Commit Graph

17481 Commits

Author SHA1 Message Date
8e05caef6c ginkgo tests: apply ginkgolinter fixes
New fixes since my last commit 2ddf1c5cbd11.

https://github.com/nunnatsa/ginkgolinter

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-20 16:47:17 +01:00
ca40371ff5 Merge pull request from flouthoc/bump-buildah-ca578b290144
vendor: bump to buildah `ca578b290144` and use new distributed cache API
2022-12-20 09:56:58 -05:00
db648dc005 Merge pull request from giuseppe/always-create-userns-with-euid-not-0
rootless: always create userns with euid != 0
2022-12-20 09:51:52 -05:00
56982a9236 Merge pull request from rhatdan/kube
Stop recording annotations set to false
2022-12-20 08:23:52 -05:00
1bac160960 rootless: always create userns with euid != 0
always create a user namespace when running with euid != 0 since the
user is not owning the current mount namespace.

This issue happened on a Kubernetes cluster, where the pod was running
privileged but the UID was not 0, as it was configured in the image
itself.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-12-20 13:33:23 +01:00
90719d38f7 rootless: inhibit copy mapping for euid != 0
when running with euid != 0, inhibit the copy of the current mappings,
even if the kernel allows that.  This seems to be the expectation when
running in a Kubernetes cluster with a non-root user.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-12-20 13:32:58 +01:00
987c8e3a78 vendor: bump to buildah ca578b290144 and use new cache API
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.

[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]

Signed-off-by: Aditya R <arajan@redhat.com>
2022-12-20 17:13:59 +05:30
80de850817 Stop recording annotations set to false
False is the assumed value, and inspect and podman generate kube are
being cluttered with a ton of annotations that indicate nothing.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-19 16:07:33 -05:00
fb967aabc3 Merge pull request from rhatdan/docs
Unify --noheading and -n to be consistent on all commands
2022-12-19 15:08:02 -05:00
b0acb59ccb Merge pull request from ygalblum/quadlet_network_file
Quadlet: add network support
2022-12-19 14:16:53 -05:00
2be7238a59 Merge pull request from rhatdan/VENDOR
Update vendor of containters/(common, image)
2022-12-19 13:31:22 -05:00
9187df5b28 Unify --noheading and -n to be consistent on all commands
Helps with https://github.com/containers/podman/issues/16536

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-19 13:18:43 -05:00
5b12cb23f6 Merge pull request from alexlarsson/quadlet-build-fixes
Quadlet packaging fixes
2022-12-19 08:31:01 -05:00
ae706e61bb Update vendor of containters/(common, image)
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-19 08:01:10 -05:00
24ab178fb7 specfile: Drop user-add depedency from quadlet subpackage.
This is not needed since we dropped the quadlet user.

[NO NEW TESTS NEEDED] This just changes the build.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-19 10:16:00 +01:00
e9243f904b quadlet: Default BINDIR to /usr/bin if tag not specified
When building without the makefile the v4/pkg/systemd/quadlet._binDir
defined is not set. In that case default to /usr/bin rather than the
empty string. This helps e.g. the rpm specfile which doesn't use
the makefile.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-19 09:49:08 +01:00
aeb36e5dad Merge pull request from alexlarsson/quadlet-system-test
Quadlet system test
2022-12-18 07:16:50 -05:00
d974a79e27 Quadlet: add network support
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
2022-12-18 11:25:20 +02:00
a6b375f8d7 Merge pull request from beeblebrox3/patch-1
[CI:DOCS] Fix typo on network docs
2022-12-17 05:27:25 -05:00
3f83467f3e Merge pull request from Luap99/netns-db
libpod: move NetNS into state db instead of extra bucket
2022-12-17 04:17:20 -05:00
bf78696d14 Merge pull request from containers/dependabot/go_modules/github.com/docker/docker-20.10.22incompatible
build(deps): bump github.com/docker/docker from 20.10.21+incompatible to 20.10.22+incompatible
2022-12-17 04:11:41 -05:00
a78d0ca6b7 Merge pull request from nalind/always-allow-push-from-storage
Always allow pushing from containers-storage
2022-12-17 04:11:21 -05:00
d1496afb54 Always allow pushing from containers-storage
Override the signature policy to always allow pushing images from local
storage, even if the default policy is set up to always disallow reading
images from any location.

Pay attention to the --signature-policy option in `podman push`, so that
we can test this properly.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2022-12-16 14:59:00 -05:00
12d5e6ab82 Merge pull request from Luap99/attach-log
libpod: fix header length in http attach with logs
2022-12-16 14:19:00 -05:00
0bc3d35791 libpod: move NetNS into state db instead of extra bucket
This should simplify the db logic. We no longer need a extra db bucket
for the netns, it is still supported in read only mode for backwards
compat. The old version required us to always open the netns before we
could attach it to the container state struct which caused problem in
some cases were the netns was no longer valid.

Now we use the netns as string throughout the code, this allow us to
only open it when needed reducing possible errors.

[NO NEW TESTS NEEDED] Existing tests should cover it and it is only a
flake so hard to reproduce the error.

Fixes 

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-16 18:30:12 +01:00
fd7049b187 Merge pull request from Luap99/no-CNI
libpod: remove CNI word were no longer applicable
2022-12-16 11:50:07 -05:00
f21c64019f Merge pull request from Luap99/restore-static-ip
checkpoint restore: fix --ignore-static-ip/mac
2022-12-16 11:03:40 -05:00
5e4c0358c4 Merge pull request from vrothberg/kube-improvements
podman-kube@ template: use `podman kube`
2022-12-16 09:46:27 -05:00
80878f20bc Add initial system tests for quadlets
This adds basic container and volume system tests for quadlet. These
install and run actual systemd units and ensure they work.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-16 15:35:51 +01:00
20b10574d7 quadlet: Add --user option
Normally quadlet picks up whether to behave like a user or system
instance based on the binary name, but for the tests we want the
ability to pass `--user` to modify this using a single binary.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-16 14:55:40 +01:00
4fa65ad0dc libpod: remove CNI word were no longer applicable
We should have done this much earlier, most of the times CNI networks
just mean networks so I changed this and also fixed some function
names. This should make it more clear what actually refers to CNI and
what is just general network backend stuff.

[NO NEW TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-16 14:20:14 +01:00
1424f0958f libpod: fix header length in http attach with logs
When we read logs there can be full or partial lines, when it is full we
need to append a newline, thus the message length must be incremented by
one.

Fixes 

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-12-16 14:18:30 +01:00
d6c2fa6452 Merge pull request from matejvasek/fix-event-reading-size
fix: event read from syslog when syslog entry too long
2022-12-16 07:30:37 -05:00
ecc095df8b Merge pull request from vrothberg/wait-ignore
wait: add --ignore option
2022-12-16 07:22:29 -05:00
12d0584006 podman-kube@ template: use podman kube
Use the new `podman kube {down,play}` commands.

[NO NEW TESTS NEEDED] as this is a purely cosmetic change.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-12-16 13:16:06 +01:00
3868d2d82b build(deps): bump github.com/docker/docker
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.21+incompatible to 20.10.22+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v20.10.21...v20.10.22)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-16 12:02:29 +00:00
3219650fab Merge pull request from alexlarsson/quadlet-podman-binary-name
Quadlet handle podman binary name better
2022-12-16 07:00:38 -05:00
f4d0496b54 wait: add --ignore option
In the recent past, I met the frequent need to wait for a container to
exist that, at the same time, may get removed (e.g., system tests in [1]).

Add an `--ignore` option to podman-wait which will ignore errors when a
specified container is missing and mark its exit code as -1.  Also
remove ID fields from the WaitReport.  It is actually not used by
callers and removing it makes the code simpler and faster.

Once merged, we can go over the tests and simplify them.

[1] github.com/containers/podman/pull/16852

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-12-16 10:24:29 +01:00
18f1a8046b Merge pull request from rhatdan/caps
Vendor in latest containers/common with default capabilities
2022-12-16 03:58:06 -05:00
461726a3fa qudlet: Respect $PODMAN env var for podman binary
This changes the podman binary name embedded in the generated files.
This is primarily needed for testing podman.

This also adds a -X config for BINDIR so that we pick up the right
install target. This required tweaking some tests to handle the default
bindir not being /usr/bin.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-16 09:47:49 +01:00
a4a647c0b9 e2e: Add assert-key-is-regex check to quadlet e2e testsuite
We will use this later

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-16 09:47:49 +01:00
84f3ad3560 e2e: Add some assert to quadlet test to make sure testcases are sane
This just checks the expected number of arguments.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-12-16 09:47:33 +01:00
41a70adc74 Merge pull request from dfr/freebsd-rootless
pkg/rootless: Change error text ...
2022-12-15 20:34:14 -05:00
536d3b87f0 Merge pull request from SoMuchForSubtlety/api-port-bindings
api: remove unmapped ports from PortBindings
2022-12-15 20:19:53 -05:00
97f63da67d remove unmapped ports from inspect port bindings
Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
2022-12-15 23:18:50 +01:00
fa4b346182 update podman-network-create for clarity
Add `sudo`  to the example of macvlan creation  for clarity

Signed-off-by: Luís Henrique Faria <luish.faria@gmail.com>
2022-12-15 19:10:14 -03:00
494f983e63 Merge pull request from giuseppe/cli-handler
rootless: add cli validator
2022-12-15 14:42:53 -05:00
3718ac8e96 Vendor in latest containers/common with default capabilities
Also update vendor of containers/storage and image

Cleanup display of added/dropped capabilties as well

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-15 14:28:30 -05:00
1cc22631f6 Merge pull request from ygalblum/network_ignore
Network Create: Add --ignore flag to support idempotent script
2022-12-15 14:27:25 -05:00
f0a8c0bd97 pkg/rootless: Change error text ...
... redirect the user to run with superuser privileges instead of
printing 'this function is not supported'.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
2022-12-15 17:40:21 +00:00