Let's not mix apples and oranges and give stderr a dedicated pipe. This
way, we don't return conmon log messages if run in debug mode.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Use `pkg/adapter` to increase code reuse and reduce code redundancy.
* Extend swagger docs to mention AIX descriptors.
* Document the libpod endpoint which shares the same handler.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We must check all errors and handle them properly. Otherwise, we can run
into nil dereferences ultimately killing the service.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
`NumProcs` and `StorageStats` are windows specific and are not
popoulated on Linux. Hence, we can safely remove them.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
do not change the permissions mask for the rundir and the tmpdir when
running a container with a user namespace and the current user is
mapped inside the user namespace.
The change was introduced with
849548ffb8e958e901317eceffdcc2d918cafd8d, that dropped the
intermediate mount namespace in favor of allowing root into the user
namespace to access these directories.
Closes: https://github.com/containers/libpod/issues/4846
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Include the unit tests (i.e., _test.go files) for linting to make the
tests more robust and enforce the linters' coding styles etc.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
adhere closer to the spec by using description and summary fields and
also ensuring that the id is unique to avoid collision between generic
and libpod endpoints.
also, make swagger output work with redoc which seems to display our
information better for our needs.
Signed-off-by: baude <bbaude@redhat.com>
Our networking code bakes in a lot of assumptions about how
networking should work - that CNI is *always* used with root, and
that slirp4netns is *always* used only with rootless. These are
not safe assumptions. This fixes one particular issue, which
would cause CNI to also be run when slirp4netns was requested as
root.
Fixes: #4687
Signed-off-by: Matthew Heon <mheon@redhat.com>
the --force parameter should only be used for the CLI and should only
dictate whether to prompt the user for confirmation.
Fixes: #4844
Signed-off-by: baude <bbaude@redhat.com>
`gocritic` is a powerful linter that helps in preventing certain kinds
of errors as well as enforcing a coding style.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Blacklist linters instead of whitelisting them. This way, we will
benefit from new linters when updating and it's easier to actually
find and fix open issues.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The latest versions have regressions in --skip-dirs where some linters
will still run and error out.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Perftest was intended to be used for testing CPU intensive tasks of
Podman. However, it does not compile for a long while and is not
integrated in the CI which clearly indicates that it has not been
used for a considerable amount of time.
Remove contrib/perftest entirely. If the desire arises to revive it,
all code is still reachable in the git history.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We should only use `make golangci-lint` which is also used in `make
validate`. However, we need to enable more linters which we can
do step by step in future commits.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When executing make in parallel, e.g `make -j8`, there is a chance steps are
executed at the same time. There is a chance .gopathok and the actual varlink
generation happening at the same time, causing a race and ultimately failing the
build.
Ensuring the .gopathok dependency is met at the actual step fixes the problem.
Signed-off-by: Morten Linderud <morten@linderud.pw>
when creating a keep-id namespace, we split the original user
namespace in:
inner ns | outer ns | size:
0 | 1 | ID
ID | 0 | 1
ID+1 | ID+1 | availableIds - ID
When the user ID is bigger than the number of available
subuids/subgids we fail to create the user namespace because the first
slice is bigger than the available number of IDs and the third one has
a negative size.
Fix it by not using more than the available number of IDs in the first
slice and creating the third one only if there are other IDs left.
When the user ID is bigger than the number of additional IDs, there
will be a gap between the two mappings so the IDs between the maximum
additional ID and the user ID won't be present inside of the
namespace.
Closes: https://github.com/containers/libpod/issues/4838
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
