Be specific that the `-v` flag only affects RUN instructions. The
previous wording left it ambiguous, and people might have concluded that
it applied to ADD and COPY as well.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When committing containers to create new images, accept a container
config blob being passed in the body of the API request by adding a
Config field to our API structures. Populate it from the body of
requests that we receive, and use its contents as the body of requests
that we make.
Make the libpod commit endpoint split changes values at newlines, just
like the compat endpoint does.
Pass both the config blob and the "changes" slice to buildah's Commit()
API, so that it can handle cases where they overlap or conflict.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Followup to #20797 (defer assertion failures). The bail-now()
helper was being defined only in setup() ... and some tests,
particularly 001-basic.bats, define their own minimalist setup().
Symptom was "bail-now: command not found", which still caused
test to fail (so no failures were hidden) but led to concern
and wasted time when analyzing failures.
Solution: add one more definition of bail-now(), in outer scope.
There is still one pathological case I'm not addressing: a
bats file that defines its own teardown() which does not invoke
basic_teardown(), then has a test that runs defer-assertion-failures
without a followup immediate-assertion-failures. This would lead
to failures that are never seen. Since teardown() without basic_teardown()
is invalid, I choose not to worry about this case.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixed a bug where `podman machine rm -f` would cause a deadlock when
running with WSL.
The deadlock is caused by the Remove() function calling the Stop()
function after Remove() locks the VM. Stop() also has a lock call, which
fails and deadlocks because Remove() already claimed lock. Fix this by
moving the stop call before the lock
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Only one process can write to the sqlite db at the same time, if another
process tries to use it at that time it fails and a database is locked
error is returned. If this happens sqlite should keep retrying until it
can write. To do that we can just set the _busy_timeout option. A 100s
timeout should be enough even on slower systems but not to much in case
there is a deadlock so it still returns in a reasonable time.
[NO NEW TESTS NEEDED] I think we strongly need to consider some form of
parallel stress testing to catch bugs like this.
Fixes#20809
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In FreeBSD-14.0, it is possible to configure a jail's network settings
from outside the jail using ifconfig and route's new '-j' option. This
removes the need for a separate jail to own the container's vnet.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Two newly-added tests, fail in gating:
- system connection: difference in how sockets are set up
between CI and gating
- ulimit: gating seems to run with ulimit -c -H 0. Check, and
skip if ulimit is less than what we need
Signed-off-by: Ed Santiago <santiago@redhat.com>
When a new API call is added to the bindings we should guard it based on
the version and throw a useful error. Right now an old server that does
not implement a given endpoint would throw a "NOT FOUND" error which is
not good for callers.
Instead implement a custom error type to give a usefule error instead.
This allows bindings users to call errors.As() to know if they call and
to old version.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When InitialDelaySeconds in the kube yaml is set for a helthcheck,
don't update the healthcheck status till those initial delay seconds are over.
We were waiting to update for a failing healtcheck, but when the healthcheck
was successful during the initial delay time, the status was being updated as healthy
immediately.
This is misleading to the users wondering why their healthcheck takes
much longer to fail for a failing case while it is quick to succeed for
a healthy case. It also doesn't match what the k8s InitialDelaySeconds
does. This change is only for kube play, podman healthcheck run is
unaffected.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
For a source file like `foo.container`, look for drop in named
`foo.container.d/*.conf` and merged them into the main file. The
dropins are applied in alphabetical order, and files in earlier
diretories override later files with same name.
This is similar to how systemd dropins work, see:
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html
Also adds some tests for these
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Commit f48a706abc added a new API endpoint to remove exec session
correctly. And the bindings try to call that endpoint for exec every
time. Now since client and server must not be the same version this
causes a problem if a new 4.8 client calls an older 4.7 server as it has
no idea about such endpoint and throws an ugly error. This is a common
scenario for podman machine setups.
The client does know the server version so it should make sure to not
call such endpoint if the server is older than 4.8.
I added a exec test to the machine tests as this can be reproduced with
podman machine as at the moment at least the VM image does not contain
podman 4.8. And it should at least make sure podman exec keeps working
for podman machine without regressions.
Fixes#20821
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
utils.Tar() and utils.TarWithChroot() both return ReadClosers, but when
we called them from utils.TarToFilesystem() and utils.TarChrootToFilesystem()
respectively, they were not being closed.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Instead of relying on the remote server to create tar files
with the right account IDs (which the remote server doesn't
even know, when the client and server run under different accounts),
have the remote client ignore the account IDs when unpacking.
Then just hard-code 0 in the remote server, so that the remote
server's account identity does not leak in the tar file contents.
Compare https://github.com/containers/image/issues/1627 .
[NO NEW TESTS NEEDED] : https://github.com/containers/podman/pull/18563
suggests that existing tests already cover these code paths / properties.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
1. Set the marker to the current virtual machine type instead of fixed qemu.
2. Update containers/common
[NO NEW TESTS NEEDED]
Signed-off-by: Black-Hole1 <bh@bugs.cc>
Added additional check for event type to be remove and set the correct exitcode.
While it was getting difficult to maintain the omitempty notation for Event->ContainerExitCode, changing the type from int to int ptr gives us the ability to check for ContainerExitCode to be not nil and continue operations from there.
closes#19124
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
If a transaction is started it must either be committed or rolled back.
The function uses defer to call `tx.Rollback()` if there is an error
returned. However it also called `tx.Commit()` and afterwards further
errors can be returned which means it tries to roll back a already
committed transaction which cannot work.
This fix is to make sure tx.Commit() is the last call in that function.
see https://github.com/containers/podman/issues/20731
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We have to Commit() the transaction. Note this is only in a rare pod
remove code path and very unlikely to ever be used.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default is OCI runtime specific, there is no way for Podman to
know it.
[CI:DOCS]
Closes: https://github.com/containers/podman/issues/20754
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add support for .pod unit files with only PodmanArgs, GlobalArgs, ContainersConfModule and PodName
Add support for linking .container units with .pod ones
Add e2e and system tests
Add to man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Existing test was very good, but as a multidimensional table it
was unmaintainable... and actually missed one corner case.
This version isn't much better. It's far longer, codewise. It
is a little harder to understand at first glance. It has three
uncomfortable magic conditionals. But I believe it is more
long-term maintainable: beyond the first glance, it is possible
for a human to check it for correctness. It is also extensible,
as proved by the new test cases I added.
Signed-off-by: Ed Santiago <santiago@redhat.com>
