We are hard coding mounts to return nil in compat API,
since we have the data, we should return it.
Fixes: https://github.com/containers/podman/issues/12734
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the --ipv6 flag to podman create/run and pod create. We support the
--network name:ip6=<ip> syntax now but for docker compat we should also
support the --ip6 flag.
Note that there is no validation if the ip is actually a v6 or v4 address
because the backend does not care either.
Fixes#7511
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For Status = "die", Docker sets the exit code of the container
to a field "exitCode". Podman uses "containerExitCode".
Copy the value into "exitCode" as well, for compatibility.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
- It probably doesn't actually make a difference: in experiments,
the github.com/containers/storage/pkg/stringid RNG initialization
has been happening later
- This makes the RNG caller-controlled (which we don't benefit from),
but also the same on all nodes of multi-process Ginkgo execution.
So, if it works at all, it may make collisions of random ID values
more likely, and our tests are not robust against that. So don't
go out of our way to make collisions more likely.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Separate the code that determines the directory and file prefix
from the code that chooses and applies a UUID; we will make the
second part more complex in a bit.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This test case is used for covering rhbz#1854566.
Replaces: #12220
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This test case is used for covering rhbz#1763007.
Replaces: #12221
Signed-off-by: Alex Jia <ajia@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use the same type of mounts for all the machine volumes.
The default could change in the future, depending on OS.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
There are other mount types available, such as NFS or SMB,
or one could use reverse sshfs for better compatibility.
It could either be a global option, or it could perhaps be
overridden for each volume (like the container volumes).
Refactor the creation of the options string or array.
Allow specifying the volume as read-only, if desired.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Allow using the built-in 9pfs feature of qemu,
mounting host directories into vm mountpoints.
The volumes are generic, the mounts are specific.
Wait for the machine to be "running", otherwise
the SSH function might throw an error instead.
Increase the default msize from 8 KiB to 128 KiB
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Added support for pod security options. These are applied to infra and passed down to the
containers as added (unless overridden).
Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit`
This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create
code and pod creation.
resolves#12173
Signed-off-by: cdoern <cdoern@redhat.com>
Following PR ensures that certs from `~/.config/containers/certs.d` or `~/.config/docker/certs.d`
are copied into the remote machine at `/etc/containers/certs.d/`
As a result on platforms like `macOS` where podman works with a remote
machine setup. User's local certs must be transferd to VM without any
plumbing needed by user.
[NO-NEW-TESTS-NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Use `sort-operations-alphabetically` to sort swagger operations
alphabetically
[CI:DOCS]
[NO-NEW-TESTS-NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Prodding bz #2024229 a little more, it turns out the service file is NOT
deleted when it is in a failed state (i.e the healtch check has failed
for some reason). The state must be reset before the service is stopped
on container removal and then the files will be removed properly.
BZ#:2024229
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.
This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component
Signed-off-by: cdoern <cdoern@redhat.com>
Some containers require certain user account(s) to exist within the
container when they are run. This option will allow callers to add a
bunch of passwd entries from the host to the container even if the
entries are not in the local /etc/passwd file on the host.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Clarify the semantics of the `io.podman.annotations.seccomp` annotation
which is set when a container has been created with a custom seccomp
profile.
Fixes: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
CRIU's pre-copy migration support relies on the soft dirty page tracking
in the Linux kernel:
https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt
This functionality is not implemented for all architectures and it can
also be turned off in the kernel.
CRIU can check if the combination of architecture/kernel/CRIU supports
the soft dirty page tracking and exports this feature checking
functionality in go-criu.
This commit adds an early check if the user selects pre-copy
checkpointing to error out if the system does not support it.
Signed-off-by: Adrian Reber <areber@redhat.com>
Fixes#11089 - cleanup PATH on MSI uninstall
Additionally fixes scenarios where the path can be overwritten by setx
Also removes the console flash, since the helper is built as a silent gui
Helper executable can be rerun by user to repair PATHs broken by other tools
Utilizes executable location instead of passed parameters to remove delicate escaping requirements
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
When Podman is running a container in private IPC mode (default), it
creates a bind mount for /dev/shm that is then attached to a tmpfs
folder on the host file system. However, checkpointing a container has
the side-effect of stopping that container and unmount the tmpfs used
for /dev/shm. As a result, after checkpoint all files stored in the
container's /dev/shm would be lost and the container might fail to
restore from checkpoint.
To address this problem, this patch creates a tar file with the
content of /dev/shm that is included in the container checkpoint and
used to restore the container.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
DevShmCheckpointTar constant has been recently introduced in
checkpointctl. This constant will be used in subsequent patch and this
patch contains auto-generated changes with the following commands:
go get github.com/checkpoint-restore/checkpointctl
go mod tidy
go mod vendor
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
