Update the documentation for /etc/hosts options --add-host and
--no-hosts. Also make sure that all references use the same text for
consistency.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Because /etc/hosts is shared for all containers with a shared network
namespace you should not be able to add hosts from a joined container.
Only the primary netns container can set the hosts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we connect or disconnect from a network we also have to update
/etc/hosts to ensure we only have valid entries in there.
This also fixes problems with docker-compose since this makes use of
network connect/disconnect.
Fixes#12533
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we lookup the hostname for a given container we have to check if
the container is joined to another utsns and use this hostname then
instead.
This fixes a problem where the `hostname` command would use the correct
name but /etc/hostname would contain a different name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the new logic from c/common to create the hosts file. This will help
to better allign the hosts files between buildah and podman.
Also this fixes several bugs:
- remove host entries when container is stopped and has a netNsCtr
- add entries for containers in a pod
- do not duplicate entries in the hosts file
- use the correct slirp ip when an userns is used
Features:
- configure host.containers.internal entry in containers.conf
- configure base hosts file in containers.conf
Fixes#12003Fixes#13224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no reason to mark them directly as deprecated since we still
have to use them as long as we want to support 3.X calls. The
staticcheck linter is complaining about the Deprecated comment but that
doesn't make sense in this context. There is no good way to only exclude
a single check with golangci-lint.
I renamed the function with a V3 suffix to make clear that we only use
this for backwards compat.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
golang.org/x/crypto/ssh/terminal is deprecated. The package was moved to
golang.org/x/term. golang.org/x/crypto/ssh/terminal was already just
calling golang.org/x/term itslef so there are no functional changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Following commit ensures that csv escaping is supported while using
inline `--mount=type=......` flag with `podman run` by using
`encoding/csv` to parse options instead of performing a `split.String(`
by `comma`.
Closes: https://github.com/containers/podman/issues/13922
Signed-off-by: Aditya R <arajan@redhat.com>
When run on an F36 host using netavark/aardvark-dns, for whatever
underlying reason most checkpoint/restore tests are emitting an error
similar to:
`criu: Symbol `__rseq_offset' has different size in shared object,
consider re-linking`
This extraneous output is causing the basic checkpoint system test to
fail. Since, all other testing of checkpoint/restore feature is
passing (also with the extraneous message) loosen the system test
sensitivity to match.
Signed-off-by: Chris Evich <cevich@redhat.com>
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Newer versions of git (like `2.35`) fail on certain operations (like
`rebase` and `am`) without a local identity. Add a fake one from the
start, with a clearly identifiable test-value to avoid problems at
runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It seems this breaks older version of `podman-remote` users hence it
looks like this patch would be a better candidate for podman `5.0`
Problem
* Client with `4.0` cannot interact with a server of `4.1`
Plan this patch for podman `5.0`
This reverts commit 0cebd158b6d8da1828b1255982e27fe9224310d0.
Signed-off-by: Aditya R <arajan@redhat.com>
On F36 / podman 4, at the time of this commit there is no
`/etc/containers/storage.conf` installed by default. Since the
test volume-mounts this file into the container, it was failing. Fix
this by using a conditional volume-mount based on the file existing (or
not).
Signed-off-by: Chris Evich <cevich@redhat.com>
When this option was added to the e2e tests, there was no CI Automation
support for running remote tests w/ netavark. When added, many
e2e test errors/failures are generated due to this option not being
valid for the remote client. Fix this in the tests by conditionally
adding the option if the test is running the remote client.
Signed-off-by: Chris Evich <cevich@redhat.com>
When going through the rebase+build loop, the repository state won't
match the exact branch or PR history. This results in the `Building:
XYZSHA` indications being entirely useless. Fix this by at least
including the title line of the commit being built. This will allow a
human to make sense of any size-check failure WRT their view of history.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also update README and ensure we point to v4.0.3 as the latest
release, instead of v3.4.7 (which is newer chronologically but
not by actual version).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
A common pattern is to submit PRs that update only tests or docs.
When the only changes are to test/e2e, there is no point in running
test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally,
and similarly for a bunch of other tests (alt, cross, apiv2, ...)
And when the only changes are under docs/ , there is no point in
running any of the above.
Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip
Signed-off-by: Ed Santiago <santiago@redhat.com>
activation.Listeners() can return an net.Listener array which contains
nil entries if it cannot listen on the given fds. This can cause podman
to panic so we should check the we have non nil net.Listener first.
[NO NEW TESTS NEEDED] No idea how to reproduce this.
Fixes#13911
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update the recent events-log changes to fix the build error.
[NO NEW TESTS NEEDED] since there's no functional change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
