When run with --cgroups=split mode (e.g. quadlet) we do not use the a
separate cgroup for the container and just run in the unit cgroup.
When we filter logs we thus must match the unit name.
Added a small test to the quadlet test to make sure it will work.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Tests constantly fail with zero indication of why. Fix that.
- add correct default for $QUADLET path
- add check to make sure it exists
- log quadlet commands and their output
Signed-off-by: Ed Santiago <santiago@redhat.com>
Commit 4fa307f14923 fixed a number of issues in the sdnotify proxies.
Whenever a container runs with a custom sdnotify policy, the proxies
need to keep running which in turn required Podman to run and wait for
the service container to stop. Improve on that behavior and set the
service container as the main PID (instead of Podman) when no container
needs sdnotify.
Fixes: #17345
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add support for disabeling SELinux process separation in the container.
Add support for setting the process type of the container.
Add support for setting the process MCS level of the container.
Add support for setting the file type of the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
quadlet tests were using 'systemctl show -P', a shortcut
that doesn't exist on RHEL8. Translate to old-systemd
language.
And, minor tweaks to make future test diagnosing easier.
This is a frontport of #17311; bringing from release branch
to main. Except that was an emergency, so it was a one-line
fix. This is a better long-term fix, not as trivial to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
New tests got added since I've been on PTO. Some of those tests
weren't doing cleanup, resulting in nasty red logs. Fix.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure the Container unit correctly references the volume
Start the Container service and not the Volume one
Remove the volume
Print the name of the service when status does not match
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
These just run once and are considered successful at exist. Not much is
needed to support it, but we have to avoid overwriting the type
with Type=notify.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This adds basic container and volume system tests for quadlet. These
install and run actual systemd units and ensure they work.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
