read the slirp4netns stderr and propagate it in the error when the
process fails.
Replace: https://github.com/containers/libpod/pull/4338
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a GitHub action to mark issues and PRs as stale and
to eventually close them after a grace period.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
when users create a new network and the dnsname plugin can be found by
podman, we will enable container name resolution on the new network.
there is an option to opt *out* as well.
tests cannot be added until we solve the packaging portion of the
dnsname plugin.
Signed-off-by: baude <bbaude@redhat.com>
We have a lot of checks for container state scattered throughout
libpod. Many of these need to ensure the container is in one of a
given set of states so an operation may safely proceed.
Previously there was no set way of doing this, so we'd use unique
boolean logic for each one. Introduce a helper to standardize
state checks.
Note that this is only intended to replace checks for multiple
states. A simple check for one state (ContainerStateRunning, for
example) should remain a straight equality, and not use this new
helper.
Signed-off-by: Matthew Heon <mheon@redhat.com>
In event of a container removal that is no longer in database, log a
warning instead of an error, as there is not any problem continuing
execution.
Resolves#4314
Signed-off-by: Tyler Ramer <tyaramer@gmail.com>
when running in systemd mode on cgroups v1, make sure the
/sys/fs/cgroup/systemd/release_agent is masked otherwise the container
is able to modify it and execute scripts on the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When you try and create a new volume with the name of a volume
that already exists, you presently get a thoroughly unhelpful
error from `mkdir` as the volume attempts to create the
directory it will be mounted at. An EEXIST out of mkdir is not
particularly helpful to Podman users - it doesn't explain that
the name is already taken by another volume.
The solution here is potentially racy as the runtime is not
locked, so someone else could take the name while we're still
getting things set up, but that's a narrow timing window, and we
will still return an error - just an error that's not as good as
this one.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Document the rough equivalence between our option types and the
various parts of the mount command. Amend examples a bit to cover
this.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This matches Docker more closely, but retains the more important
protections of nosuid/nodev.
Fixes#4318
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Unless specified otherwise by --all, --latest or via arguments, list all
running containers. This matches the behaviour of Docker and is also
illustrated in the man pages where containers and options are marked to
be optional.
Fixes: #4274
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
if the cgroup manager is set to systemd, detect if dbus is available,
otherwise fallback to --cgroup-manager=cgroupfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Pulling fedora-minimal was potentially causing timeouts, which is
bad. Using the cache avoids that.
Sig-proxy=false test was entirely nonfunctional - I think we
didn't update it when we fixed sig-proxy=true to be less racy.
It was still passing, which is concerning.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Everything else is a flag to mount, but "uid" and "gid" are not.
We need to parse them out of "o" and handle them separately.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We need to use the new Inspect() endpoint instead of trying to
JSON the actual volume structs. Currently, the output seems
completely nonsensical; it seems like we're JSONing the struct
for the Varlink connection itself? This should restore sanity and
match the format of remote and local inspect on volumes.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
