When sourcing from an image, we need to grab its entrypoint first
and then add command on to mimic the behavior of Docker.
The default Kube pause image just sets ENTRYPOINT, and not CMD,
so nothing changes there, but this ought to fix other images
(for example, nginx would try to run the pause command instead of
an nginx process without this patch)
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The logic of deleting and recreating /etc/hosts and
/etc/resolv.conf only makes sense when we're the one that creates
the files - when we don't, it just removes them, and there's
nothing left to use.
Fixes#2602
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
I was seeing some segfaults where image config was being passed
as nil, causing a nil dereference segfault. Fix the apparent
cause and add some safety fencing to try and ensure it doesn't
happen again.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
It also causes conflicts with CRI-O packages.
Also, change the path on seccomp.json so it lives in /usr/share
by default, with everything else.
Fixes#2596
Signed-off-by: Matthew Heon <mheon@redhat.com>
Trying to remove circular dependencies between libpod and buildah.
First step to move pkg content from libpod to buildah.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We have some bug reports about people moving containers storage to new
directories and this troubleshooter should help them fix this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the pod infra container is overriden, we want to run the entry point of the image, instead of the default infra command. This allows users to override the infra-image with greater ease.
Also use process environment variables from image
Signed-off-by: Peter Hunt <pehunt@redhat.com>
a series of improvements to our ginkgo test framework so we can
get better ideas of whats going on when run in CI
Signed-off-by: baude <bbaude@redhat.com>
we use "podman info" to reconfigure the runtime after a reboot, but we
don't propagate the error message back if something goes wrong.
Closes: https://github.com/containers/libpod/issues/2584
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if an input YAML file lacks securitycontext and working dir for
a container, we need to be able to handle that. if no default for
working dir is provided, we use a default of "/".
fixes issue #2209
Signed-off-by: baude <bbaude@redhat.com>
When doing environment variable substitution, we need to make sure
$PWD is replaced with the current working directory.
fixes issue #2171
Signed-off-by: baude <bbaude@redhat.com>
Podman has no concept of a "restarting" container - such a
container is just transitioning from running to stopped and
then back to running through our ordinary state machine.
As such, filtering "restarting" containers doesn't work and does
nothing.
Also, make "stopped" containers show as exited - this is a
momentary state we transition to before proper exited.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Currently in podman if a user specifies a command that does not exist
the tool shows the help information. This patch changes it to show
information like:
$ ./bin/podman foobar
Error: unrecognized command 'podman foobar'
Try 'podman --help' for more information.
$ ./bin/podman volume foobar
Error: unrecognized command `podman volume foobar`
Try 'podman volume --help' for more information.
$ ./bin/podman container foobar
Error: unrecognized command `podman container foobar`
Try 'podman container --help' for more information.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
...caught by hack/podman-commands.sh script. Which had a little
buglet, which I fixed: add a special case for 'help', which
neither has nor needs a man page.
I believe the podman-commands.sh script is ready to be run in CI,
hint hint.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- document a recommended convention for fail-fast tests
- document the requirement for jq. (And, add a fail-fast
test for its presence; remove the duplicated checks
in subtests)
- add further sanity checks to 'help' test. Add missing
documentation. Remove a no-longer-needed workaround for
usage-message bug fixed in #2486
- add a documented TEMPLATE
- and, since we're at 1.1, enable 'Remote API' check in
version test
- better diagnostics in setup/teardown; add vim filetype hint;
better formatting of actual-vs-expect errors
- new pod-top, logs, build tests
- improve error messages
- add $IMAGE alias for ridiculous $PODMAN_TEST_IMAGE_FQN
- final cleanup, in prep for merge
Signed-off-by: Ed Santiago <santiago@redhat.com>
Initial attempt at writing a framework for podman system tests.
The idea is to define a useful set of primitives that will
make it easy to write actual tests and to interpret results
of failing ones.
This is a proof-of-concept right now; only a small number of
tests, by no means comprehensive. I am requesting review in
order to find showstopper problems: reasons why this approach
cannot work. Should there be none, we can work toward running
these as gating tests for Fedora and RHEL8.
Signed-off-by: Ed Santiago <santiago@redhat.com>
when we are creating a container that depends on another one, be sure
we also join its mount namespace in addition to the user namespace.
Closes: https://github.com/containers/libpod/issues/2556
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
it is not enough to join the user namespace where the container is
running. We also need to join the mount namespace so that we can
correctly look-up inside of the container rootfs. This is necessary
to lookup the mounted /etc/passwd file when --user is specified.
Closes: https://github.com/containers/libpod/issues/2566
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In the previous version I forgot to add the fds to preserve into
AdditionalFiles. It doesn't make a difference as the files were still
preserved, but this seems to be the correct way of making it
explicit.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
