Remove the annotation from the umount command to make mount tests pass
and let podman-umount run as a non-root user.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
I realized that setting NetworkMode to private when we are making
a network namespace but not configuring it with CNI or Slirp is
wrong; that's considered `--net=none` not `--net=private`. At the
same time, realized that we actually store whether Slirp is in
use, so we can be more specific than just "default" and instead
say slirp4netns or bridge.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This one was a massive pain to track down.
The original symptom was an error message from rootless Podman
trying to make a container in a pod. I unfortunately did not look
at the error message closely enough to realize that the namespace
in question was the cgroup namespace (the reproducer pod was
explicitly set to only share the network namespace), else this
would have been quite a bit shorter.
I spent considerable effort trying to track down differences
between the inspect output of the two containers, and when that
failed I was forced to resort to diffing the OCI specs. That
finally proved fruitful, and I was able to determine what should
have been obvious all along: the container was joining the cgroup
namespace of the infra container when it really ought not to
have.
From there, I discovered a variable collision in pod config. The
UsePodCgroup variable means "create a parent cgroup for the pod
and join containers in the pod to it". Unfortunately, it is very
similar to UsePodUTS, UsePodNet, etc, which mean "the pod shares
this namespace", so an accessor was accidentally added for it
that indicated the pod shared the cgroup namespace when it really
did not. Once I realized that, it was a quick fix - add a bool to
the pod's configuration to indicate whether the cgroup ns was
shared (distinct from UsePodCgroup) and use that for the
accessor.
Also included are fixes for `podman inspect` and
`podman pod inspect` that fix them to actually display the state
of the cgroup namespace (for container inspect) and what
namespaces are shared (for pod inspect). Either of those would
have made tracking this down considerably quicker.
Fixes#6149
Signed-off-by: Matthew Heon <mheon@redhat.com>
I noticed a large number of searches for Varlink on the Github
page, and that the readme still called it out as our only
supported API. This updates the readme to remove links to Varlink
API documentation, and points to docs for the new HTTP API.
I also updated other parts to reflect the current direction the
project is taking (Podman v2 and the HTTP API).
Signed-off-by: Matthew Heon <mheon@redhat.com>
We were accidentally setting incorrect defaults for the network
namespace for rootless `pod create` when infra containers were
not being created. This should resolve that issue.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When compiling a Linux binary without ABISupport, default to use the
tunnel. The behaviour is expected in `podman-remote`.
Also set a default for the remote flag so `podman-remote` works OOB.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
it appears that the pod stats flake can be attributed to the fact that the container being run is not fully running when the stats call is made. because the stats call is in format of json, it fails when nil
Signed-off-by: Brent Baude <bbaude@redhat.com>
some small fix ups for binding tests and then make them required.
update containers-common
V2 bindings tests were failing because of changes introduced in commit
a2ad5bb.
Fix some typos.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added.
Signed-off-by: Brent Baude <bbaude@redhat.com>
If the first time you run podman in a user account you do a
su - USER, and the second time, you run as the logged in USER
podman fails, because it is not handling the tmpdir definition
in the database. This PR fixes this problem.
vendor containers/common v0.11.1
This should fix a couple of issues we have seen in podman 1.9.1
with handling of libpod.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Instead of being depended by docs, targets '.install.md2man' and
'docdir' should be depended by 'MANPAGES', or else the path
'docs/build/man' or 'GOMD2MAN' might not exist when it tries to
generate files in it.
This fixes a following build error:
| open docs/build/man/podman-volume-ls.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-volume-ls.1' failed
| make: *** [docs/source/markdown/podman-volume-ls.1] Error 1
| make: *** Waiting for unfinished jobs....
| open docs/build/man/podman-init.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-init.1' failed
Signed-off-by: Ming Liu <ming.liu@toradex.com>
The systemd unit test never ran in CI and was broken for various
reasons. Fix the test to execute Podman in systemd units and to also
run generated units files.
Note: more tests will be added in the future. The simple check for now
will prevent regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
