In function rm variable `report` might be initialized as nil as a result
of call
`registry.ImageEngine().Remove(registry.Context(), args, imageOpts)`.
Then, there is a call `registry.SetExitCode(report.ExitCode)` without
explicit nil check before. Check `len(rmErrors) > 0` doesn't guarantee
that report is a non-nil value.
So such call may lead to nil deref.
This commit adds check `report` for nil before its dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
There is a couple of newGenericDecompressor function usages, where
returned possibly non-nil `err` is not checked before dereferencing
returned decompressor. It may lead to nil ptr dereferencing.
This commit adds check for `err` to prevent dereferencing potentially
nullable decompressor.
Found by Linux Verification Center (linuxtesting.org) with SVACE
Signed-off-by: Mikhail Dmitrichenko <m.dmitrichenko222@gmail.com>
When starting a machine and the user has not explicitly passed
-u=true|false AND stdin is a not a tty, we should not prompt to update
connections.
Fixes: #27556
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
Allows the validatepr container to fetch dependencies from GitHub
during validation by enabling host networking.
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove skip_if_rootless_cgroupsv1 call from quadlet tests since
cgroupsv1 is deprecated and no longer needs special handling
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Quadlets installed from `.quadlet` file now belongs to a single
application, anyone file removed from this application removes all the
other files as well.
Assited by: claude-4-sonnet
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
Now that Podman 6.0 no longer supports Intel Macs, use libkrun as the
default machine provider.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This was not working when emulating Linux container images on FreeBSD.
The code to handle host devices on FreeBSD relies on the container
having a devfs mount. Unfortunately, the Linux emulation code which adds
this was happening after the host device handling. This changes the
logic so that host device management happens after Linux emulation.
Signed-off-by: Doug Rabson <dfr@rabson.org>
This reverts commit 2b848cca36.
The official Docker API documentation was misleading here.
Testing shown that old podman behaviour was correct.
In docker copyUIDGID=true means that primary container uid/gid is used,
not the uid/gid from the tar stream.
Signed-off-by: Matej Vašek <matejvasek@gmail.com>
image got converted to the new docker modules which were finally renamed
to moby[1]. Podman however still uses docker so now the swagger lookup
seems to find duplicated types which in general breaks the generation so
exclude the new module for now until we convert podman and fix the new
type issues swagger found.
[1] https://github.com/containers/container-libs/pull/459
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
