It would be easier to diagnose OCI runtime errors if the error actually
had the name of the OCI runtime that produced the error.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
this commit fixes two bugs and adds regression tests.
when getting healthcheck values from an image, if the image does not
have a timeout defined, this resulted in a 0 value for timeout. The
default as described in the man pages is 30s.
when inspecting a container with a healthcheck command, a customer
observed that the &, <, and > characters were being converted into a
unicode escape value. It turns out json marshalling will by default
coerce string values to ut8.
Fixes: bz2028408
Signed-off-by: Brent Baude <bbaude@redhat.com>
We enforce the naming scheme "<podname>-<containername>" here [1].
Therefore we must not rename the pod in case of a naming conflict
between pod name and container name. Not renaming the pod increases the
usability for the user and easies scripting based on the name. Otherwise
a user must set some label to reliable find a pod after creation. Or
have to implement the renaming logic in the script.
[1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140Fixes#12722
Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
Commit 3c3fa6fac4 added a few test cases for the init containers.
The "podman ensure always init containers always run" implicitly assumes
that restarting a pod will take more than 1 second. When this assumption
is not met (because computers are fast!), we get a flake.
The fix (without using sleep) is to print nanoseconds in date output.
This format option (%N) is not supported by date in Alpine Linux, so
switch to Fedora.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Commit e1443fe05d added a test case that ran "date +%N" inside
a Fedora container (without actually using its output).
Commit ccc5bc167f changed that test case to use Alpine. Problem
is, %N is not supported by date in Alpine (it only prints a newline).
To eliminate the ambiguity, replace date with touch.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Fix handling of "bind" and "tmpfs" olumes to actually work.
Allow bind, tmpfs local volumes to work in rootless mode.
Also removed the string "error" from all error messages that begine with it.
All Podman commands are printed with Error:, so this causes an ugly
stutter.
Fixes: https://github.com/containers/podman/issues/12013
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the --ipv6 flag to podman create/run and pod create. We support the
--network name:ip6=<ip> syntax now but for docker compat we should also
support the --ip6 flag.
Note that there is no validation if the ip is actually a v6 or v4 address
because the backend does not care either.
Fixes#7511
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For Status = "die", Docker sets the exit code of the container
to a field "exitCode". Podman uses "containerExitCode".
Copy the value into "exitCode" as well, for compatibility.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
- It probably doesn't actually make a difference: in experiments,
the github.com/containers/storage/pkg/stringid RNG initialization
has been happening later
- This makes the RNG caller-controlled (which we don't benefit from),
but also the same on all nodes of multi-process Ginkgo execution.
So, if it works at all, it may make collisions of random ID values
more likely, and our tests are not robust against that. So don't
go out of our way to make collisions more likely.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Separate the code that determines the directory and file prefix
from the code that chooses and applies a UUID; we will make the
second part more complex in a bit.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This test case is used for covering rhbz#1854566.
Replaces: #12220
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This test case is used for covering rhbz#1763007.
Replaces: #12221
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Added support for pod security options. These are applied to infra and passed down to the
containers as added (unless overridden).
Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit`
This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create
code and pod creation.
resolves#12173
Signed-off-by: cdoern <cdoern@redhat.com>
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.
This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component
Signed-off-by: cdoern <cdoern@redhat.com>
Some containers require certain user account(s) to exist within the
container when they are run. This option will allow callers to add a
bunch of passwd entries from the host to the container even if the
entries are not in the local /etc/passwd file on the host.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint
resolves#11805
Signed-off-by: cdoern <cdoern@redhat.com>
When normalizing image names on the compat API, make sure to take the
`sha256:` prefix into account when matching against the image ID.
Otherwise, the name will mistakingly be subject to docker.io
normalization.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
