Users want to mount a tmpfs file system with secrets, and make
sure the secret is never saved into swap. They can do this either
by using a ramfs tmpfs mount or by passing `noswap` option to
a tmpfs mount.
Fixes: https://github.com/containers/podman/issues/19659
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when we stop a machine, we need to also stop the gvproxy process that is
running.
JIRA: RUN-1828
also, remove unused applehv function for ssh
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Include dependencies in rpm/podman.spec to make it easy for end users to
build podman from source. This way users can install all build
dependencies by running `dnf -y builddep rpm/podman.spec`.
This is not usually noticeable except on container environments where
man-db often isn't installed by default.
Refs:
https://github.com/containers/podman.io/issues/157https://github.com/containers/podman.io/pull/174
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When conmon is started it blocks and waits for us to signal it to start
via pipe. This works but when conmon exits before it waits for the start
message it causes podman to fail with `write child: broken pipe`. This
error is meaningless to podman users.
The real error is that conmon failed so we should not return early if we
fail to send the start message to conmon. Instead ignore the EPIPE error
case as it is safe to assume to the conmon died and for other errors we
make sure to kill conmon so that the following wait() call does not hang
forever. This also fixes problems with having conmon zombie processes
leaked as wait() was never called.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure the en_US.UTF-8 locale is available so that we can use it in
tests, namely "podman logs with non ASCII log tag succeeds with env".
It is already there in fedora (except container image but we cannot use
journald there anyway) so only do this for debian. I think it makes
most sense to move this into the image build process in the future to
only do it once at build time.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We need to actually check the output not just exit codes. While doing
this it was clear that the first test was not checking what it should
be so I had to remove the quotes from the arg.
Also this check did not work with remote testing at all, we must set the
env then restart the server as the env for conmon must be set on the
server obviously.
Also we can only match the conmon error messages on the local client.
Lastly this test requires the journald driver but we cannot use the in
container tests so skip it there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This changes /run to /var/run for .containerenv and secrets in FreeBSD
containers for consistency with FreeBSD path conventions. Running Linux
containers on FreeBSD hosts continue to use /run for compatibility.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
port Commit 55397de (cgroups: use SessionBusPrivateNoAutoStartup)
from cgroups.go to cgroups_linux.go
do not start up a dbus daemon if it is not already running.
[NO NEW TESTS NEEDED] the fix is in a dependency.
Signed-off-by: Joni Korhonen <joni.korhonen@gmail.com>
Switch man page to user USERID instead of UID, since UID environment
variable is set at login, and is not allowed to be changed.
UID=foobar
bash: UID: readonly variable
Fixes: https://github.com/containers/podman/issues/19646
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
IPv6 test has been hard-skipped for six months.
IPv4 test is flaking in Cirrus and hard-failing in Gating.
Absent a reliable way to test in CI and gating, and absent
a strong reason to test ICMP in pasta anyway, the solution
is simple.
Closes: #19612
Signed-off-by: Ed Santiago <santiago@redhat.com>
This just sets the flag in the runtime spec - the actual implementation
is in the OCI runtime.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Support a new concept in containers.conf called "modules". A "module"
is a containers.conf file located at a specific directory. More than
one module can be loaded in the specified order, following existing
override semantics.
There are three directories to load modules from:
- $CONFIG_HOME/containers/containers.conf.modules
- /etc/containers/containers.conf.modules
- /usr/share/containers/containers.conf.modules
With CONFIG_HOME pointing to $HOME/.config or, if set, $XDG_CONFIG_HOME.
Absolute paths will be loaded as is, relative paths will be resolved
relative to the three directories above allowing for admin configs
(/etc/) to override system configs (/usr/share/) and user configs
($CONFIG_HOME) to override admin configs.
Pulls in containers/common/pull/1599.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
container/common Config was recently updated to use FCOS
default names, since Windows HyperV backend needs them,
and these are common with other providers.
Map this to values the WSL backend expects.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
now that we have public hypverv fcos artifacts, we can download them
instead of requiring a special build.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
The git repo that was used for the example of a git build:
`podman build https://github.com/scollier/purpletest`
no longer exists. Someone reached out to @rhatdan about this
and he suggested using the Podman Hello World repo. However,
that didn't exist until a little bit ago, so I've updated
the man page with a pointer there. That should be a lot more
stable.
[NO NEW TESTS NEEDED]
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
