Traditionally, the path resolution for containers has been resolved on
the *host*; relative to the container's mount point or relative to
specified bind mounts or volumes.
While this works nicely for non-running containers, it poses a problem
for running ones. In that case, certain kinds of mounts (e.g., tmpfs)
will not resolve correctly. A tmpfs is held in memory and hence cannot
be resolved relatively to the container's mount point. A copy operation
will succeed but the data will not show up inside the container.
To support these kinds of mounts, we need to join the *running*
container's mount namespace (and PID namespace) when copying.
Note that this change implies moving the copy and stat logic into
`libpod` since we need to keep the container locked to avoid race
conditions. The immediate benefit is that all logic is now inside
`libpod`; the code isn't scattered anymore.
Further note that Docker does not support copying to tmpfs mounts.
Tests have been extended to cover *both* path resolutions for running
and created containers. New tests have been added to exercise the
tmpfs-mount case.
For the record: Some tests could be improved by using `start -a` instead
of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI
which forced me to use the more expensive start-exec option.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This will allow installation of the manpages without the need to rebuild
them in the installation stage of distro packaging.
[NO TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The compatibility endpoint for listing containers should have the
summarized network configuration with it.
Fixes: #9529
Signed-off-by: baude <bbaude@redhat.com>
Docker api expects secrets endpoint to have a version field. So, the
version field is added into the compat endpoint only. The version field
is always 1, since Docker uses the version to keep track of updates to
the secret, and currently we cannot update a secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
Some log tests were duplicated, and some didn't need to be repeated for
every driver. Also, added some comments
Signed-off-by: Ashley Cui <acui@redhat.com>
Currently podman is ignoreing the build --timestamp flag.
This PR fixes this for local and remote clients.
Fixes: https://github.com/containers/podman/issues/9569
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Move the core of renaming logic into the DB. This guarantees a
lot more atomicity than we have right now (our current solution,
removing the container from the DB and re-creating it, is *VERY*
not atomic and prone to leaving a corrupted state behind if
things go wrong. Moving things into the DB allows us to remove
most, but not all, of this - there's still a potential scenario
where the c/storage rename fails but the Podman rename succeeds,
and we end up with a mismatched state.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
To be able to reuse common checkpoint/restore functions this commit
moves code to pkg/checkpoint/crutils.
This commit has not functional changes. It only moves code around.
[NO TESTS NEEDED] - only moving code around
Signed-off-by: Adrian Reber <areber@redhat.com>
checkpointctl contains common code to work with checkpoint images in
Podman, CRI-O and Kubernetes.
Use functions and definitions from checkpointctl where possible.
Signed-off-by: Adrian Reber <areber@redhat.com>
* Introduce sub-package compat to meet packaging and import requirements
* Update documenation for running tests
* Add requirements.txt to improve IDE support
Signed-off-by: Jhon Honce <jhonce@redhat.com>
While I wasn't looking, some completely unreadable cruft
crept in here, and it's totally my fault: I never knew
you could pass JSON to a GET query. Everyone who DID
know that, did so, but had to URL-escape it into a
completely gobbledygook mess to make curl happy.
Solution: trivial, do the URL-escaping in 't' itself. I
just never realized that was needed.
I'm so sorry. I hope this helps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The storage can easily be corrupted when a build or pull process (or any
process *writing* to the storage) has been killed. The corruption
surfaces in Podman reporting that a given layer could not be found in
the layer tree. Those errors must not be fatal but only logged, such
that the image removal may continue. Otherwise, a user may be unable to
remove an image.
[NO TESTS NEEDED] as I do not yet have a reliable way to cause such a
storage corruption.
Reported-in: https://github.com/containers/podman/issues/8148#issuecomment-787598940
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Docker allows both the old `map[string]map[string]bool`
and the newer `map[string][]string` for the filter param
so we should too.
Fixes#9526
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Since we have no good way to enable this on the server side, we will
just allow it to be set on the client side. This should solve almost all
cases.
Partially fixes: https://github.com/containers/podman/issues/9500
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
