And, runc-1.12 broke our seccomp e2e tests (runc now calls getcwd(),
which is the dummy syscall blocked for testing seccomp). Switch
to blocking link() instead.
Also, disable v4.1.0 upgrade tests. They're hanging, and I have
no idea why, and have wasted most of a day debugging.
Fixes: #21546
Signed-off-by: Ed Santiago <santiago@redhat.com>
The default location for temporary files created by mktemp may not
have enough space for an image. Use the new SSH functions which
support an input reader to make the code simpler, more reliable,
and more efficient.
[NO NEW TESTS NEEDED]
Signed-off-by: Gordon Messmer <gordon.messmer@gmail.com>
we should not panic podman when it has to deal with a podman4 machine
config. instead, we throw a soft error for `machine ls` and in all
other cases, we throw a hard error stating that the machine config is
incompatible.
a future PR will provide instructions on how to recover from this.
current idea is something like `podman machine reset` which blows
everything away machine-wise.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Conmon writes the exit file and oom file (if container
was oom killed) to the persist directory. This directory
is retained across reboots as well.
Update podman to create a persist-dir/ctr-id for the exit
and oom files for each container to be written to. The oom
state of container is set after reading the files
from the persist-dir/ctr-id directory.
The exit code still continues to read the exit file from
the exits directory.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Also addresses a number of issues:
- StopHostNetworking isn't plumbed, win-sshproxy leaks on hyperv
- Wait api and print output doesn't work properly on Windows
- API forwarding doesn't work on WSL
- Terminal corruption with after start/stop on Windows
- Gvproxy is forcefully killed vs gracefully quit
- Switching rootful/rootless does not update /var/run/docker.sock on the guest
- File already closed error on init
- HyperV backend is publishing Unix sockets when it should be named pipes
- User-mode networking doesn't always work
- Stop state outside of lock boundaries
- WSL blocks parallel machined (should be supported)
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
This PR is only a few cleanup items where code is no longer used. More
to come I'm sure
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix a bug where if a vm exists, created by some other process/user, and
you attempt to make a podman machine with the same name.
Signed-off-by: Brent Baude <bbaude@redhat.com>
we were fighting a flake earlier, so the mac test was removed again and
the suspected commit was removed. this turns the test back on so we can
see if we pass cleanly.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Added the module github.com/crc-org/crc/ as a dependency.
Updated `decompress.go` and `copy_test.go` in compression
so that `CopySparse` from crc-org/crc/v2/pkg/os is used instead
of the local version in `copy.go`.
Deleted `copy.go` that is not used anymore.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Ref:
https://github.com/containers/podman/pull/21570#issuecomment-1935709148
This tool is really intended/best used from git pre-commit on developers
local machines, to prevent addition of secret leaks. When used as a
check against PRs, it tends to turn up more false-positives than helpful
warnings. There's no good way to fix this, and maintaining the scanner
is an additional burden. Rather than continue struggling to improve/fix
the situation, let's just remove the tool entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes: #21574
The documentation for this image references a quay repository that
doesn't exist. It doesn't appear any of these files have been touched
since late 2022. Instead of updating the docs, let's just remove the
source. It's trivial to recreate if anybody actually needs it for
something.
Users needing to access remote podman can simply use the `podman` binary
present in existing images `quay.io/containers/podman`,
`quay.io/podman/stable`, etc.
Signed-off-by: Chris Evich <cevich@redhat.com>
For some reason this starting to flake f38. I don't think the issue in
podman rather the test start nc -l in the background so it may not yet
have bound the port in the container when we try to connect.
To fix this simply add some retry logic to nc.
While at it also add pasta to this test and make it use
defer-assertion-failures to run all loop iterations before reporting the
errors.
Fixes#21561 (hopefully)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
SSH uses 22 as default so it is really not necessary to require the
port. The backend code already does this but the parsing in the
frontend always tried to parse the port.
[NO NEW TESTS NEEDED] This would require actual remote host ssh setup in
CI so it is not possible to be check but I verified it locally.
Fixes https://issues.redhat.com/browse/RHEL-17776
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Simply because it's been a while since the last testimage
build, and I want to confirm that our image build process
still works.
Added /home/podman/healthcheck. This saves us having to
podman-build on each healthcheck test. Removed now-
unneeded _build_health_check_image helper.
testimage: bump alpine 3.16.2 to 3.19.0
systemd-image: f38 to f39
- tzdata now requires dnf **install**, not reinstall
(this is exactly the sort of thing I was looking for)
PROBLEMS DISCOVERED:
- in e2e, fedoraMinimal is now == SYSTEMD_IMAGE. This
screws up some of the image-count tests (CACHE_IMAGES).
- "alter tarball" system test now barfs with tar < 1.35.
TODO: completely replace fedoraMinimal with SYSTEMD_IMAGE
in all tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Sets up USB passthrough for machine. Additionally moves `SetOptions` out
from `pkg/machine/config.go` to its own file in
`pkg/machine/define/setopts.go`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Changes the signature for `getDefaultDevices` to take
a `vmconfigs.MachineConfig`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
