When we supercede low-priority mounts and volumes (image volumes,
and volumes sourced from --volumes-from) with higher-priority
ones (the --volume and --mount flags), we always replaced
lower-priority mounts of the same type (e.g. a user mount to
/tmp/test1 would supercede a volumes-from mount to the same
destination). However, we did not supercede the opposite type - a
named volume from image volumes at /tmp/test1 would be allowed to
remain and create a conflict, preventing container creation.
Solve this by destroying opposite types before merging (we can't
do it in the same loop, as then named volumes, which go second,
might trample changes made by mounts).
Fixes#3174
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
when doing any sort of attach to a container, a sigwinch is sent
followed by a resize event. this is fine for the local client but when
doing things over the varlink, the first sigwinch is wiped out by the
immediate resize event and is therefore lost. by making the channel
buffered, both events are processed after the varlink connection is
established.
Signed-off-by: baude <bbaude@redhat.com>
Occasionally, and seemingly only on F29 the root disk fails to expand
upon boot. When this happens, any number of failures could occur if
space runs out. Until there is time to investigate the actual cause,
workaround this problem by detecting it and acting accordingly.
Signed-off-by: Chris Evich <cevich@redhat.com>
New base-image boots, a cache-image builds, but more work is needed for
it to be prime-time ready. This commit just adds some updates to the
scafolding necessary to build the base-image. Future work will make F30
more of a reality.
Also add log-collection scripts to test image verification task
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously, it was quite difficult to affect changes to VM cache images
without lots of manual work. This commit adds a new optional testing
task which mirrors the official-image build task which only runs on
master. In contrast, the new task may be run at any time in a PR, but
including a magic phrase in the PR description.
Update documentation to describe the new task and inform on it's usage.
Signed-off-by: Chris Evich <cevich@redhat.com>
replace two usage of kwait.ExponentialBackoff in favor of WaitForFile
that uses inotify when possible.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
force the resources block to be empty instead of having default
values.
Regression introduced by 8e88461511e81d2327e4c1a1315bb58fda1827ca
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Mark hidden all references to signature-policy
Default all uses of --authfile
Add --authfile support to podman run and podman create.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
enable polling also when using inotify. It is generally useful to
have it as under high load inotify can lose notifications. It also
solves a race condition where the file is created while the watcher
is configured and it'd wait until the timeout and fail.
Closes: https://github.com/containers/libpod/issues/2942
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Mainly add support for podman build using --overlay mounts.
Updates containers/image also adds better support for new registries.conf
file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
I'd left this out in a4b483c848 (libpod/container_internal: Deprecate
implicit hook directories, 2018-12-02, #1920).
Signed-off-by: W. Trevor King <wking@tremily.us>
`string.Split()` splits into slice of size greater than 2
which may result in loss of environment variables
fixes#3132
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
add a shortcut for joining immediately the namespace so we don't need
to re-exec Podman.
With the pause process simplificaton, we can now attempt to join the
namespaces as soon as Podman starts (and before the Go runtime kicks
in), so that we don't need to re-exec and use just one process.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
use a pause process to keep the user and mount namespace alive.
The pause process is created immediately on reload, and all successive
Podman processes will refer to it for joining the user&mount
namespace.
This solves all the race conditions we had on joining the correct
namespaces using the conmon processes.
As a fallback if the join fails for any reason (e.g. the pause process
was killed), then we try to join the running containers as we were
doing before.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
