This is one of the breaking changes in Podman 5.0: removing the
ability to create new instances of the old Bolt database. This
does not remove support for the database entirely, as existing
Bolt databases will still be usable, but all new installs will
use SQLite after this point - if Bolt is forced by config, we'll
just error.
We don't have plans to outright remove the Bolt code. If that
were to happen, it'd be Podman 6.0 at least, and a significant
enough change it'd warrant a lot of discussion and planning. We
do intend to start winding down support of BoltDB, though, and
new features may be added only to SQLite from here on.
I have added an escape hatch via an undocumented environment
variable that allows us to continue testing BoltDB in CI (and, if
necessary, locally) but I don't want this to be used for any
purpose except continued testing of the old DB to ensure we don't
break it.
Signed-off-by: Matt Heon <mheon@redhat.com>
Some OCI runtimes (cf. [1]) may tolerate container images that don't
specify an entrypoint even if no entrypoint is given on the command
line. In those cases, it's annoying for the user to have to pass a ""
argument to podman.
If no entrypoint is given, make the behavior the same as if an empty ""
entrypoint was given.
[1] https://github.com/containers/crun-vm
Signed-off-by: Alberto Faria <afaria@redhat.com>
While this is potentially a security problem, it solves the issues of
users sharing content from the host into containers and attempting to
relabel it. From a security point of view this means all content volume
mounted from the host into the podman machine on apple hypervisor is
read/write from an SELinux point of view if it is volume mounted into
the container. If the user attempts to use :Z or :z it will work and
relabel the content to be only usable bu the specify container.
Helps Fix: https://github.com/containers/podman/issues/21269
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`getRuntimeDir()` (which is also responsible for creating TMPDIR if it doesn't exist) was being called on `Init()` but not on `Start()` which meant that after the host was restarted and TMPDIR was wiped, `startHostNetworking()` would try to start gvproxy and immediately bail.
Signed-off-by: kaorihinata <kaori.hinata@gmail.com>
New CI validation check: all keys in quadlet.go must be
documented at least once in podman-systemd.unit.5.md.
Adding '// deprecated' next to an enum definition will
exclude said key from the documentation cross-checks.
And, because the md file lists keys in both table and block
form, make sure those all match.
And make sure everything is sorted in lexical order, in
both .go source and in man page.
And add a validation check to make sure it stays that way.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- A number of keys had a "Network" prefix, for historical reasons
that never panned out ("KeyNetworkGateway"). Remove that prefix
and remove the two duplicates.
- Three RemapXXX keys were mismatched in case ("UID" vs "Uid").
Make those consistent.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This avoids nil pointer exceptions in the subsequent code that tries to access the runtimeSpec returned from SpecGenToOCI.
[NO NEW TESTS NEEDED]
Signed-off-by: Sebastian Mosbach <sm453@cam.ac.uk>
