Adds support for --add-compression which accepts multiple compression
formats and when used it will add all instances in a manifest list with
requested compression formats.
Signed-off-by: Aditya R <arajan@redhat.com>
Some people might expect this to work:
systemctl --wait start foo
journalctl -u foo ---> displays output from foo
Well, it does not. Not reliably, anyway:
https://github.com/systemd/systemd/issues/28650
Shrug, okay, deal with it: write value of %T to a tmpfile
instead of relying on journal. I tested with TMPDIR=<many values>
on an SELinux system and, by golly, it works fine.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Neither `release` nor `workflow_dispatch` triggers may be tested inside
a PR context. The workflow steps always run from what's already
committed to `main`. Rather than waiting for a release to discover
some unforeseen workflow problem, allow manual runs to optionally skip
the release upload step (by default).
Also, update the windows workflow to store an artifact of the signed
build, and migrate away from the deprecated "set-output" command.
Signed-off-by: Chris Evich <cevich@redhat.com>
Currently, due to sphinx smart quote features being enabled, fancy quotes are used in the commands. This means the docs are harder to use as the commands cannot be copy/pasted into a terminal.
Wrapping the code in code blocks fixes this. An alternative would be to disable smart quotes entirely, but this seems over-the-top (especially considering wrapping commands in code blocks harmonises this page with most of the other documentation)
Signed-off-by: Adam Jones <domdomegg+git@gmail.com>
Forcing users to set --rm when setting --rmi is just bad UI.
If I want the image to be removed, it implies that I want the
container removed that I am creating.
Fixes: https://github.com/containers/podman/issues/15640
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
After a failed start, we can run into (somehow inconsistent) states
where the machine won't start because a previous QEMU process is still
running and the PID file is being used. Stop didn't resolve the issue
as this state wasn't detected.
Allow to recover from this state by a) detecting it during start and
error out with a more helpful message than the error QEMU would
otherwise spit out, and b) by enabling stop to kill the dangling QEMU
process - even after a failed stop.
With the changes, a recovery may look as follows:
```
_ podman git:(main) _ ./bin/darwin/podman machine start
Starting machine "podman-machine-default"
Error: cannot start VM "podman-machine-default": another instance of "/opt/homebrew/bin/qemu-system-aarch64" is already running with process ID 970: please stop and restart the VM
_ podman git:(main) _ ./bin/darwin/podman machine stop
Machine "podman-machine-default" stopped successfully
_ podman git:(main) _ ./bin/darwin/podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
```
Please note that this change does not prevent us from running into such
inconsistent states but only allows for recovering from them.
[NO NEW TESTS NEEDED] - there is no reliable reproducer.
Fixes: #16054
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Moves the shared logic from `writeConfig` into a shared function in
`pkg/machine/machine_common.go`
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves most of the logic of `setRootful` to the common file
`pkg/machine/machine_common.go`.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `removeFilesAndConnections` to the common file
`pkg/machine/connections.go` to be reused by multiple hypervisors.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `waitAPIAndPrintInfo` into the common file
`pkg/machine/machine_common.go` allowing applehv and qemu to share the
code.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves the implementation of `addSSHConnectionsToPodmanSocket` into the
common file `pkg/machine/machine_common.go`. The implementation was
shared between the hypervisors and does not need to be implemented
multiple times.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Also update Fedora and Debian names. Include ID of broken images in
`validate_task` comment about broken rawhide. This should get picked
up by renovate next time images are updated - hopefully prompting
someone to re-enable the check.
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.
[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.
If we run these tests on a MAC or Windows platform, they would start
failing.
Fixes: https://github.com/containers/podman/issues/19420
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The original SELinux support in Docker and Podman does not follow the
default SELinux rules for how label transitions are supposed to be
handled. Containers always switch their user and role to
system_u:system_r, rather then maintain the collers user and role.
For example
unconfined_u:unconfined_r:container_t:s0:c1,c2
Advanced SELinux administrators want to confine users but still allow
them to create containers from their role, but not allow them to launch
a privileged container like spc_t.
This means if a user running as
container_user_u:container_user_r:container_user_t:s0
Ran a container they would get
container_user_u:container_user_r:container_t:s0:c1,c2
If they run a privileged container they would run it with:
container_user_u:container_user_r:container_user_t:s0
If they want to force the label they would get an error
podman run --security-opt label=type:spc_t ...
Should fail. Because the container_user_r can not run with the spc_t.
SELinux rules would also prevent the user from forcing system_u user and
the sytem_r role.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com>
This tool sometimes throws nonsensical or difficult to debug errors.
Verifying DCO and white-space issues in commits has long since been
moved to other tools (github-actions and git pre-commit hooks). There's
no need to duplicate these checks with the git-validation tool.
Signed-off-by: Chris Evich <cevich@redhat.com>
Moves acquisition of an alternate image provided by the user out of
`acquireVMImage` in `pkg/machine/<hypervisor>/machine.go` and into
`pkg/machine/pull.go` as its own function.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves `getDevNullFiles` into a new common file,
`pkg/machine/machine_common.go`, preventing the re-implementation of the
function across the different hypervisor implementations.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
