create the /etc/passwd and /etc/group files before any user/group
lookup so that the entries added dynamically are found by --user.
As a side effect, do not automatically create the group with same
value as the uid when not specified, since it is expected to run with
gid=0.
Closes: https://github.com/containers/podman/issues/25805
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since commit 945aade38b we do tear down the kube units if all pods
failed to start. This however broke the use case of an empty pod as we
did not consider that being starting successfully which is wrong and
caused a regression for at least one user.
To fix this special case the empty pod and consider that running.
Fixes: #25786
Fixes: 945aade38b ("quadlet kube: correctly mark unit as failed")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Networks are stored in two ways in the DB, first a static network list
which holds all the network with its option for the container. Second,
the network status which hold the actual network result from netavark
but only when the container is running.
If the container is running they must be in sync and podman inspect has
checks to ensure that as well it errors out of there is a desync between
the two.
As the adding to the db and doing actual networking configuration are
diffeent parts it possible that one worked while the other failed which
triggers the desync. To avoid this make the network connect/disconnect
code more robust against partial failures. When the network calls fail
we update the db again to remove/add the network back.
Fixes: https://issues.redhat.com/browse/RHEL-78037
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
golangci-lint v2 introduced a new command, fmt, which runs configured
formatters (see formatters in .golangci.yml).
Use this for generated files. Drop separate goimports binary.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.
Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This is related to #23292 and is needed to replace
pause image container with pause container based
on the rootfs.
Without this change, the GIDs and UIDs are not mapped
in the rootfs container which use overlay if --userns=auto
is used. This leads to an error mounting /dev/pts with gid=5,
becuase GID 5 simply does not exist in the pause container
using rootfs.
All the tests pass with this change, but I have to admit
I did not find out why the original code has been introduced.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
It appears[1] that ginkgo binary can be easily built from the top-level
vendor, so it does not make sense to have a second copy in test/tools
(and a hassle of keeping the two in sync).
Inspired by [1], [2], and a run of make localtest, which shows:
> Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:
> Ginkgo CLI Version:
> 2.22.1
> Mismatched package versions found:
> 2.23.3 used by podman, common, containers, parse, quadlet, rootlessport, abi, tunnel, libpod, events, file, shm, logs, annotations, libpod, utils, apiutil, auth, ctime, abi, expansion, utils, emulation, env, errorhandling, machine, compression, connection, define, ocipull, provider, proxyenv, qemu, command, shim, vmconfigs, rootless, signal, specgen, generate, kube, specgenutil, systemd, generate, notifyproxy, parser, timetype, trust, util, utils
[1]: af29bb5b6e (r2020246403)
[2]: e6c7ec94e2 (r2020230241)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This is shown when golangci-lint is run with --tests=false
> test/e2e/config.go:7:2: var fedoraMinimal is unused (unused)
> fedoraMinimal = "quay.io/libpod/systemd-image:20240124"
> ^
> test/e2e/config.go:18:2: var volumeTest is unused (unused)
> volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623"
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was added by commit 84e42877a ("make lint: re-enable revive"),
making nolintlint became almost useless.
Remove the ungodly amount of unused nolint annotations.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit adds new --cdi-spec-dir global option. This
option is used to add additional CDI spec paths.
Signed-off-by: Micah Chambers (eos) <mchambers@anduril.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Do not use the interspersed option for logs, it is not needed and just
restricts valid use cases.
Fixes#25653
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new Retry= and RetryDelay= options
to quadlet.go which result in --retry and --retry-delay
usage in podman run, image and build commands.
This allows configuring the retry logic in the systemd
files.
Fixes: #25109
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Following test needs unique cache in TMPDIR so cache of this test does
not conflicts with other tests however for this specific test there is
no convenient way to pass custom TMPDIR.
Skipping this test similar to this already exists in tests/bud.bats but
covers `--mount=type=cache,sharing=locked`
Read more discussion here: https://github.com/containers/podman/issues/25414
Closes: https://github.com/containers/podman/issues/25414
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
