The --macvlan flag was deprecated in Podman 3.x and was scheduled
for removal in version 4.0. Since we're now at version 6.0.0-dev,
this commit removes the deprecated flag and its associated code.
Users should now use the standard syntax:
podman network create --driver macvlan --opt parent=<device> <name>
Signed-off-by: shiavm006 <shivammittal42006@gmail.com>
When trying to join the conmon pid to recreate the pause process based
on the namespace it can be that the pid is no longer valid, i.e. when
conmon crashed or was killed.
Currently we have a big issue that can be reproduced using:
$ podman run -d quay.io/libpod/testimage:20241011 sleep 100
$ killall -9 conmon
$ killall catatonit
All commands would fail as we keep trying to rejoin the namespace of the
non existing conmon process.
So to address that fall back to creating a new namespace if we fail to
join the conmon pids.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- remove old CLI validation that only checked --pod flag
- add validation in namespaces.go to catch all paths (cli, quadlet, api)
- block userns mixing for all pods with infra, not just ipc/net
- update error message to be clearer
- fix test cleanup to use PodmanExitCleanly()
- use dynamic pod names in system tests to avoid conflicts
fixes#26848
Signed-off-by: 0xdvc <neilohene@gmail.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
Remove skip_if_rootless_cgroupsv1 call from quadlet tests since
cgroupsv1 is deprecated and no longer needs special handling
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Quadlets installed from `.quadlet` file now belongs to a single
application, anyone file removed from this application removes all the
other files as well.
Assited by: claude-4-sonnet
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
This reverts commit 2b848cca36.
The official Docker API documentation was misleading here.
Testing shown that old podman behaviour was correct.
In docker copyUIDGID=true means that primary container uid/gid is used,
not the uid/gid from the tar stream.
Signed-off-by: Matej Vašek <matejvasek@gmail.com>
Enable installing multiple quadlets from one file using '---' delimiters.
Each section requires '# FileName=<name>' comment for custom naming.
Single quadlet files remain unchanged for backward compatibility.
Assited by: claude-4-sonnet
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
This got broken during the remote testing rewrite to enable tls testing
in commit feb36e4fe6. The problem is the function didn't use the proper
podman command with the remote arg so it tried to connect to the default
socket with remote testing.
And in the checkpoint file we use it before the PODMAN_CMD was defined
so fix this by moving the basic_setup before and the use the variable
PODMAN_RUNTIME instead of having to do another info call.
Also fix the debug log output to correctly log the podman commands with
all arguments on a single line.
Fixes: feb36e4fe6 ("Implement TLS API Support")
Fixes: #27266
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure to rmeove the artifact but we don't need to remove the
testfiles as they are part under PODMAN_TMPDIR which gets removed by
default so don't bother with that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- use nanoseconds, so we don't need to sleep a full second do put the
time forward.
- use the --format option instead of jq
- run test via remote as well
- don't use static file content
Fixes: #27265
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Somehow this only flakes on debian as it seem the /etc/hosts file on the
host system changes and thus causes a false postive with the
before/after restore comparison.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is failing with:
replacing mount point ".../root/overlay/xxx/merged": directory not empty
First, the build does not need network so ensure we don't leak network
allocations by killing it. Second, kill is always async so ensure to
wait for the actul build process exit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The remote client (podman --remote) was incorrectly throwing an error
when --detach-keys="" was specified for attach, run, or start commands.
According to documentation and the v1.7.0 release notes, specifying an
empty string should disable detaching, not cause an error.
Fixes: #27414
Signed-off-by: shiavm006 <shivammittal42006@gmail.com>
This also includes a number of significant changes to the SQLite
state made possible by removal of the legacy DB.
1. Enable database unit tests for SQLite state, with numerous
tweaks to get tests passing. Most notable changes are to
container removal - where we previously didn't return an error
if there was no container to remove - and RemovePodContainers,
which I don't think ever worked properly from my reading of
the failures.
2. Removal of AddContainerToPod/RemoveContainerToPod. On SQLite,
these functions are identical to AddContainer/RemoveContainer
and there is no reason to retain duplicates.
3. Removal of SafeRewriteContainerConfig - it's identical to
RewriteContainerConfig in SQLite, no reason to have duplicate
entrypoints.
As an exciting side-note, this removes Podman's requirement that
containers and pods cannot share a name, which was a BoltDB
restriction only.
Signed-off-by: Matt Heon <matthew.heon@pm.me>
