As requested in containers/podman/issues/20000, add a `privileged` field
to the containers table in containers.conf. I was hesitant to add such
a field at first (for security reasons) but I understand that such a
field can come in handy when using modules - certain workloads require a
privileged container.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history. This is especially important on newly created
release-branches, which may begin with content from who-knows-where.
Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line. Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also, de-duplicate power-shell variables and functions as they're
beginning to sprawl. This does not completely address all duplicates,
mainly those involved in the podman-machine CI workflow. So,
nothing under `contrib/win-installer` has been touched.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
Creates a wrapper around the Qemu command line implementation to prevent
the need to hard-code the different command line options in Init and
Start.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This reverts commit 5b990c3835ac167cc7f5b51fae3f719edf031965.
PR #19994
Causes wsl nsenter script to infinitely loop in standard operation
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
We don't have a successful rhel build of gvforwarder so far on the
podman-next copr, so any RHEL users of podman-next will have trouble
installing podman if it's a gvforwarder is a hard dep.
Switching gvforwarder to a Recommends until that's resolved.
The ELN environment is an exception as it gets dependencies updated a
lot quicker.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Update the docs for the DELETE libpod/kube/play endpoint
to mention the resources removed when ran.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The link for podman-hello.png was replaced with a textual representation but a dangling pointer to dead link was still present. This PR removes the dead link to avoid hitting 404.
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
This reverts commit 170a78631b4b0a0e5963e860cc3c3b297b4a7d09.
This was a breaking change and users are hitting it,
see https://github.com/containers/podman/issues/19565Fixes#19565
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman server logs are mostly full of healthcheck output, making them hard to navigate. Hence, made healthcheck service to run with LogLevelMax=notice, this would remove the normal output, inclusive the started/stopped messages from systemd itself.
Fixes#17856
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
When we walk the /dev tree we need to lookup all device paths. Now in
order to get the major and minor version we have to actually stat each
device. This can again fail of course. There is at least a race between
the readdir at stat call so it must ignore ENOENT errors to avoid
the race condition as this is not a user problem. Second, we should
also not return other errors and just log them instead, returning an
error means stopping the walk and returning early which means inspect
fails with an error which would be bad.
Also there seems to be cases were ENOENT will be returned all the time,
e.g. when a device is forcefully removed. In the reported bug this is
triggered with iSCSI devices.
Because the caller does already lookup the device from the created map
it reports a warning there if the device is missing on the host so it
is not a problem to ignore a error during lookup here.
[NO NEW TESTS NEEDED] Requires special device setup to trigger
consistentlyand we cannot do that in CI.
Fixes https://issues.redhat.com/browse/RHEL-11158
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since wsl --version triggers help, which triggers an error code,
use that instead of text detection.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
