it is wrong for two reasons: 1) we set the current process limits from
a library, and 2) it sets a too high value for root, since it is the
maximum allowed value on the system.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Contains fixes for new linters, removed depracted and removed linters
from the config.
Most notably because we use go 1.22 now we can get rid of the copy for
loop vars[1]. Also as of the go 1..2 we can use the new int range syntax
in for loops the new intrange linter checks that.
[1] https://go.dev/blog/loopvar-preview
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Specify one or more external providers for the compose command. The
first found provider is used for execution. Can be an absolute path or a
(file) name. Relative names are invalid. File names are evaluated via
$PATH look ups.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Used `go fmt` rules to migrate away from deprecated functions, for
instance `gofmt -w -s -r 'ioutil.TempDir(a, b) -> os.MkdirTemp(a, b)'`
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We cannot use /var/tmp on windows, instead use the temp var which is
defined on windows, of fall back to appdata.
Fixescontainers/podman#13434
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This field was only needed for machine to force cni, however you can set
netns="bridge" in the config to have the same effect. This is already
done in the machine setup.
The field was more of a hack and just creates confusion for users so we
remove it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Move pkg/sysinfo and pkg/apparmor out of libpod into containers/common.
This will allow other packages to use these libraries without requiring all of libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Python call to Popen attempt to close all open file descriptors by looking at
the maximum number of open file descripors defined in ulimits. If we set
this to a huge number by default Popen will run much slower since it will
attempt to close the total number of FDs one by one.
We should just use the default that the calling process had unless the user
overrides the default in containers.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In root running containers we want to approach the MAX Number of processes and
open files, so that services running Podman will work when they have lots of open
files or processes. In rootless containers this number can not be changed. This
patch will only increase the numbers if the process is allowed.
Docker set the limit to 2**20 (1048576), it looks like this was the max for RHEL5 OS.
So we fall back to attempt to set this limit if the MAC_PROC limit is not allowed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Giuseppe Scrivano
Paul Holzinger
Valentin Rothberg
Brent Baude
Arthur Sengileyev
Doug Rabson
Jason T. Greene
Matthew Heon
Sascha Grunert
Daniel J Walsh