In function rm variable `report` might be initialized as nil as a result
of call
`registry.ImageEngine().Remove(registry.Context(), args, imageOpts)`.
Then, there is a call `registry.SetExitCode(report.ExitCode)` without
explicit nil check before. Check `len(rmErrors) > 0` doesn't guarantee
that report is a non-nil value.
So such call may lead to nil deref.
This commit adds check `report` for nil before its dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
This didn't error check for mounted cgroups, only errored for rootless
cgroupsv1 containers. Safe to remove.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
While doing the provider obfuscation, I injected a regression where
podman ssh machine failed. The regression was added in
0f22c1c772. I have fixed the regression
and added a test to prevent future occurance.
Fixes: #27491
Signed-off-by: Brent Baude <bbaude@redhat.com>
This allows users to set the associated machine's system connection to the system default when running `podman machine init --now` or `podman machine start`. It also changes the default bbehavior of these commands in that the user will be prompted and asked if they would like to switch the system connection. It also introduces a command line switch called `--update-connection`. If the switch is unset, then the user will be prmpted. If the command value is explicitly set to `false`, the user will not be prompted and the system connection will not be altered. If the value is set to `true`, the system connection will be made the default and the user will not be prompted.
Fixes: https://issues.redhat.com/browse/RUN-3632
Signed-off-by: Brent Baude <bbaude@redhat.com>
A condition was changed in the refgactor of init where duplicate names would be allowed but no machine was created. Duplicate names are not permitted and should return an error.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add the ability for users to override the default provider when creating mahcines. The new flag is `--provider` and allows you to specifiy a valid vmtype for the platform. This PR also removes the previous list test where we tested listing all providers. I added a PR for testing --provider which includes a standard `machine ls` which defaults now to showing all providers.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This also includes a number of significant changes to the SQLite
state made possible by removal of the legacy DB.
1. Enable database unit tests for SQLite state, with numerous
tweaks to get tests passing. Most notable changes are to
container removal - where we previously didn't return an error
if there was no container to remove - and RemovePodContainers,
which I don't think ever worked properly from my reading of
the failures.
2. Removal of AddContainerToPod/RemoveContainerToPod. On SQLite,
these functions are identical to AddContainer/RemoveContainer
and there is no reason to retain duplicates.
3. Removal of SafeRewriteContainerConfig - it's identical to
RewriteContainerConfig in SQLite, no reason to have duplicate
entrypoints.
As an exciting side-note, this removes Podman's requirement that
containers and pods cannot share a name, which was a BoltDB
restriction only.
Signed-off-by: Matt Heon <matthew.heon@pm.me>
For Podman 6, we still have providers and will continue to have a default provider for each platform. But where a platform has multiple providers, we want users to be able to cross provider boudnaries imposed in Podman 4/5. The key change is to look up virtual machines by name, as before, but to then also iterate all possible providers. As of this PR, init will still only create with the default provider, but a subsequent PR will introdouce an provider override.
I also removed the "--all-providers" command line option on `podman
machine ls` because it no longer makes sense. And I marked the all
provider list test to be skipped.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Tremendous amount of changes in here, but all should amount to
the same thing: changing Go import paths from v5 to v6.
Also bumped go.mod to github.com/containers/podman/v6 and updated
version to v6.0.0-dev.
Signed-off-by: Matt Heon <mheon@redhat.com>
This change adds a .CreatedAt format option to the podman artifact ls
command to match the behavior of podman images --format CreatedAt.
The .Created field continues to display human-readable elapsed time
(e.g., '6 hours ago'), while the new .CreatedAt field displays the
full timestamp (e.g., '2025-10-23 12:34:56 +0000 UTC').
Changes:
- Refactored artifactListOutput struct to store time.Time value
- Added CreatedAt() method returning full timestamp string
- Added Created() method for human-readable duration
- Updated documentation to include .CreatedAt field
- Added e2e test for .CreatedAt format option
Generated-with: Cursor AI
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Many commands support the `--format` flag which accept a go template to
allow for formatting for certain values, but it is not
yet implemented for artifact inspect command.
Adding this feature will allow easy formatting in scripts as well as
running it on a terminal.
This feature is implemented for artifact inspect by taking reference
from images and network commands implementation.
Fixes: [#27112](https://github.com/containers/podman/issues/27112)
Signed-off-by: Akash Yadav <akashyadav256526@gmail.com>
Problem: While removing cgroupsv1 code, I noticed my neovim Go config
automatically changed fileperms to the new octal format and I didn't
want that polluting my diffs.
Decision: I thought it best to switch to the new octal format in a dedicated PR.
Action:
- Cursor switched to new octal format for all fileperm ocurrences in Go
source and test files.
- vendor/, docs/ and non-Go files were ignored.
- Reviewed manually.
Ref: https://go.dev/ref/spec#Go_1.13
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Skip directories on any error during /proc/sys traversal (race conditions,
permission denied, etc.) to provide partial completion results rather than
failing completely. Use filepath.WalkDir for better performance.
Fixes: #27252
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove unused 'name' parameter from ConvertPod and reorder ConvertContainer
parameters to match other Convert functions (unitFile, unitsInfoMap, isUser).
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This commit implements the --replace functionality for the artifact add command,
allowing users to replace existing artifacts without having to manually remove
them first.
Changes made:
- Add Replace field to ArtifactAddOptions entity types
- Add --replace CLI flag with validation to prevent conflicts with --append
- Implement replace logic in ABI backend to remove existing artifacts before adding
- Update API handlers and tunnel implementation for podman-remote support
- Add comprehensive documentation and examples to man page
- Add e2e and system BATS tests for --replace functionality
- Fix code formatting in pkg/bindings/artifacts/types_pull_options.go:
* Reorder imports with proper spacing
* Fix function declaration spacing
* Convert spaces to proper tab indentation
* Remove extraneous blank lines
The --replace option follows the same pattern as other podman replace options
like 'podman container create --replace' and 'podman pod create --replace'.
It gracefully handles cases where no existing artifact exists (no error thrown).
Usage examples:
podman artifact add --replace quay.io/myimage/artifact:latest /path/to/file
podman artifact add --replace localhost/test/artifact /tmp/newfile.txt
Fixes: Implements requested --replace functionality for artifact add command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The 'name' parameter was unused in both ConvertNetwork and ConvertVolume functions.
Remove the parameter entirely and update all function calls accordingly.
This fixes revive linter warnings:
- pkg/systemd/quadlet/quadlet.go:961:47: unused-parameter: parameter 'name' seems to be unused
- pkg/systemd/quadlet/quadlet.go:1050:45: unused-parameter: parameter 'name' seems to be unused
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
