All API versions before version 1.44 are now deprecated,
starting with Docker client version 1.29 giving an error:
"API version 1.41 is not supported by this client"
Previously it was backward-compatible for more than 10 years,
with version 1.24 being the version in classic Docker 1.12.
It seems like API code changes were already added?
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Previously, `secret create` required stdin to be a pipe when using `-`,
blocking interactive stdin forcing users to use insecure patterns like
`echo "secret" | podman secret create <name>`.
Remove the pipe check to allow interactive stdin.
Closes#18591, #27879
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
The test for issue #19800 depended on finding a system user with an
octal UID. This approach was fragile because system users found on the
host may have a different UID in the testing image.
Use the rootless user ID instead which is likely to be octal anyway as
new user IDs start with 1000.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
I happened to run `podman run --config=/path/to/file` and got
an error without a trailing newline, which was a bit jarring.
Fix the instances I noticed.
Assisted-by: OpenCode (Claude Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
We do not use that package that we install for the test anyway and doing
this networking connection is causing heavy flakes at the moment.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It fails due selinux, it is unlcear why so I filled #27759 for now to
track that so we can get the image update merged.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There are two fields I'm worried about: shared namespaces and pod
containers. Both are generated via loops over maps and are thus
non-deterministic in ordering. Throw a sort on each to fix the
order so we can actually diff `podman pod inspect` output.
Signed-off-by: Matt Heon <mheon@redhat.com>
The code checks for isPathOnVolume and isPathOnMount so we can just use
the SecureJoin here directly to check for path existance.
Then instead of walking symlinks and trying to guess if they are on a
mount just assume if it is a link (path is different from the normal
joined one) then don't error out early and let the OCI runtime deal with
it. The runtime does produce a less readable error but it still fails
and we have much less fragile code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
MkdirAll can fail with EEXIST when the path is a symlink and the target
doesn't exist. As such we should ignore the error.
Note there is something fundemantal wrong here with the path access as
it is following the symlink to the host, however it is only for a
stat() so it is not an security issue here.
Fixes: 637c264e2e ("fix issues found by nilness")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds two fields to the output of `podman image list --format json`,
"Repository" and "Tag." Consequently makes the existing embedded field
"RepoTag" redundant, and in current implementation is always `nil`. Adds
`json:",omitempty"` to improve program output.
Fixes: #27632
Signed-off-by: givensuman <givensuman@duck.com>
Previously, using --secret=id=foo,env=BAR in remote mode would fail because the client sent the env var name to the server, which tried to resolve it locally. This patch modifies the client to resolve the environment variable locally, write it to a temp file, and send it as a file-based secret.
Fixes#27494
Signed-off-by: ZuhairM7 <ZuhairM7>
Signed-off-by: ZuhairM7 <zuhairmerali@gmail.com>
- Update documentation: Differentiate `unless-stopped` from `always` - containers stopped by the user before a reboot will not restart.
- Add `should-start-on-boot` filter: Identify containers that require a restart after a system reboot.
- Update command documentation: Add `restart-policy` and `label!` filters to the documentation for container commands (rm, ps, start, stop, pause, unpause, restart).
- Add `restart-policy` and `shoud-start-on-boot` to completions.
- Update service: Update `podman-restart.service` to use the `needs-restart=true` filter.
- Preserve state: Preserve the `StoppedByUser` state across reboots.
- Update API: Add a `ShouldStartOnBoot()` method to the Container API.
- Update documentation: Add descriptions for the `should-start-on-boot` filter.
Fixes: https://issues.redhat.com/browse/RHEL-129405
Fixes: https://github.com/containers/podman/issues/20418
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
By default, systemd sets a limit of how many times a service can start,
which means that if you have a healthcheck that runs more often than the
limits, systemd will refuse to start it with a message like "Start request
repeated too quickly." emitted to the journal.
Signed-off-by: Winter M <winter@antithesis.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
