The Docker `-XDELETE image/$name?force=true` endpoint only removes
containers using an image if they are in a non running state.
In Podman, when forcefully removing images we also forcefully delete
containers using the image including running containers.
This patch changes the Docker image force delete compat API to act like the
Docker API while maintaining commands like `podman rmi -f $imagename`
It also corrects the API return code returned when an image is requested
to be deleted with running containers using it.
Fixes: https://github.com/containers/podman/issues/25871
Signed-off-by: Lewis Roy <lewis@redhat.com>
This looks like debug leftover, in any case this is not an error so
simply remove the line.
Fixes#25965
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The backstory for this is that runc 1.2 (opencontainers/runc#3967)
fixed a long-standing bug in our mount flag handling (a bug that crun
still has). Before runc 1.2, when dealing with locked mount flags that
user namespaced containers cannot clear, trying to explicitly clearing
locked flags (like rw clearing MS_RDONLY) would silently ignore the rw
flag in most cases and would result in a read-only mount. This is
obviously not what the user expects.
What runc 1.2 did is that it made it so that passing clearing flags
like rw would always result in an attempt to clear the flag (which was
not the case before), and would (in all cases) explicitly return an
error if we try to clear locking flags. (This also let us finally fix a
bunch of other long-standing issues with locked mount flags causing
seemingly spurious errors).
The problem is that podman sets rw on all mounts by default (even if
the user doesn't specify anything). This is actually a no-op in
runc 1.1 and crun because of a bug in how clearing flags were handled
(rw is the absence of MS_RDONLY but until runc 1.2 we didn't correctly
track clearing flags like that, meaning that rw would literally be
handled as if it were not set at all by users) but in runc 1.2 leads to
unfortunate breakages and a subtle change in behaviour (before, a ro
mount being bind-mounted into a container would also be ro -- though
due to the above bug even setting rw explicitly would result in ro in
most cases -- but with runc 1.2 the mount will always be rw even if
the user didn't explicitly request it which most users would find
surprising). By the way, this "always set rw" behaviour is a departure
from Docker and it is not necesssary.
Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
The README.md in test/buildah-bud had the old directory name for the
apply-podman-deltas file. This change removes the `/` and adds a `-`
in that file name.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit removes the code to build a local pause
image from the Containerfile. It is replaced with
code to find the catatonit binary and include it in
the Rootfs.
This removes the need to build a local pause container
image.
The same logic is also applied to createServiceContainer
which is originally also based on the pause image.
Fixes: #23292
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When using a custom --root it will not have the image present and as
such cause a pull. We can however use our own local cache if present to
avoid the pull if we give the right podman options via
_PODMAN_TEST_OPTS.
I saw the volume quota test fail during the pull in openQA thus I
noticed this issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Somehow the files do not match sometimes, I like to get data on the
/etc/hosts file on the host looks to see if this would explain anything.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is failing a lot, on the issue (#24571) there is a 100% reproducer
so we don't need to gather more data this is simply broken.
Reduce our flakes by skiping this until the main issue gets resolved.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit d633824a95.
The issue has been fixed in commit 9a0c0b2eef and I have not seen it
since so remove this special case.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Sinc v5.0 pasta is the default and if it would not be installed a ton of
tests would already fail. As such these conditional checks are
pointless and can be removed to simplify the tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This `--config` option was initially added here:
4e4c3e3dbf
Under the hood this simply modifies env to set DOCKER_CONFIG=<passed
in string>
The DOCKER_CONFIG env var is used as a directory that contains
multiple config files... of which podman and container libs probably
only use `$DIR/config.json`.
See: https://docs.docker.com/reference/cli/docker/#environment-variables
The old CMD and help text was misleading... if we point the at a
regular file we can see errors like:
```
$ touch /tmp/foo/tmpcr9zrx71
$ /bin/podman --config /tmp/foo/tmpcr9zrx71 build -t foobar:latest
Error: creating build container: initializing source docker://quay.io/centos/centos:stream9: getting username and password: reading JSON file "/tmp/foo/tmpcr9zrx71/config.json": open /tmp/foo/tmpcr9zrx71/config.json: not a directory
```
^^ In this case we had created `/tmp/foo/tmpcr9zrx71` as a regular file.
Signed-off-by: Ian Page Hands <iphands@gmail.com>
Clarify that system test specifc configuration must be done via config
files and not via ad hoc environment variables like in test/e2e.
Also not that we only run the tests with crun so other runtimes may not
work but we accept patches to make them work with runc, e.g. Suse folks
currently run them with runc and contribute patches for them.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
create the /etc/passwd and /etc/group files before any user/group
lookup so that the entries added dynamically are found by --user.
As a side effect, do not automatically create the group with same
value as the uid when not specified, since it is expected to run with
gid=0.
Closes: https://github.com/containers/podman/issues/25805
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Since commit 945aade38b we do tear down the kube units if all pods
failed to start. This however broke the use case of an empty pod as we
did not consider that being starting successfully which is wrong and
caused a regression for at least one user.
To fix this special case the empty pod and consider that running.
Fixes: #25786
Fixes: 945aade38b ("quadlet kube: correctly mark unit as failed")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
