Previously, the HealthCheck exec session would not terminate on timeout, allowing the healthcheck to run indefinitely.
Fixes: https://issues.redhat.com/browse/RHEL-86096
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This fixes an issue where multiple paths separated by a colon were
treated as a single path, contrary to what docs say and unlike how mask
option works.
Test was updated with a case that fails without this commit.
Signed-off-by: Šimon Škoda <ver4a@uncontrol.me>
The tests for device I/O limits were using `/dev/zero`,
which is not a block device suitable for these cgroup
controls.
Update the tests to use `/dev/nullb0` if it exists.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The tests were incorrectly using `/dev/zero`. These options are
intended to set I/O limits on specific block devices.
The test already sets up a loopback device, so reuse it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Cgroup block I/O limits cannot be applied to character devices.
Ignore character devices in the inspect output.
Update the API tests to use the null block device `/dev/nullb0` (if
available) instead of `/dev/zero` for testing I/O limits.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The JSON decoder correctly cannot decode (overflow) negative values (e.g., `-1`) for fields of type `uint64`, as `-1` is used to represent `max` in `POSIXRlimit`. To handle this, we use `tmpSpecGenerator` to decode the request body. The `tmpSpecGenerator` replaces the `POSIXRlimit` type with a `tmpRlimit` type that uses the `json.Number` type for decoding values. The `tmpRlimit` is then converted into the `POSIXRlimit` type and assigned to the `SpecGenerator`.
This approach ensures compatibility with the Podman CLI and remote API, which already handle `-1` by casting it to `uint64` (`uint64(-1)` equals `MaxUint64`) to signify `max`.
Fixes: https://issues.redhat.com/browse/RUN-2859
Fixes: https://github.com/containers/podman/issues/24886
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The Docker `-XDELETE image/$name?force=true` endpoint only removes
containers using an image if they are in a non running state.
In Podman, when forcefully removing images we also forcefully delete
containers using the image including running containers.
This patch changes the Docker image force delete compat API to act like the
Docker API while maintaining commands like `podman rmi -f $imagename`
It also corrects the API return code returned when an image is requested
to be deleted with running containers using it.
Fixes: https://github.com/containers/podman/issues/25871
Signed-off-by: Lewis Roy <lewis@redhat.com>
This looks like debug leftover, in any case this is not an error so
simply remove the line.
Fixes#25965
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The backstory for this is that runc 1.2 (opencontainers/runc#3967)
fixed a long-standing bug in our mount flag handling (a bug that crun
still has). Before runc 1.2, when dealing with locked mount flags that
user namespaced containers cannot clear, trying to explicitly clearing
locked flags (like rw clearing MS_RDONLY) would silently ignore the rw
flag in most cases and would result in a read-only mount. This is
obviously not what the user expects.
What runc 1.2 did is that it made it so that passing clearing flags
like rw would always result in an attempt to clear the flag (which was
not the case before), and would (in all cases) explicitly return an
error if we try to clear locking flags. (This also let us finally fix a
bunch of other long-standing issues with locked mount flags causing
seemingly spurious errors).
The problem is that podman sets rw on all mounts by default (even if
the user doesn't specify anything). This is actually a no-op in
runc 1.1 and crun because of a bug in how clearing flags were handled
(rw is the absence of MS_RDONLY but until runc 1.2 we didn't correctly
track clearing flags like that, meaning that rw would literally be
handled as if it were not set at all by users) but in runc 1.2 leads to
unfortunate breakages and a subtle change in behaviour (before, a ro
mount being bind-mounted into a container would also be ro -- though
due to the above bug even setting rw explicitly would result in ro in
most cases -- but with runc 1.2 the mount will always be rw even if
the user didn't explicitly request it which most users would find
surprising). By the way, this "always set rw" behaviour is a departure
from Docker and it is not necesssary.
Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
To have consistency with other podman commands like `ps` and `images`,
`volume ls` should output its headers even when there are no volumes.
Fixes: https://github.com/containers/podman/issues/25911
Signed-off-by: Brent Baude <bbaude@redhat.com>
The README.md in test/buildah-bud had the old directory name for the
apply-podman-deltas file. This change removes the `/` and adds a `-`
in that file name.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit removes the code to build a local pause
image from the Containerfile. It is replaced with
code to find the catatonit binary and include it in
the Rootfs.
This removes the need to build a local pause container
image.
The same logic is also applied to createServiceContainer
which is originally also based on the pause image.
Fixes: #23292
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
