The SELinux label for the CRIU dump.log was explicitly set in Podman.
The label for the restore.log, however, not. This just moves the code
to label the log file into a function and calls that functions during
checkpoint and restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
Various problems, one of which was causing the test to fail
completely (otherwise I wouldn't have caught the others):
- option is --uidmap, not --uidmapping
- run_podman cannot be piped (| grep /sys/kernel). That's
an unfortunate limitation of BATS. Any invocation of 'run'
saves results to $output, which then has to be tested
in a separate step.
- do so, using 'run' and 'grep' and 'is' to produce
readable messages on failure
- remove "$expected_rc", that looks like a copy/paste bug
from a few lines above.
Skip entire test if rootless. (The one without --net=host
passes, but it also passes with older podman as both root
and rootless. I don't think it's actually testing anything,
but agree with leaving it in to catch weird regressions).
We really need to get these tests running in CI.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixes the ability to run (create,start) a container and attach to its
console correctly. We can now also exit from the console without
hanging the remote client.
Signed-off-by: baude <bbaude@redhat.com>
The 'docker commit' will never include a container's volumes when
committing, without an explicit request through '--change'.
Podman, however, defaulted to including user volumes as image
volumes.
Make this behavior depend on a new flag, '--include-volumes',
and make the default behavior match Docker.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
when we run in a user namespace, there are cases where we have not
enough privileges to mount a fresh sysfs on /sys. To circumvent this
limitation, we rbind /sys from the host. This carries inside of the
container also some mounts we probably don't want to. We are also
limited by the kernel to use rbind instead of bind, as allowing a bind
would uncover paths that were not previously visible.
This is a slimmed down version of the intermediate mount namespace
logic we had before, where we only set /sys to slave, so the umounts
done to the storage by the cleanup process are propagated back to the
host. We also don't setup any new directory, so there is no
additional cleanup to do.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
imagefilter dangling=<value> shall not be ignored.
this PR handles the value and returns images accordingly.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
create immediately a namespace if we need a refresh. This is
necessary to access the rootless storage.
Closes: https://github.com/containers/libpod/issues/2894
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The remote client should not honor most of the local podman "global"
options. Many of them are only applicable to where the podman backend
is actually running.
Also, removing some options for push and pull that also are not
applicable to the remote client environment.
Additionally, take some of the code from main and pop it into functions
that can be called whether local or not. This helps the remote client
and darwin builds.
Signed-off-by: baude <bbaude@redhat.com>
podman-remote now supports rm! That's what we needed to start
running BATS tests.
Although most tests don't actually work, some do, and maybe
the rest will start working over time. For now, disable them.
The only significant difference found is that podman-remote
strips fractional seconds from timestamps in JSON output.
Probably not something worth caring about.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Also, you can now podman-remote run -it. There are some bugs that need
to be ironed out but I would prefer to merge this so we can make both
progress on start and exec as well as the bugs.
* when doing podman-remote run -it foo /bin/bash, you have to press
enter to get the prompt to display. with the localized podman, we had to
teach it connect to the console first and then start the container so we
did not miss anything.
* when executing "exit" in the console, we get a hard lockup likely
because nobody knows what to do.
* custom detach keys are not supported
* podman-remote run -it alpine ls does not currently work. only
dropping to a shell works.
Signed-off-by: baude <bbaude@redhat.com>
Don't sort OCI hooks using the locale collation order; it does not
make sense for the same system-wide directory to be interpreted differently
depending on the user's LC_COLLATE setting, and the language-specific
collation order can even change over time.
Besides, the current collation order determination code has never worked
with the most common LC_COLLATE values like en_US.UTF-8.
Ideally, we would like to just order based on Unicode code points
to be reliably stable, but the existing implementation is case-insensitive,
so we are forced to rely on the unicode case mapping tables at least.
(This gives up on canonicalization and width-insensitivity, potentially
breaking users who rely on these previously documented properties.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* refactor command output to use one function
* Add new worker pool parallel operations
* Implement podman-remote umount
* Refactored podman wait to use printCmdOutput()
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Revert the error check from #2832. This is not strictly
necessary, since 'podman ps --size' now works perfectly
fine in nonroot because some recent change (Giuseppe's,
presumably) masked os.Geteuid() return 0... but removing
for maintainability's sake.
Signed-off-by: Ed Santiago <santiago@redhat.com>
