Networks are stored in two ways in the DB, first a static network list
which holds all the network with its option for the container. Second,
the network status which hold the actual network result from netavark
but only when the container is running.
If the container is running they must be in sync and podman inspect has
checks to ensure that as well it errors out of there is a desync between
the two.
As the adding to the db and doing actual networking configuration are
diffeent parts it possible that one worked while the other failed which
triggers the desync. To avoid this make the network connect/disconnect
code more robust against partial failures. When the network calls fail
we update the db again to remove/add the network back.
Fixes: https://issues.redhat.com/browse/RHEL-78037
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This document is to help the maintainers on how to traige new issues.
Adding a link to REVIEWING.md in CONTRIBUTING.md
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
golangci-lint v2 introduced a new command, fmt, which runs configured
formatters (see formatters in .golangci.yml).
Use this for generated files. Drop separate goimports binary.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Saves a few fork/execs, and unify the code since other places are
already using NATIVE_GOOS or GOOS.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This shaves the linting time:
- from 8 to 2 minutes on Cirrus CI with 4 CPUs and 8 GB RAM;
- from 11 to 3 minutes on Cirrus CI with 2 CPUs and 4 GB RAM;
when the cache is reused.
The cache size is quite modest (~3MB compressed, ~7MB uncompressed).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This could have been done by simply running
GOOS=freebsd ./bin/golangci-lint run [options] ./...
on Linux, but some freebsd code is using cgo (i.e. is linked to C
libraries), so real freebsd environment is required.
This also fixes the issue of ignoring linter errors for Windows and
Darwin (exit 0), introduced by commit c9b108d5b38.
Fixes: c9b108d5b38 ("Bump golangci-lint to v2.0.2")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.
Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
First, remove wrong sentence that says ports are forwarded dynamically
by default. That is wrong and contradicts what is written below.
Second, document that we also set --dns-forward and --map-guest-addr by
default. And lastly document the containers.conf field so users know
they are not forced to set the options on each command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is related to #23292 and is needed to replace
pause image container with pause container based
on the rootfs.
Without this change, the GIDs and UIDs are not mapped
in the rootfs container which use overlay if --userns=auto
is used. This leads to an error mounting /dev/pts with gid=5,
becuase GID 5 simply does not exist in the pause container
using rootfs.
All the tests pass with this change, but I have to admit
I did not find out why the original code has been introduced.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This shaves off some time from golangci-lint run.
For linux, it's down from 5 to 3 minutes (for the whole task, not just
the golangci-lint runs), and the cache is only ~7MB (according to
golangci-lint, probably uncompressed) or ~2MB (according to cirrus CI,
probably compressed).
For Mac, due to remote build tag we don't lint much so linting takes
less than a minute, so it is not worth optimizing.
For Windows, similar.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
1. Strip leading v from VERSION.
This will allow to simplify renovate rule at [1].
2. Fix git branch in the URL.
In golangci-lint v2 they've switched from master to main,
and it's not clear what will happen to master over time,
so let's just switch to main prophylactically.
3. Use -b option instead of undocumented hack.
Instead of relying on an undocumented feature of having BINDIR,
let's use -b option as recommended by the official docs at [2].
4. Avoid stuttering in the output.
Before:
[kir@kir-tp1 podman]$ VERSION=2.0.2 ./hack/install_golangci.sh
golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
Using existing ./bin/golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
After:
[kir@kir-tp1 podman]$ VERSION=2.0.2 ./hack/install_golangci.sh
golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
Using existing ./bin/golangci-lint
5. Fix shellcheck warnings.
6. Also retry when reinstalling.
The code logic to retry install for up to 5 times when installation
fails was introduced by commit dd8574022d ("CI: retry the golangci
install").
For some reason, the above commit only uses the logic when the binary is
not found. In a situation when the binary is found but is of the wrong
version, no retries are done.
Fix that.
7. Add -f option to curl.
As recommended by the official installation docs at [2].
[1]: 16f757f699/renovate/defaults.json5 (L106-L108)
[2]: https://golangci-lint.run/welcome/install/#binaries
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This one:
> libpod/container_internal_freebsd.go:255:2: assigned to foundUTS, but reassigned without using the value (wastedassign)
> foundUTS := false
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When linting for freebsd, Stat_t Bsize is always uint64, thus the
following warning:
> libpod/info.go:234:21: unnecessary conversion (unconvert)
> allocated := uint64(grStats.Bsize) * grStats.Blocks
> ^
Use an intermediate variable to save on linter annotations.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
> pkg/specgen/generate/oci_freebsd.go:15:2: ST1019: package "github.com/opencontainers/runtime-spec/specs-go" is being imported more than once (staticcheck)
> "github.com/opencontainers/runtime-spec/specs-go"
> ^
> pkg/specgen/generate/oci_freebsd.go:16:2: ST1019(related information): other import of "github.com/opencontainers/runtime-spec/specs-go" (staticcheck)
> spec "github.com/opencontainers/runtime-spec/specs-go"
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
> pkg/specgen/generate/namespaces_freebsd.go:60:9: S1002: should omit comparison to bool constant, can be simplified to !jail.NeedVnetJail() (staticcheck)
> return jail.NeedVnetJail() == false
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This fixes the following warning:
> libpod/networking_freebsd.go:148:19: ST1005: error strings should not be capitalized (staticcheck)
> return "", nil, fmt.Errorf("Failed to create vnet jail %s for container %s: %w", netns, ctr.ID(), err)
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This one:
> libpod/container_internal_freebsd.go:393:37: SA1012: do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use (staticcheck)
> inspectData, err := image.Inspect(nil, nil)
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
These two:
> libpod/container_internal_freebsd.go:183:33: Error return value of `c.runtime.state.UpdateContainer` is not checked (errcheck)
> c.runtime.state.UpdateContainer(nsCtr)
> ^
> pkg/specgen/generate/config_freebsd.go:51:12: Error return value is not checked (errcheck)
> addDevice(g, resolvedDevicePath)
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
> pkg/rootless/rootless_freebsd.go:24:20: ST1005: error strings should not be capitalized (staticcheck)
> return false, -1, errors.New("Rootless mode is not supported on FreeBSD - run podman as root")
> ^
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
