Reduce the logs for unknown keys from Warn to Debug level.
The containers.conf continuously receives new keys, and some consumers
(e.g., Podman) are updating it at runtime. Even small divergences in
the vendored versions of containers/common can let one tool run fine and
the other print warnings for each invocation. Reducing the log-level to
debug works around that problem at the cost of honest typos not being
as easy to detect as before.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When toml writes the config file it does not use `omitempty` for numeric
values instead it requires `omitzero`. [1]
The problem is that without this change, `config.Write()` writes
```
[machine]
cpus = 0
disk_size = 0
memory = 0
```
to the user file. Because podman machine system connection add code will
do this the config file is broken afterwards. The first vm will be created
successfully but after this every other vm will be broken because the
cpu, memory and disk size are set to zero.
[1] https://github.com/BurntSushi/toml/pull/81Fixescontainers/podman#11824
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add machine teable to configure podman machine options. Move machine_image to the machine table, and add cups, disk size, and memory to the machine table.
Signed-off-by: Ashley Cui <acui@redhat.com>
There is code in podman which uses `errors.Cause(err).Error() != "no such secret"`,
this is just bad code. Common should expose this error so podman
can check with `errors.Is()`.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If you use this field in rootless mode, it will blow up,
since rootless mode can not use the host user namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to set the default location for the temporary files used
during image pulls and pushes.
Defaults to /var/tmp;
Overridden via "TMPDIR" environment variable.
Allow special flag "storage" to indicate the the storage should use
the tmp directory in containers/storage/tmp.
Needed to fix: https://github.com/containers/podman/issues/11107
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This field contains a list of directories which should be used to store
some helper binaries, e.g. gvproxy.
Also add a FindHelperBinary method to the config struct to get the full
path to a helper binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Podman should not use `/tmp/run-...`. The Podman PR#8241 changed the
path to `/tmp/podman-run-...` and added systemd tmpfile config to make
sure the path is not removed. However the tmpDir is set in c/common and
was never changed.
Fixescontainers/podman#11478
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Destination path inside containers should be always validated as
*nix absolute path. So its recommended to use path.IsAbs() instead of
filepath.IsAbs().
[NO TEST NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
We decided to remove the flag and opt-in via the options from Podman.
This means we do not need the flags any more, but keep the configuration
itself.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
The K8s pull policies are in camel case:
* Always
* IfNotPresent
* Never
Support them in conjunction to Missing, Newer and IfNewer. Doing it
here prevents Podman (and possibly CRI-O in the future) from adding
custom parsers.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
split the DBUS_SESSION_BUS_ADDRESS value so that something like:
unix:path=/run/user/1000/bus,guid=817e9ffcfb383869ad17ea8360e7428a
will ignore ",guid=817e9ffcfb383869ad17ea8360e7428a" when checking
that the path exists.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1984531
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This prevents
"defaultErrnoRet": null,
from appearing in seccomp.json.
This member is similar to ErrnoRet in type Syscall,
and should also be marked with omitempty.
Fixes: c662eb936b
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
We now add a new configuration option to opt-in for path based registry
authentication in containers-auth.json. This affects login and logout,
which means if the option is enabled we can now use
`my-registry.local/path/to/image` to save or remove the credentials from
the auth.json.
If the option is enabled, then we enforce a stricter validation of the
input. For example it is not allowed input `http[s]://` prefixed keys.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
We had a bogus setting for secrets in our default containers.conf
[secret] should have been [secrets].
Also added a test to make sure this never happens again.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently if a user puts a typo into a contianers.conf
or puts the keys in the wrong section, then tools using
container-common ignore them. This patch will print them
as warnings, so that the user has some ide.
I have tested this locally with Podman.
./bin/podman run alpine echo hi
WARN[0000] Failed to decode the keys ["containers.events_logger" "engine.foo"] from "/home/dwalsh/.config/containers/containers.conf".
WARN[0000] Failed to decode the keys ["containers.events_logger" "engine.foo"] from "/home/dwalsh/.config/containers/containers.conf".
WARN[0000] Failed to decode the keys ["containers.events_logger" "engine.foo"] from "/home/dwalsh/.config/containers/containers.conf".
WARN[0000] Failed to decode the keys ["containers.events_logger" "engine.foo"] from "/home/dwalsh/.config/containers/containers.conf".
hi
With ~/.config/containers/containers.conf
[containers]
events_logger = "file"
[engine]
foo="bar"
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Valentin Rothberg