commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so
that conmon is not moved to a new cgroup when podman is running inside
of a systemd service. This is helpful to integrate podman in systemd
so that the spawned conmon lives in the same cgroup as the service
that created it.
Unfortunately this breaks when podman daemon is running in a systemd
service since the same check is in place thus all the conmon processes
end up in the same cgroup as the podman daemon. When the podman
daemon systemd service stops the conmon processes are also terminated
as well as the containers they monitor.
Improve the check to exclude podman running as a daemon.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Commit 5fa6f686db added a regression which was fixed in eb71712626f9.
Apply the same fix again to prevent a panic and return a proper error
instead.
To not regress again I added a e2e test which makes sure we do not panic.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Sigh. Buildah PR https://github.com/containers/buildah/pull/3368
changed 'bud' to 'build' in tests. Podman #11585 well-intentionedly
did the same for run-buildah-bud tests ... but did so by *replacing*
'bud' with 'build', not by *adding* 'build' to the list of commands
handled by podman-build. Hence, all tests invoking 'run_buildah bud'
have been completely untested since then.
This remedies that, and deals with all the fallout. Principal among
which is the discovery that our exit-code changes are no longer
necessary: that thing we did where buildah exit status 1 or 2 became
podman exit status 125? That no longer applies. podman now exits
with the same status as buildah. This simplifies our diffs, and
lets us enable a bunch more tests.
Also:
- in run-buildah-bud-tests script, run 'sudo --validate' early on.
Reason: otherwise, the sudo step happens a few minutes after
the script starts (after the git-pull), by which time the user
may have stepped away to get coffee, then comes back ten or twenty
minutes later to find a stupid sudo prompt and no tests run.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This would've caught a regression that #14549 had to fix.
Let's try to prevent the next regression.
This requires some hackery to get namespaces initialized
before the service is started; otherwise the service itself
initializes namespaces, which basically ends up with a
server process that runs forever.
Also: in stop_service(), reset service_pid, because that's
the correct thing to do.
Also: add some debug statements to try to figure out a
CI failure. (And leave them in place, because they might
be useful for future problems).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fix bad design decision (mine) by adding a simple usage check to 'skip'
and 'skip_if_remote' functions: if invoked without test-name args,
fail loudly and immediately.
Background: yeah, their usage is not intuitive. Making the first arg
be a comment helps with _reading_ the code, but not _writing_ new
additions. A developer in a hurry could write "skip this-test" and,
until now, that would be a silent NOP.
Tested by adding broken skip/skip_if_remote calls inline; I confirm
that the line number and funcname usage is correct.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The nolintlint linter does not deny the use of `//nolint`
Instead it allows us to enforce a common nolint style:
- force that a linter name must be specified
- do not add a space between `//` and `nolint`
- make sure nolint is only used when there is actually a problem
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Lint the systemd code and fix the reported problems.
The remoteclient tag is no longer used so I just removed it.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if /run is on a volume do not create the file /run/.containerenv as it
would leak outside of the container.
Closes: https://github.com/containers/podman/issues/14577
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Changes since 2022-05-31:
- add --omit-history option (buildah PR 4028)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
command
Previously, if a container was not running, and the user ran the `podman
stats` command, an error would be reported: `Error: container state
improper`.
Podman now reports stats as the fields' default values for their
respective type if the container is not running:
```
$ podman stats --no-stream demo
ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU %
4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00%
```
Closes: #14498
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
When calling QEMU, the CPU arch should be host, and highmem should be on, or else the VM start fails.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
I don't see a reason why we don't support --remove-signatures
from remote push, so adding support.
Fixes: https://github.com/containers/podman/issues/14558
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new `--overwrite` flag to `podman cp` to allow for overwriting in
case existing users depend on the behavior; they will have a workaround.
By default, the flag is turned off to be compatible with Docker and to
have a more sane behavior.
Fixes: #14420
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Note that the bud-logfile-with-split-logfile-by-platform test is skipped
on the remote client (see #14544).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
APIv2 tests are flaky after this morning's merge of #14543.
Symptom:
test-apiv2: Timed out (10s) waiting for service (/dev/tcp/localhost/5564)
journal shows:
registry[7421]: panic: unable to configure authorization (htpasswd):
no access controller registered with name: none
Possible cause:
Mix of REGISTRY_AUTH=none with REGISTRY_AUTH_HTPASSWD_* vars.
https://github.com/distribution/distribution/issues/1168
Solution:
only set _HTPASSWD_* vars when AUTH=htpasswd
Signed-off-by: Ed Santiago <santiago@redhat.com>
- The State() function now returns machine.Starting status instead of an
empty string if the VM is in the process of starting.
- The `CheckExclusiveActiveVM()` function returns `true` to prevent
starting a VM while another is in the process of starting.
- `podman machine ls` displays "Currently starting" under "Last Up" for
the starting VM
- `podman machine ls` supports `{{.Starting}}` boolean field in the format
- `podman machine inspect` displays "starting" in the "State" field for
the starting VM
Signed-off-by: Shane Smith <shane.smith@shopify.com>
this patch included additonal host namespace checks when creating a ctr as well
as fixing of the tests to check /proc/self/ns/net
see #14461
Signed-off-by: cdoern <cdoern@redhat.com>
For some reason commit 5b79cf15a022 moved the container create options
parsing from cmd/podman/common to pkg/api/handlers. However it did not
remove the old code. Unfortunately it moved the code from an outdated
version and did not update it before this commit was merged.
Therefore a couple of regressions were introduced. I manually compared
both versions and found three missing bugfixes.
I fixed the network test again that was changed in bce97a3b5dd1. We
want bridge as default even as rootless. Sine the test is not run as
rootless in CI the regression was not caught.
Also the no hosts test never worked since it was missing the import
check if the hosts file exists.
I don't think we can check for the volume parsing change since this only
works on windows/wsl.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
`podman container restore --file-locks` does not restore file locks
because this option is not passed to OCI runtime. This patch fixes this
issue.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
Previous PR #12394 tried to address this, but made a mistake:
containers that have just exited do not move to the Exited state
but rather the Stopped state - as such, the code would never have
run (there is no way we start `podman kill`, and the container
transitions to Exited while we are doing it - that requires
holding the container lock, which Kill already does).
Fix the code to check Stopped as well (we omit Exited entirely
but it's a cheap check and our state logic could change in the
future). Also, return an error, instead of exiting cleanly - the
Kill failed, after all. ErrCtrStateInvalid is already handled by
the sig-proxy logic so there won't be issues.
[NO NEW TESTS NEEDED] This fixes a race that I cannot reproduce
myself, and I have no idea how we'd repro in CI.
Signed-off-by: Matthew Heon <mheon@redhat.com>
