The intention of --read-only-tmpfs=fals when in --read-only mode was to
not allow any processes inside of the container to write content
anywhere, unless the caller also specified a volume or a tmpfs. Having
/dev and /dev/shm writable breaks this assumption.
Fixes: https://github.com/containers/podman/issues/12937
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Re-names HyperV function that was copied from the applehv
implementation and not changed. Makes the function a method of
`HyperVMachine`.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Lock the machine when stopping, removing or changing its attributes to
make sure write accesses are serialized which should prevent a number of
issues and inconsistencies reported.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This shares code with 'container top' which runs ps on the host,
filtering for the containers that are part of the pod.
(*Container).jailName is modified to take into account the possiblity
that the container is in a pod - this also fixes stats reporting for
pods on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Create a new GitHub Action that builds and signs the Mac pkginstaller. The action also uploads the installers to the release, and updates the shasums file.
This action is triggered on release creation, but it can also be triggered manually via a workflow dispatch.
Signed-off-by: Ashley Cui <acui@redhat.com>
In certain cases REGISTRY_AUTH_FILE is set but the auth file
does not exists yet, do not throw error unless user specified
a file directly using --authfile.
Fixes: https://github.com/containers/podman/issues/18405
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Some issues reported in the podman github project contains a
question instead of a bug report or feature request. Make it
easier for users to find a place to ask questions.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Breaks some of the code in QEMU's `VirtProvider` implementation located
at `pkg/machine/qemu/config.go` into its own functions. Aids in
improving the readability of the code.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Lock the VM on start. If the machine is in the "starting" state we know
that a previous start has failed and guide the user into resolving the
issue.
Concurrent starts will busy wait and return the expected "already
running" error.
NOTE: this change is only looking at the start issue (#18662). Other
commands such as stop and update should also lock and will be updated
in a future change. I expect the underlying issue to apply to all
machine providers, not only QEMU. It's desirable to aim for extending
the machine interface to also allow to `Lock()` and `Unlock()`. After
acquiring the lock, the VM should automatically be reloaded/updated.
[NO NEW TESTS NEEDED]
Fixes: #18662
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
On FreeBSD, config.Spec.Linux and config.Spec.Process.Capabilities are
nil pointers so this just avoids dereferencing these pointers in that
case.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
HPC Community asked for this support specifically for using GPUs
within containers. Nvidia requires the correct shared library to
to be present in the directory that matches the device mounted
into the container. These libraries have random suffixes based
on versions of the installed libraries on the host.
podman run --mount type=glob:src=/usr/lib64/nvidia\*:ro=true. This helps
quadlets be more portable for this use case.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use "--wait" flag in "systemd start" for a one-shot container.
Should fix a CI failure I've been seeing sporadically, in which
the --==VALUE==-- string is not seen in journal.
Signed-off-by: Ed Santiago <santiago@redhat.com>
If a user puts a quadlet file in his homedirectory with
the same name as one in /etc/containers/systemd/user or
/etc/containers/systemd/user/$UID, then only use the one in
homedir and ignore the others.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
BATS 1.8.0 introduces tags: metadata that can be applied to
a single test or one entire file, then used for filtering
in a test run.
Issue #19299 introduces the possibility of using OpenQA
for podman reverse dependency testing: continuous CI on
all packages that can affect podman, so we don't go two
months with no bodhi builds then get caught by surprise
when systemd or kernel or crun change in ways that break us.
This PR introduces one bats tag, "distro-integration".
The intention is for OpenQA (or other) tests to install
the podman-tests package and run:
bats --filter-tags distro-integration /usr/share/podman/test/system
Goal is to keep the test list short and sweet: we do not
need to test command-line option parsing. We *DO* need to
test interactions with systemd, kernel, nethack, and other
critical components.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The default socat timeout is 0.5 seconds.
Make the socket-activate-echo example in socket_activation.md
more robust by increasing the socat timeout.
Fixes: https://github.com/containers/podman/issues/19373
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
go-md2man is fragile, especially around tables (#18678, #19278).
Podman man pages are finely tuned to look OK using v2.02, which
is what we vendor in test/tools, so we should really use it
instead of whatever is installed on the system.
This fixes 'make docs' on RHEL8, broken as of #19278.
Signed-off-by: Ed Santiago <santiago@redhat.com>
A small number of tests are assuming that TMPDIR == /tmp. These
tests fail when that assumption does not hold.
Set TMPDIR=/var/tmp on prior-fedora, as a way to catch those.
/dev/shm would be a slightly better choice, because the
string "tmp" does not appear it in, but it's way too
small to be of any use: it fills up in the e2e prefetch.
This PR exposed a nasty bug in our Makefile: using "TMPDIR"
as temporary variable completely unrelated to (and inconsistent
with) the actual established use of TMPDIR. Solution: rename
that variable and make it lower case. Do the same with two
other ALL-CAP variables.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Quick followup to #19348:
- refactor into table form, for legibility
- add tests for 'podman kube play' and 'podman run'
- slightly cleaner message on failure
Signed-off-by: Ed Santiago <santiago@redhat.com>
We'd otherwise emit the start event much after the actual start of the
container when --sdnotify=healthy. I missed adding the change to commit
0cfd12786fd1.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
