With Podman v2.0, we broke (or thought we were going to break)
using `--privileged` with `--group-add` and `--security-opt`
(specifically using `--security-opt` for SELinux config).
Signed-off-by: Matthew Heon <mheon@redhat.com>
Reversion of one part of #6679: my handling of 'realpath'
would not work when $PODMAN is 'podman-remote --url etc'.
Trying to handle that case got unmaintainable; so instead
let's just force 'make {local,remote}system' to invoke
with a full PODMAN path. This breaks down if someone
runs the tests with a manual 'bats' invocation, but I
think I'm the only one who ever does that.
Since podman path will now be very long in the logs,
add code to logformatter to abbreviate it like we do
for the ginkgo logs.
And, one thing that has bugged me for a long time:
in the error logs, show a different prompt ('#' vs '$')
to distinguish root vs rootless. This should make it
much easier to see at-a-glance whether a log file
is root or not. Add tests for it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Disable the args requirement of `image load`. Instead of requiring a
lower bound, we really need an upper one with at most 1 argument.
Extend the system tests to prevent future regressions.
Fixes: #6718
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
- rm: confirm 'rm' and 'rm -f' on running container
- build: shotgun test of workdir, cmd, env, labels
The new build test cd's to a temporary directory, which broke
test invocations using a relative path (./bin/podman). Added
code to detect relative paths and convert them to absolute.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The `--privileged` flag does not conflict with `--group-add`
(this one was breaking Toolbox) and does not conflict with most
parts of `--security-opt` (this was breaking Openstack).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This was lost during the Podman 2.0 migration. Turns out to be a
very easy fix, fortunately - we want to use the environment var
if not explicitly overridden.
Fixes#6705
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Support both `last` and `limit` for in the containers listing endpoint.
We intended to use `limit` which is also mentioned in the docs, but the
implementation ended up using `last` as the http parameter; likely being
caused by the CLI using `--last`. To avoid any regression, we decided
for supporting both and aliasing `last`.
Fixes: #6413
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Recent versions of libpod use features from github.com/pkg/errors
that are only available when building with go 1.13 or newer.
Closes#6708
Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
This incorporates code from PR #6591 and #6614 but does not use
event channels to detect container state and rather uses timers
with a defined wait duration before calling t.StopAtEOF() to
ensure the last log entry is output before a container exits.
The polling interval is set to 250 milliseconds based on polling
interval defined in hpcloud/tail here:
https://github.com/hpcloud/tail/blob/v1.0.0/watch/polling.go#L117
Co-authored-by: Qi Wang <qiwan@redhat.com>
Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
This will allow containers that connect to the network namespace be
able to use the container name directly.
For example you can do something like
podman run -ti --name foobar fedora ping foobar
While we can do this with hostname now, this seems more natural.
Also if another container connects on the network to this container it
can do
podman run --network container:foobar fedora ping foobar
And connect to the original container,without having to discover the name.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
