- podman-remote unshare returns an error message
with the exit code '125'.
- Need to run RestartRemoteService() to apply
changes to the TMPDIR.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
The tests for generating username/passwd entries assume that
UID/GID 123/456 do not exist, which is not a safe assumption on
Debian. If a /etc/passwd entry with that UID/GID already exists,
the test will not add a new one with the same UID/GID, and will
fail. Change UID and GID to be 6 digits, because we're a lot less
likely to collide with UIDs and GIDs in use on the system that
way. Could also go further and randomly generate the UID/GID, but
that feels like overkill.
Fixes#17366
Signed-off-by: Matt Heon <mheon@redhat.com>
When golangci-lint it will only report 3 errors fromt he same linter by
default. This is annoying when a new linter is added and you think only
3 three errors lets fix it real quick only to notice when you rerun it
there again new 3 errors and so on.
In CI and local I want to see all issues at once so I can fix them and
know how much work it is before starting to fix them.
With `max-issues-per-linter: 0` and `max-same-issues: 0` it will show
us all errors because 0 means unlimted. By default it will only show 50
per linter and 3 from the same issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new version contains the ginkgolinter, which makes sure the
assertions are more helpful.
Also replace the deprecated os.SEEK_END with io.SeekEnd.
There is also a new `musttag` linter which checks if struct that are
un/marshalled all have json tags. This results in many warnings so I
disabled the check for now. We can reenable it if we think it is worth
it but for now it way to much work to fix all report problems.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Document the identifiers used in the journald events backend. Those can
be used to filter Podman events with journalctl and I need them to be
documented for a blog I am writing at the moment.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Quadlet should not exit with failure if no files to process have been
found. Otherwise, even simple operations such as reloading systemd
will fail as it retriggers generators.
Fixes: #17374
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Handle a race condition in the REST API when listing networks.
In between listing all containers and inspecting them, they may have
already been removed, so handle this case gracefully.
[NO NEW TESTS NEEDED] as it's a race condition.
Fixes: #17341
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- Don't order the container unit before local-fs.target as that creates
an ordering cycle that triggers other issues.
- Use the example network in the container unit
- Only use groups that exists by default for the volume
Signed-off-by: Timothée Ravier <tim@siosm.fr>
A semantic change to a Cirrus-CI GraphQL API parameter caused a
unit-test to fail (as it should have) with the error:
```
Query result did not pass filter '.data.ownerRepository.cronSettings':
'{"data":{"ownerRepository":null}}'
```
As per Cirrus-support, a change was introduced in schema affecting certain
fields that were incorrectly marked Nullable. They indicated the `platform`
field was set incorrectly, and should use the value `github`.
* Fix the platform field's value to `github` instead of `LINUX`.
* Change the unit-test to only execute as part of the 'main' cirrus-cron
job so it cannot impact PRs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Add missing return after utils.Error(),
utils.InternalServerError(), utils.BadRequest().
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Similarly to the ICMP test for IPv4, I broke the command line on a
rebase of the initial test import.
Note that, unless we pass an IPv6 resolver directly to pasta, Podman
won't add one to /etc/resolv.conf in the container. We could pass
that explicitly, but then end up hitting the same issue as the one
described in the "Local forwarder, IPv6" case. Skip this test for
the moment being.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Parameter substitution in the command line went lost on some rebase
of the initial test import. Add it back and actually test that we can
ping the resolver.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
For some reason I couldn't figure out yet, on CI systems running
Fedora 37, tests for TCP port forwarding with ranges fail on the
third connection, as connect() from the socat client gets
interrupted -- and socat doesn't handle this.
Mitigate this by connecting twice, to two different ports, instead of
using three ports.
Reported-by: Ed Santiago <santiago@redhat.com>
Link: https://github.com/containers/podman/issues/17287
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Add support for disabeling SELinux process separation in the container.
Add support for setting the process type of the container.
Add support for setting the process MCS level of the container.
Add support for setting the file type of the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All PRs are broken because this test fails, presumably due to a GraphQL
API change. Disable the test temporarily until a permanent solution
can be found.
Signed-off-by: Chris Evich <cevich@redhat.com>
When run make with muitiple jobs, `clean-binaries` could run after
the `podman-remote` target thus delete the newly built `podman-remote`
binary file. And this would cause the error later in the
`docs/remote-docs.sh` script.
Signed-off-by: xxyzz <gitpull@protonmail.com>
when using --userns=auto or --userns=pod, we should bind mount /sys
from the host instead of creating a new /sys in the container,
otherwise we rely on the fallback provided by crun, which might not be
available in other runtimes.
Also, in the last version of crun the fallback is stricter than it
used to be before and it uses a recursive bind mount through the new
mount API. That can be missing on old kernel.
Closes: https://github.com/containers/crun/issues/1131
[NO NEW TESTS NEEDED] to trigger the failure, we need a specific
combination of kernel, libc and OCI runtime.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
