This also then bumps github.com/opencontainers/runtime-spec to v1.3.0
which contains breaking changes of the pid type as such we had to update
all the podman callers.
And tags.cncf.io/container-device-interface also used some changed
types from it and they have been updated in main so bump to the latest
commit there as well in order to get podman to compile properly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if users have legacy VMs (podman machines having hvsock registry entries
with the machineName field) when using podman with this patch, their
Registry entries will never be deleted by the functions added in
previous commits.
This commit adds a helper func to clean the Registry when these legacy
machines get removed
Signed-off-by: lstocchi <lstocchi@redhat.com>
Previously, each new HyperV Podman machine required creating new hvsock
registry entries, necessitating administrator privileges.
This change modifies the HyperV provider to reuse existing hvsock
entries if found. This is possible due to Podman's current
limitation of running only one HyperV machine at a time.
As a result, administrator privileges are only needed for the first initial
machine setup (when the registry is empty). Subsequent machines can be created by users in the
"Hyper-V Administrators" group without being Admin.
Hvsock entries are no longer deleted on each machine removal; cleanup
is handled when the last machine gets removed.
Signed-off-by: lstocchi <lstocchi@redhat.com>
In function rm variable `report` might be initialized as nil as a result
of call
`registry.ImageEngine().Remove(registry.Context(), args, imageOpts)`.
Then, there is a call `registry.SetExitCode(report.ExitCode)` without
explicit nil check before. Check `len(rmErrors) > 0` doesn't guarantee
that report is a non-nil value.
So such call may lead to nil deref.
This commit adds check `report` for nil before its dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
this commit moves the HasAdminRights func from the wsl package to a generic windows package as this could also be used by the HyperV provider.
Signed-off-by: lstocchi <lstocchi@redhat.com>
There is a couple of newGenericDecompressor function usages, where
returned possibly non-nil `err` is not checked before dereferencing
returned decompressor. It may lead to nil ptr dereferencing.
This commit adds check for `err` to prevent dereferencing potentially
nullable decompressor.
Found by Linux Verification Center (linuxtesting.org) with SVACE
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
When starting a machine and the user has not explicitly passed
-u=true|false AND stdin is a not a tty, we should not prompt to update
connections.
Fixes: #27556
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
Allows the validatepr container to fetch dependencies from GitHub
during validation by enabling host networking.
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove skip_if_rootless_cgroupsv1 call from quadlet tests since
cgroupsv1 is deprecated and no longer needs special handling
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Quadlets installed from `.quadlet` file now belongs to a single
application, anyone file removed from this application removes all the
other files as well.
Assited by: claude-4-sonnet
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Now that Podman 6.0 no longer supports Intel Macs, use libkrun as the
default machine provider.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This was not working when emulating Linux container images on FreeBSD.
The code to handle host devices on FreeBSD relies on the container
having a devfs mount. Unfortunately, the Linux emulation code which adds
this was happening after the host device handling. This changes the
logic so that host device management happens after Linux emulation.
Signed-off-by: Doug Rabson <dfr@rabson.org>
