Mainly this fixes an issue of using /dev/zero for block device examples.
Also:
* fix section title;
* remove separate cgroup v2 and v1 examples, only leaving one;
* break long lines.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
In case something other than a block device is supplied, podman proceeds
to apply settings for a block device with the same minor:major.
For example, "--blkio-weight-device /dev/zero:123" (alas, this is taken
literally from podman-update(1) EXAMPLES section) sets blkio weight
for /dev/ram5. Instead, it should error out since /dev/zero is not a
block device.
Add an appropriate check.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Refactor these functions to
- avoid repetition of common code (mostly stat of block device path);
- perform early return if nothing is to be done;
- remove some excessive nesting.
It also improves some error messages.
This is a preparation for the next commit.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
changing the validate-in-container make target to use
quay.io/libpod/validatepr:latest. this allows `make validate` to run to
completion doing linting, ed's perl checks, and pre-commit.]
The image is now based on F42 `awk` is not part of the base image, so I added `awk`.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The prior version talked about potential access to DBus, but this is a
bogus warning: default OS setups do not bind DBus to localhost or to an
abstract Unix socket. It is possible that the original author was
thinking of CVE-2020–15257, which affected containerd's abstract Unix
socket; they fixed it by switching to a named socket, just as DBus
always (?) has done.
Signed-off-by: Warren Young <wyoung@tangentsoft.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This script is no longer used as the device mapper storage driver was
removed over a year ago.
Commit 60692ca already removed the build tag reference but not this
script which set a buildtag for it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Dynamically link sqlite3 when installed, the main motivation is that we
reduce the podman binary size with that. I see about 2.5 MB savings.
But also dynamically linking it means if there a vulnerabilities only
the sqlite3 distro package needs updating and we don't have to make a
new podman release with the vendored update.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The local-cross Make target has superceeded this old Make target and the
warning to not use it has been in place now for 4+ years.
Removing it to clean up the Makefile slightly.
Signed-off-by: Lewis Roy <lewis@redhat.com>
This exclusion has been there since the make target was added[1]. I wasn't
able to find the reason but this runs on Darwin today and is useful to
be able to run when you are developing bindings on a Mac.
[1] https://github.com/containers/podman/pull/8956
Signed-off-by: Lewis Roy <lewis@redhat.com>
'noatime' flag disables updates to file access times when files are read. This can reduce unnecessary writes and improve performance, especially in read-heavy workloads. Previously, tmpfs did not recognize the 'noatime' mount option and would return an error.
With this change, tmpfs now properly accepts and handles the 'noatime' option.
Fixes: #26102
Signed-off-by: Arthur Wu <lion811004@gmail.com>
It has not been in use since commit f218f8430a and should have been
removed there. It seems somehow it is causing a bug since our env file
is empty. In that case it triggers a segfault and since that happens
from within pam we are unable to login in any way.
I reported the issue[1] but because we don't need this just remove it so
we don't have to wait for a fix.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2370858
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Do not write /etc/environment.d files, something is broken in the new
image that causes the boot to fail when any basic var is set there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users of WSL images currently get podman from the copr rpm on the
release PR with Epoch: 102. This is a problem if the user is looking to
update the image with packages from official Fedora repos.
This commit limits Epoch: 102 to only the podman rpms on
rhcontainerbot/podman-next copr. All other rpms, including other copr
rpms, will use the default Epoch.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
podman system check --quick currently only skips layer contents, but
practically it's not much quicker than without the flag.
This changes the flag to also skip checking layer digests which speed up
the check significantly.
In some cases, it is useful to opt for a quicker check if we prioritize
detecting and fixing severe corruption and can tolerate minor damage.
The check option is derived from CRI-O's internal repair:
9e4d86d823/internal/lib/container_server.go (L860)
Signed-off-by: Sonny Sasaka <sonnysasaka@gmail.com>
