Registers a rootless and rootful socket underneath /mnt/wsl/podman-sockets/[machine name]/
This allows podman remote clients on other Linux distributions to access podman.
This also registers the podman root socket under the wheel group, to allow for rootful
linking against /var/run/docker.sock, a use case expected by some clients and APIs.
While this is not recommended practice on a Linux host, a WSL guest is user-isolated
and already enables escalation trivially.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Do not close a notifyproxy more than once. Also polish the backend a
bit to reflect ealier changes from commit 4fa307f.
Fixes: #19715
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This reverts commit 7e0130f75cc27ae32d8843a8be8d2588aa2dcee9.
It broke CI, not just on podman but on Buildah too. Buildah bud
tests require the hello subdirectory.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The performance issue in #19467 drove me to add a benchmark for
system-df to avoid regressing on it in the future.
Comparing current HEAD to v4.6.0 yields
```
/home/vrothberg/containers/podman/bin/podman system df ran
201.47 times faster than /usr/bin/podman system df
```
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Kubernetes supports expanding $(FOOBAR) as environment variables within
the kube.YAML. When using podman kube play, we need to do the same, for
supporting these YAML files.
Fixes: #15983
Signed-off-by: Chee Hau Lim <ch33hau@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a regression for #18052.
When podman ignores the resource limits, s.ResourceLimits needs to be
nil.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Paul found logic errors in my earlier code for finding processes and
sending signals. Some of the logic errors are associated with how
methods behave on different operating systems. Created a darwin and
linux approach and a windows approach.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
This reverts commit f0e8e79c97361df3a9408d665237f08f6a88e96e.
This is intentional, it was needed for testing. See
Signed-off-by: Chris Evich <cevich@redhat.com>
This commit limits the blast-radius should the workflow fail
catastrophically. It also instruments the workflow with a job-level
test-failure to trigger a notification mail. This commit should be
reverted once the workflow is deemed functional.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rewrite the auto-update man page. It was quite dusty and out-dated as
it was not mentioning Quadlet at all. At times it was too verbose about
internal implementation details that users shouldn't need to worry
about.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fixes a bug where `podman kube play` fails to set a container's Umask
to the default 0022, and sets it to 0000 instead.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
The lowercase `and` in the License field isn't compatible with spdx
license format.
This commit replaces all `and` with `AND` in the License field in spec.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
While only leveraged by the WSL backend, this commit also adds core
infrastructure for all other backends for future enhancement.
- Adds a common port cross backend allocation registry to prevent duplicate
assignment across multiple machine instances
- Introduces logic in Start() that detects OS port conflicts and scans for a
viable replacement port
- Updates connection definitions and server configuration accordingly
- Utilizes a coordinated file lock strategy to prevent racing overwrites of port
and connection registries
- WSL backend coordinates locking for containers.conf until a future common
enhancement exists to replace it
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
