure when buildah tag is invoked on a manifest
list, it tags the same manifest list instead of resolving to an image and
tagging it.
Port of: https://github.com/containers/buildah/pull/3483
Signed-off-by: Aditya Rajan <arajan@redhat.com>
If we interrupt pod removal between removing containers and
removing the whole pod, the infra ID was still in the DB, and
most pod operations would try to retrieve the infra container
(and would this fail). Clear the infra ID from the DB just before
we remove all containers to prevent this.
Fixes#12034
[NO NEW TESTS NEEDED] This is a very narrow race and I have no
idea how to repro it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
A small part of this test was written in a confusing and fragile
way: it was very hard to understand, and in fact only worked
through pure luck (using 'echo $output', which emitted everything
in one long line, vs the standard quoted 'echo "$output"' which
would've kept the formatting and caused the test to pass,
incorrectly, no matter whether --remote was in the output
or not). Plus, the '$?' check in the next line would never
trigger on failure anyway, so the failure message would've
been unhelpful if the test were ever to fail.
Anyhow. Make it readable and make it work.
(Followup to #11990)
Signed-off-by: Ed Santiago <santiago@redhat.com>
