Add Quadlet key and disconnect relationship withr read-only
Update and add tests
Update man with new key
Remove the reference to VolatileTmpfs in the man page to reduce its
usage, since the same functionality can be achieved using the Tmpfs key
while keeping its support to maintain backward compatibility
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Docker deals with the --all flag on the client side while Podman does it
on the server side. Hence, make sure to not set the dangling filter
with two different values in the backend.
Fixes: #20469
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This change is the first step of integrating appendable string arrays
into containers.conf and starts with enabling the `Env`, `Mounts`, and
`Volumes` fields in the `[Containers]` table.
Both, Buildah and Podman, read (and sometimes write) the fields of the
`Config` struct at various places, so I decided to migrate the fields
step-by-step. The ones in this change are most critical ones for
customers. Once all string slices/arrays are migrated, the docs of
containers.conf will be updated. The current changes are entirely
transparent to users.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We only care about the version so just import the define package for it,
the main buildah package causes big transitive imports which fail to
build with the remote tag (i.e. libimage)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Tag now does a prepend internally instead of append with the names. Thus
the order changed which needs some test changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
commit 7ade972102 introduced the change
that caused an issue in crun since it forces the root user session
instead of the system one when DBUS_SESSION_BUS_ADDRESS is set.
I am addressing it in crun, but for the time being, let's also not
pass the variable down to conmon since the assumption is that when
running as root the containers must be created on the system bus.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When the hostNetwork option is set to true in the k8s yaml,
set the pod's hostname to the name of the machine/node as is
done in k8s. Also set the utsns to host.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Followup to #20394. For years (since BATS 1.5) we've been
seeing and ignoring nasty red warnings at the end of every
system test run. Thanks for fixing it, @giuseppe! But it
broke down in the '?' case when $expected_rc is empty:
test/system/helpers.bash: line 345: [: -eq: unary operator expected
Simple fix.
Signed-off-by: Ed Santiago <santiago@redhat.com>
cp tests flake constantly under VFS (discovered in #20161),
and the way these tests were written makes it very, very hard
to understand failures.
This is a (sorry) hard-to-review cleanup:
- use distinctive container names, not just "cpcontainer"
- add distinctive test names (e.g. RUNNING vs CREATED)
- remove unnecessary code
- remove --pause=false (option is deprecated and, IIUC, a NOP)
- clean up some confusing slashes in paths
- "dot notation" tests:
- add a comment linking to issue, because that's a weird one
that makes no sense whatsoever
- fix tests, because they were actually not testing
This cleanup has been tested repeatedly in 20161, I'm just bringing
it into main because 20161's future is uncertain.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Updated the error message to suggest user to use --replace option to instruct Podman to replace the existsing external container with a newly created one.
closes#16759
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
* rootful: NanoCpus needs to set more than 10000000 on cgroups v1.
* rootless: Resource limits that include NanoCPUs are not supported and ignored.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
libimage did not walk thte layers correctly which was probably
inherited by old Podman code. Fix that by vendoring in the
corresponding changes in c/common.
Fixes: #20375
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When trying to connect a container to a network and the connection
already exists, an error should only be raised if the container is
already running (or is in the `ContainerStateCreated` transition)
to mimic the behavior of Docker as described here:
https://github.com/containers/podman/pull/15516#issuecomment-1229265942
For running and connected containers 403 is returned which fixes#20365
Signed-off-by: Philipp Fruck <dev@p-fruck.de>
When a userns and netns is used we need to let the runtime create the
netns otherwise the netns is not owned by the right userns and thus
the capabilities would not be correct.
The current restart logic tries to reuse the netns which is fine if no
userns is used but when one is used we setup a new netns (which is
correct) but forgot to cleanup the old netns. This resulted in leaked
network namespaces and because no teardown was ever called leaked ipam
assignments, thus a quickly restarting container will run out of ip
space very fast.
Fixes#18615
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
