Under some circumstances podman might be executed with a different argv0
than the actual path to the podman binary. This breaks the reexec logic
as it tried to exec argv0 which failed.
This is visible when using podmansh as login shell which get's the
special -podmansh on argv0 to signal the shell it is a login shell.
To fix this we can simply use /proc/self/exe as command path which is
much more robust and the argv array is still passed correctly.
Fixes#22672
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Final followup to #22270. That PR added a temporary convention
allowing a new form of ExitWithError(), one with an exit code
and stderr substring. In order to allow bite-size progress,
the old no-args form was still allowed. This PR removes
support for no-args ExitWithError().
This PR also adds one piece of new functionality: passing ""
(empty string) as the stderr arg means "expect exit code
but fail if there's anything at all in stderr".
Signed-off-by: Ed Santiago <santiago@redhat.com>
Without this key, there are duplicate copr jobs being created on
podman-next copr for `podman-fedora` and `podman-centos`.
Picking just one of `podman-fedora` / `podman-centos` should trigger
builds for all targets specified on the podman-next copr.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This reverts commit 02b8fd7156c93555b0ac1f775aa824ec04224215.
The new CI images should have a apparmor workaround.
Fixes#22625
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
First, setup a custom TMPDIR to ensure we have no special assumptions
about hard coded paths. Second, make sure it is actually on a tmpfs so
we can catch regressions in the VM setup immediately.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Follow up to commit eaf60c7fe7, with the toolbox image removal it is
possible to run all tests from tmpfs.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This addrress the CVE-2024-3727 by pulling in the top of main for
c/image, c/common, and c/buildah, all of which have the fix.
Addresses: CVE-2024-3727
No associated Jira cards at the moment.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
This change will minimize renovate PR's.
Checkout is an action maintained by GitHub, so using the latest v4 action shouldn't have stability consequences.
Signed-off-by: Ashley Cui <acui@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles only one file, test/e2e/rmi_test.go , because
my changes are significant enough to merit individual review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles all remaining test/e2e/r*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles test/e2e/s*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles a subset of test/e2e/run_xxx_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
This reverts commit 909ab594191ce964529398bcf7600edff9540d71.
The workaround was added almost 5 years ago to workaround an issue
with old conmon releases. It is safe to assume such ancient conmon
releases are not used anymore.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The scenario for inducing this is as follows:
1. Start a container with a long stop timeout and a PID1 that
ignores SIGTERM
2. Use `podman stop` to stop that container
3. Simultaneously, in another terminal, kill -9 `pidof podman`
(the container is now in ContainerStateStopping)
4. Now kill that container's Conmon with SIGKILL.
5. No commands are able to move the container from Stopping to
Stopped now.
The cause is a logic bug in our exit-file handling logic. Conmon
being dead without an exit file causes no change to the state.
Add handling for this case that tries to clean up, including
stopping the container if it still seems to be running.
Fixes#19629
Signed-off-by: Matt Heon <mheon@redhat.com>
Small usability improvements for our containerized validate target.
- Responds to SIGINT
- Exits if build fails, only validate if builds succeed
- Warns about potential of insufficient memory
- Document `make validatepr`
Signed-off-by: Ashley Cui <acui@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles all remaining test/e2e/p*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
This never tested what it said it did, the command line was wrong so
`,ro=false` was taken as image causing a error. What this actually
should care about is that a glob is taken as is and not evaluated.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
