The correct location on FreeBSD is /usr/local/etc/containers/policy.json
which is consistent with path conventions for installed packages. This
fixes 'podman commit' on FreeBSD.
There are several definitions of this path:
- c/image/signature has builtinDefaultPolicyPath and DefaultPolicy
- c/podman/pkg/trust has systemDefaultPolicyPath and DefaultPolicyPath
- c/common/pkg/config has DefaultSignaturePolicyPath
As far as I can tell, buildah uses c/image/signature which is why 'buildah
commit' was already working for me. Podman is using the c/common one. Very
confusing.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Another experimental OCI runtime for FreeBSD, similar to runj but with
a focus on podman/buildah compatiblity.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Used `go fmt` rules to migrate away from deprecated functions, for
instance `gofmt -w -s -r 'ioutil.TempDir(a, b) -> os.MkdirTemp(a, b)'`
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Before 50eb74a4b1 this code used unshare.IsRootless() which on Windows
always returns false (the behavior we want).
After 50eb74a4b1, a condition was unintentionally inverted, allowing
Windows to function.
Commit 18803495e8 fixed the inversion, but unintentionally excluded Windows
since it used == 0 instead of <= 0 (Windows returns -1)
Move the logic behind a function with a comment since the Windows path is a
bit exotic.
In the future, the Windows path should likely be refactored to be more
intuitive; however, this will get things working for now.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
originally the code had the condition "!unshare.IsRootless()", and
commit 50eb74a4b1 introduced the issue
by replacing it with "unshare.GetRootlessUID() != 0".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Change the check to look for the UID to decide whether to load the
default configuration files from the user directory instead of the
system path.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The problem with setting such defaults in c/common is that podman cannot
know if a user set this or it is the default. EventsLogFilePath is not a
static path, it depends on the --tmpdir value from podman.
check
b0b36430b8/libpod/runtime.go (L1041-L1043)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds the conmon-rs paths so Podman can find the right conmon-rs binary
when making a new runtime.
I also slightly modified the `FindConmon` function so that the code
could be shared with the `FindConmonRs` function that I added.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
initial implementation of the ssh package including:
- nativeConnectionCreate() / golangConnectionCreate()
- n/a / golangConnectionDial()
- nativeConnectionScp() / golangConnectionScp()
- nativeConnectionExec() / golangConnectionExeC()
the way this works, is there are publicly accessible functions Create, Exec, Dial and Scp. podman will have a new global flag --ssh` that will allow users to choose native or golang based ssh functions. The functionality in containers/common (here) also checks if you have the necessary binaries installed
closes#1091
Signed-off-by: Charlie Doern <cdoern@redhat.com>
This commit allows using aardvark with an alternate port as per
implementation in containers/netavark#323
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Add a new `pod_exit_policy` field to the containers.conf's engine table.
A pod's exit policy determines the behaviour when the last container of
a pod exits.
Required-in: containers/podman/pull/13859
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
base_hosts_file can be used to overwrite the default base host file
/etc/hosts which is used to copy hosts entries from this file into the
containers /etc/hosts file. As special value "image" can be used to copy
the entries from the image hosts file or "none" to not use a base file
at all. IF the value is empty we should use /etc/hosts as default.
Ref https://github.com/containers/podman/issues/13277
Ref https://github.com/containers/podman/issues/13748
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Slirp4netns options were changed to always default to ipv6 so it does
not need the extra setting. Update the documentation to reflect this.
see https://github.com/containers/podman/pull/13929
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changing the value for events_logfile_max_size from 0 to 1048576. This allows
up to 10,000 events to be written to the events log file before rotation occurs.
Also adding new values to default.go
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
This will allow users to specify which volumes they want podman machine
to automatically mount into the machine. These volumes can later be used
to volume mount into containers.
Environment variables like $HOME can be used and are translated at the
time of machine start.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Docker defined --ipc=private to mean that the container's IPC Namespace
can NOT be shared with another container. While --ipc=shareable can,
which is our current default. Docker also defines "none" which means
the container runs in a IPC namespace but does NOT mount a /dev/shm.
"Host" means the container runs in the host namespace, and
container:UUID means run new container in other containers namespace.
ns:PATH means run in the namepsace designated in PATH.2
This Patch, fixes containers/common to reflect the correct default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We cannot use /var/tmp on windows, instead use the temp var which is
defined on windows, of fall back to appdata.
Fixescontainers/podman#13434
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Different packaging for different distributions have their own prefix for where helper binaries should live. additionalHelperBinariesDir is a variable that can be set during link-time so that a packager can change the location without having to carry patches for their default location.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
This patch adds unit tests for the function `probeConmon` as well as
fixes a bug where a `nil` error got wrapped always to `nil`.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Add a new field to set the default subnet pools. They can be used to
change the subnet which is automatically allocated by podman network
create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This field was only needed for machine to force cni, however you can set
netns="bridge" in the config to have the same effect. This is already
done in the machine setup.
The field was more of a hack and just creates confusion for users so we
remove it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since the network namespace is shared for all rootful libpod instances
we also need to make sure to use the same network config dir and run dir
to ensure that we do not use the same subnet or ip for more than one
container.
Also update the documentation about the network_config_dir field.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the network backend is unset in the config we have to to figure out
if we need CNI or netavark. New installs should use netavark while
existing installs should continue to use CNI to prevent breaking
systems.
We use the following conditions to determine what backend to use:
1. read ${graphroot}/defaultNetworkBackend
2. find netavark binary (if not installed use CNI)
3. check containers, images and CNI networks and if there are some
we have an existing install and should continue to use CNI
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add an option to containers.conf as a knob to enforce short-name
resolution to Docker Hub in Podman's compatibility REST API.
By popular request, turn it on by default.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This field determines whether CNI or netavark will be used to
create container networks. Default presently set to "cni".
Signed-off-by: Matthew Heon <mheon@redhat.com>
Add machine teable to configure podman machine options. Move machine_image to the machine table, and add cups, disk size, and memory to the machine table.
Signed-off-by: Ashley Cui <acui@redhat.com>
If you use this field in rootless mode, it will blow up,
since rootless mode can not use the host user namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Doug Rabson