Users are surprised when chowning large volumes how long it can take
to relabel of chown the entire directory tree. This PR updates the
documentation to explain this fact to the user.
Fixes: https://github.com/containers/podman/issues/16575
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This means we store things like config.json and the secret files
also on tmpfs, lowering wear on disk and leaving less stuff on disk
on an unclean shutdown.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
These just run once and are considered successful at exist. Not much is
needed to support it, but we have to avoid overwriting the type
with Type=notify.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
...make sure podman rejects being called with incompatible options
Replaces: https://github.com/containers/podman/pull/16813
Which is stuck in CI and Ed is on break.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since we open /dev/null to set it as STDIN we can close it after the
dup2() call. Using defer is not good enough since this function will
never exit since the http server will block. This is not a problem but
it reduces the open fds from the service by one.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This allows use to use STDOUT directly without having to call open
again, also this makes the export API endpoint much more performant
since it no longer needs to copy to a temp file.
I noticed that there was no export API test so I added one.
And lastly opening /dev/stdout will not work on windows.
Fixes#16870
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
always create a user namespace when running with euid != 0 since the
user is not owning the current mount namespace.
This issue happened on a Kubernetes cluster, where the pod was running
privileged but the UID was not 0, as it was configured in the image
itself.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when running with euid != 0, inhibit the copy of the current mappings,
even if the kernel allows that. This seems to be the expectation when
running in a Kubernetes cluster with a non-root user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a wrapper to reduce boilerplate code. This also paves the way for
adding an ignore option to `getContainersOptions`.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
The ReadOnly and the RunInit keys affect options that have a variable
default (configurable in containers.conf). This means we need to
handle them a bit differently in quadlet to allow overriding the
default. For example, we can't assume ReadOnly=false doesn't need to
add any argument because no argument may mean readonly=true if the default
is changed.
We now don't add any argument (leaving the default) if the key is not specified,
or we always add an argument (--foo or --foo=false) if the key is specified (overriding whatever the default is).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We add a regular LookupBoolean that can fail lookups, which is used by
the WithDefault version. We want to use this directly later in some places.
It is fina to change API here because this has not been in a release yet.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is a unit that can be enabled when using transient store mode
to clean up potential leftovers from previous boots. All it does is
run "podman system prune --external" once each boot.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
False is the assumed value, and inspect and podman generate kube are
being cluttered with a ton of annotations that indicate nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new `getContainers` function to consolidate listing and looking
up containers. An options struct keeps thing flexible and makes callers
more readable.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This is not needed since we dropped the quadlet user.
[NO NEW TESTS NEEDED] This just changes the build.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
When building without the makefile the v4/pkg/systemd/quadlet._binDir
defined is not set. In that case default to /usr/bin rather than the
empty string. This helps e.g. the rpm specfile which doesn't use
the makefile.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
