When adding the HOSTNAME environment variable, only do so if it
is not already present in the spec. If it is already present, it
was likely added by the user, and we should honor their requested
value.
Fixes#8886
Signed-off-by: Matthew Heon <mheon@redhat.com>
`KillMode=none` has been deprecated in systemd and is now throwing big
warnings when being used. Users have reported the issues upstream
(see #8615) and on the mailing list.
This deprecation was mainly motivated by an abusive use of third-party
vendors causing all kinds of undesired side-effects. For instance, busy
mounts that delay reboot.
After talking to the systemd team, we came up with the following plan:
**Short term**: we can use TimeoutStopSec and remove KillMode=none which
will default to cgroup.
**Long term**: we want to change the type to sdnotify. The plumbing for
Podman is done but we need it for conmon. Once sdnotify is working, we
can get rid of the pidfile handling etc. and let Podman handle it.
Michal Seklatar came up with a nice idea that Podman increase the time
out on demand. That's a much cleaner way than hard-coding the time out
in the unit as suggest in the short-term solution.
This change is executing the short-term plan and sets a minimum timeout
of 60 seconds. User-specified timeouts are added to that.
Fixes: #8615
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Ensure that infra containers for pods will grab default sysctls
from containers.conf, to match how other containers are created.
This mostly affects the other containers in the pod, which will
inherit those sysctls when they join the pod's namespaces.
Signed-off-by: Matthew Heon <mheon@redhat.com>
The existing code grabs the base container's process, and then
modifies it for use with the exec session. This could cause
errors in `podman inspect` or similar on the container, as the
definition of its OCI spec has been changed by the exec session.
The change never propagates to the DB, so it's limited to a
single process, but we should still avoid it when possible - so
deep-copy it before use.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Fix a race condition in the pull endpoint caused by buffered channels.
Using buffered channels can lead to the context's cancel function to be
executed prior to the items being read from the channel.
Fixes: #8870
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
so that the PIDFile can be accessed also without being in the rootless
user namespace.
Closes: https://github.com/containers/podman/issues/8506
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When running a privileged container and `SeccompProfilePath` is empty no seccomp profile should be applied.
(Previously this was the case only if `SeccompProfilePath` was set to a non-empty default path.)
Closes#8849
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
This change adds code to report the reclaimed space after a prune.
Reclaimed space from volumes, images, and containers is recorded
during the prune call in a PruneReport struct. These structs are
collected into a slice during a system prune and processed afterwards
to calculate the total reclaimed space.
Closes#8658
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
On Gentoo systems where `app-portage/gentoolkit` is installed the binary
`equery` is used to query for information on which package a file
belongs to.
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
The file `varlink_remote_client.md` has been removed in commit:
f62a356515e387b0bbcf1f08b4831d139c2039b7
Remove varlink support from Podman
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Per the conversation on pull/8724 I am consolidating filter logic
and helper functions under the pkg/domain/filters dir.
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
