The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.
It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.
The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.
The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.
The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.
The remote API is also extended to handle Env and EnvUnset.
Fixes: #24875
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
when the code was first added, there was no securejoin.OpenInRoot().
Since there is a function already provided by a dependency and already
used in libpod, replace the custom code with securejoin.OpenInRoot().
The new version does not report a symlink that points outside the
root, but it is still resolved relative to the specified mountpoint,
since that is the openat2 semantic. It does not affect the security
of the function.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Includes one minor test fix as the line number reported as error was
changed, it seems to be actually correct now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Even though this is tardy, here is an update reflecting milestones and
features for 1Q25.
Fixes https://issues.redhat.com/browse/RUN-2447
Signed-off-by: Brent Baude <bbaude@redhat.com>
Giuseppe is working on some proper fixes, for now in order to get this
moved along skip it so we can merge the disk usage fix.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Our calculation is just wrong and the way the entire API is designed it
cannot work. This is the same interface as docker is using and they have
the same bug there. So simply document this as known problem, in case
users complain we at least have something to point to.
An actual fix might be possible but not without reworking the full API
and because this is exposed in the docker compat and libpod REST API we
cannot really change it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fix a bug where SSH-ing into a named Podman Machine (not podman-machine-default)
results in the user being put in the rootless shell if the default system
connection is rootless.
Resolves: https://github.com/containers/podman/issues/25332
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Have one function without a `defer lock.unlock()` as one of the
commands in it calls a function that also takes the same lock,
so the unlock has to happen prior to function completion.
Unfortunately, this is prone to errors, like the one here: I
missed a case, and we could return without unlocking, causing a
deadlock later in the cleanup code as we tried to take the same
lock again.
Refactor the command to use `defer unlock()` to simplify and
avoid any further errors of this type.
Introduced by e66b788a51 - this
should be included in any backports of that commit.
Fixes#25585
Signed-off-by: Matt Heon <mheon@redhat.com>
This is simpler as we don't have to rely on an external command. The
retry loop is need as we check for a container porcess connection, and
while we know podman binds the port before returning there is no way to
know whenthe contianer application bound the port so we must retry a
bit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
nc can be provided by either ncat (nmap) or netcat (OpenBSD), we only
work with the nmap version so make sure we always use that one and not
the short alias which can be resolved to either one.
It is not clear to me what changed on rawhide but it seemsv netcat is
preferred even though we have nmap-ncat installed.
Note this only changes the host side nc calls, the Alpine based images
only have nc as command so we must continue to use it inside.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
renovate[bot]
openshift-merge-bot[bot]
flouthoc
Giuseppe Scrivano
Jan Kaluza
Raniere Silva
Paul Holzinger
Mario Loriedo
Brent Baude
Yanko Kaneti
Jake Correnti
Matt Heon