--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
This was added with an earlier exec rework, and honestly is very
confusing. Podman is printing an error message, but the error had
nothing to do with Podman; it was the executable we ran inside
the container that errored, and per `podman run` convention we
should set the Podman exit code to the process's exit code and
print no error.
Signed-off-by: Matthew Heon <mheon@redhat.com>
The error messages from the 'podman xxx --help' cross-check
test are unhelpful, and cause much wasted time when they trigger.
Solution: instead of using the built-in exit-status check
in run_podman, do an explicit check outside of run_podman.
This lets us die() with a custom, hopefully useful, message.
Signed-off-by: Ed Santiago <santiago@redhat.com>
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We no longer have to dance around the fact that the repo is named
"libpod" which simplifies the opening a bit. Also, refresh our
scope section and to-do section a bit.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The unit tests currently require running as root. This has caused some
confusion that justifies adding a root check to `make localunit` and
error out for non-root users instead of starting the tests deemed to
fail.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Part of this section was a code block, and part of it was absorbed into
the preceding normal paragraph.
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
Fallout from libpod->podman repo name move: the HTML logs
created by logformatter are no longer accessible. They
render as:
https://storage.googleapis.com/SECRET-5385732420009984-fcae48/artifacts/containers/podman/6313596734930944/html/integration_test.log.html
(yes, "SECRET" instead of "cirrus-ci". Possibly because
the GCE_SSH_USERNAME key, "cirrus-ci", was overzealously
encrypted, making Cirrus censor any instances of the
string in output. Let's see if this fixes it. But anyway
this is a secondary unrelated bug).
Reason: it looks like Cirrus "generated a new magic blob"
when we renamed libpod -> podman. Chris was kind enough to
locate the new magic blob and to give me a link to where
we can discover it ourselves. I added that as a code comment.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Some CI tests are flaking in the SELinux test, possibly because
there's a new variation of the "multiple devices" warning I hadn't
seen before:
WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null".
Solution: in remove_same_dev_warning(), remove "multiple" from
the match string.
Also: fix a Go test that wasn't cleaning up after itself. And
add an actual test to it, not just check-exit-status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The versions Docker that the compat endpoints currently support are
using another type for the `filters` parameter than later versions
of Docker, which the libpod/events endpoint is also using.
To prevent existing deplopyments from breaking while still achieving
backward compat, we now support both types for the filters parameter.
Tested manually.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Set the type of the podman.service to simple. This will correctly
report the status of the service once it has started. As a oneshot
service, it does not transition from the startup state to running.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
podman-api(1) does not exist, so set the man page to
podman-system-service(1). Same for the .socket.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Do not hard-set the registries.conf to `/etc/containers/registries.conf`.
Podman (and other c/image users) already default to it. However,
ordinary non-root users should still be able to use the configs in their
home directories which is now possible.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Do not set the killmode to process as it only kills the main process and
leaves other processes untouched. Just remove the line and use the
default cgroup killmode which will kill all processes in the service's
cgroup.
Fixes: #7021
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Remove the stop timeout from the unit. As unit does not specify any
stop command, the timeout is effectively 0 and a NOOP.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Fix a potential panic in the events endpoint when parsing the filters
parameter. Values of the filters map might be empty, so we need to
account for that instead of uncondtitionally accessing the first item.
Also apply a similar for race conditions as done in commit f4a2d25c0fca:
Fix a race that could cause read errors to be masked. Masking
such errors is likely to report red herrings since users don't
see that reading failed for some reasons but that a given event
could not be found.
Another race was the handler closing event channel, which could lead to
two kinds of panics: double close, send to close channel. The backend
takes care of that. However, make sure that the backend stops working
in case the context has been cancelled.
Fixes: #6899
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Symlink the user to the system services in `contrib/systemd`.
There is no diference between the services, so we can reduce
redundancy while not breaking downstream packages which might
already be referencing `./contrib/systemd/user`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When an image has no name/tag system df will
error because it tries to parse an empty name.
This commit makes sure we only parse non
empty names and set the repository and tag
to "<none>" otherwise.
Closes#7015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
