Updated helper function "find_exec_pid_files" and called it the "podman exec - leak check" test.
Fixes: #26616
Signed-off-by: Craig Spencer <craig.spencer812@gmail.com>
Prevent `podman volume export` from showing raw tar contents directly to the terminal (STDOUT). If not redirected and without output flag, error message is expected.
Fixes: #26506
Signed-off-by: Arthur Wu <lion811004@gmail.com>
I noticed recently when I made a typo that then auto-update errored but
it did not tell me which container was incorrect so I had to check all
containers myself. Include the container ID in the error to make it
clear which container has the issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For currently version of journalctl, --user option only works when
the persistent storage is enabled. So we need to check this option
before we use it. Otherwise a set of tests will failed with can
not find expected output from journalctl with rootless user.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
When generating Conmon's command line, we read containers.conf to
get log_size_max and used it if the container didn't override it.
However, `podman inspect` only reads from the container's own
config, and ignores containers.conf. Unify the way we determine
maximum log size with a single function and use it for both
inspect and containers.conf, and add a test for this behavior.
Fixes https://issues.redhat.com/browse/RHEL-96776
Signed-off-by: Matt Heon <mheon@redhat.com>
Unfortunately on a number of occasions, Podman has been released
officially with a `-dev` suffix in the version number. Assist in
catching this mistake at release time by the addition of a simple
conditional test. Note that it must be positively enabled by a
magic env. var. before executing the system tests.
Also (thanks to @lsm5) update the TMT test to trigger the new
condition for future Fedora releases.
Signed-off-by: Chris Evich <cevich@redhat.com>
For unknown reasons systemd-resolved sometimes responds with NXDOMAIN
instead REFUSED which it seems to use by default for a local name
without domain part. So the fact that this works at all right now is
super weird.
In any case we just want to make sure the name did not get resolved so
allow both here to fix the flake.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to target the most recently created container with
`podman update --latest` (short `-l`). The same option already exists
on many other commands, so this brings update in line with the rest of
the CLI and saves users from typing or looking up the newest container.
Fixes: #26380
Signed-off-by: Hayato Kihara <kai.21banana@gmail.com>
As with `volume export`, this was coded up exclusively in cmd/
instead of in libpod. Move it into Libpod, add a REST endpoint,
add bindings, and now everything talks using the ContainerEngine
wiring.
Also similar to `volume export` this also makes things work much
better with volumes that require mounting - we can now guarantee
they're actually mounted, instead of just hoping.
Includes some refactoring of `volume export` as well, to simplify
its implementation and ensure both Import and Export work with
readers/writers, as opposed to just files.
Fixes#26409
Signed-off-by: Matt Heon <mheon@redhat.com>
The field allows users to specify a custom stop signal (e.g., SIGUSR1) per container.
If defined, it overrides the default stop signal (SIGTERM) or that defined in the image metadata.
Fixes: #25389
Signed-off-by: Arthur Wu <lion811004@gmail.com>
A recent pasta update changed the selinux rules and we now run pasta
under pasta_t and no longer the container_runtime_t type. The pasta type
has much stricter type rules on what the file we hand it must be
labelled. This test tries to mount the runroot which gets relabeled with
the container_file_t type but that means pasta can no longer access its
pid file we give it. To fix this test here simply mount a subdir.
see #26473
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add ExitPolicy key to pod quadlets with logic to default to stop.
Docs updated with clarifcation on default value and usage example.
Simple assert added to bats to verify default constraint exists.
Changed argument order in ginkgo basic pod unit test
Signed-off-by: Neil Bailey <nbsp@nbailey.net>
they allow to override the owner of the volume. Differently from
-o=uid= and -o=gid= they are not passed down to the mount operation.
Closes: https://issues.redhat.com/browse/RHEL-76452
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Previously, our approach was to inspect the volume, grab its
mountpoint, and tar that up, all in the CLI code. There's no
reason why that has to be in the CLI - if we move it into
Libpod, and add a REST endpoint to stream the tar, we can
enable it for the remote client as well.
As a bonus, previously, we could not properly handle volumes that
needed to be mounted. Now, we can mount the volume if necessary,
and as such export works with more types of volumes, including
volume drivers.
Signed-off-by: Matt Heon <mheon@redhat.com>
An artifact without the title annoation just gets the digest as name
which is less than ideal. While it is a decent default to avoid
conflicts users would like to configure the name.
With the name=abc option we will call the file abc in case of a signle
artifact and otherwise we use abc-x where x is the layer index starting
at 0 to avoid conflicts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the artifact has a single blob then use the dst path directly as
mount in case it does not exist.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
