Copied from github.com/moby/moby who already has a fix for it.
Tested manually on a Ubuntu 23.10 (beta) VM.
Fixes: #containers/podman/issues/20278
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
As discussed in https://github.com/containers/podman/issues/20000, we
need an opt-in mechanism to _append_ string arrays during loading
sequence of containers.conf files.
At the moment, existing fields/data will be overriden with each loaded
config that sets the specified field/option. The TOML (toml.io) config
format does not allow for attributing fields and structs are implicitly
represented as "tables". I wanted to extend a string array with a
simple boolean field, for instance:
```TOML
env=["FOO=bar"]
env.append=true
```
TOML doesn't suppor tthe upper idea as it's not a properly formatted
table. So I looked for alternatives and found that TOML supports
so-called "mixed-type arrays". As the same suggests, such arrays allow
for including more than one type and that seemed like a reasonable
candidate as it allows for _extending_ the existing syntax without
introducing new fields or even yet-another way of loading conf files.
The new format can be seen in the tests. Please note that this is just
a _tested_ POC. Integrating the POC in containers.conf may turn into a
bigger journey as Podman is directly (ab)using many of the fields.
Since they have to be changed to the new type (see POC), Podman will not
compile without changes.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
As requested in containers/podman/issues/20000, add a `privileged` field
to the containers table in containers.conf. I was hesitant to add such
a field at first (for security reasons) but I understand that such a
field can come in handy when using modules - certain workloads require a
privileged container.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just test all sub dirs instead of having to list them one by one.
Also the remote tag is only used by pkg/config so no need to test all
the others as well. Also keep the seccomp tag, we cannot add it to
the default as this breaks the cross builds form some reason.
Fixes#1681
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure /etc/crypto-policies/config is bind mounted from the host so
it does contain the proper FIPS value and a reinstall of
crypto-policies-scripts does not overwrite the existing files with the
default config.
We create a tmpfile and write FIPS to it so we can bind mount it and the
contianer can change the config if needed.
Fixes https://issues.redhat.com/browse/RHEL-9836
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changes `createPruneFilterFuncs` to use
`filters.MatchNegatedLabelFilters` instead of
`!filters.MatchLabelFilters` when matching on negated labels (label!).
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Add a list of the members in the mailing list
on podman.io. I will also add a note in the desription
of that list to modify this page when changes are made
there.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
manifest push API must implement and leverage `retry` logic similar to
`image push` with similar defaults.
Closes: https://github.com/containers/common/issues/1664
Signed-off-by: Aditya R <arajan@redhat.com>
The id and digest filters for podman images was broken
as it would only match on the full ID or Digest, so when
users would give a substring of either not results would be
given even though there were matches.
Fix to check on prefix now instead.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This is not a web address so we should not link it as such. Putting it
in greater equal or smaller equal signs will correctly make it a mailto
link so the local mail client will open correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
At this point we already read the config file but here we have to get
timestamp here so we can hit another ENOENT if it was removed in the
meantime. Just ignore this and do not log an error as this is normal
behavior when another process is deleting a network in parallel.
Fixescontainers/podman#20173
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds a proper way to match on negated label filters (label!).
(label!) filters. The current logic used is to do !MatchLabelFilter()
but this results in chained negated labels being ORed together instead of ANDed.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Let callers (i.e., Podman) decide which defaults to chose. This way,
callers know when to override defaults (i.e., when the values are
empty).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
They are not correctly and inconcistently being used by Podman making it
super hard to know what's going on. Just remove them for now and deal
with the remaining chaos in subsequent changes in common and Podman.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
1 CPU core typically is not enough for most use cases, so we default to available cores/2 for new machines.
Signed-off-by: Ashley Cui <acui@redhat.com>
The method ActiveDestination was being used only by Podman and there seemed to code complications as the code is split in multiple parts. Hence, moved the code to Podman to make it more readable and efficient.
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
Valentin Rothberg
openshift-ci[bot]
renovate[bot]
Paul Holzinger
OpenShift Merge Robot
Jake Correnti
TomSweeneyRedHat
Aditya R
Urvashi Mohnani
André Cirne
guoguangwu
Ashley Cui
Chetan Giradkar