Mention that specified credentials are only used to authenticate against
target registries (e.g., during `pull` or `build`) and are not used to
authenticat against mirrors etc.
Closes: #17185
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Test has been flaking. Reason: container was run with -d, so
there's a small window in which podman-healthcheck ran on
a running container. Solution: remove -d
Signed-off-by: Ed Santiago <santiago@redhat.com>
Check the DELETE reports for both deletes. #18041 indicates that the
pod hasn't been removed which made me suspicious about the 1st delete.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The standard lib states that server handlers don't need to close the
body, so let's not do that to avoid any unforeseen side effect.
[NO TESTS NEEDED] - existing tests should suffice.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
I recently wanted to check which version of Quadlet I was using and
found a `-version` flag to be missing. Since Quadlet and Podman are
bundled together, it seems reasonable to me for them to share the same
version.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Purely cosmetic change for consistency.
[NO NEW TESTS NEEDED] as it doesn't change functionality.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This commit adds an quadlet option `Tmpfs` which can be used to mount a
tmpfs in the container.
Closes#17907
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
I made a change in c/common[1] to prevent duplicates in netns names.
This now causes problem in podman[2] where the rootless netns will no
longer work after the netns got invalid but the underlying path still
exists. AFAICT this happens when the podman pause process got killed and
we are now in a different user namespace.
While I do not know what causes this, this commit should make it at
least possible to recover from this situation automatically as it used
to be before[1].
the problem with that is that containers started before it will not be
able to talk to contianers started after this. A restart of the previous
container will fix it but this was also the case before.
[NO NEW TESTS NEEDED]
[1] https://github.com/containers/common/pull/1381
[2] https://github.com/containers/podman/issues/17903#issuecomment-1494169843
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
One of our oldest most frustrating flakes is #16091, "Timed
out waiting for BYE".
In #17489 we added some debug output to see if the problem
was a container hang of some sort. It does not seem to be
(see #17675), and the debug output makes it hard to read
failure logs, so let's remove it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the command along with the abi and tunnel support
Add e2e tests
Add man page
Add apiv2 test to ensure return codes
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
MSI Validation will fail if the process env is > 32k chars
Remove CIRRUS_COMMIT_MESSAGE and CIRRUS_PR_BODY which can easily exceed this limit
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
add a function to securely mount a subpath inside a volume. We cannot
trust that the subpath is safe since it is beneath a volume that could
be controlled by a separate container. To avoid TOCTOU races between
when we check the subpath and when the OCI runtime mounts it, we open
the subpath, validate it, bind mount to a temporary directory and use
it instead of the original path.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The podman kube generate command can now generate a
Deployment kind when the --ype flag is set to deployment.
By default, a Pod spec will be generated if --type flag is
not set.
Add --replicas flag to kube generate to allow users to set
the value of replicas in the generated yaml when generating a
Deployment kind.
Add e2e and minikube tests for this feature.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
