there is already the same check when using cgroupfs, but not when
using the systemd cgroup backend. The check is needed to avoid a
confusing error from the OCI runtime.
Closes: https://github.com/containers/podman/issues/16376
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We have CI tests running in netavark mode when CNI is desired.
Add a new .cirrus.yml envariable, CI_DESIRED_NETWORK, which
we then force-check in e2e and system tests. Simple copy/paste
of #14912 (the RUNTIME check) with manual s/RUNTIME/NETWORK/
and other minor changes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add new troubleshooting tip:
Podman run fails with "Error: unrecognized namespace mode keep-id:uid=1000,gid=1000 passed"
Update the troubleshooting tips:
"Passed-in devices or files can't be accessed in rootless container (UID/GID mapping problem)"
and
"Container creates a file that is not owned by the user's regular UID"
to use
"--userns keep-id:uid=$uid,gid=$gid"
instead of the command-line options --uidmap and --gidmap
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
This was a horrible one. I basically went with the podman-run
version, with a few minor changes. See PR for discussion of
diff review.
podman-build is not included here, it is too different.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Building Ubuntu VM images is temporarily broken due to dependency
problems on (missing) netavaro for the (required) podman package.
Signed-off-by: Chris Evich <cevich@redhat.com>
When I first enabled buildah-bud tests under podman-remote (#9887),
I got one aspect all wrong: I added a podman-remote() helper function
to match the podman() one. Turns out it's never actually called,
even when $PODMAN_BINARY=podman-remote, because functions/aliases
don't work that way.
The way it works is, those few cases in which bud.bats runs
podman are not magically remapped to podman-remote, they use
the podman() function. That's where we need to check if
we're using podman-remote, and that's where we need to
remove the registry-and-rootdir options.
With this fix, we can reenable two previously-skipped bud tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the abilitiy to deploy the generated kube yaml to a
kubernetes cluster with the podman kube apply command.
Add support to directly apply containers, pods, or volumes
by passing in their names or ids to the command.
Use the kubernetes API endpoints and http requests to connect
to the cluster and deploy the various kubernetes object kinds.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Basically, acknowledge the need for dependencies and link
to Fedora specfile which is the only sane place to find
such a list.
Closes: #16365
Signed-off-by: Ed Santiago <santiago@redhat.com>
Underscore is special in markdown. We usually escape them
properly, but these are a few that we missed. Found using:
$ ack '[A-Z]\\fI[A-Z]' docs/build/man
(plus one that I found by accident).
If anyone has ideas on how to add a commit check for these,
please speak up. I'm at a complete loss to automate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This pulls in https://github.com/godbus/dbus/pull/332 allowing dbus to
build without cgo on FreeBSD. This will allow freebsd targets in the cross
build.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Only want to report if user created local customized storage in
/etc/containers/storage.conf or in
$HOME/.config/containers/storage.conf, when resetting storage.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a script to measure the execution times of podman, crun, run and
conmon. It's a trimmed down version of the exitsnoop tool and intended
to guide us in future performance optimizations.
The below output was generated when running
`podman run --net=host docker.io/library/alpine:latest true`
```
podman (snoop) $ sudo ./hack/podmansnoop
PCOMM PID PPID TID AGE(ms)
conmon 51580 51569 51580 1.67
conmon 51583 51569 51583 3.53
crun 51591 51590 51591 18.28
crun 51593 51569 51593 2.48
conmon 51606 51594 51606 0.85
crun 51608 51594 51608 2.50
podman 51594 51590 51594 176.27
conmon 51590 1950 51590 214.78
podman 51569 40964 51569 431.36
```
In the future, it would be helpful to add the arguments of the commands.
`execsnoop` can reveal them quite nicely but I did not manage to merge
the two scripts due to time constraints.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
support using keep-id when only one mapping is available to the
rootless user.
When there is only one id available (e.g. there are no additional IDs
set in /etc/subuid and /etc/subgid for the unprivileged user), then
only add the identity mapping $ID -> $ID, leaving unmapped other IDs
in the user namespace.
[NO NEW TESTS NEEDED] it needs a configuration with only one ID
available.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
